Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engine hijacked


  • This topic is locked This topic is locked
17 replies to this topic

#1 dorr4x4

dorr4x4

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 21 December 2010 - 09:10 AM

In Firefox, when I click on a search result, It sends me to the wrong site.

DDS (Ver_10-12-12.02) - FAT32x86
Run by Michael & Maureen at 8:49:25.60 on Tue 12/21/2010
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.170 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michael & Maureen\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRunOnce: [0000 - c:\documents and settings\michael & maureen\start menu\programs\hp deskjet 970c series v2.0] c:\windows\command.com /c rmdir "c:\documents and settings\michael & maureen\start menu\programs\HP DeskJet 970C Series v2.0"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240090964631
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {487D4B18-358F-43E4-ABA7-782018C3683F} = 205.231.144.10,205.231.144.20
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\msimn.inf,User.Install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\msimn.inf,user.install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\dth3wyed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2009-4-18 32840]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2001-8-17 9344]
S3 scantool;USB Driver for Scan Tool;c:\windows\system32\drivers\scantool.sys [2010-10-14 40280]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [2003-4-24 747392]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [2004-11-26 13696]

=============== Created Last 30 ================

2010-12-19 08:14:40 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-19 08:13:25 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-19 08:12:36 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-19 08:12:36 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-19 08:12:36 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-19 08:12:36 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-19 08:12:36 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-19 08:12:36 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-19 08:12:33 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-19 08:12:33 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-18 22:41:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 22:41:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 21:17:07 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-18 21:17:07 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-12-18 21:07:58 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\Eastman_Kodak_Company
2010-12-18 21:07:46 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\Microsoft Corporation
2010-12-18 20:54:59 -------- d-----w- c:\windows\system32\kodak
2010-12-18 20:04:41 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-12-18 20:04:41 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-12-18 20:04:41 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-12-18 19:19:22 -------- d-----w- c:\program files\MSXML 6.0
2010-12-18 19:18:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kodak
2010-12-18 19:00:49 -------- d-----w- c:\docume~1\michae~1\applic~1\Temp
2010-12-18 19:00:45 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\Eastman Kodak Company
2010-12-18 12:24:20 -------- d-----w- c:\program files\iPod
2010-12-15 03:43:32 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 03:41:49 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 16:46:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-28 16:46:22 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-22 00:04:37 238080 ------w- c:\windows\system32\DivXdec.ax
2010-11-22 00:00:19 -------- d-----w- c:\windows\system32\Quicktime
2010-11-22 00:00:17 -------- d-----w- c:\program files\SmartSound Software
2010-11-22 00:00:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\SmartSound Software Inc
2010-11-21 23:56:43 57344 ------w- c:\windows\dvdrgn.exe
2010-11-21 23:41:48 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-11-21 23:41:48 241664 ----a-w- c:\windows\system32\mp4sds32.ax
2010-11-21 23:41:02 -------- d-----w- c:\windows\system32\windows media
2010-11-21 23:36:24 -------- d-----w- c:\program files\Windows Media Components
2010-11-21 23:35:58 -------- d-----w- c:\program files\common files\Ulead Systems
2010-11-21 23:35:57 282624 ----a-w- c:\program files\common files\installshield\updateservice\agent.exe
2010-11-21 23:34:24 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-11-21 23:34:23 696320 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-11-21 23:34:23 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-11-21 23:34:23 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-11-21 23:34:23 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-11-21 23:34:20 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-11-21 23:34:20 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll

==================== Find3M ====================

2010-12-16 10:39:14 2256 ----a-w- c:\windows\current_settings.bin
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05:36 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-05 05:05:36 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-03 12:59:08 369664 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 22:32:42 8892928 ----a-w- c:\docume~1\alluse~1\applic~1\atscie.msi
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_91728D8 rev.GAS54112 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82F0BEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x827d4872; SUB DWORD [EBP-0x4], 0x827d412e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82FCCAB8]
3 CLASSPNP[0xF8676FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000004f[0x82FA5EB0]
5 ACPI[0xF85ED620] -> nt!IofCallDriver[0x804E37D5] -> [0x82FA2B00]
[0x82FCE948] -> IRP_MJ_CREATE -> 0x82F0BEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskMaxtor_91728D8__________________________GAS54112#384139303151434b202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F0BAEA
user != kernel MBR !!!
sectors 33750862 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 8:57:10.99 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,478 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:14 AM

Posted 22 December 2010 - 04:36 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 23 December 2010 - 08:52 AM

combofix will not run

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,478 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:14 AM

Posted 23 December 2010 - 09:06 AM

Please delete the copy from your desktop and down load a fresh copy but rename it to iexplore before saving it


if it still will not run, try running it in safe mode with networking.


make certain all your security programs are disabled.


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with networking
  • Then press the Enter Key on your Keyboard
  • go into your usual account

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#5 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 23 December 2010 - 03:01 PM

Changed name to iexplore and ran it. The cursor showed an hourglass like it was working. But it did not create a text file.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,478 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:14 AM

Posted 23 December 2010 - 09:08 PM

Did a blue window show with combofix going through 50 stages, did it say it was deleting anything once the 50 stages were complete?
Did you try it in safe mode?


If so - look in c:\combofix.txt for a log.

If no log, then please run the following programs:


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



  • Download OTL and save it to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#7 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 24 December 2010 - 06:53 AM

Tdskiller text

2010/12/24 05:41:06.0732 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/24 05:41:06.0732 ================================================================================
2010/12/24 05:41:06.0732 SystemInfo:
2010/12/24 05:41:06.0732
2010/12/24 05:41:06.0732 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/24 05:41:06.0732 Product type: Workstation
2010/12/24 05:41:06.0732 ComputerName: OLDDESKTOP
2010/12/24 05:41:06.0732 UserName: Michael & Maureen
2010/12/24 05:41:06.0732 Windows directory: C:\WINDOWS
2010/12/24 05:41:06.0732 System windows directory: C:\WINDOWS
2010/12/24 05:41:06.0732 Processor architecture: Intel x86
2010/12/24 05:41:06.0732 Number of processors: 1
2010/12/24 05:41:06.0732 Page size: 0x1000
2010/12/24 05:41:06.0732 Boot type: Normal boot
2010/12/24 05:41:06.0732 ================================================================================
2010/12/24 05:41:13.0412 Initialize success
2010/12/24 05:41:18.0349 ================================================================================
2010/12/24 05:41:18.0349 Scan started
2010/12/24 05:41:18.0349 Mode: Manual;
2010/12/24 05:41:18.0349 ================================================================================
2010/12/24 05:41:20.0552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/24 05:41:21.0073 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/24 05:41:21.0734 admjoy (a23675760dec131b9f799b6fb038a1f0) C:\WINDOWS\system32\DRIVERS\admjoy.sys
2010/12/24 05:41:22.0805 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/24 05:41:23.0576 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/24 05:41:24.0237 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/24 05:41:30.0005 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/24 05:41:30.0456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/24 05:41:31.0528 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/24 05:41:32.0249 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/24 05:41:32.0719 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/24 05:41:33.0320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/24 05:41:34.0051 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/24 05:41:35.0183 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/24 05:41:35.0614 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/24 05:41:36.0084 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/24 05:41:38.0718 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys
2010/12/24 05:41:40.0581 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/24 05:41:41.0041 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/24 05:41:41.0842 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/24 05:41:42.0283 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/24 05:41:43.0004 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/24 05:41:44.0106 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/24 05:41:45.0237 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2010/12/24 05:41:46.0369 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2010/12/24 05:41:46.0770 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/24 05:41:47.0541 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/24 05:41:48.0292 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/24 05:41:48.0993 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/24 05:41:49.0614 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/24 05:41:50.0144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/24 05:41:50.0615 Ftdisk (4ab938f39bc109ae0c4c5144f8aeef5d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/24 05:41:50.0615 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 4ab938f39bc109ae0c4c5144f8aeef5d, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/12/24 05:41:50.0665 Ftdisk - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/24 05:41:51.0296 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/24 05:41:52.0057 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/24 05:41:52.0478 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/24 05:41:53.0349 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
2010/12/24 05:41:53.0850 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/24 05:41:55.0272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/24 05:41:56.0914 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/24 05:41:57.0505 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/24 05:41:58.0627 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/24 05:41:59.0207 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/24 05:41:59.0728 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/24 05:42:00.0499 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/24 05:42:01.0240 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/24 05:42:01.0661 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/24 05:42:02.0392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/24 05:42:03.0083 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/24 05:42:03.0504 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/24 05:42:03.0974 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/24 05:42:04.0645 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/24 05:42:06.0218 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
2010/12/24 05:42:07.0319 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/24 05:42:07.0820 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/24 05:42:08.0721 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/12/24 05:42:09.0152 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/24 05:42:09.0683 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/24 05:42:10.0073 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/24 05:42:11.0315 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/24 05:42:12.0036 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/24 05:42:12.0507 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/24 05:42:12.0887 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/24 05:42:13.0418 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/24 05:42:13.0839 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/24 05:42:14.0550 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/24 05:42:15.0311 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/24 05:42:15.0731 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/24 05:42:16.0512 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/24 05:42:17.0303 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/24 05:42:18.0065 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/24 05:42:18.0395 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/24 05:42:18.0766 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/24 05:42:19.0507 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/24 05:42:19.0837 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/24 05:42:20.0228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/24 05:42:20.0608 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/24 05:42:21.0479 ngrpci (bdfa550022facf2a922213065924f529) C:\WINDOWS\system32\DRIVERS\ngrpci.sys
2010/12/24 05:42:22.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/24 05:42:22.0691 NtApm (325ffaeceeace80d2643e6bdc7c1f9e2) C:\WINDOWS\system32\DRIVERS\NtApm.sys
2010/12/24 05:42:23.0162 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/24 05:42:23.0753 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/24 05:42:24.0534 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/24 05:42:25.0235 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/24 05:42:25.0746 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/24 05:42:26.0397 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/12/24 05:42:26.0747 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/24 05:42:27.0158 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/24 05:42:27.0859 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/24 05:42:28.0520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/24 05:42:30.0192 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/24 05:42:34.0999 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/24 05:42:35.0379 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/24 05:42:39.0135 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/24 05:42:39.0545 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/24 05:42:39.0966 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/24 05:42:40.0437 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/24 05:42:40.0817 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/24 05:42:41.0318 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/24 05:42:41.0899 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/24 05:42:42.0349 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/24 05:42:44.0082 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/24 05:42:44.0523 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/24 05:42:45.0023 scantool (41ea8ca2f79d909cdccb1b4c8d7ed798) C:\WINDOWS\system32\Drivers\scantool.sys
2010/12/24 05:42:45.0534 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/24 05:42:45.0965 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/24 05:42:46.0606 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/24 05:42:47.0277 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/24 05:42:48.0018 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2010/12/24 05:42:49.0550 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/24 05:42:50.0661 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/24 05:42:51.0082 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/24 05:42:51.0913 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/24 05:42:52.0764 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/24 05:42:53.0235 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/24 05:42:53.0876 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/24 05:42:56.0900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/24 05:42:57.0411 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/24 05:42:58.0042 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/24 05:42:58.0563 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/24 05:42:59.0204 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/24 05:43:00.0476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/24 05:43:01.0677 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/24 05:43:02.0599 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/24 05:43:03.0019 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/24 05:43:03.0530 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/24 05:43:04.0101 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/24 05:43:04.0561 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/24 05:43:04.0922 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/24 05:43:05.0383 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/24 05:43:06.0444 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/24 05:43:06.0935 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/24 05:43:08.0187 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/24 05:43:08.0928 wdm_au8820 (be6b041d36b464f9024477a09c2eccb5) C:\WINDOWS\system32\drivers\adm8820.sys
2010/12/24 05:43:09.0769 wdm_au8830 (e4e7b5832edc3b8dc3052210fda320fd) C:\WINDOWS\system32\drivers\adm8830.sys
2010/12/24 05:43:10.0810 WISTechVIDCAP (0232776c73cd31c47e5139b52c6000b9) C:\WINDOWS\system32\drivers\Xstream.sys
2010/12/24 05:43:11.0722 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/24 05:43:12.0563 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/24 05:43:13.0264 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/24 05:43:14.0125 XLoader (8a73cc9a6292cf4b7b54b622ed9bd437) C:\WINDOWS\system32\Drivers\XLoader.sys
2010/12/24 05:43:14.0856 ================================================================================
2010/12/24 05:43:14.0856 Scan finished
2010/12/24 05:43:14.0856 ================================================================================
2010/12/24 05:43:14.0906 Detected object count: 1
2010/12/24 05:54:49.0886 Ftdisk (4ab938f39bc109ae0c4c5144f8aeef5d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/24 05:54:49.0886 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ftdisk.sys. Real md5: 4ab938f39bc109ae0c4c5144f8aeef5d, Fake md5: 6ac26732762483366c3969c9e4d2259d
2010/12/24 05:54:53.0291 Backup copy found, using it..
2010/12/24 05:54:53.0361 C:\WINDOWS\system32\DRIVERS\ftdisk.sys - will be cured after reboot
2010/12/24 05:54:53.0361 Rootkit.Win32.TDSS.tdl3(Ftdisk) - User select action: Cure
2010/12/24 05:55:04.0026 Deinitialize success

otl.txt

OTL logfile created on: 12/24/2010 6:31:49 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Michael & Maureen\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 179.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.08 Gb Total Space | 1.12 Gb Free Space | 6.97% Space Free | Partition Type: FAT32
Drive F: | 127.99 Gb Total Space | 57.18 Gb Free Space | 44.68% Space Free | Partition Type: NTFS

Computer Name: OLDDESKTOP | User Name: Michael & Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/24 06:31:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael & Maureen\My Documents\Downloads\OTL.exe
PRC - [2010/12/13 06:52:52 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/13 06:52:46 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/09/02 08:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/09/09 05:15:46 | 002,019,624 | ---- | M] (Uniblue Software) -- C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
PRC - [2008/04/13 20:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2001/08/17 22:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/12/24 06:31:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael & Maureen\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2004/02/26 09:52:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2010/05/10 14:41:32 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:36:42 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf)
DRV - [2004/11/26 13:16:12 | 000,122,368 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\Xstream.sys -- (WISTechVIDCAP)
DRV - [2004/11/26 13:13:24 | 000,013,696 | ---- | M] (Plextor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\XLoader.sys -- (XLoader) PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys)
DRV - [2004/08/04 01:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/05/03 15:47:22 | 000,040,280 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\scantool.sys -- (scantool)
DRV - [2002/08/29 12:00:00 | 000,009,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys -- (NtApm)
DRV - [2002/08/28 23:00:48 | 000,010,880 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\admjoy.sys -- (admjoy)
DRV - [2001/08/17 13:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 12:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 12:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 12:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 12:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctljystk.sys -- (ctljystk)
DRV - [2001/08/17 12:19:14 | 000,747,392 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\adm8830.sys -- (wdm_au8830) Aureal Vortex 8830 Audio Driver (WDM)
DRV - [2001/08/17 12:19:14 | 000,553,984 | ---- | M] (Aureal, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\adm8820.sys -- (wdm_au8820) Aureal Vortex 8820 Audio Driver (WDM)
DRV - [2001/08/17 12:12:20 | 000,032,840 | ---- | M] (NETGEAR Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\Ngrpci.sys -- (ngrpci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2005/01/26 08:01:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2005/01/26 08:00:58 | 000,000,000 | ---D | M]

[2009/01/10 13:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael & Maureen\Application Data\Mozilla\Extensions
[2005/01/26 08:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael & Maureen\Application Data\Mozilla\Firefox\Profiles\dth3wyed.default\extensions
[2010/11/28 08:10:34 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Michael & Maureen\Application Data\Mozilla\Firefox\Profiles\dth3wyed.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2005/01/26 08:02:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/08 06:03:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx ()
O4 - HKLM..\Run: [Conime] C:\WINDOWS\SYSTEM32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe (Uniblue Software)
O4 - HKLM..\RunOnce: [0000 - C:\Documents and Settings\Michael & Maureen\Start Menu\Programs\HP DeskJet 970C Series v2.0] C:\WINDOWS\command.com File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O9 - Extra Button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
O9 - Extra 'Tools' menuitem : UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .pdf - C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll (Adobe Systems Inc.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240090964631 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 10.0.0.2
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Internet Explorer Channel Bar) - 131A6951-7F78-11D0-A979-00C04FD705A2
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\WEB\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/21 19:11:34 | 000,000,548 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2003/04/24 18:57:10 | 000,000,548 | ---- | M] () - C:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2003/04/24 18:57:10 | 000,000,548 | -HS- | M] () - C:\autoexec.bak -- [ FAT32 ]
O32 - AutoRun File - [2002/12/23 08:43:04 | 000,000,133 | ---- | M] () - C:\AUTOEXEC.TSH -- [ FAT32 ]
O32 - AutoRun File - [2005/10/08 17:19:53 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/24 05:40:55 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael & Maureen\Desktop\TDSSKiller.exe
[2010/12/23 14:50:26 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/12/20 03:31:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/19 03:14:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/12/19 03:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/12/19 03:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/12/19 03:12:36 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/12/19 03:12:36 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/12/19 03:12:36 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/12/19 03:12:36 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/12/19 03:12:33 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/12/19 03:12:33 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/12/18 17:41:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/18 17:41:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 16:17:07 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/12/18 16:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2010/12/18 16:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael & Maureen\Local Settings\Application Data\Eastman_Kodak_Company
[2010/12/18 16:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael & Maureen\Local Settings\Application Data\Microsoft Corporation
[2010/12/18 15:54:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kodak
[2010/12/18 15:04:41 | 000,421,888 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJ5000MON.dll
[2010/12/18 15:04:41 | 000,131,072 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJCOINST09.dll
[2010/12/18 14:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/12/18 14:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/12/18 14:00:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael & Maureen\Application Data\Temp
[2010/12/18 14:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael & Maureen\Local Settings\Application Data\Eastman Kodak Company
[2010/12/18 13:53:43 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/12/18 13:52:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/12/18 07:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/14 22:43:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/14 22:41:49 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/05 14:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/11/29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/24 06:05:42 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/24 05:57:06 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/24 05:57:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/23 08:47:30 | 003,996,812 | ---- | M] () -- C:\Documents and Settings\Michael & Maureen\Desktop\Iexplore.exe
[2010/12/23 06:16:00 | 000,001,846 | -H-- | M] () -- C:\Documents and Settings\Michael & Maureen\My Documents\Default.rdp
[2010/12/21 17:07:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/20 03:44:42 | 000,426,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/20 03:44:42 | 000,065,080 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/19 08:04:58 | 000,446,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/18 20:52:24 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/18 17:41:38 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/18 16:07:34 | 000,001,693 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2010/12/18 07:26:08 | 000,001,446 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Michael & Maureen\Desktop\TDSSKiller.exe
[2010/12/16 05:39:14 | 000,002,256 | ---- | M] () -- C:\WINDOWS\current_settings.bin
[2010/12/15 03:03:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/12 08:03:44 | 000,013,312 | ---- | M] () -- C:\Documents and Settings\Michael & Maureen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/07 17:30:56 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/12/04 08:10:02 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/12/04 08:10:02 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/11/30 12:13:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\goldenShakeIcon.job
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/23 14:50:22 | 003,996,812 | ---- | C] () -- C:\Documents and Settings\Michael & Maureen\Desktop\Iexplore.exe
[2010/12/18 17:41:37 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/18 16:21:24 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Michael & Maureen\Local Settings\Application Data\LaunchHomeCenter.log
[2010/12/18 16:07:33 | 000,001,693 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2010/12/18 07:26:06 | 000,001,446 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/12/07 17:30:54 | 000,001,508 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/11/28 08:10:07 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2010/11/28 08:10:04 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/11/06 06:22:48 | 000,000,750 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/19 13:40:55 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/10/14 16:59:56 | 000,040,280 | R--- | C] () -- C:\WINDOWS\System32\drivers\scantool.sys
[2010/04/27 06:36:16 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2005/02/21 09:52:49 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Michael & Maureen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/01/30 16:18:39 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2005/01/18 16:47:53 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2004/12/23 14:44:08 | 000,000,447 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/11/18 18:43:24 | 000,001,087 | ---- | C] () -- C:\WINDOWS\Mpcwty01.ini
[2004/11/06 16:33:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UltimateBuddy.INI
[2003/10/24 18:45:40 | 000,060,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\drvnq117.sys
[2003/10/24 18:45:39 | 000,198,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\drvnppqt.sys
[2003/10/24 18:45:34 | 000,080,624 | ---- | C] () -- C:\WINDOWS\System32\sh31w32.dll
[2003/10/24 18:45:34 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2003/04/24 19:54:28 | 000,004,820 | ---- | C] () -- C:\WINDOWS\CAMUNWISE.INI
[2003/04/24 19:54:28 | 000,003,936 | ---- | C] () -- C:\WINDOWS\MDSHELL.INI
[2003/04/24 19:54:28 | 000,001,570 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/04/24 19:54:28 | 000,001,154 | ---- | C] () -- C:\WINDOWS\au30dos.ini
[2003/04/24 19:54:28 | 000,001,001 | ---- | C] () -- C:\WINDOWS\Mpcwty00.ini
[2003/04/24 19:54:28 | 000,000,661 | ---- | C] () -- C:\WINDOWS\DEMO.INI
[2003/04/24 19:54:28 | 000,000,615 | ---- | C] () -- C:\WINDOWS\rollemup.ini
[2003/04/24 19:54:28 | 000,000,557 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2003/04/24 19:54:28 | 000,000,514 | ---- | C] () -- C:\WINDOWS\PTCOUNTY.INI
[2003/04/24 19:54:28 | 000,000,473 | ---- | C] () -- C:\WINDOWS\TAPE.INI
[2003/04/24 19:54:28 | 000,000,393 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/04/24 19:54:28 | 000,000,345 | ---- | C] () -- C:\WINDOWS\CMOUSECC.INI
[2003/04/24 19:54:28 | 000,000,199 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2003/04/24 19:54:28 | 000,000,191 | ---- | C] () -- C:\WINDOWS\protocol.ini
[2003/04/24 19:54:28 | 000,000,181 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2003/04/24 19:54:28 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2003/04/24 19:54:28 | 000,000,080 | ---- | C] () -- C:\WINDOWS\tbslnch2.ini
[2003/04/24 19:54:28 | 000,000,053 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/04/24 19:54:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2003/04/24 19:54:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2003/04/24 19:54:28 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WINFILE.INI
[2003/04/24 19:54:28 | 000,000,008 | ---- | C] () -- C:\WINDOWS\AudioMix.ini
[2003/04/24 19:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\USBGUI.INI
[2003/04/24 19:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\progman.ini
[2003/04/24 19:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PEZDOWNLOAD.INI
[2003/04/24 19:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTOMP8.INI
[2003/04/24 19:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MOTO.INI
[2003/04/24 19:54:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DDM.INI
[2003/04/24 19:54:27 | 000,012,327 | ---- | C] () -- C:\WINDOWS\IOS.INI
[2003/04/24 19:54:27 | 000,007,885 | ---- | C] () -- C:\WINDOWS\NETDET.INI
[2003/04/24 19:54:27 | 000,003,550 | ---- | C] () -- C:\WINDOWS\HTMLHELP.INI
[2003/04/24 19:54:27 | 000,000,909 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/04/24 19:54:27 | 000,000,865 | ---- | C] () -- C:\WINDOWS\DOSREP.INI
[2003/04/24 19:54:27 | 000,000,787 | ---- | C] () -- C:\WINDOWS\SCANREG.INI
[2003/04/24 19:54:27 | 000,000,225 | ---- | C] () -- C:\WINDOWS\TELEPHON.INI
[2003/04/24 19:54:27 | 000,000,129 | ---- | C] () -- C:\WINDOWS\Picture Easy 3.ini
[2003/04/24 19:54:27 | 000,000,060 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2003/04/24 19:54:27 | 000,000,054 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/04/24 19:54:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2003/04/24 19:54:27 | 000,000,026 | ---- | C] () -- C:\WINDOWS\MSOFFICE.INI
[2003/04/24 19:54:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSINFO32.INI
[2003/04/24 19:36:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/22 18:42:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/04/22 18:38:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\MEMBG.DLL
[2003/01/16 13:22:44 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2003/01/16 13:22:44 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2003/01/01 19:54:57 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/01/01 19:54:56 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2002/06/05 17:14:15 | 000,181,760 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2002/04/06 14:30:33 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\icmfilter.dll
[2002/02/23 20:44:20 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\HERGFX.DLL
[2001/08/20 14:55:06 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2001/08/14 06:42:58 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2001/06/08 23:01:22 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2001/06/08 23:01:21 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2001/04/30 08:36:49 | 000,048,128 | ---- | C] () -- C:\WINDOWS\System32\HPFPNP.DLL
[2001/02/11 16:44:16 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2000/12/27 07:08:57 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\LEVELIND.DLL
[2000/12/22 19:44:01 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\IFORCE2.dll
[2000/11/25 17:42:23 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2000/11/25 17:03:39 | 000,149,898 | ---- | C] () -- C:\WINDOWS\mdshell.dll
[2000/11/25 17:03:39 | 000,022,016 | ---- | C] () -- C:\WINDOWS\TSOUND32.DLL
[2000/11/25 16:12:51 | 000,011,079 | -H-- | C] () -- C:\Program Files\folder.htt
[2000/10/24 16:01:13 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\amp.dll

========== LOP Check ==========

[2009/01/15 12:42:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8EE64AC9-4067-4544-96FA-A1719B301ABF}
[2010/11/13 12:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/20 17:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/11/21 18:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/11/21 19:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2005/01/18 17:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael & Maureen\Application Data\Canon
[2006/04/04 18:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael & Maureen\Application Data\Seven Zip
[2009/01/15 12:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael & Maureen\Application Data\Uniblue
[2010/11/20 17:53:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael & Maureen\Application Data\NCH Swift Sound
[2010/11/21 19:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael & Maureen\Application Data\Ulead Systems
[2010/12/18 14:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael & Maureen\Application Data\Temp
[2010/11/23 17:59:10 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\mixpadShakeIcon.job
[2010/12/04 08:10:02 | 000,000,306 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
[2010/12/04 08:10:02 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job
[2010/11/30 12:13:04 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\goldenShakeIcon.job

========== Purity Check ==========



< End of report >

extras.txt

OTL Extras logfile created on: 12/24/2010 6:31:49 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\Michael & Maureen\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: enu | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 179.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 16.08 Gb Total Space | 1.12 Gb Free Space | 6.97% Space Free | Partition Type: FAT32
Drive F: | 127.99 Gb Total Space | 57.18 Gb Free Space | 44.68% Space Free | Partition Type: NTFS

Computer Name: OLDDESKTOP | User Name: Michael & Maureen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\TEMP\ALG.EXE" = C:\WINDOWS\TEMP\ALG.EXE:*:Enabled:Application Layer Gateway Service -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\VectorWorks\VectorWorks.exe" = C:\Program Files\VectorWorks\VectorWorks.exe:*:Disabled:VectorWorks 8.5.1 -- (Diehl Graphsoft, Inc.)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3 Suite
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AF8E7A0-4929-11D4-9EB2-00104B07382B}" = 3D Prophet II MX Manuals
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0 SE DVD
"{533EA26B-8AE1-430F-92DB-A7EA06D9A25F}" = PCLink
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C4A3DD5-CF22-486F-AF90-7681AABB2E89}" = Ulead AC-3 PowerPack
"{7DD4CFB5-915D-443C-BB2B-D54C9CF36064}" = UltimateBuddy
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{EA10FC33-3DBC-4268-A90E-1681760FD417}" = Broderbund Home Design 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"3D Home Architect Deluxe 2.2" = 3D Home Architect Deluxe
"ACS495" = ACS495
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe PhotoDeluxe Business Edition 1.0" = Adobe PhotoDeluxe Business Edition 1.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"BEWIN32.EXE" = Seagate Backup Exec for Windows 95/NT 2.0j (OEM)
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DTC Library" = DTC Library
"Golden" = Golden Records Vinyl to CD Converter
"GT Interactive - Driver" = GT Interactive - Driver
"Installing HSP56 MicroModem Drivers" = HSP56 MicroModem Drivers
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{EA10FC33-3DBC-4268-A90E-1681760FD417}" = Broderbund Home Design 5.1
"Jasc Digital Camera Support" = Jasc Digital Camera Support Release 3 CD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"MouseWare" = MouseWare
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MS. PAC-MAN_Quest for the Golden Maze" = MS. PAC-MAN_Quest for the Golden Maze
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Norton Rescue" = Rescue Disk
"Paint Shop Pro 6" = Paint Shop Pro 6.01 CD
"Picture Easy 3.0" = Picture Easy 3.0
"Switch" = Switch Sound File Converter
"TBS Montego II" = TBS Montego II
"TPP300" = USB Storage Adapter V3 (TPP)
"UltimateBet" = UltimateBet
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"VW Uninstall" = VectorWorks
"WavePad" = WavePad Sound Editor
"Windows 98 Service Pack 1" = Windows 98 Service Pack 1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2010 7:23:02 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/15/2010 7:23:02 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1102

Error - 12/15/2010 7:23:02 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1102

Error - 12/15/2010 7:23:03 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/15/2010 7:23:03 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2434

Error - 12/15/2010 7:23:03 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2434

Error - 12/15/2010 7:23:04 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/15/2010 7:23:04 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3475

Error - 12/15/2010 7:23:04 AM | Computer Name = OLDDESKTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3475

Error - 12/18/2010 2:49:03 PM | Computer Name = OLDDESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/20/2010 4:00:30 AM | Computer Name = OLDDESKTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/20/2010 4:00:31 AM | Computer Name = OLDDESKTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/20/2010 4:00:31 AM | Computer Name = OLDDESKTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/20/2010 4:00:31 AM | Computer Name = OLDDESKTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/20/2010 4:00:31 AM | Computer Name = OLDDESKTOP | Source = atapi | ID = 262149
Description = A parity error was detected on \Device\Ide\IdePort0.

Error - 12/20/2010 4:00:31 AM | Computer Name = OLDDESKTOP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 12/20/2010 5:08:59 AM | Computer Name = OLDDESKTOP | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/20/2010 5:08:59 AM | Computer Name = OLDDESKTOP | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/23/2010 1:38:40 PM | Computer Name = OLDDESKTOP | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
LEO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{193669C6-53DF-404E-AEEA.
The
master browser is stopping or an election is being forced.

Error - 12/24/2010 6:57:31 AM | Computer Name = OLDDESKTOP | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,478 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:14 AM

Posted 24 December 2010 - 10:13 AM

Hi,

Please do the following:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptyflash]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT



Delete the copy of ComboFix that you have on your desktop,

download a fresh copy renaming it it iexplore before saving it and give it another try
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#9 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 24 December 2010 - 11:08 AM

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Michael & Maureen\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Michael & Maureen\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 56502 bytes

User: All Users

User: Michael & Maureen
->Flash cache emptied: 110904 bytes

User: NetworkService

User: LocalService

User: Maureen
->Flash cache emptied: 855 bytes

User: Dave

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Michael & Maureen
->Temp folder emptied: 155012368 bytes
->Temporary Internet Files folder emptied: 114800905 bytes
->FireFox cache emptied: 29816415 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49353 bytes

User: LocalService
->Temp folder emptied: 82368 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Maureen
->Temp folder emptied: 7720651 bytes
->Temporary Internet Files folder emptied: 573574 bytes
->FireFox cache emptied: 14267425 bytes
->Flash cache emptied: 0 bytes

User: Dave
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 25 bytes
%systemroot% .tmp files removed: 2258538 bytes
%systemroot%\System32 .tmp files removed: 2218808 bytes

#10 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 24 December 2010 - 11:59 AM

combofix.txt

ComboFix 10-12-23.06 - Michael & Maureen 12/24/2010 11:18:12.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.319 [GMT -5:00]
Running from: c:\documents and settings\Michael & Maureen\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-24 15:42 . 2010-12-24 15:42 -------- d-----w- C:\_OTL
2010-12-19 08:14 . 2010-12-19 08:14 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-19 08:14 . 2010-12-19 08:14 -------- d-----w- c:\program files\MSBuild
2010-12-19 08:14 . 2010-12-19 08:14 -------- d-----w- c:\program files\Reference Assemblies
2010-12-19 08:13 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-19 08:12 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-19 08:12 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-19 08:12 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-19 08:12 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-19 08:12 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-19 08:12 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-19 08:12 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-19 08:12 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-18 22:41 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 22:41 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 21:17 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-18 21:17 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-12-18 21:08 . 2010-12-18 21:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
2010-12-18 21:07 . 2010-12-18 21:08 -------- d-----w- c:\documents and settings\Michael & Maureen\Local Settings\Application Data\Eastman_Kodak_Company
2010-12-18 21:07 . 2010-12-18 21:07 -------- d-----w- c:\documents and settings\Michael & Maureen\Local Settings\Application Data\Microsoft Corporation
2010-12-18 20:54 . 2010-12-18 20:55 -------- d-----w- c:\windows\system32\kodak
2010-12-18 20:04 . 2010-09-02 13:21 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-12-18 20:04 . 2010-09-02 13:17 196608 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-12-18 20:04 . 2010-09-02 13:17 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-12-18 19:19 . 2010-12-18 19:19 -------- d-----w- c:\program files\MSXML 6.0
2010-12-18 19:18 . 2010-12-18 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2010-12-18 19:00 . 2010-12-18 19:00 -------- d-----w- c:\documents and settings\Michael & Maureen\Application Data\Temp
2010-12-18 19:00 . 2010-12-18 19:00 -------- d-----w- c:\documents and settings\Michael & Maureen\Local Settings\Application Data\Eastman Kodak Company
2010-12-18 12:24 . 2010-12-18 12:24 -------- d-----w- c:\program files\iPod
2010-12-15 03:43 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 03:41 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-05 19:25 . 2010-12-05 19:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 16:46 . 2010-11-28 16:46 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 10:56 . 2002-08-29 17:00 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys
2010-11-18 18:12 . 2009-04-18 21:05 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05 . 2004-08-04 08:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-05 05:05 . 2002-08-29 17:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05 . 2002-08-29 17:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-03 12:59 . 2004-08-04 06:59 369664 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-29 17:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-29 17:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-08-29 17:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 22:32 . 2010-10-19 18:40 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2010-10-13 23:12 . 2010-10-13 23:12 53248 ----a-r- c:\documents and settings\Michael & Maureen\Application Data\Microsoft\Installer\{533EA26B-8AE1-430F-92DB-A7EA06D9A25F}\PCLink.exe1_533EA26B8AE1430F92DBA7EA06D9A25F_1.exe
2010-10-13 23:12 . 2010-10-13 23:12 53248 ----a-r- c:\documents and settings\Michael & Maureen\Application Data\Microsoft\Installer\{533EA26B-8AE1-430F-92DB-A7EA06D9A25F}\PCLink.exe_533EA26B8AE1430F92DBA7EA06D9A25F_1.exe
2010-10-07 17:23 . 2010-10-07 17:23 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23 . 2010-10-07 17:23 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 17:23 . 2010-10-07 17:23 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:23 . 2010-10-07 17:23 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-09-09 2019624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 23:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to Drwatson.exe.lnk]
backup=c:\windows\pss\Shortcut to Drwatson.exe.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LexBceS"=2 (0x2)
"awhost32"=3 (0x3)
"VSS"=3 (0x3)
"SCardSvr"=3 (0x3)
"SwPrv"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"McAfee.InstantUpdate.Monitor"="c:\program files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"CountrySelection"=pctptt.exe
"Picture Easy Download"=c:\program files\Kodak Digital Science\Picture Easy Software\Program\PezDownload.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"Mixghost"=c:\acs495\MixGhost.exe
"EM_EXEC"=c:\mouse\system\em_exec.exe
"PTSNOOP"=ptsnoop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Alogserv"=c:\program files\McAfee\McAfee VirusScan\alogserv.exe
"McAfee Guardian"="c:\program files\MCAFEE\MCAFEE SHARED COMPONENTS\GUARDIAN\CMGRDIAN.EXE" /SU
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"SchedulingAgent"=mstask.exe
"V128IID"=Rundll32.exe c:\windows\SYSTEM32\V128IITW.DLL,STB_InitTweak

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\VectorWorks\\VectorWorks.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 5:18 PM 308656]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\SYSTEM32\DRIVERS\Ngrpci.sys [4/18/2009 3:57 PM 32840]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\SYSTEM32\DRIVERS\NtApm.sys [8/17/2001 1:47 PM 9344]
S3 scantool;USB Driver for Scan Tool;c:\windows\SYSTEM32\DRIVERS\scantool.sys [10/14/2010 4:59 PM 40280]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\SYSTEM32\DRIVERS\adm8830.sys [4/24/2003 7:39 PM 747392]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\SYSTEM32\DRIVERS\XLoader.sys [11/26/2004 1:13 PM 13696]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 01:11 99840 ----a-w- c:\windows\SYSTEM32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 01:11 99840 ----a-w- c:\windows\SYSTEM32\advpack.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 21:17 7168 ----a-w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-11-23 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Swift Sound\MixPad\mixpad.exe [2010-11-20 22:54]

2010-12-04 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-11-20 22:54]

2010-12-04 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-11-20 22:54]

2010-11-30 c:\windows\Tasks\goldenShakeIcon.job
- c:\program files\NCH Swift Sound\Golden\golden.exe [2010-11-20 22:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: {487D4B18-358F-43E4-ABA7-782018C3683F} = 205.231.144.10,205.231.144.20
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Michael & Maureen\Application Data\Mozilla\Firefox\Profiles\dth3wyed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM-RunOnce-0000 - c:\documents and settings\Michael & Maureen\Start Menu\Programs\HP DeskJet 970C Series v2.0 - c:\windows\command.com
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 11:52
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(348)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'explorer.exe'(3352)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\devldr32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-12-24 11:56:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-24 16:56

Pre-Run: 1,592,492,032 bytes free
Post-Run: 1,571,192,832 bytes free

- - End Of File - - D8B0F403DA679DEB444763141B5EA43C

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,478 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:14 AM

Posted 24 December 2010 - 02:23 PM

Hi

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#12 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 24 December 2010 - 05:24 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5391

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/24/2010 3:21:04 PM
mbam-log-2010-12-24 (15-21-04).txt

Scan type: Quick scan
Objects scanned: 144985
Time elapsed: 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 24 December 2010 - 10:58 PM

ESET scan said "No threats found"

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,478 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:14 AM

Posted 24 December 2010 - 11:53 PM

Hi

Please do the following:


Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT


download and install the latest Java

http://java.com/en/download/index.jsp


NEXT


Please post a fresh DDS log and advise how your computer is running now and if there are any outstanding issues.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#15 dorr4x4

dorr4x4
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:14 AM

Posted 26 December 2010 - 09:28 AM

DDS (Ver_10-12-12.02) - FAT32x86
Run by Michael & Maureen at 9:26:16.96 on Sun 12/26/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.169 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Michael & Maureen\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - c:\program files\ultimatebet\UltimateBet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240090964631
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {487D4B18-358F-43E4-ABA7-782018C3683F} = 205.231.144.10,205.231.144.20
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\msimn.inf,User.Install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - rundll32.exe advpack.dll,LaunchINFSection c:\windows\inf\msimn.inf,user.install - "c:\progra~1\outloo~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\dth3wyed.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;c:\windows\system32\drivers\Ngrpci.sys [2009-4-18 32840]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\superantispyware\sabkutil.sys --> c:\program files\superantispyware\SABKUTIL.sys [?]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2001-8-17 9344]
S3 scantool;USB Driver for Scan Tool;c:\windows\system32\drivers\scantool.sys [2010-10-14 40280]
S3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [2003-4-24 747392]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [2004-11-26 13696]

=============== Created Last 30 ================

2010-12-26 14:22:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-26 14:22:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-26 14:22:44 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-12-24 22:27:37 -------- d-----w- c:\program files\ESET
2010-12-24 20:06:55 -------- d-sh--w- C:\Recycled
2010-12-24 16:16:02 98816 ----a-w- c:\windows\sed.exe
2010-12-24 16:16:02 89088 ----a-w- c:\windows\MBR.exe
2010-12-24 16:16:02 256512 ----a-w- c:\windows\PEV.exe
2010-12-24 16:16:02 161792 ----a-w- c:\windows\SWREG.exe
2010-12-24 15:42:42 -------- d-----w- C:\_OTL
2010-12-19 08:14:40 -------- d-----w- c:\windows\system32\XPSViewer
2010-12-19 08:13:25 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-19 08:12:36 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-12-19 08:12:36 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-19 08:12:36 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-12-19 08:12:36 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-12-19 08:12:36 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-12-19 08:12:36 117760 ------w- c:\windows\system32\prntvpt.dll
2010-12-19 08:12:33 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-12-19 08:12:33 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-12-18 22:41:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 22:41:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 21:17:07 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-12-18 21:17:07 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-12-18 21:07:58 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\Eastman_Kodak_Company
2010-12-18 21:07:46 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\Microsoft Corporation
2010-12-18 20:54:59 -------- d-----w- c:\windows\system32\kodak
2010-12-18 20:04:41 421888 ----a-w- c:\windows\system32\EKIJ5000MON.dll
2010-12-18 20:04:41 196608 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EKIJ5000PPR.dll
2010-12-18 20:04:41 131072 ----a-w- c:\windows\system32\EKIJCOINST09.dll
2010-12-18 19:19:22 -------- d-----w- c:\program files\MSXML 6.0
2010-12-18 19:18:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kodak
2010-12-18 19:00:49 -------- d-----w- c:\docume~1\michae~1\applic~1\Temp
2010-12-18 19:00:45 -------- d-----w- c:\docume~1\michae~1\locals~1\applic~1\Eastman Kodak Company
2010-12-18 12:24:20 -------- d-----w- c:\program files\iPod
2010-12-15 03:43:32 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 03:41:49 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-28 16:46:22 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-11-28 16:46:22 -------- d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-12-16 10:39:14 2256 ----a-w- c:\windows\current_settings.bin
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-05 05:05:36 81920 ------w- c:\windows\system32\ieencode.dll
2010-11-05 05:05:36 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-05 05:05:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-11-03 12:59:08 369664 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 22:32:42 8892928 ----a-w- c:\docume~1\alluse~1\applic~1\atscie.msi
2010-10-07 17:23:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-10-07 17:23:02 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-10-07 17:23:02 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-10-07 17:23:02 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 9:27:18.06 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users