Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran mbam, unable to find infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 y2rescue109

y2rescue109

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 23 May 2011 - 02:23 AM

I need help, I have run mbam on my sisters comtputer and I cant find any viruses, I ran hijack this to get a log report. can you guys help me please, here is the log from hijack this, I havent taken any action just recorded the log.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:56:57 AM, on 5/23/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Guest\My Documents\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-21-409547854-78933279-2522397900-501\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-409547854-78933279-2522397900-501\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-409547854-78933279-2522397900-501\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-409547854-78933279-2522397900-501\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.33/g_bin/eng/cards_2_0_0_77.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo1.walgreens.com/WalgreensActivia.cab
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.33/g_bin/eng/boards_2_0_0_35.cab
O16 - DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://cached.gamedesire.com/g_bin/eng/navy_2_0_0_33.cab
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} (GameDesire Sea Battle) - http://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} (Google Gadget Control) - http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.33/g_bin/eng/words_2_0_0_51.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.33/g_bin/eng/wordssingle_2_0_0_48.cab
O16 - DPF: {C50359F3-4CFF-4BB4-962C-1006D46706B3} (APOLancam Class) - http://70.63.237.58/APOLancamCtrl.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam1.pgharts.org/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 11240 bytes

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:29 AM

Posted 30 May 2011 - 07:26 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the GMER anti-rootkit scanner, but, first, we need to disable your CD Emulation drivers.

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next, please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Once you have the above logs, click on the Add Reply button below, copy in the DDS log, and include the Attach.txt and the GMER log as attachments. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 y2rescue109

y2rescue109
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 31 May 2011 - 11:08 PM

dds log
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Sam Hudson at 15:25:18 on 2011-05-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.495 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Sam Hudson\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PqDTgJOxvviAety] c:\documents and settings\all users\application data\PqDTgJOxvviAety.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} - hxxp://67.15.101.33/g_bin/eng/cards_2_0_0_77.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo1.walgreens.com/WalgreensActivia.cab
DPF: {41ACD49D-1974-791A-0981-AA9872721044} - hxxp://67.15.101.33/g_bin/eng/boards_2_0_0_35.cab
DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} - hxxp://cached.gamedesire.com/g_bin/eng/navy_2_0_0_33.cab
DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} - hxxp://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} - hxxp://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab
DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://67.15.101.33/g_bin/eng/words_2_0_0_51.cab
DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} - hxxp://67.15.101.33/g_bin/eng/wordssingle_2_0_0_48.cab
DPF: {C50359F3-4CFF-4BB4-962C-1006D46706B3} - hxxp://70.63.237.58/APOLancamCtrl.CAB
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} - hxxp://www.live365.com/players/play365.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam1.pgharts.org/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sam hudson\application data\mozilla\firefox\profiles\k70ft82s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.martina-mcbride.com/
FF - plugin: c:\documents and settings\sam hudson\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\sam hudson\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\sam hudson\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\sam hudson\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\sam hudson\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
R1 MpKsl08ca4e55;MpKsl08ca4e55;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{851469d7-577a-405b-9694-a4c1ae4cc100}\MpKsl08ca4e55.sys [2011-5-13 28752]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-8-29 835208]
S1 MpKsl1531b411;MpKsl1531b411;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2de0921a-ed98-483a-8d83-5bbdaa514501}\mpksl1531b411.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2de0921a-ed98-483a-8d83-5bbdaa514501}\MpKsl1531b411.sys [?]
S1 MpKsl23df6499;MpKsl23df6499;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{798ac754-6459-4786-8bf7-d44dc7fe8fa2}\mpksl23df6499.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{798ac754-6459-4786-8bf7-d44dc7fe8fa2}\MpKsl23df6499.sys [?]
S1 MpKsl289b0c30;MpKsl289b0c30;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a743eaf-a068-4a66-90d6-fe58d68df6e4}\mpksl289b0c30.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a743eaf-a068-4a66-90d6-fe58d68df6e4}\MpKsl289b0c30.sys [?]
S1 MpKsl307b19e7;MpKsl307b19e7;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a743eaf-a068-4a66-90d6-fe58d68df6e4}\mpksl307b19e7.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{3a743eaf-a068-4a66-90d6-fe58d68df6e4}\MpKsl307b19e7.sys [?]
S1 MpKsl3b5d8253;MpKsl3b5d8253;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17fd86b9-aeeb-4439-8c1d-078662cb484e}\mpksl3b5d8253.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{17fd86b9-aeeb-4439-8c1d-078662cb484e}\MpKsl3b5d8253.sys [?]
S1 MpKsl7a8e2830;MpKsl7a8e2830;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410e19b3-6172-4a23-b405-4cb2c0d3350e}\mpksl7a8e2830.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{410e19b3-6172-4a23-b405-4cb2c0d3350e}\MpKsl7a8e2830.sys [?]
S1 MpKsl9f2bc96e;MpKsl9f2bc96e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa96e9a6-5e36-4290-8eef-a6b959ecf732}\mpksl9f2bc96e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa96e9a6-5e36-4290-8eef-a6b959ecf732}\MpKsl9f2bc96e.sys [?]
S1 MpKslb5732e6a;MpKslb5732e6a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04a27a74-f9bb-4c91-a47d-eb8b09b1ebaa}\mpkslb5732e6a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{04a27a74-f9bb-4c91-a47d-eb8b09b1ebaa}\MpKslb5732e6a.sys [?]
S1 MpKslb9279535;MpKslb9279535;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40fb014e-0579-4fe6-a07e-83bb4b841805}\mpkslb9279535.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{40fb014e-0579-4fe6-a07e-83bb4b841805}\MpKslb9279535.sys [?]
S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [2010-6-8 12552]
S3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2009-3-29 484352]
S3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2009-3-29 7680]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2011-4-14 103336]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-15 24652]
.
=============== Created Last 30 ================
.
2011-05-15 00:41:16 -------- d-----w- c:\documents and settings\sam hudson\application data\Malwarebytes
2011-05-15 00:40:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 00:40:52 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-15 00:40:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-15 00:40:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-13 17:01:02 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{851469d7-577a-405b-9694-a4c1ae4cc100}\MpKsl08ca4e55.sys
2011-05-10 17:30:01 7071056 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{851469d7-577a-405b-9694-a4c1ae4cc100}\mpengine.dll
2011-05-08 21:03:10 -------- d--h--w- C:\$AVG
2011-05-08 20:42:23 -------- d-----w- c:\documents and settings\sam hudson\application data\AVG10
2011-05-08 20:39:45 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2011-05-08 20:34:44 -------- d-----w- c:\documents and settings\all users\application data\AVG10
2011-05-08 20:33:17 -------- d-----w- c:\program files\AVG
2011-05-08 20:25:11 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2006-09-09 18:06:53 751167 ----a-w- c:\program files\sc11a.exe
2006-09-01 21:15:16 10849128 ----a-w- c:\program files\RhapsodyReal.exe
2006-09-01 21:10:52 2320897 ----a-w- c:\program files\qcd451.exe
2003-08-27 18:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 15:26:51.50 ===============

Attached Files



#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:29 AM

Posted 01 June 2011 - 01:26 PM

Hi-

Again, sorry for the delay.

GMER has identified an infection which needs to be removed.

First, please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.5.0_23.07.2010_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, copy in the contents of the TDSSKiller report and the ComboFix report. How is her computer running now?
Shannon

#5 y2rescue109

y2rescue109
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 01 June 2011 - 04:53 PM

TDSS
2011/06/01 16:30:40.0660 2856 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/01 16:30:40.0973 2856 ================================================================================
2011/06/01 16:30:41.0051 2856 SystemInfo:
2011/06/01 16:30:41.0051 2856
2011/06/01 16:30:41.0051 2856 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/01 16:30:41.0051 2856 Product type: Workstation
2011/06/01 16:30:41.0051 2856 ComputerName: SAMSLAPTOP
2011/06/01 16:30:41.0051 2856 UserName: Sam Hudson
2011/06/01 16:30:41.0051 2856 Windows directory: C:\WINDOWS
2011/06/01 16:30:41.0051 2856 System windows directory: C:\WINDOWS
2011/06/01 16:30:41.0051 2856 Processor architecture: Intel x86
2011/06/01 16:30:41.0051 2856 Number of processors: 1
2011/06/01 16:30:41.0051 2856 Page size: 0x1000
2011/06/01 16:30:41.0051 2856 Boot type: Normal boot
2011/06/01 16:30:41.0051 2856 ================================================================================
2011/06/01 16:30:43.0894 2856 Initialize success
2011/06/01 16:30:45.0910 3320 ================================================================================
2011/06/01 16:30:45.0910 3320 Scan started
2011/06/01 16:30:45.0910 3320 Mode: Manual;
2011/06/01 16:30:45.0910 3320 ================================================================================
2011/06/01 16:30:49.0269 3320 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/01 16:30:50.0004 3320 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/01 16:30:50.0488 3320 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/01 16:30:50.0863 3320 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/01 16:30:50.0926 3320 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/06/01 16:30:51.0066 3320 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/01 16:30:51.0223 3320 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/01 16:30:51.0457 3320 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/01 16:30:51.0598 3320 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/01 16:30:52.0035 3320 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/01 16:30:52.0207 3320 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/01 16:30:52.0301 3320 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/01 16:30:52.0332 3320 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/01 16:30:52.0519 3320 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/01 16:30:52.0629 3320 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/01 16:30:52.0691 3320 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/01 16:30:52.0738 3320 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/01 16:30:52.0785 3320 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/06/01 16:30:52.0816 3320 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/06/01 16:30:52.0894 3320 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/01 16:30:53.0051 3320 CDRPDACC (30b37c18e1725eb9f25039e9a1fb9b7e) C:\Program Files\Quintessential Media Player\cdrpdacc.sys
2011/06/01 16:30:53.0269 3320 cdudf_xp (66b9f9c62721f2347211c0c9bcce4e98) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2011/06/01 16:30:53.0379 3320 Cinemsup (f6a0f51706cb4b0d5b8718ff69f831ba) C:\WINDOWS\system32\drivers\Cinemsup.sys
2011/06/01 16:30:53.0457 3320 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/01 16:30:53.0535 3320 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/01 16:30:53.0676 3320 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/01 16:30:53.0723 3320 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/01 16:30:53.0754 3320 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/01 16:30:53.0785 3320 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/01 16:30:53.0894 3320 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/01 16:30:53.0926 3320 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/01 16:30:54.0082 3320 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/01 16:30:54.0113 3320 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/01 16:30:54.0160 3320 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/01 16:30:54.0191 3320 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/01 16:30:54.0285 3320 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/01 16:30:54.0363 3320 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/01 16:30:54.0379 3320 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/01 16:30:54.0441 3320 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/01 16:30:54.0504 3320 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/01 16:30:54.0535 3320 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/01 16:30:54.0598 3320 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/01 16:30:54.0769 3320 DVDVRRdr_xp (1d5eda9961b16b8e800639038d7492ad) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2011/06/01 16:30:55.0019 3320 dvd_2K (df112f6f01efedc21c9bc5ce822ce1d3) C:\WINDOWS\system32\drivers\dvd_2K.sys
2011/06/01 16:30:55.0098 3320 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/01 16:30:55.0160 3320 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/06/01 16:30:55.0269 3320 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/01 16:30:55.0316 3320 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/01 16:30:55.0348 3320 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/01 16:30:55.0379 3320 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/01 16:30:55.0426 3320 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/01 16:30:55.0473 3320 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/01 16:30:55.0519 3320 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/01 16:30:55.0707 3320 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/06/01 16:30:55.0754 3320 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/01 16:30:55.0801 3320 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/01 16:30:55.0879 3320 HDDirect (90043c178620fe4789f4dcea8177cded) C:\WINDOWS\system32\drivers\hddirect.sys
2011/06/01 16:30:55.0973 3320 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/01 16:30:56.0098 3320 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/01 16:30:56.0285 3320 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/01 16:30:56.0426 3320 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/01 16:30:56.0519 3320 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/01 16:30:56.0769 3320 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/01 16:30:57.0348 3320 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/01 16:30:57.0410 3320 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/01 16:30:57.0457 3320 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/01 16:30:57.0504 3320 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/01 16:30:57.0551 3320 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/01 16:30:57.0598 3320 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/01 16:30:57.0676 3320 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/01 16:30:57.0801 3320 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/01 16:30:57.0879 3320 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/06/01 16:30:57.0910 3320 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/01 16:30:57.0988 3320 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/01 16:30:58.0051 3320 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2011/06/01 16:30:58.0113 3320 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/01 16:30:58.0223 3320 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/06/01 16:30:58.0254 3320 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/06/01 16:30:58.0301 3320 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/01 16:30:58.0379 3320 mmc_2K (a52ed33515755e825d090a47793b773f) C:\WINDOWS\system32\drivers\mmc_2K.sys
2011/06/01 16:30:58.0426 3320 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/01 16:30:58.0488 3320 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/01 16:30:58.0676 3320 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/01 16:30:58.0707 3320 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/01 16:30:58.0785 3320 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/01 16:30:59.0066 3320 MpKsl08ca4e55 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{851469D7-577A-405B-9694-A4C1AE4CC100}\MpKsl08ca4e55.sys
2011/06/01 16:30:59.0691 3320 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/01 16:31:00.0332 3320 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/01 16:31:00.0426 3320 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/01 16:31:00.0504 3320 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/01 16:31:00.0660 3320 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/01 16:31:00.0957 3320 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/01 16:31:01.0129 3320 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/01 16:31:01.0269 3320 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/01 16:31:01.0504 3320 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/01 16:31:01.0629 3320 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/01 16:31:01.0801 3320 NCHSSVAD (0df9cc7b5cc173f545723f23e68fac93) C:\WINDOWS\system32\drivers\nchssvad.sys
2011/06/01 16:31:01.0973 3320 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/01 16:31:02.0191 3320 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/01 16:31:02.0254 3320 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/01 16:31:02.0348 3320 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/01 16:31:02.0457 3320 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/01 16:31:02.0598 3320 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/01 16:31:02.0676 3320 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/01 16:31:02.0707 3320 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/01 16:31:03.0066 3320 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/01 16:31:03.0113 3320 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/01 16:31:03.0176 3320 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/01 16:31:03.0348 3320 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/01 16:31:03.0394 3320 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/01 16:31:03.0582 3320 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/01 16:31:03.0660 3320 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/01 16:31:03.0754 3320 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/01 16:31:03.0785 3320 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/01 16:31:03.0816 3320 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/01 16:31:03.0848 3320 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/01 16:31:03.0910 3320 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/01 16:31:03.0973 3320 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/01 16:31:04.0223 3320 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/01 16:31:04.0269 3320 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/01 16:31:04.0348 3320 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/01 16:31:04.0879 3320 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/01 16:31:04.0957 3320 pwd_2k (62d29677f6a7f018c5d49119cea67de5) C:\WINDOWS\system32\drivers\pwd_2k.sys
2011/06/01 16:31:05.0035 3320 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/01 16:31:05.0269 3320 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/01 16:31:05.0332 3320 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/01 16:31:05.0457 3320 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/01 16:31:05.0519 3320 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/01 16:31:05.0582 3320 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/01 16:31:05.0598 3320 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/01 16:31:05.0660 3320 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/01 16:31:05.0707 3320 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/01 16:31:05.0769 3320 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/01 16:31:05.0894 3320 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/01 16:31:06.0035 3320 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/01 16:31:06.0098 3320 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/01 16:31:06.0269 3320 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/01 16:31:06.0332 3320 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/06/01 16:31:06.0379 3320 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/06/01 16:31:06.0410 3320 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/01 16:31:06.0519 3320 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/01 16:31:06.0582 3320 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/06/01 16:31:06.0676 3320 SPC620 (989f82c6124ad104326ee9ba36cbb94d) C:\WINDOWS\system32\drivers\SPC620.sys
2011/06/01 16:31:06.0816 3320 SPC620m (f4e08d4d9d62a67f6ce411c3d5cb59da) C:\WINDOWS\system32\drivers\SPC620m.sys
2011/06/01 16:31:06.0988 3320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/01 16:31:07.0035 3320 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/01 16:31:07.0129 3320 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/01 16:31:07.0223 3320 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/01 16:31:07.0254 3320 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/01 16:31:07.0301 3320 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/01 16:31:07.0504 3320 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/01 16:31:07.0598 3320 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/01 16:31:07.0723 3320 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2011/06/01 16:31:07.0801 3320 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/01 16:31:07.0941 3320 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/01 16:31:08.0019 3320 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/01 16:31:08.0113 3320 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/01 16:31:08.0207 3320 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2011/06/01 16:31:08.0285 3320 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/06/01 16:31:08.0348 3320 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/06/01 16:31:08.0379 3320 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/06/01 16:31:08.0457 3320 UDFReadr (fd0b16f8828f360390135031d8924ccd) C:\WINDOWS\system32\drivers\UDFReadr.sys
2011/06/01 16:31:08.0504 3320 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/01 16:31:08.0582 3320 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/01 16:31:08.0738 3320 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/01 16:31:08.0894 3320 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/01 16:31:08.0957 3320 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/01 16:31:09.0004 3320 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/01 16:31:09.0051 3320 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/01 16:31:09.0098 3320 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/01 16:31:09.0207 3320 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/01 16:31:09.0254 3320 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/01 16:31:09.0394 3320 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/01 16:31:09.0457 3320 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/01 16:31:09.0519 3320 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/01 16:31:09.0676 3320 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/06/01 16:31:09.0988 3320 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/01 16:31:10.0019 3320 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/06/01 16:31:10.0098 3320 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/01 16:31:10.0223 3320 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/06/01 16:31:10.0285 3320 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/01 16:31:10.0348 3320 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/01 16:31:10.0410 3320 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/01 16:31:10.0504 3320 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
2011/06/01 16:31:10.0660 3320 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR3
2011/06/01 16:31:10.0676 3320 ================================================================================
2011/06/01 16:31:10.0676 3320 Scan finished
2011/06/01 16:31:10.0676 3320 ================================================================================
2011/06/01 16:31:10.0691 3312 Detected object count: 0
2011/06/01 16:31:10.0691 3312 Actual detected object count: 0
2011/06/01 16:31:16.0519 2788 Deinitialize success


Combo Fix
ComboFix 11-06-01.04 - 06/01/2011 17:19:21.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.477 [GMT -4:00]
Running from: c:\documents and settings\Sam Hudson\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\HelpAssistant\WINDOWS
c:\documents and settings\Sam Hudson\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-05-01 to 2011-06-01 )))))))))))))))))))))))))))))))
.
.
2011-06-01 20:22 . 2011-06-01 20:22 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-23 05:56 . 2011-05-23 05:56 388096 ----a-r- c:\documents and settings\Guest\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 05:54 . 2011-05-23 05:54 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2011-05-23 05:54 . 2011-05-23 05:54 -------- d-----w- c:\documents and settings\Guest\Application Data\StumbleUpon
2011-05-23 05:53 . 2011-05-23 05:53 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Eastman_Kodak_Company
2011-05-23 05:53 . 2011-05-23 05:53 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Eastman Kodak Company
2011-05-15 00:46 . 2011-05-15 00:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-15 00:41 . 2011-05-15 00:41 -------- d-----w- c:\documents and settings\Sam Hudson\Application Data\Malwarebytes
2011-05-15 00:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 00:40 . 2011-05-15 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-15 00:40 . 2011-05-15 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-15 00:40 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-13 17:01 . 2011-05-13 17:01 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{851469D7-577A-405B-9694-A4C1AE4CC100}\MpKsl08ca4e55.sys
2011-05-10 17:30 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{851469D7-577A-405B-9694-A4C1AE4CC100}\mpengine.dll
2011-05-08 21:03 . 2011-05-08 21:03 -------- d-----w- C:\$AVG
2011-05-08 20:42 . 2011-05-08 20:42 -------- d-----w- c:\documents and settings\Sam Hudson\Application Data\AVG10
2011-05-08 20:39 . 2011-05-08 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-05-08 20:34 . 2011-05-15 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-05-08 20:33 . 2011-05-08 20:33 -------- d-----w- c:\program files\AVG
2011-05-08 20:25 . 2011-05-15 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-11 07:04 . 2010-06-05 14:32 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2006-02-15 15:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2006-02-15 14:04 420864 ----a-w- c:\windows\system32\vbscript.dll
2006-09-09 18:06 . 2006-09-09 18:06 751167 ----a-w- c:\program files\sc11a.exe
2006-09-01 21:15 . 2006-09-01 21:15 10849128 ----a-w- c:\program files\RhapsodyReal.exe
2006-09-01 21:10 . 2006-09-01 21:10 2320897 ----a-w- c:\program files\qcd451.exe
2003-08-27 18:19 . 2006-10-14 19:06 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
<pre>
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\DLA\dlactrlw .exe
c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PqDTgJOxvviAety"="c:\documents and settings\All Users\Application Data\PqDTgJOxvviAety.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPro620.lnk - c:\windows\VPro620.exe [2009-3-29 61440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDDirect.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sam Hudson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Sam Hudson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-08-18 17:28 50776 ----a-w- c:\program files\America Online 9.0\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
c:\program files\Lexmark Z2400 Series\ezprint.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1140083713\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-05-16 16:58 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
c:\program files\Lexmark X1100 Series\lxbkbmgr.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdqmon.exe]
c:\program files\Lexmark Z2400 Series\lxdqmon.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-03-09 01:13 1695744 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02 352256 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-23 15:59 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56590:TCP"= 56590:TCP:PandoRest Listening Port
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3378:TCP"= 3378:TCP:Services
"5256:TCP"= 5256:TCP:Services
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
"7942:TCP"= 7942:TCP:Services
"7943:TCP"= 7943:TCP:Services
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R1 MpKsl08ca4e55;MpKsl08ca4e55;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{851469D7-577A-405B-9694-A4C1AE4CC100}\MpKsl08ca4e55.sys [5/13/2011 1:01 PM 28752]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 6:18 PM 308656]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/29/2008 5:29 PM 835208]
S1 MpKsl1531b411;MpKsl1531b411;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DE0921A-ED98-483A-8D83-5BBDAA514501}\MpKsl1531b411.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DE0921A-ED98-483A-8D83-5BBDAA514501}\MpKsl1531b411.sys [?]
S1 MpKsl23df6499;MpKsl23df6499;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{798AC754-6459-4786-8BF7-D44DC7FE8FA2}\MpKsl23df6499.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{798AC754-6459-4786-8BF7-D44DC7FE8FA2}\MpKsl23df6499.sys [?]
S1 MpKsl289b0c30;MpKsl289b0c30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A743EAF-A068-4A66-90D6-FE58D68DF6E4}\MpKsl289b0c30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A743EAF-A068-4A66-90D6-FE58D68DF6E4}\MpKsl289b0c30.sys [?]
S1 MpKsl307b19e7;MpKsl307b19e7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A743EAF-A068-4A66-90D6-FE58D68DF6E4}\MpKsl307b19e7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A743EAF-A068-4A66-90D6-FE58D68DF6E4}\MpKsl307b19e7.sys [?]
S1 MpKsl3b5d8253;MpKsl3b5d8253;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17FD86B9-AEEB-4439-8C1D-078662CB484E}\MpKsl3b5d8253.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17FD86B9-AEEB-4439-8C1D-078662CB484E}\MpKsl3b5d8253.sys [?]
S1 MpKsl7a8e2830;MpKsl7a8e2830;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410E19B3-6172-4A23-B405-4CB2C0D3350E}\MpKsl7a8e2830.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410E19B3-6172-4A23-B405-4CB2C0D3350E}\MpKsl7a8e2830.sys [?]
S1 MpKsl9f2bc96e;MpKsl9f2bc96e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA96E9A6-5E36-4290-8EEF-A6B959ECF732}\MpKsl9f2bc96e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA96E9A6-5E36-4290-8EEF-A6B959ECF732}\MpKsl9f2bc96e.sys [?]
S1 MpKslb5732e6a;MpKslb5732e6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04A27A74-F9BB-4C91-A47D-EB8B09B1EBAA}\MpKslb5732e6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04A27A74-F9BB-4C91-A47D-EB8B09B1EBAA}\MpKslb5732e6a.sys [?]
S1 MpKslb9279535;MpKslb9279535;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40FB014E-0579-4FE6-A07E-83BB4B841805}\MpKslb9279535.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40FB014E-0579-4FE6-A07E-83BB4B841805}\MpKslb9279535.sys [?]
S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [6/8/2010 12:14 PM 12552]
S3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [3/29/2009 7:25 PM 484352]
S3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [3/29/2009 7:25 PM 7680]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [4/14/2011 6:47 PM 103336]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 6:21 PM 24652]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 36146633
*Deregistered* - 36146633
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-06-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-06-01 c:\windows\Tasks\User_Feed_Synchronization-{D0CEAADB-8909-4FAF-B2B3-0FEC0457C4DB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B1DE73F6-C143-464F-B020-7943C1DFED38}: NameServer = 93.188.163.132,93.188.166.139
TCP: Interfaces\{B6B3EE06-8E42-484C-BC25-24BBC0AA02F9}: NameServer = 93.188.163.132,93.188.166.139
DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} - hxxp://cached.gamedesire.com/g_bin/eng/navy_2_0_0_33.cab
DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} - hxxp://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://67.15.101.33/g_bin/eng/words_2_0_0_51.cab
DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} - hxxp://67.15.101.33/g_bin/eng/wordssingle_2_0_0_48.cab
DPF: {C50359F3-4CFF-4BB4-962C-1006D46706B3} - hxxp://70.63.237.58/APOLancamCtrl.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam1.pgharts.org/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Sam Hudson\Application Data\Mozilla\Firefox\Profiles\k70ft82s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.martina-mcbride.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Sam Hudson\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - c:\program files\Qualcomm\Eudora\EuShlExt.dll
SafeBoot-HDDirect
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-01 17:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-01 17:32:54
ComboFix-quarantined-files.txt 2011-06-01 21:32
.
Pre-Run: 32,346,992,640 bytes free
Post-Run: 32,873,754,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2DF1490B0104C0FFF3EA1BEFB8A6C9F5

#6 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:29 AM

Posted 01 June 2011 - 08:45 PM

Hi-

Thanks for the logs. They made a start on cleaning up her computer.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time - AVG Anti-Virus Free Edition 2011 & Microsoft Security Essentials. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as products fight for access to files which are being opened since they need to be checked for viruses. In general terms, the programs may conflict and cause:
False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to multiple products attempting to access the same file at the same time.
Therefore, please go to add/remove programs in the control panel and remove all anti-virus programs but one.

Please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it.
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.

Next, we need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your reply, copy in the contents of the MBRCheck and the two OTL reports. How is her computer doing?
Shannon

#7 y2rescue109

y2rescue109
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 01 June 2011 - 09:13 PM

i dont see avg 2011 but it says it's running how do i disable it

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:29 AM

Posted 02 June 2011 - 06:58 AM

Open the AVG 2011 Control Center, by right-clicking on the AVG icon on task bar.

  • Click on Open AVG User Interface.
  • On the Menu Bar, click on Tools, then click Advanced Settings.
  • In the screen which opens, scroll down to Temporarily disable AVG protection.
  • Click on it to highlight and in the right hand pane, check the box for Temporarily disable AVG protection.
  • Click Apply.
  • In the next screen which opens, select 15 minutes from the drop down menu, then click the Disable real time protection button and click OK.
  • To re-enable, just check Enable on the main GUI interface. You may also need to click Fix (enable becomes Fix if all components do not start).
AVG FAQ 3857: Disabling AVG 2011 temporarily
AVG FAQ 3902: Disabling Specific AVG components
Shannon

#9 y2rescue109

y2rescue109
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 June 2011 - 11:32 AM

there is no icon on taskbar

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:29 AM

Posted 02 June 2011 - 11:38 AM

Go ahead and run them without disabling AVG 2011.
Shannon

#11 y2rescue109

y2rescue109
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 June 2011 - 12:04 PM

ok

#12 y2rescue109

y2rescue109
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 June 2011 - 12:30 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 161):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7D3E000 \WINDOWS\system32\KDCOM.DLL
0xF7C4E000 \WINDOWS\system32\BOOTVID.dll
0xF77EF000 ACPI.sys
0xF7D40000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF77DE000 pci.sys
0xF783E000 isapnp.sys
0xF784E000 ohci1394.sys
0xF785E000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7C52000 compbatt.sys
0xF7C56000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7E06000 pciide.sys
0xF7ABE000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF77C0000 pcmcia.sys
0xF786E000 MountMgr.sys
0xF77A1000 ftdisk.sys
0xF7D42000 dmload.sys
0xF777B000 dmio.sys
0xF7C5A000 ACPIEC.sys
0xF7E07000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7AC6000 PartMgr.sys
0xF787E000 VolSnap.sys
0xF7763000 atapi.sys
0xF7731000 KR10N.sys
0xF7719000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xF788E000 disk.sys
0xF789E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF76F9000 fltmgr.sys
0xF76E7000 sr.sys
0xF76D1000 DRVMCDB.SYS
0xF78AE000 PxHelp20.sys
0xF76BA000 KSecDD.sys
0xF76A7000 WudfPf.sys
0xF761A000 Ntfs.sys
0xF75ED000 NDIS.sys
0xF75D3000 Mup.sys
0xF78DE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7D0E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF742F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF741B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF73F3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7296000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF7BD6000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7272000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7BDE000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF724A000 \SystemRoot\system32\drivers\tifm21.sys
0xF7236000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF720E000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF78EE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7BE6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF71DF000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7D78000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7BEE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF78FE000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7BF6000 \SystemRoot\system32\drivers\Afc.sys
0xF7BFE000 \SystemRoot\system32\drivers\iviaspi.sys
0xF7D12000 \SystemRoot\system32\drivers\pfc.sys
0xF7D7A000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF790E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF791E000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF71BC000 \SystemRoot\system32\DRIVERS\ks.sys
0xF719F000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF7C06000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF792E000 \SystemRoot\system32\drivers\nchssvad.sys
0xF717B000 \SystemRoot\system32\drivers\portcls.sys
0xF793E000 \SystemRoot\system32\drivers\drmk.sys
0xF7EF5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7A3E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7D36000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7164000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7A4E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7A5E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7B36000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7153000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7A6E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7B3E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7B46000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7B4E000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF7123000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7A7E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7D82000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6FFD000 \SystemRoot\system32\DRIVERS\update.sys
0xF758E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF758A000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
0xF7D84000 \SystemRoot\system32\DRIVERS\NBSMI.sys
0xF7B56000 \SystemRoot\System32\Drivers\dvd_2K.SYS
0xF7A8E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA3B3000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF7AAE000 \SystemRoot\system32\DRIVERS\Tvs.sys
0xF7B6E000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
0xF7B7E000 \SystemRoot\system32\DRIVERS\wowhd_kern_i386.sys
0xF78CE000 \SystemRoot\system32\DRIVERS\csiidecoder_kern_i386.sys
0xAA2A0000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7B86000 \SystemRoot\System32\Drivers\Modem.SYS
0xF796E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7EAE000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7EAF000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7E00000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7EB0000 \SystemRoot\System32\Drivers\Null.SYS
0xF7E02000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7BCE000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7C0E000 \SystemRoot\System32\drivers\vga.sys
0xF7E04000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D46000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAA1E9000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xAA1B4000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xAA189000 \SystemRoot\System32\Drivers\meiudf.sys
0xAA178000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF7C16000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7C26000 \SystemRoot\System32\Drivers\Npfs.SYS
0xAA146000 \SystemRoot\System32\Drivers\UDFReadr.SYS
0xAA275000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA0F9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA0A0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA078000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA056000 \SystemRoot\System32\drivers\afd.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA02B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FBB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7C1E000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{851469D7-577A-405B-9694-A4C1AE4CC100}\MpKsl08ca4e55.sys
0xF79BE000 \SystemRoot\System32\Drivers\Fips.SYS
0xF79CE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7C3E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7C36000 \SystemRoot\System32\Drivers\Cinemsup.SYS
0xA9ECF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA9EB7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7D4E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6FE9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AEE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7F8E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBF159000 \SystemRoot\System32\ATMFD.DLL
0xF799E000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7E64000 \SystemRoot\System32\DLA\DLADResN.SYS
0xA9D61000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA9EAF000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7D62000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF7B0E000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA9D49000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA9D33000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xF7B1E000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xA9CAF000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA9C83000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9A0E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7D8E000 \??\C:\Program Files\Quintessential Media Player\cdrpdacc.sys
0xA98DD000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7DDE000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0xA97BD000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9348000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9BD3000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7DBC000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xA9CFB000 \??\C:\DOCUME~1\SAMHUD~1\LOCALS~1\Temp\catchme.sys
0xA8F94000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xA8AE2000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):
0 System Idle Process
4 System
784 C:\WINDOWS\system32\smss.exe
864 csrss.exe
888 C:\WINDOWS\system32\winlogon.exe
932 C:\WINDOWS\system32\services.exe
944 C:\WINDOWS\system32\lsass.exe
1116 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1252 C:\WINDOWS\system32\svchost.exe
1300 C:\WINDOWS\system32\svchost.exe
1440 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1496 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1564 svchost.exe
1664 svchost.exe
1908 C:\WINDOWS\system32\spoolsv.exe
1980 svchost.exe
2024 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
2036 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
112 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
160 C:\WINDOWS\system32\DVDRAMSV.exe
252 C:\Program Files\Java\jre6\bin\jqs.exe
268 C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
296 C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
820 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
1324 svchost.exe
1532 C:\WINDOWS\system32\svchost.exe
1644 C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
1804 mcrdsvc.exe
2812 wmiprvse.exe
3328 C:\WINDOWS\system32\wscntfy.exe
3800 C:\WINDOWS\ehome\ehtray.exe
3840 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
3860 C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
3904 C:\WINDOWS\system32\ctfmon.exe
3924 C:\WINDOWS\ehome\ehmsas.exe
2468 C:\Program Files\iPod\bin\iPodService.exe
3980 C:\WINDOWS\explorer.exe
368 C:\Program Files\Skype\Phone\Skype.exe
3976 C:\WINDOWS\system32\msiexec.exe
1472 C:\Documents and Settings\Sam Hudson\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541010G9SA00, Rev: MBZOC60R

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528


OTL logfile created on: 6/2/2011 1:15:30 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sam Hudson\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 467.48 Mb Available Physical Memory | 46.10% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 30.84 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
Drive D: | 4.40 Gb Total Space | 0.94 Gb Free Space | 21.38% Space Free | Partition Type: CDUDF
Drive E: | 1.86 Gb Total Space | 0.33 Gb Free Space | 17.98% Space Free | Partition Type: FAT

Computer Name: SAMSLAPTOP | User Name: Sam Hudson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 13:13:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam Hudson\Desktop\OTL.exe
PRC - [2010/09/13 18:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/09/02 09:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/08/29 17:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 13:13:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam Hudson\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/14 18:47:38 | 000,103,336 | ---- | M] (stumbleupon.com) [On_Demand | Stopped] -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService)
SRV - [2010/09/13 18:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/08/29 17:29:14 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/12 21:14:42 | 000,040,960 | -H-- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 04:33:00 | 000,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKsl08ca4e55)
DRV - [2010/06/08 12:14:24 | 000,012,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hddirect.sys -- (HDDirect)
DRV - [2008/07/23 10:47:38 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/02/11 13:15:15 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/09/28 16:09:04 | 000,007,680 | ---- | M] (Philips ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC620m.sys -- (SPC620m)
DRV - [2007/09/28 16:09:00 | 000,484,352 | ---- | M] (Philips ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPC620.sys -- (SPC620)
DRV - [2007/01/25 16:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)
DRV - [2006/10/04 22:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 22:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/12/09 20:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/04 13:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 14:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 15:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 13:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 19:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 07:33:00 | 000,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/03/08 21:15:10 | 000,291,456 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2005/03/08 21:14:44 | 000,024,064 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2005/03/08 21:05:30 | 000,141,184 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2005/03/08 20:54:48 | 000,202,496 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2005/03/08 20:53:56 | 000,023,808 | ---- | M] (Sonic Solutions) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2005/03/08 20:38:32 | 000,117,760 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/12 04:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup)
DRV - [2003/09/19 05:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart

IE - HKU\S-1-5-21-409547854-78933279-2522397900-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKU\S-1-5-21-409547854-78933279-2522397900-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-409547854-78933279-2522397900-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-409547854-78933279-2522397900-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 17:14:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 17:14:00 | 000,000,000 | ---D | M]

[2011/04/12 13:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sam Hudson\Application Data\Mozilla\Extensions
[2011/04/12 13:06:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sam Hudson\Application Data\Mozilla\Extensions\MediaCoder
[2011/05/30 01:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sam Hudson\Application Data\Mozilla\Firefox\Profiles\k70ft82s.default\extensions
[2010/07/16 18:52:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sam Hudson\Application Data\Mozilla\Firefox\Profiles\k70ft82s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/16 18:52:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Sam Hudson\Application Data\Mozilla\Firefox\Profiles\k70ft82s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/30 01:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/23 11:58:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/03 23:04:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/03 23:03:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/25 15:41:28 | 000,120,296 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npganymedenet.dll

O1 HOSTS File: ([2010/05/04 16:21:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-409547854-78933279-2522397900-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-409547854-78933279-2522397900-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-21-409547854-78933279-2522397900-1005..\Run: [PqDTgJOxvviAety] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPro620.lnk = C:\WINDOWS\VPro620.exe (Philips)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-409547854-78933279-2522397900-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-409547854-78933279-2522397900-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-409547854-78933279-2522397900-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-409547854-78933279-2522397900-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-409547854-78933279-2522397900-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} http://67.15.101.33/g_bin/eng/cards_2_0_0_77.cab (GameDesire Card Games)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo1.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} http://67.15.101.33/g_bin/eng/boards_2_0_0_35.cab (Ganymede Board Games)
O16 - DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} http://cached.gamedesire.com/g_bin/eng/navy_2_0_0_33.cab (GameDesire Sea Battle)
O16 - DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} http://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab (GameDesire Sea Battle)
O16 - DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} http://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab (Google Gadget Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} http://www.homesteadhotels.com/minisite/accommodations/surround/MSSurVid.cab (SurroundVideoCtrl Object)
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} http://67.15.101.33/g_bin/eng/words_2_0_0_51.cab (GameDesire Word Games)
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} http://67.15.101.33/g_bin/eng/wordssingle_2_0_0_48.cab (GameDesire 1Player Word Games)
O16 - DPF: {C50359F3-4CFF-4BB4-962C-1006D46706B3} http://70.63.237.58/APOLancamCtrl.CAB (APOLancam Class)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.com/players/play365.cab (Live365Player Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://webcam1.pgharts.org/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 11:38:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-409547854-78933279-2522397900-1005..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-409547854-78933279-2522397900-1005\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 13:13:21 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sam Hudson\Desktop\OTL.exe
[2011/06/01 19:54:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\PCHealth
[2011/06/01 17:17:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/01 16:33:31 | 004,109,727 | R--- | C] (Swearware) -- C:\Documents and Settings\Sam Hudson\Desktop\ComboFix.exe
[2011/06/01 16:22:26 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/06/01 16:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\Desktop\tdsskiller
[2011/05/31 15:25:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam Hudson\Start Menu\Programs\Administrative Tools
[2011/05/31 15:24:55 | 000,606,738 | R--- | C] (Swearware) -- C:\Documents and Settings\Sam Hudson\Desktop\dds.scr
[2011/05/14 21:50:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sam Hudson\Recent
[2011/05/14 20:41:41 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sam Hudson\My Documents\mbam-setup-1.50.1.1100.exe
[2011/05/14 20:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\Application Data\Malwarebytes
[2011/05/14 20:40:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/14 20:40:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/14 20:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/14 20:40:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/14 20:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/14 19:28:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\Start Menu\Programs\Windows XP Recovery
[2011/05/13 16:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\Desktop\New Folder (2)
[2011/05/13 15:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\Desktop\New Folder (9)
[2011/05/13 15:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\Desktop\New Folder
[2011/05/12 14:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\My Documents\BookSmartData
[2011/05/08 17:03:10 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/05/08 16:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sam Hudson\Application Data\AVG10
[2011/05/08 16:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/08 16:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/08 16:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/08 16:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/10/14 15:06:48 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[2006/02/15 12:25:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[5 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 13:13:23 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sam Hudson\Desktop\OTL.exe
[2011/06/02 13:09:51 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\MBRCheck.exe
[2011/06/02 13:09:26 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/02 10:09:30 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D0CEAADB-8909-4FAF-B2B3-0FEC0457C4DB}.job
[2011/06/01 17:17:40 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/01 16:33:45 | 004,109,727 | R--- | M] (Swearware) -- C:\Documents and Settings\Sam Hudson\Desktop\ComboFix.exe
[2011/06/01 16:29:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/01 16:29:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 16:18:31 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\tdsskiller.zip
[2011/05/31 18:19:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/31 15:32:21 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\fin0e34k.exe
[2011/05/31 15:29:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\defogger_reenable
[2011/05/31 15:29:17 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\Defogger.exe
[2011/05/31 15:24:56 | 000,606,738 | R--- | M] (Swearware) -- C:\Documents and Settings\Sam Hudson\Desktop\dds.scr
[2011/05/21 20:43:38 | 000,051,401 | ---- | M] () -- C:\VETlog.dmp
[2011/05/14 20:46:45 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/14 20:32:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Sam Hudson\My Documents\mbam-setup-1.50.1.1100.exe
[2011/05/14 19:37:26 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17424164r
[2011/05/14 19:37:26 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~17424164
[2011/05/14 19:36:07 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17424164
[2011/05/14 19:29:16 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\Windows XP Recovery.lnk
[2011/05/14 18:27:22 | 000,025,242 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\untitled.JPG
[2011/05/14 18:15:24 | 000,042,490 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\a20792912488bf23ba1d64_m.jpg
[2011/05/13 16:14:30 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/11 17:25:37 | 000,166,954 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\IMG_1181l.JPG
[2011/05/11 17:23:22 | 000,167,261 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\IMG_1166l.JPG
[2011/05/11 17:19:04 | 000,136,654 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\IMG_1200l.JPG
[2011/05/11 15:07:59 | 000,041,823 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\bird.jpg
[2011/05/10 18:39:22 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\Microsoft Office OneNote 2007.lnk
[2011/05/10 14:46:14 | 000,046,554 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\Desktop\sacrehearthcfyi.jpg
[2011/05/08 16:13:14 | 000,014,574 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\23632tqd15c66kbesf6gf6o1531yloq3la6gi1ul1ms60n2
[2011/05/08 16:13:13 | 000,014,574 | -HS- | M] () -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\23632tqd15c66kbesf6gf6o1531yloq3la6gi1ul1ms60n2
[2011/05/06 16:25:57 | 000,335,858 | ---- | M] () -- C:\Documents and Settings\Sam Hudson\My Documents\bookmark.htm
[2011/05/04 11:36:30 | 000,870,128 | ---- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/05/04 11:36:30 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\31EC20
[5 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 13:09:51 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\MBRCheck.exe
[2011/06/01 17:22:43 | 000,001,357 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPro620.lnk
[2011/06/01 17:22:27 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
[2011/06/01 17:22:27 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/06/01 17:22:27 | 000,001,994 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/06/01 17:22:27 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio Easy Media Creator Home.lnk
[2011/06/01 17:22:27 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/06/01 17:22:27 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/01 17:22:27 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Recovery Disc Creator (Express Media Player).lnk
[2011/06/01 17:22:27 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/06/01 17:22:26 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/06/01 17:22:26 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/01 17:22:26 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/01 17:22:26 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2011/06/01 17:22:26 | 000,001,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2011/06/01 17:22:26 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/01 17:22:26 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2011/06/01 17:22:26 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity.lnk
[2011/06/01 17:22:25 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/06/01 17:22:25 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/06/01 17:22:25 | 000,001,703 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.lnk
[2011/06/01 17:22:25 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLounge.lnk
[2011/06/01 17:22:25 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2011/06/01 17:22:25 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Quintessential Media Player.lnk
[2011/06/01 17:22:25 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/01 17:22:25 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Quintessential Player.lnk
[2011/06/01 17:22:25 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Poladroid 9.6.0.lnk
[2011/06/01 17:22:25 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Poladroid 0.9.6r0.lnk
[2011/06/01 17:22:25 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SoundTap.lnk
[2011/06/01 17:22:25 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2011/06/01 17:22:25 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Rhapsody.lnk
[2011/06/01 17:22:25 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Rhapsody.lnk
[2011/06/01 17:22:25 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/01 17:22:24 | 000,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Corel Paint Shop Pro X.lnk
[2011/06/01 17:22:24 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 17:22:24 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL.lnk
[2011/06/01 17:22:24 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picaboo X.lnk
[2011/06/01 17:17:40 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/06/01 17:17:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/01 16:18:31 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\tdsskiller.zip
[2011/05/31 15:32:18 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\fin0e34k.exe
[2011/05/31 15:29:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\defogger_reenable
[2011/05/31 15:29:16 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\Defogger.exe
[2011/05/14 19:37:26 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17424164r
[2011/05/14 19:36:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~17424164
[2011/05/14 19:29:16 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\Windows XP Recovery.lnk
[2011/05/14 19:26:25 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17424164
[2011/05/14 18:27:22 | 000,025,242 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\untitled.JPG
[2011/05/14 18:16:02 | 000,042,490 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\a20792912488bf23ba1d64_m.jpg
[2011/05/11 17:25:37 | 000,166,954 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\IMG_1181l.JPG
[2011/05/11 17:23:22 | 000,167,261 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\IMG_1166l.JPG
[2011/05/11 17:17:41 | 000,136,654 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\IMG_1200l.JPG
[2011/05/11 15:08:10 | 000,041,823 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\bird.jpg
[2011/05/10 14:48:24 | 000,046,554 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Desktop\sacrehearthcfyi.jpg
[2011/05/06 16:25:35 | 000,335,858 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\My Documents\bookmark.htm
[2011/05/02 13:23:09 | 000,014,574 | -HS- | C] () -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\23632tqd15c66kbesf6gf6o1531yloq3la6gi1ul1ms60n2
[2011/05/02 13:23:09 | 000,014,574 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\23632tqd15c66kbesf6gf6o1531yloq3la6gi1ul1ms60n2
[2011/03/05 11:09:45 | 000,000,518 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\Poladroid prefs.plist
[2010/06/08 12:14:18 | 000,012,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hddirect.sys
[2010/05/18 14:51:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/05/17 12:47:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\filter
[2010/05/17 12:47:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/05/17 12:44:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/05/17 12:44:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\deskjet
[2010/05/04 15:50:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/04 15:50:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/04 15:50:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/04 15:50:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/04 15:50:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/09 15:26:55 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2009/10/05 19:30:19 | 000,056,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/10 12:18:36 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/02/14 15:25:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/12/20 20:04:20 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2008/05/07 11:37:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\imageCache8_UNI.db
[2008/02/20 16:38:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\proc-322085784.bin
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/11/08 18:35:06 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/07/04 14:47:24 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/06/15 12:51:09 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\WavCodec.wff
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/03/07 20:26:18 | 000,000,018 | ---- | C] () -- C:\WINDOWS\EPSTRYTL.ini
[2007/03/03 19:59:26 | 004,103,032 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/02/12 22:04:14 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/02/12 22:04:14 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/02/12 22:04:14 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/02/12 22:04:14 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/02/12 22:04:14 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/02/12 22:04:14 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/02/12 22:04:14 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/02/12 22:04:14 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/02/12 22:04:14 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/02/12 22:04:14 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/02/12 22:04:14 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/02/12 22:04:14 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/02/12 22:04:14 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/02/12 22:04:14 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/02/12 22:04:14 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/02/12 22:04:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/02/12 22:02:47 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007/02/12 22:01:25 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX580.ini
[2007/01/27 21:14:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/11/10 18:56:37 | 000,372,156 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\imageCache7.db
[2006/11/09 04:13:25 | 000,002,583 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/01 15:41:43 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/10/27 17:38:35 | 000,000,070 | ---- | C] () -- C:\WINDOWS\mmpoly.ini
[2006/10/15 19:44:26 | 000,008,384 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\audioCache8_UNI.db
[2006/10/10 19:42:31 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/09/21 19:07:00 | 000,004,314 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/14 14:23:19 | 000,000,129 | ---- | C] () -- C:\WINDOWS\promp3recorder.ini
[2006/09/10 18:34:31 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/09 14:11:59 | 000,000,187 | ---- | C] () -- C:\WINDOWS\sc.INI
[2006/09/09 14:06:44 | 000,751,167 | ---- | C] () -- C:\Program Files\sc11a.exe
[2006/09/04 14:23:15 | 000,000,267 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/09/04 11:39:07 | 000,017,606 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Application Data\wklnhst.dat
[2006/09/03 22:14:21 | 000,000,900 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/01 17:15:15 | 010,849,128 | ---- | C] () -- C:\Program Files\RhapsodyReal.exe
[2006/09/01 17:10:52 | 002,320,897 | ---- | C] () -- C:\Program Files\qcd451.exe
[2006/09/01 14:50:40 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Sam Hudson\Local Settings\Application Data\fusioncache.dat
[2006/05/23 03:38:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/23 03:36:17 | 000,004,528 | R--- | C] () -- C:\WINDOWS\System32\SETBROWS.EXE
[2006/02/25 03:02:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/02/25 00:28:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/16 11:07:58 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/02/16 05:55:04 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/16 05:50:52 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/16 05:25:21 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/16 05:25:21 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/16 05:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/16 05:25:21 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/16 05:25:21 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/16 05:25:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/15 12:41:53 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 12:41:53 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 12:40:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/15 12:28:50 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/15 12:28:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/15 12:28:50 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/15 12:28:50 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/15 12:25:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/15 12:21:55 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/02/15 12:21:55 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/02/15 12:21:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/15 12:21:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/15 11:44:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/15 11:41:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/15 11:35:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/15 11:34:07 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/15 10:09:00 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/15 10:03:52 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/15 10:03:40 | 000,446,386 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/15 10:03:40 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/15 10:03:40 | 000,073,426 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/15 10:03:40 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/15 10:03:34 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/15 10:03:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/15 10:03:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/15 10:03:06 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/15 10:03:05 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/15 10:02:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/15 10:02:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/15 03:30:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/15 03:29:32 | 000,248,696 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/02 18:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 19:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 18:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/23 01:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/02/28 15:17:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\besch.exe
[2004/11/30 04:10:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/07/20 21:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 22:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/12/19 02:00:00 | 000,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


OTL Extras logfile created on: 6/2/2011 1:15:30 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Sam Hudson\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 467.48 Mb Available Physical Memory | 46.10% Memory free
2.38 Gb Paging File | 2.00 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.91 Gb Total Space | 30.84 Gb Free Space | 33.19% Space Free | Partition Type: NTFS
Drive D: | 4.40 Gb Total Space | 0.94 Gb Free Space | 21.38% Space Free | Partition Type: CDUDF
Drive E: | 1.86 Gb Total Space | 0.33 Gb Free Space | 17.98% Space Free | Partition Type: FAT

Computer Name: SAMSLAPTOP | User Name: Sam Hudson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-409547854-78933279-2522397900-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3378:TCP" = 3378:TCP:*:Enabled:Services
"5256:TCP" = 5256:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Disabled:Remote Desktop
"7942:TCP" = 7942:TCP:*:Enabled:Services
"7943:TCP" = 7943:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"56590:TCP" = 56590:TCP:*:Enabled:PandoRest Listening Port
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"3378:TCP" = 3378:TCP:*:Enabled:Services
"5256:TCP" = 5256:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Disabled:Remote Desktop
"7942:TCP" = 7942:TCP:*:Enabled:Services
"7943:TCP" = 7943:TCP:*:Enabled:Services
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Abacast\Abaclient.exe" = C:\Program Files\Abacast\Abaclient.exe:*:Enabled:Abaclient -- (Abacast, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\1140083713\EE\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe" = C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:*:Enabled:PandoRest Application Name -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{06283453-7826-2168-5324-689421793582}" = MessengerData WMP Plugin
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{42CDB923-629E-469F-819D-D23252624D2A}" = Epson StoryTeller Publisher
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47BE6EC4-32A5-43BC-B6CD-839101374334}" = Philips SPC620NC Webcam
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5CA6F170-E18D-4B4C-8670-3ED096478C41}" = Philips SPC620NC Webcam
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F724CE-C4AE-637C-B7B3-096DD5008B76}" = Picaboo X
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BE3F89C0-42D5-11D5-A40A-00105AC8331A}" = Metamail (Toshiba Registration Utility)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0CFDC72-63D2-4086-A54F-1514494394A0}" = Hercules DualPix HD Webcam
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"5FEE3C222325A264A4ADFAFE92FBE33C1BC7586F" = Windows Driver Package - Philips USB (09/28/2007 1.61.1.5790)
"7-Zip" = 7-Zip 4.65
"Abacast Client" = Abacast Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"AMIP_QCD" = AMIP for QCD 4 (remove only)
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"Audacity_is1" = Audacity 1.2.4
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BeeThink MusicHandle 3.2 (MP3,WMA,OGG,WAV Converter)_is1" = BeeThink MusicHandle 3.2
"Bejeweled 2 Deluxe 1.1" = Bejeweled 2 Deluxe 1.1
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"BookSmart™ 1.9.5 1.9.5" = BookSmart™ 1.9.5 1.9.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"E282DC1D6894F97E03EDDD547CB2781C096540CD" = Windows Driver Package - Philips (SPC620) Image (09/28/2007 1.61.1.5790)
"ESPNMotion" = ESPNMotion
"FLAC" = FLAC 1.2.1b (remove only)
"GameDesire-Boards" = GameDesire-Boards
"GameDesire-Pool & Snooker" = GameDesire-Pool & Snooker
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InterActual Player" = InterActual Player
"JDDExpPrint" = Explorer Print Context Menu (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Quintessential Media Player" = Quintessential Media Player
"Quintessential Player" = Quintessential Player
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SoundTap" = SoundTap Streaming Audio Recorder
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ToolBox" = NCH Toolbox
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TOSHIBA TV Tuner" = TOSHIBA TV Tuner 4.0.12.73
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WavePad" = WavePad Uninstall
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-409547854-78933279-2522397900-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2011 3:13:41 PM | Computer Name = SAMSLAPTOP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(KodakESP7200+0331._pdl-datastream._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 5/31/2011 3:13:41 PM | Computer Name = SAMSLAPTOP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(KodakESP7200+0331._scanner._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 5/31/2011 3:13:41 PM | Computer Name = SAMSLAPTOP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(KodakESP7200+0331._smb._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 5/31/2011 3:15:26 PM | Computer Name = SAMSLAPTOP | Source = MPSampleSubmission | ID = 5000
Description =

Error - 6/1/2011 4:32:41 PM | Computer Name = SAMSLAPTOP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(KodakESP7200+0331._pdl-datastream._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 6/1/2011 4:32:41 PM | Computer Name = SAMSLAPTOP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(KodakESP7200+0331._scanner._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 6/1/2011 4:32:41 PM | Computer Name = SAMSLAPTOP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(KodakESP7200+0331._smb._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 6/1/2011 4:40:42 PM | Computer Name = SAMSLAPTOP | Source = MPSampleSubmission | ID = 5000
Description =

Error - 6/1/2011 7:54:01 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 | ID = 5000
Description = EventType offdiag12, P1 c3923123-e281-4435-b16e-97328b8c1b8a2547c475-6471-40e3-aafd-1e9b9ff3a03b,
P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 6/1/2011 8:29:48 PM | Computer Name = SAMSLAPTOP | Source = Application Error | ID = 1000
Description = Faulting application mDNSResponder.exe, version 2.0.4.0, faulting
module mDNSResponder.exe, version 2.0.4.0, fault address 0x00008108.

[ OSession Events ]
Error - 4/6/2009 2:48:16 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12355
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 4/26/2009 3:44:06 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3174
seconds with 180 seconds of active time. This session ended with a crash.

Error - 1/13/2010 6:16:26 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11229
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 5/6/2010 3:53:03 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2445
seconds with 180 seconds of active time. This session ended with a crash.

Error - 10/12/2010 10:05:05 AM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 144
seconds with 120 seconds of active time. This session ended with a crash.

Error - 11/30/2010 3:41:23 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17129
seconds with 780 seconds of active time. This session ended with a crash.

Error - 12/15/2010 1:58:43 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/27/2010 3:37:30 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12700
seconds with 720 seconds of active time. This session ended with a crash.

Error - 3/28/2011 2:43:26 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/31/2011 3:17:02 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 5/31/2011 3:37:09 PM | Computer Name = SAMSLAPTOP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 5/31/2011 4:07:08 PM | Computer Name = SAMSLAPTOP | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 6/1/2011 4:40:42 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 6/1/2011 4:42:18 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 6/1/2011 4:42:18 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 6/1/2011 4:42:18 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 6/1/2011 4:42:18 PM | Computer Name = SAMSLAPTOP | Source = Microsoft Antimalware | ID = 2001
Description =

Error - 6/1/2011 5:19:13 PM | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 6/1/2011 8:34:48 PM | Computer Name = SAMSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).


< End of report >

#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:29 AM

Posted 02 June 2011 - 12:32 PM

How is the computer doing now?
Shannon

#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:02:29 AM

Posted 02 June 2011 - 03:10 PM

Hi-

Thanks for the logs. They confirm that the main infection appears to be gone. Let's do some more cleanup.

1. Close any open browsers.

2. Open notepad and copy/paste the text in the codebox below into it:

DDS::
TCP: Interfaces\{B1DE73F6-C143-464F-B020-7943C1DFED38}: NameServer = 93.188.163.132,93.188.166.139
TCP: Interfaces\{B6B3EE06-8E42-484C-BC25-24BBC0AA02F9}: NameServer = 93.188.163.132,93.188.166.139
RenV::
c:\program files\Intel\Wireless\Bin\ifrmewrk .exe
c:\program files\Intel\Wireless\Bin\zcfgsvc .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\Synaptics\SynTP\syntplpr .exe
c:\program files\TOSHIBA\Tvs\tvstray .exe
c:\windows\ehome\ehtray .exe
c:\windows\system32\DLA\dlactrlw .exe
c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa .exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PqDTgJOxvviAety"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Next, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
In your reply, please copy in the ComboFix and MBAM reports. Again, how is her computer doing?

Shannon

#15 y2rescue109

y2rescue109
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 03 June 2011 - 12:36 PM

here is new log, computer seems to be running better, thanks for helping us out
ComboFix 11-06-03.02 - Sam Hudson 06/03/2011 12:23:32.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.582 [GMT -4:00]
Running from: c:\documents and settings\Sam Hudson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sam Hudson\Desktop\CFSCRIPT.txt
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-01 23:54 . 2011-06-01 23:54 -------- d-----w- c:\documents and settings\Sam Hudson\Local Settings\Application Data\PCHealth
2011-06-01 20:22 . 2011-06-01 20:22 -------- d-----w- C:\TDSSKiller_Quarantine
2011-05-23 05:56 . 2011-05-23 05:56 388096 ----a-r- c:\documents and settings\Guest\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-23 05:54 . 2011-05-23 05:54 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2011-05-23 05:54 . 2011-05-23 05:54 -------- d-----w- c:\documents and settings\Guest\Application Data\StumbleUpon
2011-05-23 05:53 . 2011-05-23 05:53 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Eastman_Kodak_Company
2011-05-23 05:53 . 2011-05-23 05:53 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Eastman Kodak Company
2011-05-15 00:46 . 2011-05-15 00:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-05-15 00:41 . 2011-05-15 00:41 -------- d-----w- c:\documents and settings\Sam Hudson\Application Data\Malwarebytes
2011-05-15 00:40 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-15 00:40 . 2011-05-15 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-15 00:40 . 2011-05-15 00:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-15 00:40 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-08 21:03 . 2011-05-08 21:03 -------- d-----w- C:\$AVG
2011-05-08 20:42 . 2011-05-08 20:42 -------- d-----w- c:\documents and settings\Sam Hudson\Application Data\AVG10
2011-05-08 20:39 . 2011-05-08 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-05-08 20:34 . 2011-05-15 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-05-08 20:33 . 2011-05-08 20:33 -------- d-----w- c:\program files\AVG
2011-05-08 20:25 . 2011-05-15 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2006-02-15 15:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2006-09-09 18:06 . 2006-09-09 18:06 751167 ----a-w- c:\program files\sc11a.exe
2006-09-01 21:15 . 2006-09-01 21:15 10849128 ----a-w- c:\program files\RhapsodyReal.exe
2006-09-01 21:10 . 2006-09-01 21:10 2320897 ----a-w- c:\program files\qcd451.exe
2003-08-27 18:19 . 2006-10-14 19:06 36963 ----a-r- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-01_21.27.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-03 16:10 . 2011-06-03 16:10 16384 c:\windows\Temp\Perflib_Perfdata_a4.dat
+ 2007-02-13 02:02 . 2006-05-23 08:00 139264 c:\windows\system32\spool\drivers\w32x86\3\e_fatibpa.exe
+ 2006-02-16 10:18 . 2005-10-06 13:20 122940 c:\windows\system32\DLA\dlactrlw.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPro620.lnk - c:\windows\VPro620.exe [2009-3-29 61440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HDDirect.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Sam Hudson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Sam Hudson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-08-18 17:28 50776 ----a-w- c:\program files\America Online 9.0\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 15:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1140083713\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-05-16 16:58 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 21:54 142120 ----a-w- c:\program files\iTunes\ituneshelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 01:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2005-03-09 01:13 1695744 ----a-w- c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 21:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2005-04-27 00:13 122880 ----a-w- c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
2006-01-05 22:02 352256 ----a-w- c:\program files\TOSHIBA\TOSHIBA Applet\THotkey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-23 15:59 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"aawservice"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56590:TCP"= 56590:TCP:PandoRest Listening Port
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3378:TCP"= 3378:TCP:Services
"5256:TCP"= 5256:TCP:Services
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
"7942:TCP"= 7942:TCP:Services
"7943:TCP"= 7943:TCP:Services
"9322:TCP"= 9322:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
.
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [9/13/2010 6:18 PM 308656]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [8/29/2008 5:29 PM 835208]
S1 MpKsl08ca4e55;MpKsl08ca4e55;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{851469D7-577A-405B-9694-A4C1AE4CC100}\MpKsl08ca4e55.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{851469D7-577A-405B-9694-A4C1AE4CC100}\MpKsl08ca4e55.sys [?]
S1 MpKsl1531b411;MpKsl1531b411;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DE0921A-ED98-483A-8D83-5BBDAA514501}\MpKsl1531b411.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DE0921A-ED98-483A-8D83-5BBDAA514501}\MpKsl1531b411.sys [?]
S1 MpKsl23df6499;MpKsl23df6499;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{798AC754-6459-4786-8BF7-D44DC7FE8FA2}\MpKsl23df6499.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{798AC754-6459-4786-8BF7-D44DC7FE8FA2}\MpKsl23df6499.sys [?]
S1 MpKsl289b0c30;MpKsl289b0c30;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A743EAF-A068-4A66-90D6-FE58D68DF6E4}\MpKsl289b0c30.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A743EAF-A068-4A66-90D6-FE58D68DF6E4}\MpKsl289b0c30.sys [?]
S1 MpKsl307b19e7;MpKsl307b19e7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A743EAF-A068-4A66-90D6-FE58D68DF6E4}\MpKsl307b19e7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A743EAF-A068-4A66-90D6-FE58D68DF6E4}\MpKsl307b19e7.sys [?]
S1 MpKsl3b5d8253;MpKsl3b5d8253;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17FD86B9-AEEB-4439-8C1D-078662CB484E}\MpKsl3b5d8253.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{17FD86B9-AEEB-4439-8C1D-078662CB484E}\MpKsl3b5d8253.sys [?]
S1 MpKsl7a8e2830;MpKsl7a8e2830;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410E19B3-6172-4A23-B405-4CB2C0D3350E}\MpKsl7a8e2830.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{410E19B3-6172-4A23-B405-4CB2C0D3350E}\MpKsl7a8e2830.sys [?]
S1 MpKsl9f2bc96e;MpKsl9f2bc96e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA96E9A6-5E36-4290-8EEF-A6B959ECF732}\MpKsl9f2bc96e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA96E9A6-5E36-4290-8EEF-A6B959ECF732}\MpKsl9f2bc96e.sys [?]
S1 MpKslb5732e6a;MpKslb5732e6a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04A27A74-F9BB-4C91-A47D-EB8B09B1EBAA}\MpKslb5732e6a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{04A27A74-F9BB-4C91-A47D-EB8B09B1EBAA}\MpKslb5732e6a.sys [?]
S1 MpKslb9279535;MpKslb9279535;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40FB014E-0579-4FE6-A07E-83BB4B841805}\MpKslb9279535.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{40FB014E-0579-4FE6-A07E-83BB4B841805}\MpKslb9279535.sys [?]
S3 HDDirect;Hard Disk Direct Control;c:\windows\system32\drivers\hddirect.sys [6/8/2010 12:14 PM 12552]
S3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [3/29/2009 7:25 PM 484352]
S3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [3/29/2009 7:25 PM 7680]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [4/14/2011 6:47 PM 103336]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 6:21 PM 24652]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-06-03 c:\windows\Tasks\User_Feed_Synchronization-{D0CEAADB-8909-4FAF-B2B3-0FEC0457C4DB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{B1DE73F6-C143-464F-B020-7943C1DFED38}: NameServer = 93.188.163.132,93.188.166.139
TCP: Interfaces\{B6B3EE06-8E42-484C-BC25-24BBC0AA02F9}: NameServer = 93.188.163.132,93.188.166.139
DPF: {4B4513E2-43DF-4E57-9496-FCD37E9DFA64} - hxxp://cached.gamedesire.com/g_bin/eng/navy_2_0_0_33.cab
DPF: {4B4513E2-4E57-43DF-9496-FCD37E9DFA64} - hxxp://67.15.101.33/g_bin/eng/navy_2_0_0_29.cab
DPF: {5D80A6D1-B500-47DA-82B8-EB9875F85B4D} - hxxp://dl.google.com/dl/desktop/nv/GoogleGadgetPluginIEWin.cab
DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://67.15.101.33/g_bin/eng/words_2_0_0_51.cab
DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} - hxxp://67.15.101.33/g_bin/eng/wordssingle_2_0_0_48.cab
DPF: {C50359F3-4CFF-4BB4-962C-1006D46706B3} - hxxp://70.63.237.58/APOLancamCtrl.CAB
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam1.pgharts.org/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Sam Hudson\Application Data\Mozilla\Firefox\Profiles\k70ft82s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.martina-mcbride.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Sam Hudson\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-EzPrint - c:\program files\Lexmark Z2400 Series\ezprint.exe
MSConfigStartUp-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe
MSConfigStartUp-lxdqmon - c:\program files\Lexmark Z2400 Series\lxdqmon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 12:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2784)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-06-03 12:32:57
ComboFix-quarantined-files.txt 2011-06-03 16:32
ComboFix2.txt 2011-06-01 21:32
.
Pre-Run: 33,035,456,512 bytes free
Post-Run: 33,026,871,296 bytes free
.
- - End Of File - - 3696888ECD0CB38CABDC41128C637651




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users