TechSpot

It seems fixed but I went ahead and generated logs

By Scshadow
Aug 14, 2012
  1. I'm dealing with a family win xp laptop computer that hadn't been turned on in awhile but apparently was mistreated security wise. My father was using a subscription of spynomore but that is expired and running in demo mode. It has mcafee enterprise but it didn't find any updates but considering its been no use for at least the past 6 months(no power brick for awhile) it should've had updates. So I installed MSE and updated it and have kept mcafee on-access scanner turned off during this process.

    The initial symptoms were running slow, windows explorer crashed anytime I tried to access a folder/directory(my computer, control panel, etc), and internet explorer 8 would crash as well. I downloaded install files on usb and placed them on the desktop in safe mode as that was the only way I could get them on this computer(I installed and ran them in normal mode just fine). Luckily after Malwarebytes Anti-Malware, I have the ability to access directories again and to use internet explorer but even still I put the logs on usb and brought them to my desktop to make the post. This computer has a lot of crap on here, it even still has limewire... yeah I'm deeply concerned about my father's intelligence for him having used limewire. Wonder where the malware came from. Anyway, I'd love for someone to look over the logs for other potential problems before I proceed to make changes and uninstall some of the crap ware and redundant security programs. Also I haven't run updates but I think it might have done so automatically last night because I left the anti-virus scanning go during the night and I came back to a restarted computer. I redid the virus scan.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.14.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Daniel Smith :: DBSMITH [administrator]

    8/14/2012 12:25:21 PM
    mbam-log-2012-08-14 (12-25-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 279152
    Time elapsed: 30 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 16
    HKCR\AppID\{8D71EEB8-A1A7-4733-8FA2-1CAC015C967D} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKCR\CLSID\{8BBE6A70-EF84-47FA-B5DE-EDD0DF18461F} (Trojan.Banker) -> Quarantined and deleted successfully.
    HKCR\linkrd.AIEbho.1 (Trojan.Banker) -> Quarantined and deleted successfully.
    HKCR\linkrd.AIEbho (Trojan.Banker) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BBE6A70-EF84-47FA-B5DE-EDD0DF18461F} (Trojan.Banker) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BBE6A70-EF84-47FA-B5DE-EDD0DF18461F} (Trojan.Banker) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCR\AppID\Sidebar.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 5
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appConf32.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully.

    Folders Detected: 2
    C:\WINDOWS\system32\912525 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

    Files Detected: 16
    C:\WINDOWS\system32\WhoisCL.exe (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\AcroIEHelpe.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Daniel Smith\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\adssite_sidebar_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.13.115258_daniel_smith@quantserve[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122239_daniel_smith@a1.interclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122239_daniel_smith@abmr[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122239_daniel_smith@burstnet[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122239_daniel_smith@interclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@quantserve[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@scorecardresearch[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@sharethis[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@turn[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@wd.sharethis[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@www.burstnet[1].txt (Stolen.Data) -> Quarantined and deleted successfully.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-14 13:09:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001A
    Running: ocinprei.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pwldapob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Daniel Smith at 13:09:58 on 2012-08-14
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1241 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MioNet\MioNetManager.exe
    C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    C:\Program Files\MioNet\jvm\bin\MioNet.exe
    C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Synaptics\SynTP\Toshiba.exe
    C:\WINDOWS\system32\ScsiAccess.EXE
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
    C:\WINDOWS\vphc700.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Network Associates\VirusScan\mcshield.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    uSearchMigratedDefaultURL = hxxp://www.Google.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    mSearchMigratedDefaultURL = hxxp://www.Google.com/
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: P2P Max Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - c:\program files\p2p_max\tbP2P_.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Max EN Toolbar: {867dd841-5bf7-44ca-8426-c5a6eda00735} - c:\program files\max_en\prxtbMax0.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Browser protection: {fb9ffb4b-9680-4256-8178-5ecdb2c19b23} - c:\progra~1\spynom~1\SNMIEG~1.DLL
    TB: Max EN Toolbar: {867dd841-5bf7-44ca-8426-c5a6eda00735} - c:\program files\max_en\prxtbMax0.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
    TB: {F2BADA0D-FD61-45EF-A994-64A073FD6613} - No File
    TB: P2P Max Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - c:\program files\p2p_max\tbP2P_.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [SkyTel] SkyTel.EXE
    mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
    mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
    mRun: [CFSServ.exe] CFSServ.exe -NoClient
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usb cip driver package\usbciphelper\UsbCipHelper.exe
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [phc700] c:\windows\vphc700.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    mRun: [<NO NAME>]
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\docume~1\daniel~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
    StartupFolder: c:\docume~1\daniel~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\spc 700nc pc camera\TrayMin700.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162687796125
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://imail.tema.toyota.com/dwa7W.cab
    Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    Notify: psfus - psqlpwd.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    LSA: Notification Packages = scecli psqlpwd
    .
    ============= SERVICES / DRIVERS ===============
    .
    P2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2006-2-14 221191]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-11-4 58464]
    R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-11-4 98304]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2006-6-8 29184]
    R2 MioNet;MioNet Service;c:\program files\mionet\MioNetManager.exe [2005-7-15 139264]
    R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
    R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-11-4 116864]
    S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\virtualbackplane.sys --> c:\windows\system32\drivers\VirtualBackplane.sys [?]
    S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [2000-5-31 71448]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-11 30192]
    S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
    S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [2008-1-3 541568]
    S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [1999-11-10 142592]
    S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2006-1-18 39067]
    S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [1999-5-11 155440]
    S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-14 18:09:33 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f960e024-5cd0-4722-b6d9-5c26b0948133}\mpengine.dll
    2012-08-14 17:24:24 -------- d-----w- c:\documents and settings\daniel smith\application data\Malwarebytes
    2012-08-14 17:23:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-08-14 17:23:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-14 17:23:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-14 10:41:53 -------- d-sh--w- c:\documents and settings\daniel smith\IETldCache
    2012-08-14 09:21:30 -------- dc-h--w- c:\windows\ie8
    2012-08-13 23:04:39 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2012-08-13 22:59:51 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2012-08-13 22:59:48 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-08-13 22:59:48 3072 ------w- c:\windows\system32\iacenc.dll
    2012-08-13 22:27:13 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-08-13 22:14:59 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-13 22:14:04 -------- d-----w- C:\9763613b9eb5a4033f9b3a2195c65735
    2012-08-13 21:26:03 -------- d-----w- c:\windows\system32\UAs
    2012-08-13 21:24:42 264 ----a-w- c:\windows\system32\srvblck5.tmp
    2012-08-13 21:23:51 -------- d-----w- c:\windows\system32\kock
    .
    ==================== Find3M ====================
    .
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2008-12-09 15:23:13 51152 --sh--r- c:\windows\system32\appConf32.exe
    .
    ============= FINISH: 13:11:25.92 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/4/2006 6:50:13 PM
    System Uptime: 8/14/2012 12:59:01 PM (1 hours ago)
    .
    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 111 GiB total, 79.61 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP309: 8/13/2012 5:27:12 PM - Software Distribution Service 3.0
    RP310: 8/14/2012 3:01:20 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.9
    Adssite Games Collection
    America Online (Choose which version to remove)
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Connectivity Services
    AOL Spyware Protection
    AOL You've Got Pictures Screensaver
    aspi
    BalanceLog
    Bejeweled 2 Deluxe
    Big Sky Screen Saver
    Blackhawk Striker 2
    Blasterball 2 Revolution
    Bluetooth Stack for Windows by Toshiba
    BootP-DHCP Server
    CCHelp
    CCScore
    CD/DVD Drive Acoustic Silencer
    CDDRV_Installer
    Chuzzle Deluxe
    ClearKeeper
    ControlFLASH
    CR2
    Desktop Dialer
    DeviceNet Node Commissioning Tool
    DriveExecutive V4.01
    DVD-RAM Driver
    EasyGPS
    ESSAdpt
    ESSANUP
    ESSBrwr
    ESSCAM
    ESSCDBK
    ESScore
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSTUTOR
    ESSvpaht
    ESSvpot
    FactoryTalk Activation Client v2.00.01 (CPR 7)
    FATE
    Fidelity Active Trader Pro®
    FXCM Trading Station
    Garmin Trip and Waypoint Manager v5
    Garmin USB Drivers
    Garmin WebUpdater
    GemMaster Mystic
    GLOBEtrotter FLEXid Drivers
    Google Desktop
    Google Toolbar for Internet Explorer
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 11
    KhalInstallWrapper
    Kodak EasyShare software
    KSU
    LimeWire 5.4.7
    Logitech SetPoint
    Logix CPU Security Tool
    Logix5000 Clock Update Tool
    Logix5000 Task Monitor
    Mah Jong Quest
    Malwarebytes Anti-Malware version 1.62.0.1300
    MapSend Lite
    MapSend Streets and Destinations USA
    Max_EN Toolbar
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.0 Hotfix (KB2604042)
    Microsoft .NET Framework 1.0 Hotfix (KB2656378)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office OneNote 2003
    Microsoft Office Standard Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    MioNet
    Move Networks Media Player for Internet Explorer
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Notifier
    Office 2003 Trial Assistant
    OTtBP
    Otto
    P2P_Max Toolbar
    Parker Isysnet Analog Module Profiles
    Parker Isysnet ASCII Module Profile
    Parker Isysnet Discrete Module Profiles
    PCDLNCH
    PDF Plain Text Extractor (remove only)
    Penguins!
    Philips Firmware Manager
    Philips SPC 700NC PC Camera
    Philips VLounge
    Picasa 2
    PID Calculation Program
    PL-2303 USB-to-Serial
    Polar Bowler
    Polar Golfer
    PriceGong 2.1.0
    Protector Suite 5.4
    Pure Networks Port Magic
    QuickTime
    RealPlayer Basic
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Rockwell Automation 1734 Analog Module Profiles
    Rockwell Automation 1734 ASCII Module Profiles
    Rockwell Automation 1734 Discrete Module Profiles
    Rockwell Automation 1734 Specialty Module Profiles
    Rockwell Automation 1738 Analog Module Profiles
    Rockwell Automation 1738 ASCII Module Profiles
    Rockwell Automation 1738 Discrete Module Profiles
    Rockwell Automation 1738 Specialty Module Profiles
    Rockwell Automation 1756 CNet Comms Module Profiles
    Rockwell Automation 1756 ENet Comms Module Profiles
    Rockwell Automation 1756 HART Module Profiles
    Rockwell Automation 1769 Analog Module Profiles
    Rockwell Automation 1769 Boolean Module Profiles
    Rockwell Automation 1769 Discrete Module Profiles
    Rockwell Automation 1769 Specialty Module Profiles
    Rockwell Automation 1791DS Discrete Module Profiles
    Rockwell Automation Drives PowerFlex 4 Module Profiles
    Rockwell Automation Drives PowerFlex 7 Module Profiles
    Rockwell Automation Drives SCANport Module Profiles
    Rockwell Automation Generic Safety Module Profiles
    Rockwell Automation USB CIP Driver Package
    Rockwell Software Hardware Maintenance Tool
    Rockwell Windows Firewall Configuration Utility 1.00.01
    RSLinx Classic 2.51.00 (CPR 7)
    RSLogix 5 English 7.10.02 (CPR 7)
    RSLogix 500 English 7.10.00 (CPR 7)
    RSLogix 5000 Compare v2
    RSLogix 5000 DeviceNet Tag Generator
    RSLogix 5000 Faceplates
    RSLogix 5000 IEC61131-3 Translation Tool
    RSLogix 5000 Module Profile Core
    RSLogix 5000 Module Profile Setup Utility
    RSLogix 5000 Online Books v16.00.00
    RSLogix 5000 Setup Installer
    RSLogix 5000 Start Page Media v16.00.05
    RSLogix 5000 System Updates
    RSLogix 5000 v13.04
    RSLogix 5000 v15.02
    RSLogix 5000 v16.00.00
    RSNetWorx for ControlNet 8.00.00 (CPR 7)
    RSNetWorx for DeviceNet 8.00.01 (CPR 7)
    RSNetWorx for EtherNet/IP 8.00.00 (CPR 7)
    SCRABBLE
    SD Secure Module
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2699988)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Sentinel System Driver
    SFR
    SFR2
    SIPPS
    Sonic Encoders
    StuffIt 2010
    Synaptics Pointing Device Driver
    Tag Data Monitor Tool
    Tag Import Utility
    Tag Upload Download Tool
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Direct Disc Writer
    TOSHIBA Disc Creator
    TOSHIBA Game Console
    TOSHIBA Hotkey Utility
    Toshiba Media Center Game Console
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    Touch and Launch
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Viewpoint Media Player
    WeatherBug
    WebFldrs XP
    WildTangent Web Driver
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB2619340
    Windows XP Media Center Edition 2005 KB2628259
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/14/2012 5:49:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FactoryTalk Diagnostics Local Reader service to connect.
    8/14/2012 5:49:00 AM, error: Service Control Manager [7000] - The FactoryTalk Diagnostics Local Reader service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/14/2012 5:44:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    8/14/2012 3:01:28 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
    8/14/2012 12:14:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    8/14/2012 1:10:09 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 68:7F:74:F0:24:F7. Network operations on this system may be disrupted as a result.
    8/14/2012 1:09:09 AM, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 0018DE2B2EC2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/14/2012 1:00:07 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    8/13/2012 6:15:21 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 3 time(s).
    8/13/2012 5:34:17 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 2 time(s).
    8/13/2012 5:32:31 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).
    8/13/2012 11:45:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/13/2012 11:44:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NaiAvTdi1 NetBIOS NetBT RasAcd Rdbss Tcpip
    8/13/2012 11:44:45 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 11:44:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 11:44:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 11:44:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    8/13/2012 11:44:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    I still see some McAfee items running.
    Uninstall it completely using this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =========================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    Thank You, malware annihilator.

    I had only disabled the Mcafee online scanner in the system tray. But I of course am glad to remove it. I removed Mcafee according to that programs instructions. May I uninstall Spynomore which runs in demo mode?

    Afterwards I ran both RK and ASWMBR as instructed. I scanned only and have posted the logs below. Those programs I left minimized if I am to come back to them.

    RogueKiller V7.6.6 [08/10/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Daniel Smith [Admin rights]
    Mode: Scan -- Date: 08/14/2012 16:41:11

    ¤¤¤ Bad processes: 3 ¤¤¤
    [SUSP PATH] TempIadHide3.dll -- C:\DOCUME~1\DANIEL~1\LOCALS~1\TempIadHide3.dll -> UNLOADED
    [SUSP PATH] vphc700.exe -- C:\WINDOWS\vphc700.exe -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 3 ¤¤¤
    [SUSP PATH] HKLM\[...]\Run : phc700 (C:\WINDOWS\vphc700.exe) -> FOUND
    [SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\BIGSKY~1.SCR) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost
    127.0.0.1 008k.com # Added by SNM
    127.0.0.1 00hq.com # Added by SNM
    127.0.0.1 100sexlinks.com # Added by SNM
    127.0.0.1 157.238.62.14 # Added by SNM
    127.0.0.1 17-plus.com # Added by SNM
    127.0.0.1 193.125.201.50 # Added by SNM
    127.0.0.1 1-domains-registrations.com # Added by SNM
    127.0.0.1 1sexparty.com # Added by SNM
    127.0.0.1 1stpagehere.com # Added by SNM
    127.0.0.1 2020search.com # Added by SNM
    127.0.0.1 209.66.114.130 # Added by SNM
    127.0.0.1 213.131.225.2 # Added by SNM
    127.0.0.1 216.65.3.68 # Added by SNM
    127.0.0.1 24teen.com # Added by SNM
    127.0.0.1 2ndpower.com # Added by SNM
    127.0.0.1 36site.com # Added by SNM
    127.0.0.1 4corn.net # Added by SNM
    127.0.0.1 66.117.14.138 # Added by SNM
    127.0.0.1 66.197.100.83 # Added by SNM
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK1234GSX +++++
    --- User ---
    [MBR] d2f4cdf4f279493e054d12fff791f2ab
    [BSP] 947e1cc8d93645013e5016bb06b4fe85 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114165 Mo
    3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 233810010 | Size: 305 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: TOSHIBA THNCF256MPG +++++
    --- User ---
    [MBR] 3ab9facd99a884ea663e64ff5c08edbc
    [BSP] 7208b105e661849d4a48c279d3177d8d : Standard MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 244 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive2: USB Flash Memory USB Device +++++
    --- User ---
    [MBR] d3500d808db16f7e8865b292e82d0495
    [BSP] 915e9161424a6966d222ad6a736828a3 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x68) [VISIBLE] Offset (sectors): 1936028272 | Size: 904228 Mo
    1 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1330184192 | Size: 263172 Mo
    2 - [XXXXXX] DISKMNG (0x53) [VISIBLE] Offset (sectors): 538989391 | Size: 682794 Mo
    3 - [XXXXXX] UNKNOWN (0x49) [VISIBLE] Offset (sectors): 1394627663 | Size: 10 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt





    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-14 16:43:30
    -----------------------------
    16:43:30.000 OS Version: Windows 5.1.2600 Service Pack 3
    16:43:30.000 Number of processors: 2 586 0xF06
    16:43:30.000 ComputerName: DBSMITH UserName:
    16:43:30.750 Initialize success
    16:53:15.015 AVAST engine defs: 12081401
    17:08:35.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    17:08:35.703 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
    17:08:35.718 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
    17:08:35.718 Disk 1 Vendor: TOSHIBA_THNCF256MPG 3.00 Size: 244MB BusType: 3
    17:08:35.765 Disk 0 MBR read successfully
    17:08:35.765 Disk 0 MBR scan
    17:08:35.828 Disk 0 Windows XP default MBR code
    17:08:35.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114165 MB offset 63
    17:08:35.875 Disk 0 Partition 2 00 88 Linux plaintext A Kárò'ó 305 MB offset 233810010
    17:08:35.921 Disk 0 scanning sectors +234436545
    17:08:36.000 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:08:56.781 Service scanning
    17:09:11.062 Service MpKsl1f4a72fe c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys **LOCKED** 32
    17:09:28.375 Modules scanning
    17:09:45.156 Module: C:\WINDOWS\system32\drivers\hardlock.sys **SUSPICIOUS**
    17:09:50.734 Disk 0 trace - called modules:
    17:09:50.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    17:09:50.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a868ab8]
    17:09:50.812 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000085[0x8a8a6510]
    17:09:50.828 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a871940]
    17:09:51.390 AVAST engine scan C:\WINDOWS
    17:10:45.546 AVAST engine scan C:\WINDOWS\system32
    17:16:37.656 AVAST engine scan C:\WINDOWS\system32\drivers
    17:17:05.718 AVAST engine scan C:\Documents and Settings\Daniel Smith
    17:23:53.734 File: C:\Documents and Settings\Daniel Smith\Local Settings\Temporary Internet Files\Content.IE5\MAH3BTPE\calc[1].exe **INFECTED** Win32:Agent-APKB [Trj]
    17:25:54.171 AVAST engine scan C:\Documents and Settings\All Users
    17:28:03.781 Scan finished successfully
    17:30:28.062 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
    17:30:28.093 The log file has been saved successfully to "F:\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Spynomore is a rogue program. Stay away from it.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    Alright, I've stayed away from Spynomore and I will continue to. It still runs in system tray at startup though. I ran TDSSKiller and got no threats found. Log below:

    18:17:36.0687 3560 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
    18:17:37.0250 3560 ============================================================
    18:17:37.0250 3560 Current date / time: 2012/08/14 18:17:37.0250
    18:17:37.0250 3560 SystemInfo:
    18:17:37.0250 3560
    18:17:37.0250 3560 OS Version: 5.1.2600 ServicePack: 3.0
    18:17:37.0250 3560 Product type: Workstation
    18:17:37.0250 3560 ComputerName: DBSMITH
    18:17:37.0250 3560 UserName: Daniel Smith
    18:17:37.0250 3560 Windows directory: C:\WINDOWS
    18:17:37.0250 3560 System windows directory: C:\WINDOWS
    18:17:37.0250 3560 Processor architecture: Intel x86
    18:17:37.0250 3560 Number of processors: 2
    18:17:37.0250 3560 Page size: 0x1000
    18:17:37.0250 3560 Boot type: Normal boot
    18:17:37.0250 3560 ============================================================
    18:17:39.0734 3560 Drive \Device\Harddisk1\DR1 - Size: 0xF480000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x3D2, SectorsPerTrack: 0x20, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
    18:17:39.0765 3560 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    18:17:39.0953 3560 Drive \Device\Harddisk1\DR1 - Size: 0xF480000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x3D2, SectorsPerTrack: 0x20, TracksPerCylinder: 0x10, Type 'A'
    18:17:39.0968 3560 Drive \Device\Harddisk2\DR7 - Size: 0x1DEC00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:17:39.0968 3560 ============================================================
    18:17:39.0968 3560 \Device\Harddisk1\DR1:
    18:17:39.0968 3560 MBR partitions:
    18:17:39.0968 3560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7A1E0
    18:17:39.0968 3560 \Device\Harddisk0\DR0:
    18:17:39.0968 3560 MBR partitions:
    18:17:39.0968 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDEFA81B
    18:17:39.0968 3560 \Device\Harddisk1\DR1:
    18:17:39.0968 3560 MBR partitions:
    18:17:39.0968 3560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7A1E0
    18:17:39.0968 3560 \Device\Harddisk2\DR7:
    18:17:39.0968 3560 MBR partitions:
    18:17:39.0968 3560 ============================================================
    18:17:40.0031 3560 C: <-> \Device\Harddisk0\DR0\Partition1
    18:17:40.0031 3560 ============================================================
    18:17:40.0031 3560 Initialize success
    18:17:40.0031 3560 ============================================================
    18:17:55.0687 5712 ============================================================
    18:17:55.0687 5712 Scan started
    18:17:55.0687 5712 Mode: Manual;
    18:17:55.0687 5712 ============================================================
    18:17:55.0953 5712 ================ Scan services =============================
    18:17:56.0109 5712 Abiosdsk - ok
    18:17:56.0140 5712 [ f25a62362ae736a5ac670f17ba28642c ] ABKTCX C:\WINDOWS\System32\Drivers\ABKTCX.sys
    18:17:56.0156 5712 ABKTCX - ok
    18:17:56.0156 5712 abp480n5 - ok
    18:17:56.0203 5712 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:17:56.0218 5712 ACPI - ok
    18:17:56.0218 5712 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:17:56.0218 5712 ACPIEC - ok
    18:17:56.0234 5712 adpu160m - ok
    18:17:56.0265 5712 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    18:17:56.0265 5712 aec - ok
    18:17:56.0296 5712 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    18:17:56.0312 5712 AFD - ok
    18:17:56.0359 5712 [ 4458fcb8a00da31fdcc086449274c40d ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    18:17:56.0390 5712 AgereSoftModem - ok
    18:17:56.0390 5712 Aha154x - ok
    18:17:56.0406 5712 aic78u2 - ok
    18:17:56.0406 5712 aic78xx - ok
    18:17:56.0453 5712 [ 67550535c3bd02f0299b572f477f37f4 ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys
    18:17:56.0453 5712 aksusb - ok
    18:17:56.0500 5712 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    18:17:56.0500 5712 Alerter - ok
    18:17:56.0546 5712 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
    18:17:56.0546 5712 ALG - ok
    18:17:56.0546 5712 AliIde - ok
    18:17:56.0562 5712 amsint - ok
    18:17:56.0640 5712 [ aa2770fd967dab91a597619c4eadc0c9 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    18:17:56.0640 5712 AOL ACS - ok
    18:17:56.0671 5712 [ 7fb54900aa9792ab6307c699ec1859d4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    18:17:56.0687 5712 AOL TopSpeedMonitor - ok
    18:17:56.0734 5712 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    18:17:56.0734 5712 AppMgmt - ok
    18:17:56.0781 5712 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:17:56.0781 5712 Arp1394 - ok
    18:17:56.0796 5712 asc - ok
    18:17:56.0796 5712 asc3350p - ok
    18:17:56.0812 5712 asc3550 - ok
    18:17:56.0828 5712 [ d880831279ed91f9a4190a2db9539ea9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
    18:17:56.0828 5712 ASCTRM - ok
    18:17:56.0968 5712 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:17:57.0000 5712 aspnet_state - ok
    18:17:57.0031 5712 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:17:57.0031 5712 AsyncMac - ok
    18:17:57.0062 5712 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:17:57.0062 5712 atapi - ok
    18:17:57.0062 5712 Atdisk - ok
    18:17:57.0093 5712 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:17:57.0093 5712 Atmarpc - ok
    18:17:57.0125 5712 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    18:17:57.0125 5712 AudioSrv - ok
    18:17:57.0140 5712 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:17:57.0140 5712 audstub - ok
    18:17:57.0156 5712 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    18:17:57.0156 5712 Beep - ok
    18:17:57.0218 5712 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    18:17:57.0218 5712 BITS - ok
    18:17:57.0234 5712 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
    18:17:57.0234 5712 Browser - ok
    18:17:57.0281 5712 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:17:57.0281 5712 cbidf2k - ok
    18:17:57.0328 5712 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    18:17:57.0328 5712 CCDECODE - ok
    18:17:57.0328 5712 cd20xrnt - ok
    18:17:57.0343 5712 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:17:57.0343 5712 Cdaudio - ok
    18:17:57.0343 5712 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    18:17:57.0359 5712 Cdfs - ok
    18:17:57.0375 5712 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:17:57.0375 5712 Cdrom - ok
    18:17:57.0453 5712 [ 3cb0cc8879956c187e87e18634ee5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    18:17:57.0468 5712 CFSvcs - ok
    18:17:57.0468 5712 Changer - ok
    18:17:57.0515 5712 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
    18:17:57.0531 5712 CiSvc - ok
    18:17:57.0546 5712 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    18:17:57.0546 5712 ClipSrv - ok
    18:17:57.0593 5712 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:17:57.0687 5712 clr_optimization_v2.0.50727_32 - ok
    18:17:57.0718 5712 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:17:57.0718 5712 CmBatt - ok
    18:17:57.0718 5712 CmdIde - ok
    18:17:57.0734 5712 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:17:57.0734 5712 Compbatt - ok
    18:17:57.0750 5712 COMSysApp - ok
    18:17:57.0765 5712 Cpqarray - ok
    18:17:57.0812 5712 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    18:17:57.0812 5712 CryptSvc - ok
    18:17:57.0812 5712 dac2w2k - ok
    18:17:57.0828 5712 dac960nt - ok
    18:17:57.0890 5712 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    18:17:57.0906 5712 DcomLaunch - ok
    18:17:57.0953 5712 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    18:17:57.0953 5712 Dhcp - ok
    18:17:57.0968 5712 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    18:17:57.0968 5712 Disk - ok
    18:17:57.0968 5712 dmadmin - ok
    18:17:58.0046 5712 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    18:17:58.0062 5712 dmboot - ok
    18:17:58.0093 5712 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    18:17:58.0093 5712 dmio - ok
    18:17:58.0125 5712 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    18:17:58.0125 5712 dmload - ok
    18:17:58.0140 5712 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    18:17:58.0140 5712 dmserver - ok
    18:17:58.0156 5712 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    18:17:58.0156 5712 DMusic - ok
    18:17:58.0187 5712 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    18:17:58.0187 5712 Dnscache - ok
    18:17:58.0296 5712 [ d701fd7c99732bca049bb6e11222996c ] dnWhoDisp C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
    18:17:58.0328 5712 dnWhoDisp - ok
    18:17:58.0375 5712 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    18:17:58.0390 5712 Dot3svc - ok
    18:17:58.0390 5712 dpti2o - ok
    18:17:58.0437 5712 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    18:17:58.0437 5712 drmkaud - ok
    18:17:58.0500 5712 [ 1a51e03b66635280684e9edf34a2e8c0 ] DS1410D C:\WINDOWS\system32\drivers\ds1410d.sys
    18:17:58.0500 5712 DS1410D - ok
    18:17:58.0531 5712 [ c9ffbd6b8edc46cd3d13e3c6db914fb7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
    18:17:58.0531 5712 DVD-RAM_Service - ok
    18:17:58.0562 5712 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
    18:17:58.0562 5712 EapHost - ok
    18:17:58.0640 5712 [ 5d1347aa5ae6e2f77d7f4f8372d95ac9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
    18:17:58.0640 5712 ehRecvr - ok
    18:17:58.0687 5712 [ a53243709439ac2a4c216b817f8d7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
    18:17:58.0703 5712 ehSched - ok
    18:17:58.0750 5712 [ 66029e6c4b19223c24d8710eed3aaeab ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    18:17:58.0750 5712 EMSCR - ok
    18:17:58.0765 5712 EntDrv51 - ok
    18:17:58.0781 5712 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
    18:17:58.0781 5712 ERSvc - ok
    18:17:58.0812 5712 [ 9f0fa60836e1d1148cc0c1b6e67aa6f7 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    18:17:58.0812 5712 ESDCR - ok
    18:17:58.0828 5712 [ d9da881be71b74b328471ccf28b5f0a9 ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
    18:17:58.0828 5712 ESMCR - ok
    18:17:58.0875 5712 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
    18:17:58.0875 5712 Eventlog - ok
    18:17:58.0921 5712 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
    18:17:58.0937 5712 EventSystem - ok
    18:17:58.0953 5712 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    18:17:58.0953 5712 Fastfat - ok
    18:17:59.0000 5712 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    18:17:59.0000 5712 FastUserSwitchingCompatibility - ok
    18:17:59.0031 5712 [ e97d6a8684466df94ff3bc24fb787a07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    18:17:59.0046 5712 Fax - ok
    18:17:59.0062 5712 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    18:17:59.0062 5712 Fdc - ok
    18:17:59.0109 5712 [ 3314f3134ac59771a133a0cd3d343fff ] FdRedir C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
    18:17:59.0140 5712 FdRedir - ok
    18:17:59.0156 5712 [ 7b33f094a7a42a0225c344f5b25b1b05 ] FileDisk2 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
    18:17:59.0156 5712 FileDisk2 - ok
    18:17:59.0203 5712 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    18:17:59.0203 5712 Fips - ok
    18:17:59.0203 5712 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:17:59.0203 5712 Flpydisk - ok
    18:17:59.0234 5712 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    18:17:59.0234 5712 FltMgr - ok
    18:17:59.0328 5712 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    18:17:59.0359 5712 FontCache3.0.0.0 - ok
    18:17:59.0375 5712 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:17:59.0375 5712 Fs_Rec - ok
    18:17:59.0406 5712 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:17:59.0421 5712 Ftdisk - ok
    18:17:59.0500 5712 [ f0187e45268e86aaaa932cbd9087bea8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    18:17:59.0500 5712 GoogleDesktopManager-110309-193829 - ok
    18:17:59.0531 5712 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:17:59.0546 5712 Gpc - ok
    18:17:59.0593 5712 [ d956358054e99e6ffac69cd87e893a89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
    18:17:59.0593 5712 grmnusb - ok
    18:17:59.0656 5712 [ 751c1d2ca2abf4a9f5a6b8d7d45b907c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:17:59.0656 5712 gusvc - ok
    18:17:59.0734 5712 [ c818b973110a1c9f7763dd39bffd0fd3 ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
    18:17:59.0750 5712 hardlock - ok
    18:17:59.0843 5712 [ 0f8699fdd85ba53515c8aa452328d371 ] Harmony C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
    18:17:59.0843 5712 Harmony - ok
    18:17:59.0921 5712 [ 2dd25f060dc9f79b5cdf33d90ed93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
    18:17:59.0921 5712 Haspnt - ok
    18:17:59.0968 5712 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:17:59.0968 5712 HDAudBus - ok
    18:18:00.0062 5712 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    18:18:00.0062 5712 helpsvc - ok
    18:18:00.0093 5712 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    18:18:00.0109 5712 HidServ - ok
    18:18:00.0156 5712 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:18:00.0156 5712 HidUsb - ok
    18:18:00.0187 5712 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    18:18:00.0203 5712 hkmsvc - ok
    18:18:00.0203 5712 hpn - ok
    18:18:00.0250 5712 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    18:18:00.0250 5712 HTTP - ok
    18:18:00.0296 5712 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    18:18:00.0296 5712 HTTPFilter - ok
    18:18:00.0312 5712 i2omgmt - ok
    18:18:00.0312 5712 i2omp - ok
    18:18:00.0343 5712 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:18:00.0343 5712 i8042prt - ok
    18:18:00.0437 5712 [ 0f0194c4b635c10c3f785e4fee52d641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    18:18:00.0468 5712 ialm - ok
    18:18:00.0531 5712 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    18:18:00.0578 5712 IDriverT - ok
    18:18:00.0750 5712 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:18:00.0890 5712 idsvc - ok
    18:18:00.0921 5712 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:18:00.0921 5712 Imapi - ok
    18:18:00.0953 5712 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    18:18:00.0953 5712 ImapiService - ok
    18:18:00.0968 5712 ini910u - ok
    18:18:01.0187 5712 [ 7385944d4f025bd8c498bfd97981e336 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
    18:18:01.0359 5712 IntcAzAudAddService - ok
    18:18:01.0359 5712 IntelIde - ok
    18:18:01.0421 5712 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:18:01.0421 5712 intelppm - ok
    18:18:01.0468 5712 InterBaseGuardian - ok
    18:18:01.0484 5712 InterBaseServer - ok
    18:18:01.0484 5712 IO_Memory - ok
    18:18:01.0531 5712 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    18:18:01.0531 5712 Ip6Fw - ok
    18:18:01.0578 5712 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:18:01.0578 5712 IpFilterDriver - ok
    18:18:01.0609 5712 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:18:01.0609 5712 IpInIp - ok
    18:18:01.0656 5712 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:18:01.0671 5712 IpNat - ok
    18:18:01.0671 5712 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:18:01.0671 5712 IPSec - ok
    18:18:01.0703 5712 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:18:01.0703 5712 IRENUM - ok
    18:18:01.0718 5712 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:18:01.0718 5712 isapnp - ok
    18:18:01.0734 5712 [ f59c3569a2f2c464bb78cb1bdcdca55e ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
    18:18:01.0734 5712 Iviaspi - ok
    18:18:01.0828 5712 [ 32192b4ebe8720ed8d49a455c962cb91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
    18:18:01.0828 5712 JavaQuickStarterService - ok
    18:18:01.0843 5712 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:18:01.0859 5712 Kbdclass - ok
    18:18:01.0875 5712 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    18:18:01.0875 5712 kmixer - ok
    18:18:01.0906 5712 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    18:18:01.0906 5712 KSecDD - ok
    18:18:01.0953 5712 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    18:18:01.0953 5712 lanmanserver - ok
    18:18:02.0000 5712 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    18:18:02.0000 5712 lanmanworkstation - ok
    18:18:02.0015 5712 lbrtfdc - ok
    18:18:02.0078 5712 [ 80caf1fdebe4e2cdea021bc55cc4c1de ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    18:18:02.0156 5712 LBTServ - ok
    18:18:02.0203 5712 [ 75415a95c589a07d6c97baa2d4143916 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    18:18:02.0203 5712 LHidFilt - ok
    18:18:02.0265 5712 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    18:18:02.0265 5712 LmHosts - ok
    18:18:02.0265 5712 [ fcb3f81ac07b8608f921134237823b88 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    18:18:02.0265 5712 LMouFilt - ok
    18:18:02.0296 5712 [ ff1c2f90d40a2e52649937854e175987 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
    18:18:02.0296 5712 LUsbFilt - ok
    18:18:02.0343 5712 [ df0a511f38f16016bf658fca0090cb87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
    18:18:02.0359 5712 McrdSvc - ok
    18:18:02.0390 5712 [ 7efac183a25b30fb5d64cc9d484b1eb6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
    18:18:02.0406 5712 meiudf - ok
    18:18:02.0421 5712 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    18:18:02.0421 5712 Messenger - ok
    18:18:02.0468 5712 [ b7521f69c0a9b29d356157229376fb21 ] MHN C:\WINDOWS\System32\mhn.dll
    18:18:02.0484 5712 MHN - ok
    18:18:02.0500 5712 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    18:18:02.0500 5712 MHNDRV - ok
    18:18:02.0703 5712 [ 99119316d505ee8192d5d1a0485bf110 ] MioNet C:\Program Files\MioNet\MioNetManager.exe
    18:18:02.0703 5712 MioNet - ok
    18:18:02.0718 5712 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    18:18:02.0718 5712 mnmdd - ok
    18:18:02.0765 5712 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    18:18:02.0765 5712 mnmsrvc - ok
    18:18:02.0812 5712 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    18:18:02.0812 5712 Modem - ok
    18:18:02.0828 5712 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:18:02.0828 5712 Mouclass - ok
    18:18:02.0843 5712 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:18:02.0843 5712 mouhid - ok
    18:18:02.0859 5712 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    18:18:02.0859 5712 MountMgr - ok
    18:18:02.0906 5712 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    18:18:02.0906 5712 MpFilter - ok
    18:18:03.0093 5712 [ a69630d039c38018689190234f866d77 ] MpKsl1f4a72fe c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys
    18:18:03.0093 5712 MpKsl1f4a72fe - ok
    18:18:03.0109 5712 mraid35x - ok
    18:18:03.0109 5712 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:18:03.0125 5712 MRxDAV - ok
    18:18:03.0171 5712 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:18:03.0187 5712 MRxSmb - ok
    18:18:03.0218 5712 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    18:18:03.0218 5712 MSDTC - ok
    18:18:03.0234 5712 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    18:18:03.0234 5712 Msfs - ok
    18:18:03.0234 5712 MSIServer - ok
    18:18:03.0281 5712 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:18:03.0281 5712 MSKSSRV - ok
    18:18:03.0343 5712 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    18:18:03.0343 5712 MsMpSvc - ok
    18:18:03.0359 5712 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:18:03.0359 5712 MSPCLOCK - ok
    18:18:03.0359 5712 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    18:18:03.0375 5712 MSPQM - ok
    18:18:03.0390 5712 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:18:03.0390 5712 mssmbios - ok
    18:18:03.0406 5712 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    18:18:03.0406 5712 MSTEE - ok
    18:18:03.0453 5712 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    18:18:03.0453 5712 Mup - ok
    18:18:03.0484 5712 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    18:18:03.0484 5712 NABTSFEC - ok
    18:18:03.0546 5712 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    18:18:03.0546 5712 napagent - ok
    18:18:03.0578 5712 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    18:18:03.0578 5712 NDIS - ok
    18:18:03.0609 5712 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    18:18:03.0609 5712 NdisIP - ok
    18:18:03.0640 5712 [ 31c97e19ad9bb0030349e55d42d5e5d1 ] NDISRD C:\WINDOWS\system32\drivers\NDISRD.sys
    18:18:03.0640 5712 NDISRD - ok
    18:18:03.0687 5712 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:18:03.0687 5712 NdisTapi - ok
    18:18:03.0734 5712 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:18:03.0734 5712 Ndisuio - ok
    18:18:03.0750 5712 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:18:03.0750 5712 NdisWan - ok
    18:18:03.0765 5712 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    18:18:03.0781 5712 NDProxy - ok
    18:18:03.0796 5712 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:18:03.0796 5712 NetBIOS - ok
    18:18:03.0828 5712 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:18:03.0843 5712 NetBT - ok
    18:18:03.0890 5712 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
    18:18:03.0906 5712 NetDDE - ok
    18:18:03.0906 5712 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    18:18:03.0906 5712 NetDDEdsdm - ok
    18:18:03.0921 5712 [ 1265eb253ed4ebe4acb3bd5f548ff796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
    18:18:03.0921 5712 Netdevio - ok
    18:18:03.0953 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    18:18:03.0953 5712 Netlogon - ok
    18:18:03.0984 5712 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
    18:18:04.0000 5712 Netman - ok
    18:18:04.0062 5712 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:18:04.0109 5712 NetTcpPortSharing - ok
    18:18:04.0203 5712 [ f886500c285af271fdd33bf8ba7b32ef ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
    18:18:04.0234 5712 NETw3x32 - ok
    18:18:04.0250 5712 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:18:04.0250 5712 NIC1394 - ok
    18:18:04.0281 5712 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
    18:18:04.0281 5712 Nla - ok
    18:18:04.0328 5712 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    18:18:04.0328 5712 Npfs - ok
    18:18:04.0359 5712 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    18:18:04.0375 5712 Ntfs - ok
    18:18:04.0390 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    18:18:04.0390 5712 NtLmSsp - ok
    18:18:04.0453 5712 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    18:18:04.0468 5712 NtmsSvc - ok
    18:18:04.0515 5712 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
    18:18:04.0515 5712 Null - ok
    18:18:04.0562 5712 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:18:04.0562 5712 NwlnkFlt - ok
    18:18:04.0562 5712 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:18:04.0562 5712 NwlnkFwd - ok
    18:18:04.0578 5712 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:18:04.0578 5712 ohci1394 - ok
    18:18:04.0625 5712 [ eae6208900e2986f66f68b30aef86e4d ] OpcEnum C:\WINDOWS\system32\OpcEnum.exe
    18:18:04.0625 5712 OpcEnum - ok
    18:18:04.0718 5712 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:18:04.0796 5712 ose - ok
    18:18:04.0843 5712 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys
    18:18:04.0859 5712 Parport - ok
    18:18:04.0875 5712 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    18:18:04.0875 5712 PartMgr - ok
    18:18:04.0890 5712 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    18:18:04.0890 5712 ParVdm - ok
    18:18:04.0906 5712 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    18:18:04.0906 5712 PCI - ok
    18:18:04.0906 5712 PCIDump - ok
    18:18:04.0921 5712 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:18:04.0921 5712 PCIIde - ok
    18:18:04.0953 5712 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    18:18:04.0953 5712 Pcmcia - ok
    18:18:04.0968 5712 PDCOMP - ok
    18:18:04.0984 5712 PDFRAME - ok
    18:18:05.0000 5712 PDRELI - ok
    18:18:05.0000 5712 PDRFRAME - ok
    18:18:05.0015 5712 perc2 - ok
    18:18:05.0015 5712 perc2hib - ok
    18:18:05.0093 5712 [ 444f122e68db44c0589227781f3c8b3f ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
    18:18:05.0093 5712 Pfc - ok
    18:18:05.0171 5712 [ 8a3a05186cc4a9198581a0a09d38e959 ] phc700 C:\WINDOWS\system32\DRIVERS\phc700.sys
    18:18:05.0171 5712 phc700 - ok
    18:18:05.0218 5712 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    18:18:05.0218 5712 PlugPlay - ok
    18:18:05.0218 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    18:18:05.0218 5712 PolicyAgent - ok
    18:18:05.0250 5712 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:18:05.0250 5712 PptpMiniport - ok
    18:18:05.0250 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    18:18:05.0250 5712 ProtectedStorage - ok
    18:18:05.0265 5712 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    18:18:05.0265 5712 PSched - ok
    18:18:05.0281 5712 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:18:05.0281 5712 Ptilink - ok
    18:18:05.0281 5712 [ 81088114178112618b1c414a65e50f7c ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:18:05.0281 5712 PxHelp20 - ok
    18:18:05.0296 5712 ql1080 - ok
    18:18:05.0296 5712 Ql10wnt - ok
    18:18:05.0312 5712 ql12160 - ok
    18:18:05.0312 5712 ql1240 - ok
    18:18:05.0328 5712 ql1280 - ok
    18:18:05.0343 5712 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:18:05.0343 5712 RasAcd - ok
    18:18:05.0390 5712 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    18:18:05.0406 5712 RasAuto - ok
    18:18:05.0421 5712 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:18:05.0421 5712 Rasl2tp - ok
    18:18:05.0468 5712 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    18:18:05.0484 5712 RasMan - ok
    18:18:05.0484 5712 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:18:05.0484 5712 RasPppoe - ok
    18:18:05.0500 5712 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:18:05.0500 5712 Raspti - ok
    18:18:05.0546 5712 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:18:05.0546 5712 Rdbss - ok
    18:18:05.0562 5712 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:18:05.0562 5712 RDPCDD - ok
    18:18:05.0609 5712 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:18:05.0609 5712 rdpdr - ok
    18:18:05.0656 5712 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    18:18:05.0671 5712 RDPWD - ok
    18:18:05.0703 5712 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    18:18:05.0703 5712 RDSessMgr - ok
    18:18:05.0734 5712 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:18:05.0734 5712 redbook - ok
    18:18:05.0781 5712 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    18:18:05.0781 5712 RemoteAccess - ok
    18:18:05.0796 5712 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    18:18:05.0812 5712 RemoteRegistry - ok
    18:18:05.0859 5712 [ 4b1abec792db6b7f0cb226c6e93dabad ] RNADiagnosticsService C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    18:18:05.0859 5712 RNADiagnosticsService - ok
    18:18:05.0875 5712 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
    18:18:05.0875 5712 RpcLocator - ok
    18:18:05.0921 5712 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
    18:18:05.0921 5712 RpcSs - ok
    18:18:05.0953 5712 [ 2af65117091a47732f0997330e3daae6 ] RsiKtControl C:\WINDOWS\system32\RSIKT.SYS
    18:18:05.0953 5712 RsiKtControl - ok
    18:18:05.0968 5712 RSLinx - ok
    18:18:05.0984 5712 [ b089419975668e2a701178032d652a24 ] RSSERIAL C:\WINDOWS\SYSTEM32\RSSERIAL.SYS
    18:18:05.0984 5712 RSSERIAL - ok
    18:18:06.0031 5712 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    18:18:06.0046 5712 RSVP - ok
    18:18:06.0078 5712 [ e4fab1cdfaed6ef7542606aa055b104a ] RS_SS_NT C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS
    18:18:06.0078 5712 RS_SS_NT - ok
    18:18:06.0140 5712 [ 0e74171ee80a8640de564b72dbbb397b ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    18:18:06.0140 5712 RTLE8023xp - ok
    18:18:06.0171 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
    18:18:06.0171 5712 SamSs - ok
    18:18:06.0203 5712 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    18:18:06.0203 5712 SCardSvr - ok
    18:18:06.0250 5712 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
    18:18:06.0250 5712 Schedule - ok
    18:18:06.0296 5712 [ ed9c5cf6cc611ec8ac4a77c3f58f0601 ] ScsiAccess C:\WINDOWS\system32\ScsiAccess.EXE
    18:18:06.0312 5712 ScsiAccess - ok
    18:18:06.0359 5712 [ 8d04819a3ce51b9eb47e5689b44d43c4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
    18:18:06.0359 5712 sdbus - ok
    18:18:06.0406 5712 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:18:06.0421 5712 Secdrv - ok
    18:18:06.0421 5712 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    18:18:06.0421 5712 seclogon - ok
    18:18:06.0437 5712 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
    18:18:06.0437 5712 SENS - ok
    18:18:06.0468 5712 [ 8627c992b8a80504fc477b2e8ff8ec4f ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
    18:18:06.0484 5712 Sentinel - ok
    18:18:06.0515 5712 [ b490ad520257dda26c1d587a71e527b5 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
    18:18:06.0531 5712 Ser2pl - ok
    18:18:06.0562 5712 [ 0f29512ccd6bead730039fb4bd2c85ce ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:18:06.0578 5712 Serenum - ok
    18:18:06.0578 5712 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
    18:18:06.0578 5712 Serial - ok
    18:18:06.0609 5712 [ 0fa803c64df0914b41f807ea276bf2a6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    18:18:06.0609 5712 sffdisk - ok
    18:18:06.0625 5712 [ c17c331e435ed8737525c86a7557b3ac ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    18:18:06.0625 5712 sffp_sd - ok
    18:18:06.0656 5712 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:18:06.0656 5712 Sfloppy - ok
    18:18:06.0703 5712 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    18:18:06.0703 5712 SharedAccess - ok
    18:18:06.0718 5712 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    18:18:06.0718 5712 ShellHWDetection - ok
    18:18:06.0734 5712 Simbad - ok
    18:18:06.0750 5712 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    18:18:06.0750 5712 SLIP - ok
    18:18:06.0828 5712 [ 94eede27fd7d46707be49127922695a7 ] smihlp C:\Program Files\Protector Suite QL\smihlp.sys
    18:18:06.0828 5712 smihlp - ok
    18:18:06.0859 5712 [ 87f799c486302aceff098e067d481d9c ] Sntnlusb C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
    18:18:06.0859 5712 Sntnlusb - ok
    18:18:06.0859 5712 Sparrow - ok
    18:18:06.0890 5712 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    18:18:06.0890 5712 splitter - ok
    18:18:06.0921 5712 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
    18:18:06.0937 5712 Spooler - ok
    18:18:06.0953 5712 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    18:18:06.0953 5712 sr - ok
    18:18:07.0015 5712 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
    18:18:07.0015 5712 srservice - ok
    18:18:07.0062 5712 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    18:18:07.0078 5712 Srv - ok
    18:18:07.0156 5712 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    18:18:07.0171 5712 SSDPSRV - ok
    18:18:07.0218 5712 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    18:18:07.0234 5712 stisvc - ok
    18:18:07.0281 5712 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    18:18:07.0281 5712 streamip - ok
    18:18:07.0406 5712 [ 1db60cb3e53e2491d5d6c43c06676ca2 ] Stuffit Archive Name Service C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
    18:18:07.0453 5712 Stuffit Archive Name Service - ok
    18:18:07.0453 5712 SVRPEDRV - ok
    18:18:07.0468 5712 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:18:07.0468 5712 swenum - ok
    18:18:07.0500 5712 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    18:18:07.0500 5712 swmidi - ok
    18:18:07.0500 5712 SwPrv - ok
    18:18:07.0546 5712 [ 486a64aabd88e4e174681e89e9736bc9 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    18:18:07.0546 5712 Swupdtmr - ok
    18:18:07.0562 5712 symc810 - ok
    18:18:07.0562 5712 symc8xx - ok
    18:18:07.0578 5712 sym_hi - ok
    18:18:07.0578 5712 sym_u3 - ok
    18:18:07.0640 5712 [ a6cc8c28d5aad4179ef32f05bed55e91 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
    18:18:07.0640 5712 SynTP - ok
    18:18:07.0687 5712 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    18:18:07.0687 5712 sysaudio - ok
    18:18:07.0734 5712 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    18:18:07.0734 5712 SysmonLog - ok
    18:18:07.0750 5712 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    18:18:07.0750 5712 TapiSrv - ok
    18:18:07.0812 5712 [ 36772b5eaaaf42db5c5ee6eeb0ec0af7 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    18:18:07.0812 5712 TAPPSRV - ok
    18:18:07.0828 5712 [ 7147b0575bcc93a6ab7d5c90f47c0b9f ] tbiosdrv C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
    18:18:07.0828 5712 tbiosdrv - ok
    18:18:07.0859 5712 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:18:07.0859 5712 Tcpip - ok
    18:18:07.0906 5712 [ fc6fe02f400308606a911640e72326b5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
    18:18:07.0906 5712 TcUsb - ok
    18:18:07.0921 5712 [ cc1d7bc6a3632c55ee6d8877e9b936f3 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
    18:18:07.0921 5712 tdcmdpst - ok
    18:18:07.0937 5712 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:18:07.0937 5712 TDPIPE - ok
    18:18:07.0968 5712 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    18:18:07.0968 5712 TDTCP - ok
    18:18:08.0031 5712 [ 09aa3cf863793f92276b39e74878c386 ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
    18:18:08.0031 5712 tdudf - ok
    18:18:08.0078 5712 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:18:08.0078 5712 TermDD - ok
    18:18:08.0140 5712 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
    18:18:08.0156 5712 TermService - ok
    18:18:08.0171 5712 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
    18:18:08.0171 5712 Themes - ok
    18:18:08.0218 5712 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    18:18:08.0218 5712 TlntSvr - ok
    18:18:08.0265 5712 [ d540858e65bfa6fded41ad2495ece344 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
    18:18:08.0281 5712 TODDSrv - ok
    18:18:08.0281 5712 TosIde - ok
    18:18:08.0312 5712 [ cc069342ee0eae55b32a0ae99cf6185c ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    18:18:08.0312 5712 tosrfec - ok
    18:18:08.0343 5712 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
    18:18:08.0359 5712 TrkWks - ok
    18:18:08.0390 5712 [ b3c9c35dc93563b8d19ad414edf2fc82 ] TrueSight c:\windows\system32\drivers\TrueSight.sys
    18:18:08.0390 5712 TrueSight - ok
    18:18:08.0421 5712 [ 676db15ddf2e0ff6ec03068dea428b8b ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
    18:18:08.0421 5712 TVALD - ok
    18:18:08.0468 5712 [ 546dfba6486569120d33f7ad6e94efdd ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
    18:18:08.0468 5712 Tvs - ok
    18:18:08.0500 5712 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    18:18:08.0500 5712 Udfs - ok
    18:18:08.0500 5712 ultra - ok
    18:18:08.0531 5712 [ 9651e5d850b6f6bd7c77c70aa06f02bf ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
    18:18:08.0531 5712 UMWdf - ok
    18:18:08.0578 5712 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    18:18:08.0593 5712 Update - ok
    18:18:08.0640 5712 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    18:18:08.0656 5712 upnphost - ok
    18:18:08.0671 5712 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
    18:18:08.0671 5712 UPS - ok
    18:18:08.0734 5712 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    18:18:08.0734 5712 usbaudio - ok
    18:18:08.0765 5712 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:18:08.0765 5712 usbccgp - ok
    18:18:08.0781 5712 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:18:08.0781 5712 usbehci - ok
    18:18:08.0796 5712 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:18:08.0812 5712 usbhub - ok
    18:18:08.0828 5712 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:18:08.0828 5712 USBSTOR - ok
    18:18:08.0859 5712 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:18:08.0859 5712 usbuhci - ok
    18:18:08.0859 5712 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    18:18:08.0859 5712 VgaSave - ok
    18:18:08.0875 5712 ViaIde - ok
    18:18:08.0875 5712 VirtualBackplane - ok
    18:18:08.0890 5712 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    18:18:08.0890 5712 VolSnap - ok
    18:18:08.0921 5712 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
    18:18:08.0937 5712 VSS - ok
    18:18:08.0968 5712 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
    18:18:08.0968 5712 W32Time - ok
    18:18:09.0000 5712 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:18:09.0000 5712 Wanarp - ok
    18:18:09.0046 5712 [ 0a716c08cb13c3a8f4f51e882dbf7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    18:18:09.0046 5712 wanatw - ok
    18:18:09.0140 5712 [ fd47474bd21794508af449d9d91af6e6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    18:18:09.0140 5712 Wdf01000 - ok
    18:18:09.0156 5712 WDICA - ok
    18:18:09.0187 5712 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    18:18:09.0187 5712 wdmaud - ok
    18:18:09.0234 5712 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    18:18:09.0234 5712 WebClient - ok
    18:18:09.0328 5712 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    18:18:09.0328 5712 winmgmt - ok
    18:18:09.0375 5712 [ b9715b9c18bc6c8f4b66733d208cc9f7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    18:18:09.0375 5712 WmdmPmSN - ok
    18:18:09.0453 5712 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    18:18:09.0468 5712 Wmi - ok
    18:18:09.0500 5712 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    18:18:09.0562 5712 WmiApSrv - ok
    18:18:09.0593 5712 [ bbaeaca1ffa3c86361cf0998474f6c3a ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
    18:18:09.0593 5712 WpdUsb - ok
    18:18:09.0640 5712 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    18:18:09.0640 5712 wscsvc - ok
    18:18:09.0671 5712 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    18:18:09.0671 5712 WSTCODEC - ok
    18:18:09.0687 5712 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    18:18:09.0687 5712 wuauserv - ok
    18:18:09.0750 5712 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    18:18:09.0765 5712 WZCSVC - ok
    18:18:09.0796 5712 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    18:18:09.0796 5712 xmlprov - ok
    18:18:09.0812 5712 ================ Scan global ===============================
    18:18:09.0859 5712 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
    18:18:09.0906 5712 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
    18:18:09.0921 5712 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
    18:18:09.0953 5712 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:18:09.0953 5712 [Global] - ok
    18:18:09.0953 5712 ================ Scan MBR ==================================
    18:18:09.0984 5712 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
    18:18:20.0843 5712 \Device\Harddisk1\DR1 - ok
    18:18:20.0875 5712 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
    18:18:21.0062 5712 \Device\Harddisk0\DR0 - ok
    18:18:21.0109 5712 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
    18:18:31.0984 5712 \Device\Harddisk1\DR1 - ok
    18:18:31.0984 5712 MBR (0x1B8) (a9e1ef156464c70dd2c00b2c4a17268a) \Device\Harddisk2\DR7
    18:18:33.0765 5712 \Device\Harddisk2\DR7 - ok
    18:18:33.0765 5712 ================ Scan VBR ==================================
    18:18:33.0781 5712 Boot (0x1200) (f56c5d9d33b7b9cd0f91491f1dc34977) \Device\Harddisk1\DR1\Partition1
    18:18:33.0781 5712 \Device\Harddisk1\DR1\Partition1 - ok
    18:18:33.0828 5712 Boot (0x1200) (c1a57df0df4088ec14a0967905d1c4b0) \Device\Harddisk0\DR0\Partition1
    18:18:33.0828 5712 \Device\Harddisk0\DR0\Partition1 - ok
    18:18:33.0843 5712 Boot (0x1200) (f56c5d9d33b7b9cd0f91491f1dc34977) \Device\Harddisk1\DR1\Partition1
    18:18:33.0843 5712 \Device\Harddisk1\DR1\Partition1 - ok
    18:18:33.0843 5712 ============================================================
    18:18:33.0843 5712 Scan finished
    18:18:33.0843 5712 ============================================================
    18:18:33.0859 5372 Detected object count: 0
    18:18:33.0859 5372 Actual detected object count: 0
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    What does?

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    Please post BOTH logs, rKill.txt and Combofix.txt.
     
  7. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    SpyNoMore, the one you've labeled as rogue, it has a component in the system tray that loads on startup. The machine had this software installed for many years. I've only exited it when I am instructed to disable antivirus antispyware.

    I am currently on the step to run combofix and its running. It prompted me to install recovery console. Unfortunately this produced an error and it didn't successfully download recovery console. I checked my wireless connection for internet connectivity and pressed okay and it still didn't download recovery console. It proceeded to scan anyway without any prompt asking me if I wished to continue so I decided not to interrupt it mid-scan. Below is the log produced.

    ComboFix 12-08-14.05 - Daniel Smith 08/14/2012 19:10:57.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1308 [GMT -5:00]
    Running from: c:\documents and settings\Daniel Smith\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin700.exe.lnk
    c:\documents and settings\Daniel Smith\Application Data\PriceGong
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\hs_err_pid4824.log
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\I.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Daniel Smith\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\Daniel Smith\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Lori Smith\Application Data\alot
    c:\documents and settings\Lori Smith\Application Data\PriceGong
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\I.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Lori Smith\WINDOWS
    c:\documents and settings\Sarah\WINDOWS
    c:\program files\Adssite Games Collection
    c:\program files\Adssite Games Collection\BattlesOfHelicopters.exe
    c:\program files\Adssite Games Collection\BobAndBill.exe
    c:\program files\Adssite Games Collection\CrazyBlocks.exe
    c:\program files\Adssite Games Collection\Lines.exe
    c:\program files\Adssite Games Collection\uninstall.exe
    c:\program files\Adssite Games Collection\VideoPool.exe
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\kock
    c:\windows\system32\kock\daniel_smith@a1.interclick[1].txt
    c:\windows\system32\kock\daniel_smith@abmr[1].txt
    c:\windows\system32\kock\daniel_smith@burstnet[2].txt
    c:\windows\system32\kock\daniel_smith@interclick[2].txt
    c:\windows\system32\kock\daniel_smith@quantserve[2].txt
    c:\windows\system32\kock\daniel_smith@scorecardresearch[1].txt
    c:\windows\system32\kock\daniel_smith@sharethis[1].txt
    c:\windows\system32\kock\daniel_smith@turn[2].txt
    c:\windows\system32\kock\daniel_smith@wd.sharethis[1].txt
    c:\windows\system32\kock\daniel_smith@www.burstnet[1].txt
    c:\windows\system32\ndisapi.dll
    c:\windows\system32\SET83.tmp
    c:\windows\system32\UAs
    c:\windows\system32\UAs\iexplore.exe_UAs001.dat
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-14 18:14 . 2012-08-14 18:14 -------- d-sh--w- c:\documents and settings\Daniel Smith\IECompatCache
    2012-08-14 18:13 . 2012-08-14 18:13 -------- d-sh--w- c:\documents and settings\Daniel Smith\PrivacIE
    2012-08-14 18:09 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\mpengine.dll
    2012-08-14 17:24 . 2012-08-14 17:24 -------- d-----w- c:\documents and settings\Daniel Smith\Application Data\Malwarebytes
    2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-08-14 17:23 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-14 10:41 . 2012-08-14 10:41 -------- d-sh--w- c:\documents and settings\Daniel Smith\IETldCache
    2012-08-14 09:44 . 2012-08-14 09:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2012-08-14 09:21 . 2012-08-14 09:24 -------- dc-h--w- c:\windows\ie8
    2012-08-13 23:04 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2012-08-13 22:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2012-08-13 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-08-13 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-08-13 22:27 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-08-13 22:14 . 2012-08-13 22:24 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-13 22:14 . 2012-08-13 22:19 -------- d-----w- C:\9763613b9eb5a4033f9b3a2195c65735
    2012-08-13 21:24 . 2012-08-13 21:24 264 ----a-w- c:\windows\system32\srvblck5.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-13 13:19 . 2006-07-19 00:48 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-09-13 12:35 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2006-07-19 00:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2006-07-19 00:47 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19 . 2007-05-31 19:37 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2007-05-31 19:37 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2006-07-19 02:35 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2006-07-19 02:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2006-07-19 02:35 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2007-05-31 19:37 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2006-07-19 02:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2006-07-19 02:35 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2006-07-19 00:46 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2007-05-31 19:37 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2006-07-19 02:35 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2006-07-19 02:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2007-06-01 15:39 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2006-11-06 12:24 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18 . 2005-05-26 12:19 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2006-07-19 00:46 599040 ----a-w- c:\windows\system32\crypt32.dll
    2008-12-09 15:23 51152 --sh--r- c:\windows\system32\appConf32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{72ae8426-3b8d-4ead-b191-8d0ad1c62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2009-01-20 1881112]
    .
    [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\Max_EN\prxtbMax0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{867dd841-5bf7-44ca-8426-c5a6eda00735}"= "c:\program files\Max_EN\prxtbMax0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2009-01-20 1881112]
    "{867DD841-5BF7-44CA-8426-C5A6EDA00735}"= "c:\program files\Max_EN\prxtbMax0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}]
    .
    [HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
    "PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-02-01 42392]
    "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
    "TPSMain"="TPSMain.exe" [2005-06-01 282624]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
    "TFncKy"="TFncKy.exe" [BU]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
    "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-21 1067984]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
    "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
    "UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-29 434176]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
    "phc700"="c:\windows\vphc700.exe" [2005-07-21 339968]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\documents and settings\Daniel Smith\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-12 503808]
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    .
    c:\documents and settings\Sarah\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-3 784912]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1153363098\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
    "c:\\WINDOWS\\system32\\OpcEnum.exe"=
    "c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"=
    "c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:port135
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
    .
    R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]
    R2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [7/15/2005 3:38 PM 139264]
    R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
    S1 MpKsl1f4a72fe;MpKsl1f4a72fe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys [?]
    S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
    S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [5/31/2000 10:13 PM 71448]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/11/2006 4:02 PM 30192]
    S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
    S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [1/3/2008 5:24 PM 541568]
    S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [11/10/1999 11:27 AM 142592]
    S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [1/18/2006 1:33 PM 39067]
    S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/11/1999 4:48 PM 155440]
    S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - NDISRD
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
    .
    2012-08-14 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.Google.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    mSearchMigratedDefaultURL = hxxp://www.Google.com/
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.254
    DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
    AddRemove-AdssiteGames - c:\program files\Adssite Games Collection\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-14 19:23
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????j?w??????@???D????? ??|P?E????|????????????1??|????P?E?????????,???????????????????>?@?????L???<??????|?????????????$???? ???D??????>@????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(932)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\bio.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\program files\Protector Suite QL\crypto.dll
    c:\program files\Protector Suite QL\mysafe.dll
    .
    - - - - - - - > 'lsass.exe'(988)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus2.dll
    .
    - - - - - - - > 'explorer.exe'(4948)
    c:\docume~1\DANIEL~1\LOCALS~1\TempIadHide3.dll
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\windows\system32\DVDRAMSV.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Rockwell Software\RSCommon\RSOBSERV.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    c:\program files\MioNet\jvm\bin\MioNet.exe
    c:\windows\system32\ScsiAccess.EXE
    c:\program files\Smith Micro\StuffIt 2010\ArcNameService.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    c:\windows\system32\TODDSrv.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\progra~1\ROCKWE~1\RSLinx\RSLINX.EXE
    c:\windows\system32\dllhost.exe
    c:\windows\system32\TPSMain.exe
    c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    c:\windows\system32\TPSBattM.exe
    c:\program files\Synaptics\SynTP\Toshiba.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\Protector Suite QL\psqltray.exe
    c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
    c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
    c:\windows\AGRSMMSG.exe
    c:\windows\eHome\ehmsas.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-14 19:27:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-15 00:27
    .
    Pre-Run: 85,672,263,680 bytes free
    Post-Run: 87,349,899,264 bytes free
    .
    - - End Of File - - 59B8B3F6A68D165A4CE44D0A586EAE59
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I need to know what the error says.
     
  9. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    I've run it again. From the point I click yes to allow it to download recovery console it says:

    And before I can even click ok, it has started scanning.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Let's try different way...

    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System

    [​IMG]


    Download the file & save it as it's originally named.


    ---------------------------------------------------------------------

    Transfer all files you just downloaded, to the desktop of the infected computer.

    --------------------------------------------------------------------


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    [​IMG]


    • Drag the setup package onto ComboFix.exe and drop it.
    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]
    • At the next prompt, click 'Yes' to run the full ComboFix scan.
    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt.
     
  11. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    Your first image appears broken.

    Your link takes me to an article about:

    The only link they provide for XP SP3 is an .iso image that is currently still downloading. I'm not sure I'm on the right track. Am I downloading the right file?

    Edit: Nevermind your first image appeared. after several attempts at reload.

    Edit 2: Media Center Edition is just Home Edition(with media center installed) right?
     
  12. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    Okay, edits are getting insane so I'm just going to double post. Both links for SP2(and SP3) result in.

     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  14. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    Hooray. Detour complete, it worked. Here is the newest log.

    ComboFix 12-08-14.05 - Daniel Smith 08/14/2012 21:08:01.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1342 [GMT -5:00]
    Running from: c:\documents and settings\Daniel Smith\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Daniel Smith\Desktop\WinXP_EN_PRO_BF.EXE
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-15 00:31 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38E3A70E-8546-427D-9EB5-C66284F3704A}\mpengine.dll
    2012-08-14 18:14 . 2012-08-14 18:14 -------- d-sh--w- c:\documents and settings\Daniel Smith\IECompatCache
    2012-08-14 18:13 . 2012-08-14 18:13 -------- d-sh--w- c:\documents and settings\Daniel Smith\PrivacIE
    2012-08-14 18:09 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-14 17:24 . 2012-08-14 17:24 -------- d-----w- c:\documents and settings\Daniel Smith\Application Data\Malwarebytes
    2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-08-14 17:23 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-14 10:41 . 2012-08-14 10:41 -------- d-sh--w- c:\documents and settings\Daniel Smith\IETldCache
    2012-08-14 09:44 . 2012-08-14 09:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2012-08-14 09:21 . 2012-08-14 09:24 -------- dc-h--w- c:\windows\ie8
    2012-08-13 23:04 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
    2012-08-13 22:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
    2012-08-13 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-08-13 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-08-13 22:27 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-08-13 22:14 . 2012-08-13 22:24 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-13 22:14 . 2012-08-13 22:19 -------- d-----w- C:\9763613b9eb5a4033f9b3a2195c65735
    2012-08-13 21:24 . 2012-08-13 21:24 264 ----a-w- c:\windows\system32\srvblck5.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-13 13:19 . 2006-07-19 00:48 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-09-13 12:35 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2006-07-19 00:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2006-07-19 00:47 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 20:19 . 2007-05-31 19:37 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2007-05-31 19:37 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2006-07-19 02:35 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2006-07-19 02:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2006-07-19 02:35 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 20:19 . 2007-05-31 19:37 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2006-07-19 02:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2006-07-19 02:35 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2006-07-19 00:46 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 20:19 . 2007-05-31 19:37 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2006-07-19 02:35 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2006-07-19 02:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2007-06-01 15:39 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2006-11-06 12:24 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 20:18 . 2005-05-26 12:19 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-05-31 13:22 . 2006-07-19 00:46 599040 ----a-w- c:\windows\system32\crypt32.dll
    2008-12-09 15:23 51152 --sh--r- c:\windows\system32\appConf32.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{72ae8426-3b8d-4ead-b191-8d0ad1c62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2009-01-20 1881112]
    .
    [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\Max_EN\prxtbMax0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{867dd841-5bf7-44ca-8426-c5a6eda00735}"= "c:\program files\Max_EN\prxtbMax0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2009-01-20 1881112]
    "{867DD841-5BF7-44CA-8426-C5A6EDA00735}"= "c:\program files\Max_EN\prxtbMax0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}]
    .
    [HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
    "PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-02-01 42392]
    "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
    "TPSMain"="TPSMain.exe" [2005-06-01 282624]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
    "TFncKy"="TFncKy.exe" [BU]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
    "SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-21 1067984]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
    "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
    "UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-29 434176]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
    "phc700"="c:\windows\vphc700.exe" [2005-07-21 339968]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    c:\documents and settings\Daniel Smith\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-12 503808]
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    .
    c:\documents and settings\Sarah\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
    KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-3 784912]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1153363098\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
    "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
    "c:\\WINDOWS\\system32\\OpcEnum.exe"=
    "c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"=
    "c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "135:TCP"= 135:TCP:port135
    "1700:TCP"= 1700:TCP:MioNet Remote Drive Access
    "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
    .
    R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]
    R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
    S1 MpKsl1f4a72fe;MpKsl1f4a72fe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys [?]
    S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
    S2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [7/15/2005 3:38 PM 139264]
    S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [5/31/2000 10:13 PM 71448]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/11/2006 4:02 PM 30192]
    S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
    S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [1/3/2008 5:24 PM 541568]
    S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [11/10/1999 11:27 AM 142592]
    S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [1/18/2006 1:33 PM 39067]
    S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/11/1999 4:48 PM 155440]
    S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - NDISRD
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-15 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
    .
    2012-08-15 c:\windows\Tasks\MpIdleTask.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.Google.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    mSearchMigratedDefaultURL = hxxp://www.Google.com/
    uInternet Settings,ProxyOverride = localhost
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.254
    DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-14 21:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????j?w??????@???D????? ??|P?E????|????????????1??|????P?E?????????,???????????????????>?@?????L???<??????|?????????????$???? ???D??????>@????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(932)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\bio.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\program files\Protector Suite QL\crypto.dll
    c:\program files\Protector Suite QL\mysafe.dll
    .
    - - - - - - - > 'lsass.exe'(988)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus2.dll
    .
    - - - - - - - > 'explorer.exe'(5700)
    c:\program files\Logitech\SetPoint\lgscroll.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
    c:\windows\system32\msls31.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    Completion time: 2012-08-14 21:13:37
    ComboFix-quarantined-files.txt 2012-08-15 02:13
    ComboFix2.txt 2012-08-15 01:13
    ComboFix3.txt 2012-08-15 00:27
    .
    Pre-Run: 87,285,006,336 bytes free
    Post-Run: 87,261,159,424 bytes free
    .
    WinXP_EN_PRO_BF.EXE
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 40E629911AAAF560772663D99F89B765
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good :)

    Combofix looks good.

    Any current issues?

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    I currently have plenty of issues but it looks like I don't have any relevant to the laptop we've been working on. :) It seems to be running as well as could be expected of a Centrino Duo processor.



    OTL logfile created on: 8/14/2012 9:23:35 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Daniel Smith\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.43% Memory free
    3.84 Gb Paging File | 3.37 Gb Available in Paging File | 87.80% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.49 Gb Total Space | 81.34 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
    Drive E: | 243.98 Mb Total Space | 243.98 Mb Free Space | 100.00% Space Free | Partition Type: FAT
    Drive F: | 7.46 Gb Total Space | 7.45 Gb Free Space | 99.91% Space Free | Partition Type: FAT32

    Computer Name: DBSMITH | User Name: Daniel Smith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/14 21:16:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Smith\Desktop\OTL.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2009/12/29 13:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
    PRC - [2009/10/30 15:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/11/15 13:12:04 | 000,784,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2007/11/15 13:08:26 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2006/11/24 22:46:20 | 001,925,392 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE
    PRC - [2006/10/19 18:40:18 | 000,196,608 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSCOMMON\RSOBSERV.EXE
    PRC - [2006/09/28 20:25:54 | 000,434,176 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
    PRC - [2006/08/02 18:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
    PRC - [2006/06/08 23:17:50 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
    PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
    PRC - [2006/05/16 13:42:00 | 001,777,664 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
    PRC - [2006/05/05 19:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
    PRC - [2006/04/25 19:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
    PRC - [2006/03/16 15:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    PRC - [2006/03/02 17:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
    PRC - [2006/02/07 18:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    PRC - [2006/02/02 14:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    PRC - [2005/12/16 04:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
    PRC - [2005/12/06 00:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    PRC - [2005/06/23 20:56:12 | 000,028,672 | ---- | M] (Rockwell Automation) -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
    PRC - [2005/05/31 23:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
    PRC - [2005/05/31 22:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
    PRC - [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    PRC - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
    PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
    PRC - [2003/06/25 09:25:38 | 000,614,531 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/14 03:47:40 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_47600ef7\mscorlib.dll
    MOD - [2012/08/14 03:46:58 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f228939a\system.dll
    MOD - [2012/08/14 03:46:44 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/02/04 20:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
    MOD - [2008/12/12 19:08:29 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\rockwellsoftware.factorytalk.diagnostics.readerlib\1.0.0.0__08edf02f4d5b3281\rockwellsoftware.factorytalk.diagnostics.readerlib.dll
    MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2006/09/28 20:24:36 | 000,053,248 | ---- | M] () -- C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\rausbciplib.dll
    MOD - [2006/07/18 21:46:05 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
    MOD - [2006/07/18 21:46:03 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
    MOD - [2006/01/04 20:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
    MOD - [2005/07/22 23:30:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
    MOD - [2004/07/20 19:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
    MOD - [2003/06/25 09:30:30 | 000,081,920 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx
    MOD - [2003/06/25 09:18:34 | 000,139,264 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx
    MOD - [2003/06/25 09:16:00 | 000,319,631 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnLine.dll
    MOD - [2003/06/25 09:12:04 | 000,278,660 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll
    MOD - [2003/06/25 09:11:14 | 000,450,693 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
    MOD - [2003/06/25 09:08:22 | 000,270,484 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistacameraUploadSysx.syx
    MOD - [2003/06/25 09:03:52 | 000,389,257 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll
    MOD - [2003/06/25 09:02:46 | 000,954,508 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll
    MOD - [2003/06/25 09:02:14 | 000,061,574 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
    MOD - [2003/06/25 09:01:32 | 000,114,829 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
    MOD - [2003/06/25 08:53:38 | 000,110,719 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll
    MOD - [2003/06/25 08:48:08 | 000,536,716 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.dll
    MOD - [2003/06/25 08:33:12 | 000,229,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
    MOD - [2003/06/25 08:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistacameraUploadSysx.dll
    MOD - [2003/06/25 08:23:14 | 000,356,479 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
    MOD - [2003/06/25 08:08:12 | 000,024,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll
    MOD - [2003/06/25 08:05:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameratodos.dll
    MOD - [2003/06/25 08:01:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameratodosCamBack.dll
    MOD - [2003/06/25 07:50:06 | 000,036,864 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/10/30 15:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
    SRV - [2007/11/15 13:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2006/11/24 22:46:20 | 001,925,392 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx)
    SRV - [2006/10/19 18:40:18 | 000,196,608 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Running] -- C:\Program Files\Rockwell Software\RSCOMMON\RSOBSERV.EXE -- (Harmony)
    SRV - [2006/07/24 21:11:58 | 000,065,536 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp)
    SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
    SRV - [2006/02/07 18:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
    SRV - [2005/07/15 15:38:33 | 000,139,264 | R--- | M] () [Auto | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
    SRV - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
    SRV - [2005/06/23 20:56:12 | 000,028,672 | ---- | M] (Rockwell Automation) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe -- (RNADiagnosticsService)
    SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
    SRV - [2004/12/02 11:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum)
    SRV - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
    SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
    SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
    SRV - [2003/02/04 11:22:30 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)
    SRV - [2002/05/22 12:52:06 | 001,701,888 | ---- | M] (Inprise Corporation) [On_Demand | Stopped] -- C:\Program Files\Borland\Interbase\Bin\ibserver.exe -- (InterBaseServer)
    SRV - [2002/05/22 12:52:06 | 000,022,016 | ---- | M] (Inprise Corporation) [On_Demand | Stopped] -- C:\Program Files\Borland\Interbase\Bin\ibguard.exe -- (InterBaseGuardian)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\VirtualBackplane.sys -- (VirtualBackplane)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys -- (MpKsl1f4a72fe)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- c:\sysprep\Drivers\ioport.sys -- (IO_Memory)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2008/12/12 19:08:59 | 000,018,944 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
    DRV - [2008/12/12 18:32:42 | 000,453,632 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
    DRV - [2008/12/12 18:32:42 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
    DRV - [2007/09/21 06:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2007/09/21 06:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2007/09/21 06:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2006/08/25 18:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
    DRV - [2006/08/23 22:37:50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
    DRV - [2006/08/22 12:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
    DRV - [2006/07/19 21:40:20 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/07/13 12:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
    DRV - [2006/06/28 18:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2006/06/28 13:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
    DRV - [2006/05/30 18:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
    DRV - [2006/05/05 20:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
    DRV - [2006/05/05 19:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
    DRV - [2006/05/05 19:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
    DRV - [2006/03/18 09:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/03/02 20:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV - [2006/01/18 13:33:24 | 000,039,067 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl)
    DRV - [2005/10/20 16:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
    DRV - [2005/09/09 16:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
    DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
    DRV - [2005/06/07 17:21:18 | 000,541,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\phc700.sys -- (phc700)
    DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
    DRV - [2005/05/16 18:03:44 | 000,015,340 | R--- | M] (NT Kernel Resources) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\ndisrd.sys -- (NDISRD)
    DRV - [2003/09/19 03:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
    DRV - [2003/07/16 17:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
    DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
    DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
    DRV - [2001/06/22 00:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
    DRV - [2001/06/22 00:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
    DRV - [2000/05/31 22:13:04 | 000,071,448 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\abktcx.sys -- (ABKTCX)
    DRV - [1999/11/10 11:27:48 | 000,142,592 | ---- | M] (Rockwell Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\RS_SS_NT.SYS -- (RS_SS_NT)
    DRV - [1999/05/11 16:48:00 | 000,155,440 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\rsserial.sys -- (RSSERIAL)
    DRV - [1998/07/10 07:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE

    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files\P2P_Max\tbP2P_.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searc...c_id=11511&camp_id=-3&tb_version=2.5.9001.490
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...icrosoft:en-US&ie=utf8&oe=utf8&rlz=1I7_____en
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1814311
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/07/22 22:25:55 | 000,000,000 | ---D | M]

    [2009/02/28 15:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Smith\Application Data\Mozilla\Extensions
    [2009/02/28 15:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Smith\Application Data\Mozilla\Extensions\mozswing@mozswing.org

    O1 HOSTS File: ([2012/08/14 19:20:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Max EN Toolbar) - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\prxtbMax0.dll (Conduit Ltd.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O2 - BHO: (Browser protection) - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\Program Files\SpyNoMore\snmIeGuard.dll (Illysoft LLC)
    O3 - HKLM\..\Toolbar: (Max EN Toolbar) - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\prxtbMax0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
    O3 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Program Files\P2P_Max\tbP2P_.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\Toolbar\WebBrowser: (Max EN Toolbar) - {867DD841-5BF7-44CA-8426-C5A6EDA00735} - C:\Program Files\Max_EN\prxtbMax0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
    O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
    O4 - HKLM..\Run: [phc700] C:\WINDOWS\vphc700.exe (Sonix)
    O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC)
    O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
    O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
    O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
    O4 - HKLM..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.)
    O4 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
    O4 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
    O4 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
    O4 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\Daniel Smith\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} https://imail.tema.toyota.com/images/whlcache.cab?egap=internal (Whale Attachment Wiper )
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162687796125 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://imail.tema.toyota.com/dwa7W.cab (Domino Web Access 7 Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D181D2B-F4D0-4EAF-9855-62DB591BEA1E}: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.254
    O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/07/18 21:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/14 21:16:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel Smith\Desktop\OTL.exe
    [2012/08/14 21:06:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/08/14 19:21:28 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Daniel Smith\My Documents\My Safe
    [2012/08/14 19:00:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/08/14 19:00:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/08/14 19:00:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/08/14 19:00:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/08/14 19:00:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/14 18:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/08/14 18:57:18 | 004,731,615 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel Smith\Desktop\ComboFix.exe
    [2012/08/14 18:10:03 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Daniel Smith\Desktop\TDSSKiller.exe
    [2012/08/14 16:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Smith\Desktop\RK_Quarantine
    [2012/08/14 16:15:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Daniel Smith\Desktop\aswMBR.exe
    [2012/08/14 16:15:48 | 003,178,400 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Daniel Smith\Desktop\MCPR.exe
    [2012/08/14 13:14:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daniel Smith\IECompatCache
    [2012/08/14 13:13:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daniel Smith\PrivacIE
    [2012/08/14 12:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Smith\Application Data\Malwarebytes
    [2012/08/14 12:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/14 12:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/08/14 12:23:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/08/14 12:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/14 12:06:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel Smith\Desktop\dds.com
    [2012/08/14 12:06:07 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel Smith\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/14 05:41:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daniel Smith\IETldCache
    [2012/08/14 04:21:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2012/08/13 17:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/08/13 17:14:04 | 000,000,000 | ---D | C] -- C:\9763613b9eb5a4033f9b3a2195c65735
    [2012/08/13 16:55:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/08/14 21:16:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Smith\Desktop\OTL.exe
    [2012/08/14 21:06:55 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2012/08/14 21:04:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2012/08/14 20:29:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/08/14 19:30:12 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/08/14 19:20:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/08/14 19:20:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/08/14 19:19:59 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/14 18:48:58 | 004,731,615 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel Smith\Desktop\ComboFix.exe
    [2012/08/14 16:15:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Daniel Smith\Desktop\aswMBR.exe
    [2012/08/14 16:15:14 | 003,178,400 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Daniel Smith\Desktop\MCPR.exe
    [2012/08/14 16:14:52 | 001,558,528 | ---- | M] () -- C:\Documents and Settings\Daniel Smith\Desktop\RogueKiller.exe
    [2012/08/14 12:23:46 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/14 12:06:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel Smith\Desktop\dds.com
    [2012/08/14 12:06:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Daniel Smith\Desktop\ocinprei.exe
    [2012/08/14 12:06:24 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel Smith\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/14 05:46:58 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Daniel Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/08/14 04:42:49 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/08/14 04:24:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/08/14 03:58:39 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/08/14 03:58:39 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/08/13 23:58:59 | 000,000,036 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
    [2012/08/13 17:25:16 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Daniel Smith\Desktop\TDSSKiller.exe
    [2012/08/13 17:25:04 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2012/08/13 17:16:08 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/14 21:06:55 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2012/08/14 21:06:51 | 000,237,728 | RHS- | C] () -- C:\cmldr
    [2012/08/14 19:00:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/08/14 19:00:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/08/14 19:00:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/08/14 19:00:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/08/14 19:00:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/08/14 16:15:04 | 001,558,528 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Desktop\RogueKiller.exe
    [2012/08/14 12:23:46 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/14 12:16:49 | 2137,051,136 | -HS- | C] () -- C:\hiberfil.sys
    [2012/08/14 12:06:25 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Desktop\ocinprei.exe
    [2012/08/13 17:59:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/08/13 17:59:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
    [2012/08/13 17:34:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
    [2012/08/13 17:34:55 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2012/08/13 17:24:57 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/08/13 17:08:23 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2012/08/13 16:24:45 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
    [2010/02/05 22:20:45 | 000,533,102 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Application Data\woodlakguy.zip
    [2009/07/03 13:50:34 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\presets.ini
    [2006/11/04 18:50:46 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/11/04 18:50:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Local Settings\Application Data\fusioncache.dat

    ========== LOP Check ==========

    [2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Protector Suite
    [2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
    [2010/02/05 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
    [2006/11/04 19:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
    [2008/12/12 18:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rockwell
    [2010/07/22 22:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
    [2006/07/19 21:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/12/07 17:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2008/01/05 10:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
    [2010/08/17 21:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\GARMIN
    [2006/11/04 23:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\InterVideo
    [2012/08/14 19:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\LimeWire
    [2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\Protector Suite
    [2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\toshiba
    [2010/07/22 22:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\WeatherBug
    [2006/12/07 17:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\WildTangent
    [2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Protector Suite
    [2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
    [2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Smith\Application Data\Protector Suite
    [2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Smith\Application Data\toshiba
    [2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Protector Suite
    [2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\toshiba
    [2012/08/14 21:04:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

    ========== Purity Check ==========



    < End of report >
     
  17. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    OTL Extras logfile created on: 8/14/2012 9:23:35 PM - Run 1
    OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Daniel Smith\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.43% Memory free
    3.84 Gb Paging File | 3.37 Gb Available in Paging File | 87.80% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.49 Gb Total Space | 81.34 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
    Drive E: | 243.98 Mb Total Space | 243.98 Mb Free Space | 100.00% Space Free | Partition Type: FAT
    Drive F: | 7.46 Gb Total Space | 7.45 Gb Free Space | 99.91% Space Free | Partition Type: FAT32

    Computer Name: DBSMITH | User Name: Daniel Smith | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "135:TCP" = 135:TCP:*:Enabled:port135
    "1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
    "1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
    "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
    "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
    "C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
    "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
    "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
    "C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
    "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- ()
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe" = C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe:*:Enabled:RSLogix 5000 v16.00.00 -- (Rockwell Automation, Inc.)
    "C:\WINDOWS\system32\OpcEnum.exe" = C:\WINDOWS\system32\OpcEnum.exe:*:Enabled:OPCEnum.exe -- (OPC Foundation)
    "C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE" = C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE:*:Enabled:RSLinx.exe -- (Rockwell Automation, Inc.)
    "C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe" = C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe:*:Enabled:OPCTestClient.exe -- (Rockwell Automation, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
    "{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
    "{0C3966A5-7D21-40CF-A8AA-6DA061D25541}" = Logix5000 Task Monitor
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0EA93C5A-7CB4-4B69-A3EE-92A7953B1D3E}" = RSLogix 5 English 7.10.02 (CPR 7)
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{10050016-D5FD-11DA-A128-000C29473C90}" = RSLogix 5000 Start Page Media v16.00.05
    "{102AC368-2BC1-482D-85B9-5C38F5025F8B}" = Rockwell Automation Drives SCANport Module Profiles
    "{110ACB92-B678-4CAC-870F-86F1326219D6}" = RSLogix 5000 Module Profile Setup Utility
    "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
    "{132517B5-10EB-4387-ADAE-AE3A9DA85448}" = Philips Firmware Manager
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{1AB02C49-910D-4823-94BA-51FC4047B9C8}" = Logix5000 Clock Update Tool
    "{20010016-D5FD-11DA-A128-000C29473C90}" = RSLogix 5000 Online Books v16.00.00
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23727D32-E8A7-418D-BF8D-97A79FF793C1}" = Rockwell Automation 1734 ASCII Module Profiles
    "{269A4095-DB55-4D35-8FD0-39957D26BEEC}" = Philips VLounge
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
    "{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
    "{28302E0C-2E42-4635-8657-078C88989BEF}" = Rockwell Automation 1791DS Discrete Module Profiles
    "{2ABE52D6-0F52-48F6-9AB7-A7DDAACD8654}" = Rockwell Automation 1769 Analog Module Profiles
    "{2ACA8536-E7A2-4914-9597-DBA635D93492}" = Parker Isysnet Analog Module Profiles
    "{2BF0655E-B036-43F6-9230-BB45CB07F004}" = RSNetWorx for ControlNet 8.00.00 (CPR 7)
    "{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "{2F0200C6-9ACB-49F3-BC33-5BE9AA682D9F}" = MapSend Lite
    "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
    "{30010016-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v16.00.00
    "{30010215-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v15.02
    "{30010413-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v13.04
    "{30E45D79-A117-41C9-81E7-004F2B183249}" = FactoryTalk Activation Client v2.00.01 (CPR 7)
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{34540622-805E-4CC7-98CF-65A43E99CF4D}" = RSLinx Classic 2.51.00 (CPR 7)
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{357187EE-8B25-467D-A567-88C735932174}" = Rockwell Automation 1734 Discrete Module Profiles
    "{39363D4F-BF1C-447C-8014-F7966A9975D9}" = Rockwell Automation 1734 Specialty Module Profiles
    "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    "{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
    "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
    "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
    "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
    "{449AD43D-AEF6-439B-B936-B1E239B8944C}" = Rockwell Automation 1769 Boolean Module Profiles
    "{4634B79A-3562-4AC0-B6A2-DF9E2D285EBC}" = ClearKeeper
    "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
    "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
    "{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}" = Rockwell Automation 1756 CNet Comms Module Profiles
    "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
    "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
    "{4CA3C060-272B-4B23-A836-C23D11E0006A}" = Rockwell Automation USB CIP Driver Package
    "{4E8B1FF0-BE42-42F0-84C3-030399C548A1}" = RSLogix 5000 Faceplates
    "{517AA455-8CC9-4281-87A4-865E71947DC9}" = RSLogix 5000 IEC61131-3 Translation Tool
    "{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
    "{546A6A91-FA45-48BD-A6D6-F4C8D4317A56}" = Rockwell Windows Firewall Configuration Utility 1.00.01
    "{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
    "{5EFD7668-C7D7-401E-BF4C-F10CEE02ED9E}" = Rockwell Automation Drives PowerFlex 7 Module Profiles
    "{634EC9A4-FEF1-11D7-A65F-18181164CC00}" = BalanceLog
    "{63A49017-81D4-4969-921E-68FEAC93BC6A}" = RSLogix 500 English 7.10.00 (CPR 7)
    "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
    "{65808416-E7F9-4DB5-9208-E63078C93B7D}" = RSLogix 5000 Compare v2
    "{66B72D42-0209-4F45-857A-D509649FC74B}" = Rockwell Automation Drives PowerFlex 4 Module Profiles
    "{692179FB-984B-465A-BC4F-3875D2D53F32}" = RSNetWorx for DeviceNet 8.00.01 (CPR 7)
    "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
    "{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
    "{6AFEDA45-288E-445F-A176-FCD42AFA74FE}" = Rockwell Automation 1738 Analog Module Profiles
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7033EFFB-90EA-4A54-9807-FB4AACA52A0B}" = Rockwell Automation 1769 Discrete Module Profiles
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{737220CF-97A7-11D5-B3A5-00E02934C09B}" = MapSend Streets and Destinations USA
    "{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78788123-91F2-42D3-A7D4-FEBB1337A8B2}" = DriveExecutive V4.01
    "{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
    "{7BCFC80E-8D88-4B7C-AF62-A629521B3274}" = BootP-DHCP Server
    "{7FB3F90F-E754-4374-9ABC-EF8F94DA35E2}" = DeviceNet Node Commissioning Tool
    "{842CDC14-718F-4063-9D48-36E982E12946}" = Rockwell Automation 1769 Analog Module Profiles
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{893727BF-9C7C-483F-9E69-D8314DB21186}" = Parker Isysnet Discrete Module Profiles
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8A8C5496-0460-489E-8CB9-8F62E09F033D}" = Tag Data Monitor Tool
    "{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
    "{8E10471D-5CBF-4080-972D-2E6451420B7F}" = RSLogix 5000 System Updates
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
    "{903B8611-2695-4B42-A613-1394AD01F511}" = RSLogix 5000 Module Profile Core
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
    "{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9AE0E408-37BC-4B89-B768-252DE878CE7A}" = Logix CPU Security Tool
    "{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
    "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
    "{A1C775C8-CBD3-49B0-A72C-4C751378B2F4}" = RSLogix 5000 Setup Installer
    "{A2C6C8E7-3540-4A0C-8C87-DAA164B0740B}" = Rockwell Automation 1738 ASCII Module Profiles
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A393179D-478D-40C7-A6A2-90B9F34C2341}" = Rockwell Automation 1738 Discrete Module Profiles
    "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
    "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
    "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
    "{AAF8A903-9A85-43DF-A35C-3E5549484DDA}" = Rockwell Automation 1756 HART Module Profiles
    "{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}" = Rockwell Automation 1756 ENet Comms Module Profiles
    "{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
    "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B100A292-14C5-4E41-AE27-0229BFBFDA9F}" = RSLogix 5000 DeviceNet Tag Generator
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B4BC22FF-9599-4FB4-9F3D-C8D7A19800D4}" = Tag Import Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BA35560D-EE87-40BD-A84B-48F4CD939D38}" = Tag Upload Download Tool
    "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
    "{C3ED335A-3156-4152-B96A-D44A0B1A55A3}" = Parker Isysnet ASCII Module Profile
    "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
    "{C70BF2F2-2B54-4303-ABE6-82A20038A2EA}" = Philips SPC 700NC PC Camera
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
    "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D92FFA80-FC57-11D6-AFD6-0050BA883E61}" = RSNetWorx for EtherNet/IP 8.00.00 (CPR 7)
    "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
    "{E4355DEE-167C-4BD3-9FD7-0F389EBF3981}" = Rockwell Automation 1769 Specialty Module Profiles
    "{EB1D4DEC-D1B4-4C02-BA6D-AAF51F12EB58}" = ControlFLASH
    "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
    "{EFBB3496-A41F-40EB-A218-5E876D92E8A8}" = Fidelity Active Trader Pro®
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F699127B-51FB-44DF-AD6A-8AC498BA9684}" = Rockwell Automation Generic Safety Module Profiles
    "{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}" = Rockwell Automation 1738 Specialty Module Profiles
    "{FC07B277-E45F-47AF-BE00-09B03B356899}" = Rockwell Automation 1734 Analog Module Profiles
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "America Online us" = America Online (Choose which version to remove)
    "AOL Connectivity Services" = AOL Connectivity Services
    "AOL Spyware Protection" = AOL Spyware Protection
    "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
    "AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "Big Sky" = Big Sky Screen Saver
    "Desktop Dialer" = Desktop Dialer
    "EasyGPS_is1" = EasyGPS
    "FXCM Trading Station" = FXCM Trading Station
    "GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
    "Google Desktop" = Google Desktop
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
    "LimeWire" = LimeWire 5.4.7
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Max_EN Toolbar" = Max_EN Toolbar
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MioNet" = MioNet
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "P2P_Max Toolbar" = P2P_Max Toolbar
    "Picasa2" = Picasa 2
    "PID Calculation Program" = PID Calculation Program
    "Port Magic" = Pure Networks Port Magic
    "Power Saver" = TOSHIBA Power Saver
    "PriceGong" = PriceGong 2.1.0
    "QuickTime" = QuickTime
    "Rainbow Sentinel Driver" = Sentinel System Driver
    "RealPlayer 6.0" = RealPlayer Basic
    "Retsina P2T" = PDF Plain Text Extractor (remove only)
    "RSHWare" = Rockwell Software Hardware Maintenance Tool
    "SIPPS!UninstallKey" = SIPPS
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TOSHIBA Game Console" = TOSHIBA Game Console
    "TOSHIBA Software Modem" = TOSHIBA Software Modem
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "WildTangent CDA" = WildTangent Web Driver
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WT004723" = Blasterball 2 Revolution
    "WT004829" = Polar Golfer
    "WT006066" = FATE
    "WT006448" = Blackhawk Striker 2
    "WT006527" = Polar Bowler
    "WT009503" = Penguins!
    "WT009952" = Chuzzle Deluxe
    "WT009953" = Mah Jong Quest
    "WT009954" = SCRABBLE
    "WT010043" = Bejeweled 2 Deluxe
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Toolbar" = Yahoo! Toolbar
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/21/2009 10:47:18 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
    module unknown, version 0.0.0.0, fault address 0x410092ed.

    Error - 5/20/2009 9:57:13 PM | Computer Name = DBSMITH | Source = McLogEvent | ID = 1006
    Description =

    Error - 5/20/2009 10:01:25 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
    module unknown, version 0.0.0.0, fault address 0x410092ed.

    Error - 7/3/2009 2:50:28 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
    module unknown, version 0.0.0.0, fault address 0x410092ed.

    Error - 7/3/2009 2:50:35 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
    Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
    dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

    Error - 7/3/2009 2:51:28 PM | Computer Name = DBSMITH | Source = Application Hang | ID = 1002
    Description = Hanging application YahooMessenger.exe, version 8.1.0.421, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/24/2009 12:00:23 AM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
    module yahoomessenger.exe, version 8.1.0.421, fault address 0x00109644.

    Error - 7/26/2009 4:26:17 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
    module unknown, version 0.0.0.0, fault address 0x410092ed.

    Error - 7/30/2009 10:20:53 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
    Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
    module unknown, version 0.0.0.0, fault address 0x410092ed.

    Error - 8/4/2009 7:11:29 PM | Computer Name = DBSMITH | Source = Alert Manager Event Interface | ID = 257
    Description =

    [ System Events ]
    Error - 8/14/2012 6:19:04 PM | Computer Name = DBSMITH | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 8/14/2012 6:19:23 PM | Computer Name = DBSMITH | Source = atapi | ID = 262153
    Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
    period.

    Error - 8/14/2012 7:17:14 PM | Computer Name = DBSMITH | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\D.

    Error - 8/14/2012 7:54:47 PM | Computer Name = DBSMITH | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\D.

    Error - 8/14/2012 8:10:43 PM | Computer Name = DBSMITH | Source = Service Control Manager | ID = 7034
    Description = The Swupdtmr service terminated unexpectedly. It has done this 1
    time(s).

    Error - 8/14/2012 8:10:43 PM | Computer Name = DBSMITH | Source = Service Control Manager | ID = 7034
    Description = The ScsiAccess service terminated unexpectedly. It has done this
    1 time(s).

    Error - 8/14/2012 9:04:58 PM | Computer Name = DBSMITH | Source = Service Control Manager | ID = 7034
    Description = The Swupdtmr service terminated unexpectedly. It has done this 1
    time(s).

    Error - 8/14/2012 9:04:58 PM | Computer Name = DBSMITH | Source = Service Control Manager | ID = 7034
    Description = The ScsiAccess service terminated unexpectedly. It has done this
    1 time(s).

    Error - 8/14/2012 9:05:05 PM | Computer Name = DBSMITH | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\D.

    Error - 8/14/2012 10:04:20 PM | Computer Name = DBSMITH | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\D.


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Hahaha....

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys -- (MpKsl1f4a72fe)
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
      IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
      O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    Well, IE is now facing limited issues. I'm doing posting from another computer so I hadn't done much browsing. I loaded up google and was happy to have IE not crash at my home page. I tryed loading techspot so I could navigate to the link you provided for the ESET Online Scanner. Techspot front page would crash that tab. It didn't crash the browser just the tab. I was able to manually navigate to the online scanner and it has updated and is running right now. Here are the logs I currently have.


    All processes killed
    ========== OTL ==========
    Service MpKsl1f4a72fe stopped successfully!
    Service MpKsl1f4a72fe deleted successfully!
    File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys not found.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Daniel Smith
    ->Temp folder emptied: 97724 bytes
    ->Temporary Internet Files folder emptied: 10543505 bytes
    ->Java cache emptied: 1648532 bytes
    ->Flash cache emptied: 1937979 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes

    User: Lori Smith
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 157915 bytes
    ->Java cache emptied: 1500916 bytes
    ->Flash cache emptied: 1256 bytes

    User: NetworkService
    ->Temp folder emptied: 1372 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Sarah
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Flash cache emptied: 3132620 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2841 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1133 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 18.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Daniel Smith
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Lori Smith
    ->Java cache emptied: 0 bytes

    User: NetworkService

    User: Sarah

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Daniel Smith
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: Lori Smith
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Sarah
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.57.0 log created on 08142012_220847

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...




    Results of screen317's Security Check version 0.99.43
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Please wait while WMIC is being installed.d
    I
    s
    p
    l
    a
    y
    N
    a
    m
    e
    ECHO is off.
    M
    I
    c
    r
    o
    s
    o
    f
    t
    ECHO is off.
    S
    e
    c
    u
    r
    I
    t
    y
    ECHO is off.
    E
    s
    e
    n
    t
    I
    a
    l
    s
    ECHO is off.
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    AOL Spyware Protection
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 11
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.0.12.36 Flash Player out of Date!
    Adobe Reader 7 Adobe Reader out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 9%
    ````````````````````End of Log``````````````````````




    Farbar Service Scanner Version: 06-08-2012
    Ran by Daniel Smith (administrator) on 14-08-2012 at 22:19:03
    Running from "C:\Documents and Settings\Daniel Smith\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x080000000400000001000000020000000300000008000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****



    Online scanner hasn't finished yet.
     
  20. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    No threats found on online scanner.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ==================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Still with me?
     
  23. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    I'm here. Everything seems okay. Thanks again. Was there something else I needed to post?

    Edit: I see it now, you wanted the OTL log. :( I have already hastily given the computer back.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Call them and ask them to reset system restore manually.

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  25. Scshadow

    Scshadow TS Guru Topic Starter Posts: 469   +97

    I did it, I just didn't save the log.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...