Solved It seems fixed but I went ahead and generated logs

S

Scshadow

Posts: 665   +327
I'm dealing with a family win xp laptop computer that hadn't been turned on in awhile but apparently was mistreated security wise. My father was using a subscription of spynomore but that is expired and running in demo mode. It has mcafee enterprise but it didn't find any updates but considering its been no use for at least the past 6 months(no power brick for awhile) it should've had updates. So I installed MSE and updated it and have kept mcafee on-access scanner turned off during this process.

The initial symptoms were running slow, windows explorer crashed anytime I tried to access a folder/directory(my computer, control panel, etc), and internet explorer 8 would crash as well. I downloaded install files on usb and placed them on the desktop in safe mode as that was the only way I could get them on this computer(I installed and ran them in normal mode just fine). Luckily after Malwarebytes Anti-Malware, I have the ability to access directories again and to use internet explorer but even still I put the logs on usb and brought them to my desktop to make the post. This computer has a lot of crap on here, it even still has limewire... yeah I'm deeply concerned about my father's intelligence for him having used limewire. Wonder where the malware came from. Anyway, I'd love for someone to look over the logs for other potential problems before I proceed to make changes and uninstall some of the crap ware and redundant security programs. Also I haven't run updates but I think it might have done so automatically last night because I left the anti-virus scanning go during the night and I came back to a restarted computer. I redid the virus scan.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Daniel Smith :: DBSMITH [administrator]

8/14/2012 12:25:21 PM
mbam-log-2012-08-14 (12-25-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 279152
Time elapsed: 30 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 16
HKCR\AppID\{8D71EEB8-A1A7-4733-8FA2-1CAC015C967D} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKCR\CLSID\{8BBE6A70-EF84-47FA-B5DE-EDD0DF18461F} (Trojan.Banker) -> Quarantined and deleted successfully.
HKCR\linkrd.AIEbho.1 (Trojan.Banker) -> Quarantined and deleted successfully.
HKCR\linkrd.AIEbho (Trojan.Banker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BBE6A70-EF84-47FA-B5DE-EDD0DF18461F} (Trojan.Banker) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BBE6A70-EF84-47FA-B5DE-EDD0DF18461F} (Trojan.Banker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdssiteSearchAssistant (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\AppID\Sidebar.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\tst (Trojan.Banker) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.Google.com/) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appConf32.exe,) Good: (userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 2
C:\WINDOWS\system32\912525 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 16
C:\WINDOWS\system32\WhoisCL.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AcroIEHelpe.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AcroIEHelpe.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Daniel Smith\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\adssite_sidebar_uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.13.115258_daniel_smith@quantserve[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122239_daniel_smith@a1.interclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122239_daniel_smith@abmr[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122239_daniel_smith@burstnet[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122239_daniel_smith@interclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@quantserve[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@scorecardresearch[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@sharethis[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@turn[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@wd.sharethis[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xmldm\netbank_2012.08.14.122240_daniel_smith@www.burstnet[1].txt (Stolen.Data) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-08-14 13:09:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1234GSX rev.AH001A
Running: ocinprei.exe; Driver: C:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\pwldapob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat naiavf5x.sys (Anti-Virus File System Filter Driver/McAfee Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Daniel Smith at 13:09:58 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1241 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\ScsiAccess.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: P2P Max Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - c:\program files\p2p_max\tbP2P_.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Max EN Toolbar: {867dd841-5bf7-44ca-8426-c5a6eda00735} - c:\program files\max_en\prxtbMax0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Browser protection: {fb9ffb4b-9680-4256-8178-5ecdb2c19b23} - c:\progra~1\spynom~1\SNMIEG~1.DLL
TB: Max EN Toolbar: {867dd841-5bf7-44ca-8426-c5a6eda00735} - c:\program files\max_en\prxtbMax0.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {F2BADA0D-FD61-45EF-A994-64A073FD6613} - No File
TB: P2P Max Toolbar: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - c:\program files\p2p_max\tbP2P_.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe"
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TFncKy] TFncKy.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [Network Associates Error Reporting Service] "c:\program files\common files\network associates\talkback\tbmon.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usb cip driver package\usbciphelper\UsbCipHelper.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [phc700] c:\windows\vphc700.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\daniel~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\daniel~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\backWeb-7288971.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\spc 700nc pc camera\TrayMin700.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162687796125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://imail.tema.toyota.com/dwa7W.cab
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: psfus - psqlpwd.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2006-2-14 221191]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2006-11-4 58464]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2006-11-4 98304]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2006-6-8 29184]
R2 MioNet;MioNet Service;c:\program files\mionet\MioNetManager.exe [2005-7-15 139264]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-11-4 116864]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\virtualbackplane.sys --> c:\windows\system32\drivers\VirtualBackplane.sys [?]
S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [2000-5-31 71448]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-8-11 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [2008-1-3 541568]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [1999-11-10 142592]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2006-1-18 39067]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [1999-5-11 155440]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
.
=============== Created Last 30 ================
.
2012-08-14 18:09:33 6891424 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f960e024-5cd0-4722-b6d9-5c26b0948133}\mpengine.dll
2012-08-14 17:24:24 -------- d-----w- c:\documents and settings\daniel smith\application data\Malwarebytes
2012-08-14 17:23:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-14 17:23:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 17:23:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-14 10:41:53 -------- d-sh--w- c:\documents and settings\daniel smith\IETldCache
2012-08-14 09:21:30 -------- dc-h--w- c:\windows\ie8
2012-08-13 23:04:39 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-13 22:59:51 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-13 22:59:48 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-13 22:59:48 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-13 22:27:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-08-13 22:14:59 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-13 22:14:04 -------- d-----w- C:\9763613b9eb5a4033f9b3a2195c65735
2012-08-13 21:26:03 -------- d-----w- c:\windows\system32\UAs
2012-08-13 21:24:42 264 ----a-w- c:\windows\system32\srvblck5.tmp
2012-08-13 21:23:51 -------- d-----w- c:\windows\system32\kock
.
==================== Find3M ====================
.
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2008-12-09 15:23:13 51152 --sh--r- c:\windows\system32\appConf32.exe
.
============= FINISH: 13:11:25.92 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/4/2006 6:50:13 PM
System Uptime: 8/14/2012 12:59:01 PM (1 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 111 GiB total, 79.61 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP309: 8/13/2012 5:27:12 PM - Software Distribution Service 3.0
RP310: 8/14/2012 3:01:20 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
Adssite Games Collection
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
aspi
BalanceLog
Bejeweled 2 Deluxe
Big Sky Screen Saver
Blackhawk Striker 2
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
BootP-DHCP Server
CCHelp
CCScore
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
Chuzzle Deluxe
ClearKeeper
ControlFLASH
CR2
Desktop Dialer
DeviceNet Node Commissioning Tool
DriveExecutive V4.01
DVD-RAM Driver
EasyGPS
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
FactoryTalk Activation Client v2.00.01 (CPR 7)
FATE
Fidelity Active Trader Pro®
FXCM Trading Station
Garmin Trip and Waypoint Manager v5
Garmin USB Drivers
Garmin WebUpdater
GemMaster Mystic
GLOBEtrotter FLEXid Drivers
Google Desktop
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
KhalInstallWrapper
Kodak EasyShare software
KSU
LimeWire 5.4.7
Logitech SetPoint
Logix CPU Security Tool
Logix5000 Clock Update Tool
Logix5000 Task Monitor
Mah Jong Quest
Malwarebytes Anti-Malware version 1.62.0.1300
MapSend Lite
MapSend Streets and Destinations USA
Max_EN Toolbar
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MioNet
Move Networks Media Player for Internet Explorer
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notifier
Office 2003 Trial Assistant
OTtBP
Otto
P2P_Max Toolbar
Parker Isysnet Analog Module Profiles
Parker Isysnet ASCII Module Profile
Parker Isysnet Discrete Module Profiles
PCDLNCH
PDF Plain Text Extractor (remove only)
Penguins!
Philips Firmware Manager
Philips SPC 700NC PC Camera
Philips VLounge
Picasa 2
PID Calculation Program
PL-2303 USB-to-Serial
Polar Bowler
Polar Golfer
PriceGong 2.1.0
Protector Suite 5.4
Pure Networks Port Magic
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Rockwell Automation 1734 Analog Module Profiles
Rockwell Automation 1734 ASCII Module Profiles
Rockwell Automation 1734 Discrete Module Profiles
Rockwell Automation 1734 Specialty Module Profiles
Rockwell Automation 1738 Analog Module Profiles
Rockwell Automation 1738 ASCII Module Profiles
Rockwell Automation 1738 Discrete Module Profiles
Rockwell Automation 1738 Specialty Module Profiles
Rockwell Automation 1756 CNet Comms Module Profiles
Rockwell Automation 1756 ENet Comms Module Profiles
Rockwell Automation 1756 HART Module Profiles
Rockwell Automation 1769 Analog Module Profiles
Rockwell Automation 1769 Boolean Module Profiles
Rockwell Automation 1769 Discrete Module Profiles
Rockwell Automation 1769 Specialty Module Profiles
Rockwell Automation 1791DS Discrete Module Profiles
Rockwell Automation Drives PowerFlex 4 Module Profiles
Rockwell Automation Drives PowerFlex 7 Module Profiles
Rockwell Automation Drives SCANport Module Profiles
Rockwell Automation Generic Safety Module Profiles
Rockwell Automation USB CIP Driver Package
Rockwell Software Hardware Maintenance Tool
Rockwell Windows Firewall Configuration Utility 1.00.01
RSLinx Classic 2.51.00 (CPR 7)
RSLogix 5 English 7.10.02 (CPR 7)
RSLogix 500 English 7.10.00 (CPR 7)
RSLogix 5000 Compare v2
RSLogix 5000 DeviceNet Tag Generator
RSLogix 5000 Faceplates
RSLogix 5000 IEC61131-3 Translation Tool
RSLogix 5000 Module Profile Core
RSLogix 5000 Module Profile Setup Utility
RSLogix 5000 Online Books v16.00.00
RSLogix 5000 Setup Installer
RSLogix 5000 Start Page Media v16.00.05
RSLogix 5000 System Updates
RSLogix 5000 v13.04
RSLogix 5000 v15.02
RSLogix 5000 v16.00.00
RSNetWorx for ControlNet 8.00.00 (CPR 7)
RSNetWorx for DeviceNet 8.00.01 (CPR 7)
RSNetWorx for EtherNet/IP 8.00.00 (CPR 7)
SCRABBLE
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentinel System Driver
SFR
SFR2
SIPPS
Sonic Encoders
StuffIt 2010
Synaptics Pointing Device Driver
Tag Data Monitor Tool
Tag Import Utility
Tag Upload Download Tool
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Game Console
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WeatherBug
WebFldrs XP
WildTangent Web Driver
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/14/2012 5:49:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the FactoryTalk Diagnostics Local Reader service to connect.
8/14/2012 5:49:00 AM, error: Service Control Manager [7000] - The FactoryTalk Diagnostics Local Reader service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2012 5:44:08 AM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
8/14/2012 3:01:28 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
8/14/2012 12:14:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/14/2012 1:10:09 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 68:7F:74:F0:24:F7. Network operations on this system may be disrupted as a result.
8/14/2012 1:09:09 AM, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 0018DE2B2EC2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/14/2012 1:00:07 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/13/2012 6:15:21 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 3 time(s).
8/13/2012 5:34:17 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 2 time(s).
8/13/2012 5:32:31 PM, error: Service Control Manager [7034] - The Network Associates McShield service terminated unexpectedly. It has done this 1 time(s).
8/13/2012 11:45:49 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/13/2012 11:44:45 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NaiAvTdi1 NetBIOS NetBT RasAcd Rdbss Tcpip
8/13/2012 11:44:45 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 11:44:45 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 11:44:45 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 11:44:45 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/13/2012 11:44:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

I still see some McAfee items running.
Uninstall it completely using this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Next...

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Thank You, malware annihilator.

I had only disabled the Mcafee online scanner in the system tray. But I of course am glad to remove it. I removed Mcafee according to that programs instructions. May I uninstall Spynomore which runs in demo mode?

Afterwards I ran both RK and ASWMBR as instructed. I scanned only and have posted the logs below. Those programs I left minimized if I am to come back to them.

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Daniel Smith [Admin rights]
Mode: Scan -- Date: 08/14/2012 16:41:11

¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] TempIadHide3.dll -- C:\DOCUME~1\DANIEL~1\LOCALS~1\TempIadHide3.dll -> UNLOADED
[SUSP PATH] vphc700.exe -- C:\WINDOWS\vphc700.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- Path not found -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : phc700 (C:\WINDOWS\vphc700.exe) -> FOUND
[SCRSV] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\BIGSKY~1.SCR) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 008k.com # Added by SNM
127.0.0.1 00hq.com # Added by SNM
127.0.0.1 100sexlinks.com # Added by SNM
127.0.0.1 157.238.62.14 # Added by SNM
127.0.0.1 17-plus.com # Added by SNM
127.0.0.1 193.125.201.50 # Added by SNM
127.0.0.1 1-domains-registrations.com # Added by SNM
127.0.0.1 1sexparty.com # Added by SNM
127.0.0.1 1stpagehere.com # Added by SNM
127.0.0.1 2020search.com # Added by SNM
127.0.0.1 209.66.114.130 # Added by SNM
127.0.0.1 213.131.225.2 # Added by SNM
127.0.0.1 216.65.3.68 # Added by SNM
127.0.0.1 24teen.com # Added by SNM
127.0.0.1 2ndpower.com # Added by SNM
127.0.0.1 36site.com # Added by SNM
127.0.0.1 4corn.net # Added by SNM
127.0.0.1 66.117.14.138 # Added by SNM
127.0.0.1 66.197.100.83 # Added by SNM
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1234GSX +++++
--- User ---
[MBR] d2f4cdf4f279493e054d12fff791f2ab
[BSP] 947e1cc8d93645013e5016bb06b4fe85 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114165 Mo
3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 233810010 | Size: 305 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA THNCF256MPG +++++
--- User ---
[MBR] 3ab9facd99a884ea663e64ff5c08edbc
[BSP] 7208b105e661849d4a48c279d3177d8d : Standard MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 244 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: USB Flash Memory USB Device +++++
--- User ---
[MBR] d3500d808db16f7e8865b292e82d0495
[BSP] 915e9161424a6966d222ad6a736828a3 : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x68) [VISIBLE] Offset (sectors): 1936028272 | Size: 904228 Mo
1 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1330184192 | Size: 263172 Mo
2 - [XXXXXX] DISKMNG (0x53) [VISIBLE] Offset (sectors): 538989391 | Size: 682794 Mo
3 - [XXXXXX] UNKNOWN (0x49) [VISIBLE] Offset (sectors): 1394627663 | Size: 10 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt





aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 16:43:30
-----------------------------
16:43:30.000 OS Version: Windows 5.1.2600 Service Pack 3
16:43:30.000 Number of processors: 2 586 0xF06
16:43:30.000 ComputerName: DBSMITH UserName:
16:43:30.750 Initialize success
16:53:15.015 AVAST engine defs: 12081401
17:08:35.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:08:35.703 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001A Size: 114473MB BusType: 3
17:08:35.718 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-19
17:08:35.718 Disk 1 Vendor: TOSHIBA_THNCF256MPG 3.00 Size: 244MB BusType: 3
17:08:35.765 Disk 0 MBR read successfully
17:08:35.765 Disk 0 MBR scan
17:08:35.828 Disk 0 Windows XP default MBR code
17:08:35.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114165 MB offset 63
17:08:35.875 Disk 0 Partition 2 00 88 Linux plaintext A Kárò'ó 305 MB offset 233810010
17:08:35.921 Disk 0 scanning sectors +234436545
17:08:36.000 Disk 0 scanning C:\WINDOWS\system32\drivers
17:08:56.781 Service scanning
17:09:11.062 Service MpKsl1f4a72fe c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys **LOCKED** 32
17:09:28.375 Modules scanning
17:09:45.156 Module: C:\WINDOWS\system32\drivers\hardlock.sys **SUSPICIOUS**
17:09:50.734 Disk 0 trace - called modules:
17:09:50.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:09:50.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a868ab8]
17:09:50.812 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000085[0x8a8a6510]
17:09:50.828 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a871940]
17:09:51.390 AVAST engine scan C:\WINDOWS
17:10:45.546 AVAST engine scan C:\WINDOWS\system32
17:16:37.656 AVAST engine scan C:\WINDOWS\system32\drivers
17:17:05.718 AVAST engine scan C:\Documents and Settings\Daniel Smith
17:23:53.734 File: C:\Documents and Settings\Daniel Smith\Local Settings\Temporary Internet Files\Content.IE5\MAH3BTPE\calc[1].exe **INFECTED** Win32:Agent-APKB [Trj]
17:25:54.171 AVAST engine scan C:\Documents and Settings\All Users
17:28:03.781 Scan finished successfully
17:30:28.062 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:30:28.093 The log file has been saved successfully to "F:\aswMBR.txt"
 
Spynomore is a rogue program. Stay away from it.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Alright, I've stayed away from Spynomore and I will continue to. It still runs in system tray at startup though. I ran TDSSKiller and got no threats found. Log below:

18:17:36.0687 3560 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
18:17:37.0250 3560 ============================================================
18:17:37.0250 3560 Current date / time: 2012/08/14 18:17:37.0250
18:17:37.0250 3560 SystemInfo:
18:17:37.0250 3560
18:17:37.0250 3560 OS Version: 5.1.2600 ServicePack: 3.0
18:17:37.0250 3560 Product type: Workstation
18:17:37.0250 3560 ComputerName: DBSMITH
18:17:37.0250 3560 UserName: Daniel Smith
18:17:37.0250 3560 Windows directory: C:\WINDOWS
18:17:37.0250 3560 System windows directory: C:\WINDOWS
18:17:37.0250 3560 Processor architecture: Intel x86
18:17:37.0250 3560 Number of processors: 2
18:17:37.0250 3560 Page size: 0x1000
18:17:37.0250 3560 Boot type: Normal boot
18:17:37.0250 3560 ============================================================
18:17:39.0734 3560 Drive \Device\Harddisk1\DR1 - Size: 0xF480000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x3D2, SectorsPerTrack: 0x20, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
18:17:39.0765 3560 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:17:39.0953 3560 Drive \Device\Harddisk1\DR1 - Size: 0xF480000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x3D2, SectorsPerTrack: 0x20, TracksPerCylinder: 0x10, Type 'A'
18:17:39.0968 3560 Drive \Device\Harddisk2\DR7 - Size: 0x1DEC00000 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:17:39.0968 3560 ============================================================
18:17:39.0968 3560 \Device\Harddisk1\DR1:
18:17:39.0968 3560 MBR partitions:
18:17:39.0968 3560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7A1E0
18:17:39.0968 3560 \Device\Harddisk0\DR0:
18:17:39.0968 3560 MBR partitions:
18:17:39.0968 3560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDEFA81B
18:17:39.0968 3560 \Device\Harddisk1\DR1:
18:17:39.0968 3560 MBR partitions:
18:17:39.0968 3560 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7A1E0
18:17:39.0968 3560 \Device\Harddisk2\DR7:
18:17:39.0968 3560 MBR partitions:
18:17:39.0968 3560 ============================================================
18:17:40.0031 3560 C: <-> \Device\Harddisk0\DR0\Partition1
18:17:40.0031 3560 ============================================================
18:17:40.0031 3560 Initialize success
18:17:40.0031 3560 ============================================================
18:17:55.0687 5712 ============================================================
18:17:55.0687 5712 Scan started
18:17:55.0687 5712 Mode: Manual;
18:17:55.0687 5712 ============================================================
18:17:55.0953 5712 ================ Scan services =============================
18:17:56.0109 5712 Abiosdsk - ok
18:17:56.0140 5712 [ f25a62362ae736a5ac670f17ba28642c ] ABKTCX C:\WINDOWS\System32\Drivers\ABKTCX.sys
18:17:56.0156 5712 ABKTCX - ok
18:17:56.0156 5712 abp480n5 - ok
18:17:56.0203 5712 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:17:56.0218 5712 ACPI - ok
18:17:56.0218 5712 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:17:56.0218 5712 ACPIEC - ok
18:17:56.0234 5712 adpu160m - ok
18:17:56.0265 5712 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:17:56.0265 5712 aec - ok
18:17:56.0296 5712 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:17:56.0312 5712 AFD - ok
18:17:56.0359 5712 [ 4458fcb8a00da31fdcc086449274c40d ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:17:56.0390 5712 AgereSoftModem - ok
18:17:56.0390 5712 Aha154x - ok
18:17:56.0406 5712 aic78u2 - ok
18:17:56.0406 5712 aic78xx - ok
18:17:56.0453 5712 [ 67550535c3bd02f0299b572f477f37f4 ] aksusb C:\WINDOWS\system32\DRIVERS\aksusb.sys
18:17:56.0453 5712 aksusb - ok
18:17:56.0500 5712 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:17:56.0500 5712 Alerter - ok
18:17:56.0546 5712 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
18:17:56.0546 5712 ALG - ok
18:17:56.0546 5712 AliIde - ok
18:17:56.0562 5712 amsint - ok
18:17:56.0640 5712 [ aa2770fd967dab91a597619c4eadc0c9 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
18:17:56.0640 5712 AOL ACS - ok
18:17:56.0671 5712 [ 7fb54900aa9792ab6307c699ec1859d4 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
18:17:56.0687 5712 AOL TopSpeedMonitor - ok
18:17:56.0734 5712 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:17:56.0734 5712 AppMgmt - ok
18:17:56.0781 5712 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:17:56.0781 5712 Arp1394 - ok
18:17:56.0796 5712 asc - ok
18:17:56.0796 5712 asc3350p - ok
18:17:56.0812 5712 asc3550 - ok
18:17:56.0828 5712 [ d880831279ed91f9a4190a2db9539ea9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
18:17:56.0828 5712 ASCTRM - ok
18:17:56.0968 5712 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:17:57.0000 5712 aspnet_state - ok
18:17:57.0031 5712 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:17:57.0031 5712 AsyncMac - ok
18:17:57.0062 5712 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:17:57.0062 5712 atapi - ok
18:17:57.0062 5712 Atdisk - ok
18:17:57.0093 5712 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:17:57.0093 5712 Atmarpc - ok
18:17:57.0125 5712 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:17:57.0125 5712 AudioSrv - ok
18:17:57.0140 5712 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:17:57.0140 5712 audstub - ok
18:17:57.0156 5712 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:17:57.0156 5712 Beep - ok
18:17:57.0218 5712 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
18:17:57.0218 5712 BITS - ok
18:17:57.0234 5712 [ a06ce3399d16db864f55faeb1f1927a9 ] Browser C:\WINDOWS\System32\browser.dll
18:17:57.0234 5712 Browser - ok
18:17:57.0281 5712 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:17:57.0281 5712 cbidf2k - ok
18:17:57.0328 5712 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:17:57.0328 5712 CCDECODE - ok
18:17:57.0328 5712 cd20xrnt - ok
18:17:57.0343 5712 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:17:57.0343 5712 Cdaudio - ok
18:17:57.0343 5712 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:17:57.0359 5712 Cdfs - ok
18:17:57.0375 5712 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:17:57.0375 5712 Cdrom - ok
18:17:57.0453 5712 [ 3cb0cc8879956c187e87e18634ee5164 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:17:57.0468 5712 CFSvcs - ok
18:17:57.0468 5712 Changer - ok
18:17:57.0515 5712 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:17:57.0531 5712 CiSvc - ok
18:17:57.0546 5712 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:17:57.0546 5712 ClipSrv - ok
18:17:57.0593 5712 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:17:57.0687 5712 clr_optimization_v2.0.50727_32 - ok
18:17:57.0718 5712 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:17:57.0718 5712 CmBatt - ok
18:17:57.0718 5712 CmdIde - ok
18:17:57.0734 5712 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:17:57.0734 5712 Compbatt - ok
18:17:57.0750 5712 COMSysApp - ok
18:17:57.0765 5712 Cpqarray - ok
18:17:57.0812 5712 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:17:57.0812 5712 CryptSvc - ok
18:17:57.0812 5712 dac2w2k - ok
18:17:57.0828 5712 dac960nt - ok
18:17:57.0890 5712 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:17:57.0906 5712 DcomLaunch - ok
18:17:57.0953 5712 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:17:57.0953 5712 Dhcp - ok
18:17:57.0968 5712 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:17:57.0968 5712 Disk - ok
18:17:57.0968 5712 dmadmin - ok
18:17:58.0046 5712 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:17:58.0062 5712 dmboot - ok
18:17:58.0093 5712 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:17:58.0093 5712 dmio - ok
18:17:58.0125 5712 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:17:58.0125 5712 dmload - ok
18:17:58.0140 5712 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:17:58.0140 5712 dmserver - ok
18:17:58.0156 5712 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:17:58.0156 5712 DMusic - ok
18:17:58.0187 5712 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:17:58.0187 5712 Dnscache - ok
18:17:58.0296 5712 [ d701fd7c99732bca049bb6e11222996c ] dnWhoDisp C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
18:17:58.0328 5712 dnWhoDisp - ok
18:17:58.0375 5712 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:17:58.0390 5712 Dot3svc - ok
18:17:58.0390 5712 dpti2o - ok
18:17:58.0437 5712 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:17:58.0437 5712 drmkaud - ok
18:17:58.0500 5712 [ 1a51e03b66635280684e9edf34a2e8c0 ] DS1410D C:\WINDOWS\system32\drivers\ds1410d.sys
18:17:58.0500 5712 DS1410D - ok
18:17:58.0531 5712 [ c9ffbd6b8edc46cd3d13e3c6db914fb7 ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
18:17:58.0531 5712 DVD-RAM_Service - ok
18:17:58.0562 5712 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:17:58.0562 5712 EapHost - ok
18:17:58.0640 5712 [ 5d1347aa5ae6e2f77d7f4f8372d95ac9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
18:17:58.0640 5712 ehRecvr - ok
18:17:58.0687 5712 [ a53243709439ac2a4c216b817f8d7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
18:17:58.0703 5712 ehSched - ok
18:17:58.0750 5712 [ 66029e6c4b19223c24d8710eed3aaeab ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
18:17:58.0750 5712 EMSCR - ok
18:17:58.0765 5712 EntDrv51 - ok
18:17:58.0781 5712 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:17:58.0781 5712 ERSvc - ok
18:17:58.0812 5712 [ 9f0fa60836e1d1148cc0c1b6e67aa6f7 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
18:17:58.0812 5712 ESDCR - ok
18:17:58.0828 5712 [ d9da881be71b74b328471ccf28b5f0a9 ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
18:17:58.0828 5712 ESMCR - ok
18:17:58.0875 5712 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:17:58.0875 5712 Eventlog - ok
18:17:58.0921 5712 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
18:17:58.0937 5712 EventSystem - ok
18:17:58.0953 5712 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:17:58.0953 5712 Fastfat - ok
18:17:59.0000 5712 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:17:59.0000 5712 FastUserSwitchingCompatibility - ok
18:17:59.0031 5712 [ e97d6a8684466df94ff3bc24fb787a07 ] Fax C:\WINDOWS\system32\fxssvc.exe
18:17:59.0046 5712 Fax - ok
18:17:59.0062 5712 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:17:59.0062 5712 Fdc - ok
18:17:59.0109 5712 [ 3314f3134ac59771a133a0cd3d343fff ] FdRedir C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
18:17:59.0140 5712 FdRedir - ok
18:17:59.0156 5712 [ 7b33f094a7a42a0225c344f5b25b1b05 ] FileDisk2 C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
18:17:59.0156 5712 FileDisk2 - ok
18:17:59.0203 5712 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:17:59.0203 5712 Fips - ok
18:17:59.0203 5712 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:17:59.0203 5712 Flpydisk - ok
18:17:59.0234 5712 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:17:59.0234 5712 FltMgr - ok
18:17:59.0328 5712 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:17:59.0359 5712 FontCache3.0.0.0 - ok
18:17:59.0375 5712 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:17:59.0375 5712 Fs_Rec - ok
18:17:59.0406 5712 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:17:59.0421 5712 Ftdisk - ok
18:17:59.0500 5712 [ f0187e45268e86aaaa932cbd9087bea8 ] GoogleDesktopManager-110309-193829 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:17:59.0500 5712 GoogleDesktopManager-110309-193829 - ok
18:17:59.0531 5712 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:17:59.0546 5712 Gpc - ok
18:17:59.0593 5712 [ d956358054e99e6ffac69cd87e893a89 ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
18:17:59.0593 5712 grmnusb - ok
18:17:59.0656 5712 [ 751c1d2ca2abf4a9f5a6b8d7d45b907c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:17:59.0656 5712 gusvc - ok
18:17:59.0734 5712 [ c818b973110a1c9f7763dd39bffd0fd3 ] hardlock C:\WINDOWS\system32\drivers\hardlock.sys
18:17:59.0750 5712 hardlock - ok
18:17:59.0843 5712 [ 0f8699fdd85ba53515c8aa452328d371 ] Harmony C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
18:17:59.0843 5712 Harmony - ok
18:17:59.0921 5712 [ 2dd25f060dc9f79b5cdf33d90ed93669 ] Haspnt C:\WINDOWS\system32\drivers\Haspnt.sys
18:17:59.0921 5712 Haspnt - ok
18:17:59.0968 5712 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:17:59.0968 5712 HDAudBus - ok
18:18:00.0062 5712 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:18:00.0062 5712 helpsvc - ok
18:18:00.0093 5712 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
18:18:00.0109 5712 HidServ - ok
18:18:00.0156 5712 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:18:00.0156 5712 HidUsb - ok
18:18:00.0187 5712 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:18:00.0203 5712 hkmsvc - ok
18:18:00.0203 5712 hpn - ok
18:18:00.0250 5712 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:18:00.0250 5712 HTTP - ok
18:18:00.0296 5712 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:18:00.0296 5712 HTTPFilter - ok
18:18:00.0312 5712 i2omgmt - ok
18:18:00.0312 5712 i2omp - ok
18:18:00.0343 5712 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:18:00.0343 5712 i8042prt - ok
18:18:00.0437 5712 [ 0f0194c4b635c10c3f785e4fee52d641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:18:00.0468 5712 ialm - ok
18:18:00.0531 5712 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:18:00.0578 5712 IDriverT - ok
18:18:00.0750 5712 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:18:00.0890 5712 idsvc - ok
18:18:00.0921 5712 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:18:00.0921 5712 Imapi - ok
18:18:00.0953 5712 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:18:00.0953 5712 ImapiService - ok
18:18:00.0968 5712 ini910u - ok
18:18:01.0187 5712 [ 7385944d4f025bd8c498bfd97981e336 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:18:01.0359 5712 IntcAzAudAddService - ok
18:18:01.0359 5712 IntelIde - ok
18:18:01.0421 5712 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:18:01.0421 5712 intelppm - ok
18:18:01.0468 5712 InterBaseGuardian - ok
18:18:01.0484 5712 InterBaseServer - ok
18:18:01.0484 5712 IO_Memory - ok
18:18:01.0531 5712 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:18:01.0531 5712 Ip6Fw - ok
18:18:01.0578 5712 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:18:01.0578 5712 IpFilterDriver - ok
18:18:01.0609 5712 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:18:01.0609 5712 IpInIp - ok
18:18:01.0656 5712 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:18:01.0671 5712 IpNat - ok
18:18:01.0671 5712 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:18:01.0671 5712 IPSec - ok
18:18:01.0703 5712 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:18:01.0703 5712 IRENUM - ok
18:18:01.0718 5712 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:18:01.0718 5712 isapnp - ok
18:18:01.0734 5712 [ f59c3569a2f2c464bb78cb1bdcdca55e ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
18:18:01.0734 5712 Iviaspi - ok
18:18:01.0828 5712 [ 32192b4ebe8720ed8d49a455c962cb91 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:18:01.0828 5712 JavaQuickStarterService - ok
18:18:01.0843 5712 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:18:01.0859 5712 Kbdclass - ok
18:18:01.0875 5712 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:18:01.0875 5712 kmixer - ok
18:18:01.0906 5712 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:18:01.0906 5712 KSecDD - ok
18:18:01.0953 5712 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:18:01.0953 5712 lanmanserver - ok
18:18:02.0000 5712 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:18:02.0000 5712 lanmanworkstation - ok
18:18:02.0015 5712 lbrtfdc - ok
18:18:02.0078 5712 [ 80caf1fdebe4e2cdea021bc55cc4c1de ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
18:18:02.0156 5712 LBTServ - ok
18:18:02.0203 5712 [ 75415a95c589a07d6c97baa2d4143916 ] LHidFilt C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
18:18:02.0203 5712 LHidFilt - ok
18:18:02.0265 5712 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:18:02.0265 5712 LmHosts - ok
18:18:02.0265 5712 [ fcb3f81ac07b8608f921134237823b88 ] LMouFilt C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
18:18:02.0265 5712 LMouFilt - ok
18:18:02.0296 5712 [ ff1c2f90d40a2e52649937854e175987 ] LUsbFilt C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
18:18:02.0296 5712 LUsbFilt - ok
18:18:02.0343 5712 [ df0a511f38f16016bf658fca0090cb87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
18:18:02.0359 5712 McrdSvc - ok
18:18:02.0390 5712 [ 7efac183a25b30fb5d64cc9d484b1eb6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
18:18:02.0406 5712 meiudf - ok
18:18:02.0421 5712 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:18:02.0421 5712 Messenger - ok
18:18:02.0468 5712 [ b7521f69c0a9b29d356157229376fb21 ] MHN C:\WINDOWS\System32\mhn.dll
18:18:02.0484 5712 MHN - ok
18:18:02.0500 5712 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:18:02.0500 5712 MHNDRV - ok
18:18:02.0703 5712 [ 99119316d505ee8192d5d1a0485bf110 ] MioNet C:\Program Files\MioNet\MioNetManager.exe
18:18:02.0703 5712 MioNet - ok
18:18:02.0718 5712 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:18:02.0718 5712 mnmdd - ok
18:18:02.0765 5712 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:18:02.0765 5712 mnmsrvc - ok
18:18:02.0812 5712 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:18:02.0812 5712 Modem - ok
18:18:02.0828 5712 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:18:02.0828 5712 Mouclass - ok
18:18:02.0843 5712 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:18:02.0843 5712 mouhid - ok
18:18:02.0859 5712 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:18:02.0859 5712 MountMgr - ok
18:18:02.0906 5712 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
18:18:02.0906 5712 MpFilter - ok
18:18:03.0093 5712 [ a69630d039c38018689190234f866d77 ] MpKsl1f4a72fe c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys
18:18:03.0093 5712 MpKsl1f4a72fe - ok
18:18:03.0109 5712 mraid35x - ok
18:18:03.0109 5712 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:18:03.0125 5712 MRxDAV - ok
18:18:03.0171 5712 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:18:03.0187 5712 MRxSmb - ok
18:18:03.0218 5712 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:18:03.0218 5712 MSDTC - ok
18:18:03.0234 5712 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:18:03.0234 5712 Msfs - ok
18:18:03.0234 5712 MSIServer - ok
18:18:03.0281 5712 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:18:03.0281 5712 MSKSSRV - ok
18:18:03.0343 5712 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:18:03.0343 5712 MsMpSvc - ok
18:18:03.0359 5712 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:18:03.0359 5712 MSPCLOCK - ok
18:18:03.0359 5712 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:18:03.0375 5712 MSPQM - ok
18:18:03.0390 5712 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:18:03.0390 5712 mssmbios - ok
18:18:03.0406 5712 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
18:18:03.0406 5712 MSTEE - ok
18:18:03.0453 5712 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:18:03.0453 5712 Mup - ok
18:18:03.0484 5712 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:18:03.0484 5712 NABTSFEC - ok
18:18:03.0546 5712 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:18:03.0546 5712 napagent - ok
18:18:03.0578 5712 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:18:03.0578 5712 NDIS - ok
18:18:03.0609 5712 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:18:03.0609 5712 NdisIP - ok
18:18:03.0640 5712 [ 31c97e19ad9bb0030349e55d42d5e5d1 ] NDISRD C:\WINDOWS\system32\drivers\NDISRD.sys
18:18:03.0640 5712 NDISRD - ok
18:18:03.0687 5712 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:18:03.0687 5712 NdisTapi - ok
18:18:03.0734 5712 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:18:03.0734 5712 Ndisuio - ok
18:18:03.0750 5712 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:18:03.0750 5712 NdisWan - ok
18:18:03.0765 5712 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:18:03.0781 5712 NDProxy - ok
18:18:03.0796 5712 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:18:03.0796 5712 NetBIOS - ok
18:18:03.0828 5712 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:18:03.0843 5712 NetBT - ok
18:18:03.0890 5712 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
18:18:03.0906 5712 NetDDE - ok
18:18:03.0906 5712 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:18:03.0906 5712 NetDDEdsdm - ok
18:18:03.0921 5712 [ 1265eb253ed4ebe4acb3bd5f548ff796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
18:18:03.0921 5712 Netdevio - ok
18:18:03.0953 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:18:03.0953 5712 Netlogon - ok
18:18:03.0984 5712 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
18:18:04.0000 5712 Netman - ok
18:18:04.0062 5712 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:18:04.0109 5712 NetTcpPortSharing - ok
18:18:04.0203 5712 [ f886500c285af271fdd33bf8ba7b32ef ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
18:18:04.0234 5712 NETw3x32 - ok
18:18:04.0250 5712 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:18:04.0250 5712 NIC1394 - ok
18:18:04.0281 5712 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
18:18:04.0281 5712 Nla - ok
18:18:04.0328 5712 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:18:04.0328 5712 Npfs - ok
18:18:04.0359 5712 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:18:04.0375 5712 Ntfs - ok
18:18:04.0390 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:18:04.0390 5712 NtLmSsp - ok
18:18:04.0453 5712 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:18:04.0468 5712 NtmsSvc - ok
18:18:04.0515 5712 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
18:18:04.0515 5712 Null - ok
18:18:04.0562 5712 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:18:04.0562 5712 NwlnkFlt - ok
18:18:04.0562 5712 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:18:04.0562 5712 NwlnkFwd - ok
18:18:04.0578 5712 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:18:04.0578 5712 ohci1394 - ok
18:18:04.0625 5712 [ eae6208900e2986f66f68b30aef86e4d ] OpcEnum C:\WINDOWS\system32\OpcEnum.exe
18:18:04.0625 5712 OpcEnum - ok
18:18:04.0718 5712 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:18:04.0796 5712 ose - ok
18:18:04.0843 5712 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\drivers\Parport.sys
18:18:04.0859 5712 Parport - ok
18:18:04.0875 5712 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:18:04.0875 5712 PartMgr - ok
18:18:04.0890 5712 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:18:04.0890 5712 ParVdm - ok
18:18:04.0906 5712 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:18:04.0906 5712 PCI - ok
18:18:04.0906 5712 PCIDump - ok
18:18:04.0921 5712 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:18:04.0921 5712 PCIIde - ok
18:18:04.0953 5712 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
18:18:04.0953 5712 Pcmcia - ok
18:18:04.0968 5712 PDCOMP - ok
18:18:04.0984 5712 PDFRAME - ok
18:18:05.0000 5712 PDRELI - ok
18:18:05.0000 5712 PDRFRAME - ok
18:18:05.0015 5712 perc2 - ok
18:18:05.0015 5712 perc2hib - ok
18:18:05.0093 5712 [ 444f122e68db44c0589227781f3c8b3f ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
18:18:05.0093 5712 Pfc - ok
18:18:05.0171 5712 [ 8a3a05186cc4a9198581a0a09d38e959 ] phc700 C:\WINDOWS\system32\DRIVERS\phc700.sys
18:18:05.0171 5712 phc700 - ok
18:18:05.0218 5712 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:18:05.0218 5712 PlugPlay - ok
18:18:05.0218 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:18:05.0218 5712 PolicyAgent - ok
18:18:05.0250 5712 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:18:05.0250 5712 PptpMiniport - ok
18:18:05.0250 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:18:05.0250 5712 ProtectedStorage - ok
18:18:05.0265 5712 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:18:05.0265 5712 PSched - ok
18:18:05.0281 5712 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:18:05.0281 5712 Ptilink - ok
18:18:05.0281 5712 [ 81088114178112618b1c414a65e50f7c ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:18:05.0281 5712 PxHelp20 - ok
18:18:05.0296 5712 ql1080 - ok
18:18:05.0296 5712 Ql10wnt - ok
18:18:05.0312 5712 ql12160 - ok
18:18:05.0312 5712 ql1240 - ok
18:18:05.0328 5712 ql1280 - ok
18:18:05.0343 5712 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:18:05.0343 5712 RasAcd - ok
18:18:05.0390 5712 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:18:05.0406 5712 RasAuto - ok
18:18:05.0421 5712 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:18:05.0421 5712 Rasl2tp - ok
18:18:05.0468 5712 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:18:05.0484 5712 RasMan - ok
18:18:05.0484 5712 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:18:05.0484 5712 RasPppoe - ok
18:18:05.0500 5712 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:18:05.0500 5712 Raspti - ok
18:18:05.0546 5712 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:18:05.0546 5712 Rdbss - ok
18:18:05.0562 5712 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:18:05.0562 5712 RDPCDD - ok
18:18:05.0609 5712 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:18:05.0609 5712 rdpdr - ok
18:18:05.0656 5712 [ 6589db6e5969f8eee594cf71171c5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:18:05.0671 5712 RDPWD - ok
18:18:05.0703 5712 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:18:05.0703 5712 RDSessMgr - ok
18:18:05.0734 5712 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:18:05.0734 5712 redbook - ok
18:18:05.0781 5712 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:18:05.0781 5712 RemoteAccess - ok
18:18:05.0796 5712 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:18:05.0812 5712 RemoteRegistry - ok
18:18:05.0859 5712 [ 4b1abec792db6b7f0cb226c6e93dabad ] RNADiagnosticsService C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
18:18:05.0859 5712 RNADiagnosticsService - ok
18:18:05.0875 5712 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
18:18:05.0875 5712 RpcLocator - ok
18:18:05.0921 5712 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:18:05.0921 5712 RpcSs - ok
18:18:05.0953 5712 [ 2af65117091a47732f0997330e3daae6 ] RsiKtControl C:\WINDOWS\system32\RSIKT.SYS
18:18:05.0953 5712 RsiKtControl - ok
18:18:05.0968 5712 RSLinx - ok
18:18:05.0984 5712 [ b089419975668e2a701178032d652a24 ] RSSERIAL C:\WINDOWS\SYSTEM32\RSSERIAL.SYS
18:18:05.0984 5712 RSSERIAL - ok
18:18:06.0031 5712 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:18:06.0046 5712 RSVP - ok
18:18:06.0078 5712 [ e4fab1cdfaed6ef7542606aa055b104a ] RS_SS_NT C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS
18:18:06.0078 5712 RS_SS_NT - ok
18:18:06.0140 5712 [ 0e74171ee80a8640de564b72dbbb397b ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:18:06.0140 5712 RTLE8023xp - ok
18:18:06.0171 5712 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:18:06.0171 5712 SamSs - ok
18:18:06.0203 5712 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:18:06.0203 5712 SCardSvr - ok
18:18:06.0250 5712 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:18:06.0250 5712 Schedule - ok
18:18:06.0296 5712 [ ed9c5cf6cc611ec8ac4a77c3f58f0601 ] ScsiAccess C:\WINDOWS\system32\ScsiAccess.EXE
18:18:06.0312 5712 ScsiAccess - ok
18:18:06.0359 5712 [ 8d04819a3ce51b9eb47e5689b44d43c4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:18:06.0359 5712 sdbus - ok
18:18:06.0406 5712 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:18:06.0421 5712 Secdrv - ok
18:18:06.0421 5712 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:18:06.0421 5712 seclogon - ok
18:18:06.0437 5712 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
18:18:06.0437 5712 SENS - ok
18:18:06.0468 5712 [ 8627c992b8a80504fc477b2e8ff8ec4f ] Sentinel C:\WINDOWS\System32\Drivers\SENTINEL.SYS
18:18:06.0484 5712 Sentinel - ok
18:18:06.0515 5712 [ b490ad520257dda26c1d587a71e527b5 ] Ser2pl C:\WINDOWS\system32\DRIVERS\ser2pl.sys
18:18:06.0531 5712 Ser2pl - ok
18:18:06.0562 5712 [ 0f29512ccd6bead730039fb4bd2c85ce ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
18:18:06.0578 5712 Serenum - ok
18:18:06.0578 5712 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:18:06.0578 5712 Serial - ok
18:18:06.0609 5712 [ 0fa803c64df0914b41f807ea276bf2a6 ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys
18:18:06.0609 5712 sffdisk - ok
18:18:06.0625 5712 [ c17c331e435ed8737525c86a7557b3ac ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
18:18:06.0625 5712 sffp_sd - ok
18:18:06.0656 5712 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:18:06.0656 5712 Sfloppy - ok
18:18:06.0703 5712 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
18:18:06.0703 5712 SharedAccess - ok
18:18:06.0718 5712 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:18:06.0718 5712 ShellHWDetection - ok
18:18:06.0734 5712 Simbad - ok
18:18:06.0750 5712 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:18:06.0750 5712 SLIP - ok
18:18:06.0828 5712 [ 94eede27fd7d46707be49127922695a7 ] smihlp C:\Program Files\Protector Suite QL\smihlp.sys
18:18:06.0828 5712 smihlp - ok
18:18:06.0859 5712 [ 87f799c486302aceff098e067d481d9c ] Sntnlusb C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
18:18:06.0859 5712 Sntnlusb - ok
18:18:06.0859 5712 Sparrow - ok
18:18:06.0890 5712 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:18:06.0890 5712 splitter - ok
18:18:06.0921 5712 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:18:06.0937 5712 Spooler - ok
18:18:06.0953 5712 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:18:06.0953 5712 sr - ok
18:18:07.0015 5712 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:18:07.0015 5712 srservice - ok
18:18:07.0062 5712 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:18:07.0078 5712 Srv - ok
18:18:07.0156 5712 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:18:07.0171 5712 SSDPSRV - ok
18:18:07.0218 5712 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:18:07.0234 5712 stisvc - ok
18:18:07.0281 5712 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:18:07.0281 5712 streamip - ok
18:18:07.0406 5712 [ 1db60cb3e53e2491d5d6c43c06676ca2 ] Stuffit Archive Name Service C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
18:18:07.0453 5712 Stuffit Archive Name Service - ok
18:18:07.0453 5712 SVRPEDRV - ok
18:18:07.0468 5712 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:18:07.0468 5712 swenum - ok
18:18:07.0500 5712 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:18:07.0500 5712 swmidi - ok
18:18:07.0500 5712 SwPrv - ok
18:18:07.0546 5712 [ 486a64aabd88e4e174681e89e9736bc9 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
18:18:07.0546 5712 Swupdtmr - ok
18:18:07.0562 5712 symc810 - ok
18:18:07.0562 5712 symc8xx - ok
18:18:07.0578 5712 sym_hi - ok
18:18:07.0578 5712 sym_u3 - ok
18:18:07.0640 5712 [ a6cc8c28d5aad4179ef32f05bed55e91 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:18:07.0640 5712 SynTP - ok
18:18:07.0687 5712 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:18:07.0687 5712 sysaudio - ok
18:18:07.0734 5712 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:18:07.0734 5712 SysmonLog - ok
18:18:07.0750 5712 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:18:07.0750 5712 TapiSrv - ok
18:18:07.0812 5712 [ 36772b5eaaaf42db5c5ee6eeb0ec0af7 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
18:18:07.0812 5712 TAPPSRV - ok
18:18:07.0828 5712 [ 7147b0575bcc93a6ab7d5c90f47c0b9f ] tbiosdrv C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
18:18:07.0828 5712 tbiosdrv - ok
18:18:07.0859 5712 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:18:07.0859 5712 Tcpip - ok
18:18:07.0906 5712 [ fc6fe02f400308606a911640e72326b5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
18:18:07.0906 5712 TcUsb - ok
18:18:07.0921 5712 [ cc1d7bc6a3632c55ee6d8877e9b936f3 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
18:18:07.0921 5712 tdcmdpst - ok
18:18:07.0937 5712 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:18:07.0937 5712 TDPIPE - ok
18:18:07.0968 5712 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:18:07.0968 5712 TDTCP - ok
18:18:08.0031 5712 [ 09aa3cf863793f92276b39e74878c386 ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
18:18:08.0031 5712 tdudf - ok
18:18:08.0078 5712 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:18:08.0078 5712 TermDD - ok
18:18:08.0140 5712 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
18:18:08.0156 5712 TermService - ok
18:18:08.0171 5712 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
18:18:08.0171 5712 Themes - ok
18:18:08.0218 5712 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:18:08.0218 5712 TlntSvr - ok
18:18:08.0265 5712 [ d540858e65bfa6fded41ad2495ece344 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
18:18:08.0281 5712 TODDSrv - ok
18:18:08.0281 5712 TosIde - ok
18:18:08.0312 5712 [ cc069342ee0eae55b32a0ae99cf6185c ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
18:18:08.0312 5712 tosrfec - ok
18:18:08.0343 5712 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:18:08.0359 5712 TrkWks - ok
18:18:08.0390 5712 [ b3c9c35dc93563b8d19ad414edf2fc82 ] TrueSight c:\windows\system32\drivers\TrueSight.sys
18:18:08.0390 5712 TrueSight - ok
18:18:08.0421 5712 [ 676db15ddf2e0ff6ec03068dea428b8b ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
18:18:08.0421 5712 TVALD - ok
18:18:08.0468 5712 [ 546dfba6486569120d33f7ad6e94efdd ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
18:18:08.0468 5712 Tvs - ok
18:18:08.0500 5712 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:18:08.0500 5712 Udfs - ok
18:18:08.0500 5712 ultra - ok
18:18:08.0531 5712 [ 9651e5d850b6f6bd7c77c70aa06f02bf ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
18:18:08.0531 5712 UMWdf - ok
18:18:08.0578 5712 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:18:08.0593 5712 Update - ok
18:18:08.0640 5712 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:18:08.0656 5712 upnphost - ok
18:18:08.0671 5712 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
18:18:08.0671 5712 UPS - ok
18:18:08.0734 5712 [ e919708db44ed8543a7c017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
18:18:08.0734 5712 usbaudio - ok
18:18:08.0765 5712 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:18:08.0765 5712 usbccgp - ok
18:18:08.0781 5712 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:18:08.0781 5712 usbehci - ok
18:18:08.0796 5712 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:18:08.0812 5712 usbhub - ok
18:18:08.0828 5712 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:18:08.0828 5712 USBSTOR - ok
18:18:08.0859 5712 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:18:08.0859 5712 usbuhci - ok
18:18:08.0859 5712 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:18:08.0859 5712 VgaSave - ok
18:18:08.0875 5712 ViaIde - ok
18:18:08.0875 5712 VirtualBackplane - ok
18:18:08.0890 5712 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:18:08.0890 5712 VolSnap - ok
18:18:08.0921 5712 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
18:18:08.0937 5712 VSS - ok
18:18:08.0968 5712 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
18:18:08.0968 5712 W32Time - ok
18:18:09.0000 5712 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:18:09.0000 5712 Wanarp - ok
18:18:09.0046 5712 [ 0a716c08cb13c3a8f4f51e882dbf7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
18:18:09.0046 5712 wanatw - ok
18:18:09.0140 5712 [ fd47474bd21794508af449d9d91af6e6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:18:09.0140 5712 Wdf01000 - ok
18:18:09.0156 5712 WDICA - ok
18:18:09.0187 5712 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:18:09.0187 5712 wdmaud - ok
18:18:09.0234 5712 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:18:09.0234 5712 WebClient - ok
18:18:09.0328 5712 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:18:09.0328 5712 winmgmt - ok
18:18:09.0375 5712 [ b9715b9c18bc6c8f4b66733d208cc9f7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:18:09.0375 5712 WmdmPmSN - ok
18:18:09.0453 5712 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:18:09.0468 5712 Wmi - ok
18:18:09.0500 5712 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:18:09.0562 5712 WmiApSrv - ok
18:18:09.0593 5712 [ bbaeaca1ffa3c86361cf0998474f6c3a ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
18:18:09.0593 5712 WpdUsb - ok
18:18:09.0640 5712 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:18:09.0640 5712 wscsvc - ok
18:18:09.0671 5712 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:18:09.0671 5712 WSTCODEC - ok
18:18:09.0687 5712 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
18:18:09.0687 5712 wuauserv - ok
18:18:09.0750 5712 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:18:09.0765 5712 WZCSVC - ok
18:18:09.0796 5712 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:18:09.0796 5712 xmlprov - ok
18:18:09.0812 5712 ================ Scan global ===============================
18:18:09.0859 5712 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
18:18:09.0906 5712 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
18:18:09.0921 5712 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
18:18:09.0953 5712 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:18:09.0953 5712 [Global] - ok
18:18:09.0953 5712 ================ Scan MBR ==================================
18:18:09.0984 5712 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
18:18:20.0843 5712 \Device\Harddisk1\DR1 - ok
18:18:20.0875 5712 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
18:18:21.0062 5712 \Device\Harddisk0\DR0 - ok
18:18:21.0109 5712 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
18:18:31.0984 5712 \Device\Harddisk1\DR1 - ok
18:18:31.0984 5712 MBR (0x1B8) (a9e1ef156464c70dd2c00b2c4a17268a) \Device\Harddisk2\DR7
18:18:33.0765 5712 \Device\Harddisk2\DR7 - ok
18:18:33.0765 5712 ================ Scan VBR ==================================
18:18:33.0781 5712 Boot (0x1200) (f56c5d9d33b7b9cd0f91491f1dc34977) \Device\Harddisk1\DR1\Partition1
18:18:33.0781 5712 \Device\Harddisk1\DR1\Partition1 - ok
18:18:33.0828 5712 Boot (0x1200) (c1a57df0df4088ec14a0967905d1c4b0) \Device\Harddisk0\DR0\Partition1
18:18:33.0828 5712 \Device\Harddisk0\DR0\Partition1 - ok
18:18:33.0843 5712 Boot (0x1200) (f56c5d9d33b7b9cd0f91491f1dc34977) \Device\Harddisk1\DR1\Partition1
18:18:33.0843 5712 \Device\Harddisk1\DR1\Partition1 - ok
18:18:33.0843 5712 ============================================================
18:18:33.0843 5712 Scan finished
18:18:33.0843 5712 ============================================================
18:18:33.0859 5372 Detected object count: 0
18:18:33.0859 5372 Actual detected object count: 0
 
It still runs in system tray at startup though
Click to expand...
What does?

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

Please post BOTH logs, rKill.txt and Combofix.txt.
 
What does?
Click to expand...

SpyNoMore, the one you've labeled as rogue, it has a component in the system tray that loads on startup. The machine had this software installed for many years. I've only exited it when I am instructed to disable antivirus antispyware.

I am currently on the step to run combofix and its running. It prompted me to install recovery console. Unfortunately this produced an error and it didn't successfully download recovery console. I checked my wireless connection for internet connectivity and pressed okay and it still didn't download recovery console. It proceeded to scan anyway without any prompt asking me if I wished to continue so I decided not to interrupt it mid-scan. Below is the log produced.

ComboFix 12-08-14.05 - Daniel Smith 08/14/2012 19:10:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1308 [GMT -5:00]
Running from: c:\documents and settings\Daniel Smith\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\TrayMin700.exe.lnk
c:\documents and settings\Daniel Smith\Application Data\PriceGong
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\hs_err_pid4824.log
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\I.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Daniel Smith\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Daniel Smith\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Daniel Smith\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Lori Smith\Application Data\alot
c:\documents and settings\Lori Smith\Application Data\PriceGong
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\I.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Lori Smith\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Lori Smith\WINDOWS
c:\documents and settings\Sarah\WINDOWS
c:\program files\Adssite Games Collection
c:\program files\Adssite Games Collection\BattlesOfHelicopters.exe
c:\program files\Adssite Games Collection\BobAndBill.exe
c:\program files\Adssite Games Collection\CrazyBlocks.exe
c:\program files\Adssite Games Collection\Lines.exe
c:\program files\Adssite Games Collection\uninstall.exe
c:\program files\Adssite Games Collection\VideoPool.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\kock
c:\windows\system32\kock\daniel_smith@a1.interclick[1].txt
c:\windows\system32\kock\daniel_smith@abmr[1].txt
c:\windows\system32\kock\daniel_smith@burstnet[2].txt
c:\windows\system32\kock\daniel_smith@interclick[2].txt
c:\windows\system32\kock\daniel_smith@quantserve[2].txt
c:\windows\system32\kock\daniel_smith@scorecardresearch[1].txt
c:\windows\system32\kock\daniel_smith@sharethis[1].txt
c:\windows\system32\kock\daniel_smith@turn[2].txt
c:\windows\system32\kock\daniel_smith@wd.sharethis[1].txt
c:\windows\system32\kock\daniel_smith@www.burstnet[1].txt
c:\windows\system32\ndisapi.dll
c:\windows\system32\SET83.tmp
c:\windows\system32\UAs
c:\windows\system32\UAs\iexplore.exe_UAs001.dat
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-14 18:14 . 2012-08-14 18:14 -------- d-sh--w- c:\documents and settings\Daniel Smith\IECompatCache
2012-08-14 18:13 . 2012-08-14 18:13 -------- d-sh--w- c:\documents and settings\Daniel Smith\PrivacIE
2012-08-14 18:09 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\mpengine.dll
2012-08-14 17:24 . 2012-08-14 17:24 -------- d-----w- c:\documents and settings\Daniel Smith\Application Data\Malwarebytes
2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-14 17:23 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-14 10:41 . 2012-08-14 10:41 -------- d-sh--w- c:\documents and settings\Daniel Smith\IETldCache
2012-08-14 09:44 . 2012-08-14 09:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-08-14 09:21 . 2012-08-14 09:24 -------- dc-h--w- c:\windows\ie8
2012-08-13 23:04 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-13 22:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-13 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-13 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-13 22:27 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-08-13 22:14 . 2012-08-13 22:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-13 22:14 . 2012-08-13 22:19 -------- d-----w- C:\9763613b9eb5a4033f9b3a2195c65735
2012-08-13 21:24 . 2012-08-13 21:24 264 ----a-w- c:\windows\system32\srvblck5.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2006-07-19 00:48 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-13 12:35 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-07-19 00:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-07-19 00:47 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-05-31 19:37 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-31 19:37 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2006-07-19 02:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2006-07-19 02:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2006-07-19 02:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-31 19:37 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2006-07-19 02:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2006-07-19 02:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2006-07-19 00:46 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2007-05-31 19:37 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2006-07-19 02:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2006-07-19 02:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-06-01 15:39 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2006-11-06 12:24 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2005-05-26 12:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-07-19 00:46 599040 ----a-w- c:\windows\system32\crypt32.dll
2008-12-09 15:23 51152 --sh--r- c:\windows\system32\appConf32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{72ae8426-3b8d-4ead-b191-8d0ad1c62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2009-01-20 1881112]
.
[HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Max_EN\prxtbMax0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{867dd841-5bf7-44ca-8426-c5a6eda00735}"= "c:\program files\Max_EN\prxtbMax0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2009-01-20 1881112]
"{867DD841-5BF7-44CA-8426-C5A6EDA00735}"= "c:\program files\Max_EN\prxtbMax0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}]
.
[HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-02-01 42392]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"TFncKy"="TFncKy.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-21 1067984]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"NDSTray.exe"="NDSTray.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-29 434176]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"phc700"="c:\windows\vphc700.exe" [2005-07-21 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\Daniel Smith\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-12 503808]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
c:\documents and settings\Sarah\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-3 784912]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153363098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:port135
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
.
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]
R2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [7/15/2005 3:38 PM 139264]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
S1 MpKsl1f4a72fe;MpKsl1f4a72fe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys [?]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [5/31/2000 10:13 PM 71448]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/11/2006 4:02 PM 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [1/3/2008 5:24 PM 541568]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [11/10/1999 11:27 AM 142592]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [1/18/2006 1:33 PM 39067]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/11/1999 4:48 PM 155440]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-08-14 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.254
DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
AddRemove-AdssiteGames - c:\program files\Adssite Games Collection\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????j?w??????@???D????? ??|P?E????|????????????1??|????P?E?????????,???????????????????>?@?????L???<??????|?????????????$???? ???D??????>@????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\mysafe.dll
.
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
- - - - - - - > 'explorer.exe'(4948)
c:\docume~1\DANIEL~1\LOCALS~1\TempIadHide3.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Rockwell Software\RSCommon\RSOBSERV.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\program files\MioNet\jvm\bin\MioNet.exe
c:\windows\system32\ScsiAccess.EXE
c:\program files\Smith Micro\StuffIt 2010\ArcNameService.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\system32\TODDSrv.exe
c:\windows\system32\wdfmgr.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\ROCKWE~1\RSLinx\RSLINX.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\TPSMain.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\RTHDCPL.EXE
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\windows\AGRSMMSG.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-08-14 19:27:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 00:27
.
Pre-Run: 85,672,263,680 bytes free
Post-Run: 87,349,899,264 bytes free
.
- - End Of File - - 59B8B3F6A68D165A4CE44D0A586EAE59
 
I've run it again. From the point I click yes to allow it to download recovery console it says:

Failed to download required files. Aborting ...

Shall continue scanning for malware

[ OK ]
Click to expand...

And before I can even click ok, it has started scanning.
 
Let's try different way...

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

p4357307.gif



Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

RC1-4.gif



  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    whatnext.png
  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt.
 
Your first image appears broken.

Your link takes me to an article about:

How to obtain Windows XP Setup disks for a floppy boot installation
Click to expand...

The only link they provide for XP SP3 is an .iso image that is currently still downloading. I'm not sure I'm on the right track. Am I downloading the right file?

Edit: Nevermind your first image appeared. after several attempts at reload.

Edit 2: Media Center Edition is just Home Edition(with media center installed) right?
 
Okay, edits are getting insane so I'm just going to double post. Both links for SP2(and SP3) result in.

[SIZE=30px][FONT=Segoe UI Light]We are sorry, the page you requested cannot be found.[/FONT][/SIZE][SIZE=30px]
[FONT=segoe UI]The URL may be misspelled or the page you're looking for is no longer available.[/FONT]
[/size]
Click to expand...
[SIZE=30px][/size]
 
Hooray. Detour complete, it worked. Here is the newest log.

ComboFix 12-08-14.05 - Daniel Smith 08/14/2012 21:08:01.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1342 [GMT -5:00]
Running from: c:\documents and settings\Daniel Smith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Daniel Smith\Desktop\WinXP_EN_PRO_BF.EXE
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 00:31 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38E3A70E-8546-427D-9EB5-C66284F3704A}\mpengine.dll
2012-08-14 18:14 . 2012-08-14 18:14 -------- d-sh--w- c:\documents and settings\Daniel Smith\IECompatCache
2012-08-14 18:13 . 2012-08-14 18:13 -------- d-sh--w- c:\documents and settings\Daniel Smith\PrivacIE
2012-08-14 18:09 . 2012-06-29 06:44 6891424 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-14 17:24 . 2012-08-14 17:24 -------- d-----w- c:\documents and settings\Daniel Smith\Application Data\Malwarebytes
2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-14 17:23 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-14 17:23 . 2012-08-14 17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-14 10:41 . 2012-08-14 10:41 -------- d-sh--w- c:\documents and settings\Daniel Smith\IETldCache
2012-08-14 09:44 . 2012-08-14 09:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-08-14 09:21 . 2012-08-14 09:24 -------- dc-h--w- c:\windows\ie8
2012-08-13 23:04 . 2012-05-02 13:46 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-13 22:59 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-13 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-13 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-13 22:27 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-08-13 22:14 . 2012-08-13 22:24 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-13 22:14 . 2012-08-13 22:19 -------- d-----w- C:\9763613b9eb5a4033f9b3a2195c65735
2012-08-13 21:24 . 2012-08-13 21:24 264 ----a-w- c:\windows\system32\srvblck5.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2006-07-19 00:48 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-13 12:35 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2006-07-19 00:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2006-07-19 00:47 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 20:19 . 2007-05-31 19:37 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2007-05-31 19:37 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2006-07-19 02:35 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2006-07-19 02:35 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2006-07-19 02:35 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 20:19 . 2007-05-31 19:37 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2006-07-19 02:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2006-07-19 02:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2006-07-19 00:46 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2007-05-31 19:37 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2006-07-19 02:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2006-07-19 02:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2007-06-01 15:39 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2006-11-06 12:24 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18 . 2005-05-26 12:19 214256 ----a-w- c:\windows\system32\muweb.dll
2012-05-31 13:22 . 2006-07-19 00:46 599040 ----a-w- c:\windows\system32\crypt32.dll
2008-12-09 15:23 51152 --sh--r- c:\windows\system32\appConf32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{72ae8426-3b8d-4ead-b191-8d0ad1c62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2009-01-20 1881112]
.
[HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Max_EN\prxtbMax0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{867dd841-5bf7-44ca-8426-c5a6eda00735}"= "c:\program files\Max_EN\prxtbMax0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}"= "c:\program files\P2P_Max\tbP2P_.dll" [2009-01-20 1881112]
"{867DD841-5BF7-44CA-8426-C5A6EDA00735}"= "c:\program files\Max_EN\prxtbMax0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}]
.
[HKEY_CLASSES_ROOT\clsid\{867dd841-5bf7-44ca-8426-c5a6eda00735}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"PxDotNetLoader"="c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2010-02-01 42392]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"TFncKy"="TFncKy.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"SNM"="c:\program files\SpyNoMore\SNM.exe" [2010-07-21 1067984]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"NDSTray.exe"="NDSTray.exe" [BU]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-29 434176]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"phc700"="c:\windows\vphc700.exe" [2005-07-21 339968]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-28 136600]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\documents and settings\Daniel Smith\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-12 503808]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
c:\documents and settings\Sarah\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-5-16 1777664]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-6-25 614531]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-6-8 16432]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-3 784912]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-19 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 18:10 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153363098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:port135
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
.
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
S1 MpKsl1f4a72fe;MpKsl1f4a72fe;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys [?]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 MioNet;MioNet Service;c:\program files\MioNet\MioNetManager.exe [7/15/2005 3:38 PM 139264]
S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [5/31/2000 10:13 PM 71448]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/11/2006 4:02 PM 30192]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
S3 phc700;USB PC Camera (phc700);c:\windows\system32\drivers\phc700.sys [1/3/2008 5:24 PM 541568]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [11/10/1999 11:27 AM 142592]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [1/18/2006 1:33 PM 39067]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/11/1999 4:48 PM 155440]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - NDISRD
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-08-15 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.Google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearchMigratedDefaultURL = hxxp://www.Google.com/
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.254
DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} - hxxps://imail.tema.toyota.com/images/whlcache.cab?egap=internal
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 21:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????j?w??????@???D????? ??|P?E????|????????????1??|????P?E?????????,???????????????????>?@?????L???<??????|?????????????$???? ???D??????>@????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\mysafe.dll
.
- - - - - - - > 'lsass.exe'(988)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
- - - - - - - > 'explorer.exe'(5700)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2012-08-14 21:13:37
ComboFix-quarantined-files.txt 2012-08-15 02:13
ComboFix2.txt 2012-08-15 01:13
ComboFix3.txt 2012-08-15 00:27
.
Pre-Run: 87,285,006,336 bytes free
Post-Run: 87,261,159,424 bytes free
.
WinXP_EN_PRO_BF.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 40E629911AAAF560772663D99F89B765
 
Good :)

Combofix looks good.

Any current issues?

==============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I currently have plenty of issues but it looks like I don't have any relevant to the laptop we've been working on. :) It seems to be running as well as could be expected of a Centrino Duo processor.



OTL logfile created on: 8/14/2012 9:23:35 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Daniel Smith\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.43% Memory free
3.84 Gb Paging File | 3.37 Gb Available in Paging File | 87.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.49 Gb Total Space | 81.34 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive E: | 243.98 Mb Total Space | 243.98 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive F: | 7.46 Gb Total Space | 7.45 Gb Free Space | 99.91% Space Free | Partition Type: FAT32

Computer Name: DBSMITH | User Name: Daniel Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 21:16:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Smith\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2009/12/29 13:08:28 | 001,653,248 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/10/30 15:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/15 13:12:04 | 000,784,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/11/15 13:08:26 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2006/11/24 22:46:20 | 001,925,392 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE
PRC - [2006/10/19 18:40:18 | 000,196,608 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSCOMMON\RSOBSERV.EXE
PRC - [2006/09/28 20:25:54 | 000,434,176 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
PRC - [2006/08/02 18:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/06/08 23:17:50 | 000,290,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/05/16 13:42:00 | 001,777,664 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/05/05 19:39:54 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/04/25 19:57:00 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2006/03/16 15:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2006/03/02 17:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 18:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 14:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/12/16 04:41:28 | 000,188,416 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2005/12/06 00:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/06/23 20:56:12 | 000,028,672 | ---- | M] (Rockwell Automation) -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
PRC - [2005/05/31 23:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 22:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 18:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 02:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 15:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/08/28 02:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/06/25 09:25:38 | 000,614,531 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/14 03:47:40 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_47600ef7\mscorlib.dll
MOD - [2012/08/14 03:46:58 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_f228939a\system.dll
MOD - [2012/08/14 03:46:44 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 20:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/12/12 19:08:29 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\rockwellsoftware.factorytalk.diagnostics.readerlib\1.0.0.0__08edf02f4d5b3281\rockwellsoftware.factorytalk.diagnostics.readerlib.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/09/28 20:24:36 | 000,053,248 | ---- | M] () -- C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\rausbciplib.dll
MOD - [2006/07/18 21:46:05 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006/07/18 21:46:03 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006/01/04 20:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/07/22 23:30:00 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2004/07/20 19:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2003/06/25 09:30:30 | 000,081,920 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx
MOD - [2003/06/25 09:18:34 | 000,139,264 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx
MOD - [2003/06/25 09:16:00 | 000,319,631 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnLine.dll
MOD - [2003/06/25 09:12:04 | 000,278,660 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll
MOD - [2003/06/25 09:11:14 | 000,450,693 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2003/06/25 09:08:22 | 000,270,484 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistacameraUploadSysx.syx
MOD - [2003/06/25 09:03:52 | 000,389,257 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll
MOD - [2003/06/25 09:02:46 | 000,954,508 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll
MOD - [2003/06/25 09:02:14 | 000,061,574 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2003/06/25 09:01:32 | 000,114,829 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2003/06/25 08:53:38 | 000,110,719 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2003/06/25 08:48:08 | 000,536,716 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.dll
MOD - [2003/06/25 08:33:12 | 000,229,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2003/06/25 08:25:40 | 000,024,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistacameraUploadSysx.dll
MOD - [2003/06/25 08:23:14 | 000,356,479 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2003/06/25 08:08:12 | 000,024,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll
MOD - [2003/06/25 08:05:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameratodos.dll
MOD - [2003/06/25 08:01:48 | 000,028,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameratodosCamBack.dll
MOD - [2003/06/25 07:50:06 | 000,036,864 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/10/30 15:34:12 | 001,916,248 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Smith Micro\StuffIt 2010\ArcNameService.exe -- (Stuffit Archive Name Service)
SRV - [2007/11/15 13:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/11/24 22:46:20 | 001,925,392 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx)
SRV - [2006/10/19 18:40:18 | 000,196,608 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Running] -- C:\Program Files\Rockwell Software\RSCOMMON\RSOBSERV.EXE -- (Harmony)
SRV - [2006/07/24 21:11:58 | 000,065,536 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe -- (dnWhoDisp)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/02/07 18:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/07/15 15:38:33 | 000,139,264 | R--- | M] () [Auto | Stopped] -- C:\Program Files\MioNet\MioNetManager.exe -- (MioNet)
SRV - [2005/07/12 19:14:42 | 000,040,960 | ---- | M] () [Auto | Stopped] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/06/23 20:56:12 | 000,028,672 | ---- | M] (Rockwell Automation) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe -- (RNADiagnosticsService)
SRV - [2005/01/17 18:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/12/02 11:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum)
SRV - [2004/10/20 08:40:04 | 000,010,328 | R--- | M] (America Online) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 15:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/08/28 02:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/02/04 11:22:30 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ScsiAccess.EXE -- (ScsiAccess)
SRV - [2002/05/22 12:52:06 | 001,701,888 | ---- | M] (Inprise Corporation) [On_Demand | Stopped] -- C:\Program Files\Borland\Interbase\Bin\ibserver.exe -- (InterBaseServer)
SRV - [2002/05/22 12:52:06 | 000,022,016 | ---- | M] (Inprise Corporation) [On_Demand | Stopped] -- C:\Program Files\Borland\Interbase\Bin\ibguard.exe -- (InterBaseGuardian)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\VirtualBackplane.sys -- (VirtualBackplane)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SYSPREP\PEDrv.sys -- (SVRPEDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys -- (MpKsl1f4a72fe)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\sysprep\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EntDrv51.sys -- (EntDrv51)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2008/12/12 19:08:59 | 000,018,944 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2008/12/12 18:32:42 | 000,453,632 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (hardlock)
DRV - [2008/12/12 18:32:42 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2007/09/21 06:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/09/21 06:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 06:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/08/25 18:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/23 22:37:50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/08/22 12:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/07/19 21:40:20 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/07/13 12:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/28 18:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 13:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 18:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 20:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 19:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 19:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2006/03/18 09:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 20:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/18 13:33:24 | 000,039,067 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl)
DRV - [2005/10/20 16:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 16:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 17:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/07 17:21:18 | 000,541,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\phc700.sys -- (phc700)
DRV - [2005/06/02 05:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/16 18:03:44 | 000,015,340 | R--- | M] (NT Kernel Resources) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\ndisrd.sys -- (NDISRD)
DRV - [2003/09/19 03:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/07/16 17:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 16:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2001/06/22 00:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2001/06/22 00:39:02 | 000,020,032 | R--- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2000/05/31 22:13:04 | 000,071,448 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\abktcx.sys -- (ABKTCX)
DRV - [1999/11/10 11:27:48 | 000,142,592 | ---- | M] (Rockwell Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\RS_SS_NT.SYS -- (RS_SS_NT)
DRV - [1999/05/11 16:48:00 | 000,155,440 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\rsserial.sys -- (RSSERIAL)
DRV - [1998/07/10 07:31:00 | 000,007,328 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ds1410d.sys -- (DS1410D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE

IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Program Files\P2P_Max\tbP2P_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searc...c_id=11511&camp_id=-3&tb_version=2.5.9001.490
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...icrosoft:en-US&ie=utf8&oe=utf8&rlz=1I7_____en
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1814311
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/07/22 22:25:55 | 000,000,000 | ---D | M]

[2009/02/28 15:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Smith\Application Data\Mozilla\Extensions
[2009/02/28 15:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daniel Smith\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2012/08/14 19:20:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Max EN Toolbar) - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\prxtbMax0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Browser protection) - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - C:\Program Files\SpyNoMore\snmIeGuard.dll (Illysoft LLC)
O3 - HKLM\..\Toolbar: (Max EN Toolbar) - {867dd841-5bf7-44ca-8426-c5a6eda00735} - C:\Program Files\Max_EN\prxtbMax0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Program Files\P2P_Max\tbP2P_.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\..\Toolbar\WebBrowser: (Max EN Toolbar) - {867DD841-5BF7-44CA-8426-C5A6EDA00735} - C:\Program Files\Max_EN\prxtbMax0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [phc700] C:\WINDOWS\vphc700.exe (Sonix)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe (Illysoft LLC)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.)
O4 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Daniel Smith\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4FF0ADF7-4C00-4A2F-A00A-8F0EFD85D80E} https://imail.tema.toyota.com/images/whlcache.cab?egap=internal (Whale Attachment Wiper )
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162687796125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://imail.tema.toyota.com/dwa7W.cab (Domino Web Access 7 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D181D2B-F4D0-4EAF-9855-62DB591BEA1E}: DhcpNameServer = 208.67.222.222 208.67.220.220 192.168.1.254
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (psqlpwd.dll) - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Daniel Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daniel Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 21:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 21:16:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Daniel Smith\Desktop\OTL.exe
[2012/08/14 21:06:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/08/14 19:21:28 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Daniel Smith\My Documents\My Safe
[2012/08/14 19:00:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/14 19:00:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/14 19:00:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/14 19:00:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/14 19:00:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/14 18:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/08/14 18:57:18 | 004,731,615 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel Smith\Desktop\ComboFix.exe
[2012/08/14 18:10:03 | 002,208,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Daniel Smith\Desktop\TDSSKiller.exe
[2012/08/14 16:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Smith\Desktop\RK_Quarantine
[2012/08/14 16:15:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Daniel Smith\Desktop\aswMBR.exe
[2012/08/14 16:15:48 | 003,178,400 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Daniel Smith\Desktop\MCPR.exe
[2012/08/14 13:14:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daniel Smith\IECompatCache
[2012/08/14 13:13:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daniel Smith\PrivacIE
[2012/08/14 12:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Daniel Smith\Application Data\Malwarebytes
[2012/08/14 12:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/14 12:23:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/08/14 12:23:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/08/14 12:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/14 12:06:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Daniel Smith\Desktop\dds.com
[2012/08/14 12:06:07 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel Smith\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/14 05:41:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Daniel Smith\IETldCache
[2012/08/14 04:21:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/08/13 17:14:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/13 17:14:04 | 000,000,000 | ---D | C] -- C:\9763613b9eb5a4033f9b3a2195c65735
[2012/08/13 16:55:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 21:16:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Daniel Smith\Desktop\OTL.exe
[2012/08/14 21:06:55 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2012/08/14 21:04:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/14 20:29:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/14 19:30:12 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/14 19:20:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/14 19:20:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/14 19:19:59 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 18:48:58 | 004,731,615 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel Smith\Desktop\ComboFix.exe
[2012/08/14 16:15:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Daniel Smith\Desktop\aswMBR.exe
[2012/08/14 16:15:14 | 003,178,400 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Daniel Smith\Desktop\MCPR.exe
[2012/08/14 16:14:52 | 001,558,528 | ---- | M] () -- C:\Documents and Settings\Daniel Smith\Desktop\RogueKiller.exe
[2012/08/14 12:23:46 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 12:06:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Daniel Smith\Desktop\dds.com
[2012/08/14 12:06:28 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Daniel Smith\Desktop\ocinprei.exe
[2012/08/14 12:06:24 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Daniel Smith\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/14 05:46:58 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Daniel Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/14 04:42:49 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/14 04:24:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 03:58:39 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/14 03:58:39 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/13 23:58:59 | 000,000,036 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[2012/08/13 17:25:16 | 002,208,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Daniel Smith\Desktop\TDSSKiller.exe
[2012/08/13 17:25:04 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/08/13 17:16:08 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 21:06:55 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2012/08/14 21:06:51 | 000,237,728 | RHS- | C] () -- C:\cmldr
[2012/08/14 19:00:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/14 19:00:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/14 19:00:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/14 19:00:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/14 19:00:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/14 16:15:04 | 001,558,528 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Desktop\RogueKiller.exe
[2012/08/14 12:23:46 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/14 12:16:49 | 2137,051,136 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/14 12:06:25 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Desktop\ocinprei.exe
[2012/08/13 17:59:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/08/13 17:59:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/08/13 17:34:55 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/08/13 17:34:55 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/08/13 17:24:57 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/13 17:08:23 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/08/13 16:24:45 | 000,000,036 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2010/02/05 22:20:45 | 000,533,102 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Application Data\woodlakguy.zip
[2009/07/03 13:50:34 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\presets.ini
[2006/11/04 18:50:46 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/04 18:50:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Daniel Smith\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Protector Suite
[2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2010/02/05 22:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2006/11/04 19:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008/12/12 18:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rockwell
[2010/07/22 22:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smith Micro
[2006/07/19 21:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/07 17:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2008/01/05 10:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/08/17 21:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\GARMIN
[2006/11/04 23:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\InterVideo
[2012/08/14 19:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\LimeWire
[2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\Protector Suite
[2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\toshiba
[2010/07/22 22:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\WeatherBug
[2006/12/07 17:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daniel Smith\Application Data\WildTangent
[2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Protector Suite
[2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Smith\Application Data\Protector Suite
[2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lori Smith\Application Data\toshiba
[2006/09/29 02:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\Protector Suite
[2006/07/19 18:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sarah\Application Data\toshiba
[2012/08/14 21:04:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 8/14/2012 9:23:35 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\Daniel Smith\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.43% Memory free
3.84 Gb Paging File | 3.37 Gb Available in Paging File | 87.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.49 Gb Total Space | 81.34 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
Drive E: | 243.98 Mb Total Space | 243.98 Mb Free Space | 100.00% Space Free | Partition Type: FAT
Drive F: | 7.46 Gb Total Space | 7.45 Gb Free Space | 99.91% Space Free | Partition Type: FAT32

Computer Name: DBSMITH | User Name: Daniel Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:port135
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971 -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe" = C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe:*:Enabled:RSLogix 5000 v16.00.00 -- (Rockwell Automation, Inc.)
"C:\WINDOWS\system32\OpcEnum.exe" = C:\WINDOWS\system32\OpcEnum.exe:*:Enabled:OPCEnum.exe -- (OPC Foundation)
"C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE" = C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE:*:Enabled:RSLinx.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe" = C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe:*:Enabled:OPCTestClient.exe -- (Rockwell Automation, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
"{0C3966A5-7D21-40CF-A8AA-6DA061D25541}" = Logix5000 Task Monitor
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0EA93C5A-7CB4-4B69-A3EE-92A7953B1D3E}" = RSLogix 5 English 7.10.02 (CPR 7)
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{10050016-D5FD-11DA-A128-000C29473C90}" = RSLogix 5000 Start Page Media v16.00.05
"{102AC368-2BC1-482D-85B9-5C38F5025F8B}" = Rockwell Automation Drives SCANport Module Profiles
"{110ACB92-B678-4CAC-870F-86F1326219D6}" = RSLogix 5000 Module Profile Setup Utility
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{132517B5-10EB-4387-ADAE-AE3A9DA85448}" = Philips Firmware Manager
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1AB02C49-910D-4823-94BA-51FC4047B9C8}" = Logix5000 Clock Update Tool
"{20010016-D5FD-11DA-A128-000C29473C90}" = RSLogix 5000 Online Books v16.00.00
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23727D32-E8A7-418D-BF8D-97A79FF793C1}" = Rockwell Automation 1734 ASCII Module Profiles
"{269A4095-DB55-4D35-8FD0-39957D26BEEC}" = Philips VLounge
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}" = StuffIt 2010
"{28302E0C-2E42-4635-8657-078C88989BEF}" = Rockwell Automation 1791DS Discrete Module Profiles
"{2ABE52D6-0F52-48F6-9AB7-A7DDAACD8654}" = Rockwell Automation 1769 Analog Module Profiles
"{2ACA8536-E7A2-4914-9597-DBA635D93492}" = Parker Isysnet Analog Module Profiles
"{2BF0655E-B036-43F6-9230-BB45CB07F004}" = RSNetWorx for ControlNet 8.00.00 (CPR 7)
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2F0200C6-9ACB-49F3-BC33-5BE9AA682D9F}" = MapSend Lite
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{30010016-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v16.00.00
"{30010215-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v15.02
"{30010413-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v13.04
"{30E45D79-A117-41C9-81E7-004F2B183249}" = FactoryTalk Activation Client v2.00.01 (CPR 7)
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34540622-805E-4CC7-98CF-65A43E99CF4D}" = RSLinx Classic 2.51.00 (CPR 7)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357187EE-8B25-467D-A567-88C735932174}" = Rockwell Automation 1734 Discrete Module Profiles
"{39363D4F-BF1C-447C-8014-F7966A9975D9}" = Rockwell Automation 1734 Specialty Module Profiles
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{449AD43D-AEF6-439B-B936-B1E239B8944C}" = Rockwell Automation 1769 Boolean Module Profiles
"{4634B79A-3562-4AC0-B6A2-DF9E2D285EBC}" = ClearKeeper
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}" = Rockwell Automation 1756 CNet Comms Module Profiles
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4CA3C060-272B-4B23-A836-C23D11E0006A}" = Rockwell Automation USB CIP Driver Package
"{4E8B1FF0-BE42-42F0-84C3-030399C548A1}" = RSLogix 5000 Faceplates
"{517AA455-8CC9-4281-87A4-865E71947DC9}" = RSLogix 5000 IEC61131-3 Translation Tool
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{546A6A91-FA45-48BD-A6D6-F4C8D4317A56}" = Rockwell Windows Firewall Configuration Utility 1.00.01
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5EFD7668-C7D7-401E-BF4C-F10CEE02ED9E}" = Rockwell Automation Drives PowerFlex 7 Module Profiles
"{634EC9A4-FEF1-11D7-A65F-18181164CC00}" = BalanceLog
"{63A49017-81D4-4969-921E-68FEAC93BC6A}" = RSLogix 500 English 7.10.00 (CPR 7)
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{65808416-E7F9-4DB5-9208-E63078C93B7D}" = RSLogix 5000 Compare v2
"{66B72D42-0209-4F45-857A-D509649FC74B}" = Rockwell Automation Drives PowerFlex 4 Module Profiles
"{692179FB-984B-465A-BC4F-3875D2D53F32}" = RSNetWorx for DeviceNet 8.00.01 (CPR 7)
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6AFEDA45-288E-445F-A176-FCD42AFA74FE}" = Rockwell Automation 1738 Analog Module Profiles
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7033EFFB-90EA-4A54-9807-FB4AACA52A0B}" = Rockwell Automation 1769 Discrete Module Profiles
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{737220CF-97A7-11D5-B3A5-00E02934C09B}" = MapSend Streets and Destinations USA
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78788123-91F2-42D3-A7D4-FEBB1337A8B2}" = DriveExecutive V4.01
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7BCFC80E-8D88-4B7C-AF62-A629521B3274}" = BootP-DHCP Server
"{7FB3F90F-E754-4374-9ABC-EF8F94DA35E2}" = DeviceNet Node Commissioning Tool
"{842CDC14-718F-4063-9D48-36E982E12946}" = Rockwell Automation 1769 Analog Module Profiles
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{893727BF-9C7C-483F-9E69-D8314DB21186}" = Parker Isysnet Discrete Module Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A8C5496-0460-489E-8CB9-8F62E09F033D}" = Tag Data Monitor Tool
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8E10471D-5CBF-4080-972D-2E6451420B7F}" = RSLogix 5000 System Updates
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F018A9E-56DE-4A79-A5EF-25F413F1D538}" = WeatherBug
"{903B8611-2695-4B42-A613-1394AD01F511}" = RSLogix 5000 Module Profile Core
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9AE0E408-37BC-4B89-B768-252DE878CE7A}" = Logix CPU Security Tool
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1C775C8-CBD3-49B0-A72C-4C751378B2F4}" = RSLogix 5000 Setup Installer
"{A2C6C8E7-3540-4A0C-8C87-DAA164B0740B}" = Rockwell Automation 1738 ASCII Module Profiles
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A393179D-478D-40C7-A6A2-90B9F34C2341}" = Rockwell Automation 1738 Discrete Module Profiles
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{AAF8A903-9A85-43DF-A35C-3E5549484DDA}" = Rockwell Automation 1756 HART Module Profiles
"{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}" = Rockwell Automation 1756 ENet Comms Module Profiles
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B100A292-14C5-4E41-AE27-0229BFBFDA9F}" = RSLogix 5000 DeviceNet Tag Generator
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4BC22FF-9599-4FB4-9F3D-C8D7A19800D4}" = Tag Import Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BA35560D-EE87-40BD-A84B-48F4CD939D38}" = Tag Upload Download Tool
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C3ED335A-3156-4152-B96A-D44A0B1A55A3}" = Parker Isysnet ASCII Module Profile
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C70BF2F2-2B54-4303-ABE6-82A20038A2EA}" = Philips SPC 700NC PC Camera
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D92FFA80-FC57-11D6-AFD6-0050BA883E61}" = RSNetWorx for EtherNet/IP 8.00.00 (CPR 7)
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E4355DEE-167C-4BD3-9FD7-0F389EBF3981}" = Rockwell Automation 1769 Specialty Module Profiles
"{EB1D4DEC-D1B4-4C02-BA6D-AAF51F12EB58}" = ControlFLASH
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFBB3496-A41F-40EB-A218-5E876D92E8A8}" = Fidelity Active Trader Pro®
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}" = Toshiba Media Center Game Console
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F699127B-51FB-44DF-AD6A-8AC498BA9684}" = Rockwell Automation Generic Safety Module Profiles
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}" = Rockwell Automation 1738 Specialty Module Profiles
"{FC07B277-E45F-47AF-BE00-09B03B356899}" = Rockwell Automation 1734 Analog Module Profiles
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Big Sky" = Big Sky Screen Saver
"Desktop Dialer" = Desktop Dialer
"EasyGPS_is1" = EasyGPS
"FXCM Trading Station" = FXCM Trading Station
"GLOBEtrotter FLEXid Drivers" = GLOBEtrotter FLEXid Drivers
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"LimeWire" = LimeWire 5.4.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Max_EN Toolbar" = Max_EN Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MioNet" = MioNet
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"P2P_Max Toolbar" = P2P_Max Toolbar
"Picasa2" = Picasa 2
"PID Calculation Program" = PID Calculation Program
"Port Magic" = Pure Networks Port Magic
"Power Saver" = TOSHIBA Power Saver
"PriceGong" = PriceGong 2.1.0
"QuickTime" = QuickTime
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer Basic
"Retsina P2T" = PDF Plain Text Extractor (remove only)
"RSHWare" = Rockwell Software Hardware Maintenance Tool
"SIPPS!UninstallKey" = SIPPS
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Game Console" = TOSHIBA Game Console
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WT004723" = Blasterball 2 Revolution
"WT004829" = Polar Golfer
"WT006066" = FATE
"WT006448" = Blackhawk Striker 2
"WT006527" = Polar Bowler
"WT009503" = Penguins!
"WT009952" = Chuzzle Deluxe
"WT009953" = Mah Jong Quest
"WT009954" = SCRABBLE
"WT010043" = Bejeweled 2 Deluxe
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3122887937-2217628997-2585646440-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/21/2009 10:47:18 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
module unknown, version 0.0.0.0, fault address 0x410092ed.

Error - 5/20/2009 9:57:13 PM | Computer Name = DBSMITH | Source = McLogEvent | ID = 1006
Description =

Error - 5/20/2009 10:01:25 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
module unknown, version 0.0.0.0, fault address 0x410092ed.

Error - 7/3/2009 2:50:28 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
module unknown, version 0.0.0.0, fault address 0x410092ed.

Error - 7/3/2009 2:50:35 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 7/3/2009 2:51:28 PM | Computer Name = DBSMITH | Source = Application Hang | ID = 1002
Description = Hanging application YahooMessenger.exe, version 8.1.0.421, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2009 12:00:23 AM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
module yahoomessenger.exe, version 8.1.0.421, fault address 0x00109644.

Error - 7/26/2009 4:26:17 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
module unknown, version 0.0.0.0, fault address 0x410092ed.

Error - 7/30/2009 10:20:53 PM | Computer Name = DBSMITH | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
module unknown, version 0.0.0.0, fault address 0x410092ed.

Error - 8/4/2009 7:11:29 PM | Computer Name = DBSMITH | Source = Alert Manager Event Interface | ID = 257
Description =

[ System Events ]
Error - 8/14/2012 6:19:04 PM | Computer Name = DBSMITH | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/14/2012 6:19:23 PM | Computer Name = DBSMITH | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/14/2012 7:17:14 PM | Computer Name = DBSMITH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 8/14/2012 7:54:47 PM | Computer Name = DBSMITH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 8/14/2012 8:10:43 PM | Computer Name = DBSMITH | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 8/14/2012 8:10:43 PM | Computer Name = DBSMITH | Source = Service Control Manager | ID = 7034
Description = The ScsiAccess service terminated unexpectedly. It has done this
1 time(s).

Error - 8/14/2012 9:04:58 PM | Computer Name = DBSMITH | Source = Service Control Manager | ID = 7034
Description = The Swupdtmr service terminated unexpectedly. It has done this 1
time(s).

Error - 8/14/2012 9:04:58 PM | Computer Name = DBSMITH | Source = Service Control Manager | ID = 7034
Description = The ScsiAccess service terminated unexpectedly. It has done this
1 time(s).

Error - 8/14/2012 9:05:05 PM | Computer Name = DBSMITH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 8/14/2012 10:04:20 PM | Computer Name = DBSMITH | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.


< End of report >
 
I currently have plenty of issues but it looks like I don't have any relevant to the laptop we've been working on
Click to expand...
Hahaha....

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys -- (MpKsl1f4a72fe)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=====================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Well, IE is now facing limited issues. I'm doing posting from another computer so I hadn't done much browsing. I loaded up google and was happy to have IE not crash at my home page. I tryed loading techspot so I could navigate to the link you provided for the ESET Online Scanner. Techspot front page would crash that tab. It didn't crash the browser just the tab. I was able to manually navigate to the online scanner and it has updated and is running right now. Here are the logs I currently have.


All processes killed
========== OTL ==========
Service MpKsl1f4a72fe stopped successfully!
Service MpKsl1f4a72fe deleted successfully!
File c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F960E024-5CD0-4722-B6D9-5C26B0948133}\MpKsl1f4a72fe.sys not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3122887937-2217628997-2585646440-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Daniel Smith
->Temp folder emptied: 97724 bytes
->Temporary Internet Files folder emptied: 10543505 bytes
->Java cache emptied: 1648532 bytes
->Flash cache emptied: 1937979 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Lori Smith
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Java cache emptied: 1500916 bytes
->Flash cache emptied: 1256 bytes

User: NetworkService
->Temp folder emptied: 1372 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Sarah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 3132620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2841 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1133 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Daniel Smith
->Java cache emptied: 0 bytes

User: Default User

User: LocalService

User: Lori Smith
->Java cache emptied: 0 bytes

User: NetworkService

User: Sarah

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Daniel Smith
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: Lori Smith
->Flash cache emptied: 0 bytes

User: NetworkService

User: Sarah
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08142012_220847

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
I
s
p
l
a
y
N
a
m
e
ECHO is off.
M
I
c
r
o
s
o
f
t
ECHO is off.
S
e
c
u
r
I
t
y
ECHO is off.
E
s
e
n
t
I
a
l
s
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
AOL Spyware Protection
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 11
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.12.36 Flash Player out of Date!
Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````




Farbar Service Scanner Version: 06-08-2012
Ran by Daniel Smith (administrator) on 14-08-2012 at 22:19:03
Running from "C:\Documents and Settings\Daniel Smith\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****



Online scanner hasn't finished yet.
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
I'm here. Everything seems okay. Thanks again. Was there something else I needed to post?

Edit: I see it now, you wanted the OTL log. :( I have already hastily given the computer back.
 
Call them and ask them to reset system restore manually.

Way to go!!
Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back