Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is my computer infected? please view my logs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Is my computer infected? please view my logs

Unread postby Greg Boulton » January 9th, 2012, 5:50 pm

My Hotmail email account has been infected - all the addresses in my address book have been receiving unsolicited emails - is this a problem with my email account or with my computer?
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Run by user at 21:26:06 on 2012-01-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.103 [GMT 11:00]
.
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2645238
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\window
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13/03/2009 3:35:06 PM
System Uptime: 09/01/2012 7:31:34 PM (2 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | VM800PMC
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 18.461 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP635: 12/10/2011 9:34:47 AM - System Checkpoint
RP636: 13/10/2011 11:15:20 AM - System Checkpoint
RP637: 14/10/2011 5:56:18 PM - System Checkpoint
RP638: 15/10/2011 6:33:54 PM - System Checkpoint
RP639: 16/10/2011 2:55:28 PM - Software Distribution Service 3.0
RP640: 17/10/2011 4:59:18 PM - System Checkpoint
RP641: 18/10/2011 5:16:07 PM - System Checkpoint
RP642: 19/10/2011 8:42:55 PM - System Checkpoint
RP643: 23/10/2011 5:36:19 PM - System Checkpoint
RP644: 24/10/2011 5:38:34 PM - System Checkpoint
RP645: 25/10/2011 6:10:43 PM - System Checkpoint
RP646: 27/10/2011 10:16:16 PM - Software Distribution Service 3.0
RP647: 29/10/2011 6:28:30 PM - System Checkpoint
RP648: 30/10/2011 7:29:39 PM - System Checkpoint
RP649: 02/11/2011 4:15:33 PM - System Checkpoint
RP650: 04/11/2011 9:30:15 AM - System Checkpoint
RP651: 06/11/2011 3:58:56 PM - System Checkpoint
RP652: 07/11/2011 8:03:02 PM - System Checkpoint
RP653: 11/11/2011 10:23:55 AM - Software Distribution Service 3.0
RP654: 12/11/2011 12:56:24 PM - System Checkpoint
RP655: 12/11/2011 10:58:24 PM - Software Distribution Service 3.0
RP656: 14/11/2011 8:49:35 AM - System Checkpoint
RP657: 15/11/2011 9:10:39 AM - System Checkpoint
RP658: 16/11/2011 9:45:34 AM - System Checkpoint
RP659: 17/11/2011 12:54:11 PM - System Checkpoint
RP660: 19/11/2011 6:14:45 PM - System Checkpoint
RP661: 20/11/2011 7:20:17 PM - System Checkpoint
RP662: 21/11/2011 8:47:33 PM - System Checkpoint
RP663: 23/11/2011 9:00:42 PM - System Checkpoint
RP664: 26/11/2011 8:41:40 AM - System Checkpoint
RP665: 27/11/2011 11:30:23 AM - System Checkpoint
RP666: 28/11/2011 9:36:02 PM - System Checkpoint
RP667: 01/12/2011 12:08:46 PM - System Checkpoint
RP668: 02/12/2011 2:08:09 PM - System Checkpoint
RP669: 03/12/2011 2:14:14 PM - System Checkpoint
RP670: 04/12/2011 3:38:09 PM - System Checkpoint
RP671: 05/12/2011 4:32:43 PM - System Checkpoint
RP672: 08/12/2011 8:22:31 PM - System Checkpoint
RP673: 10/12/2011 10:02:17 AM - System Checkpoint
RP674: 11/12/2011 11:38:10 AM - System Checkpoint
RP675: 12/12/2011 12:19:51 PM - System Checkpoint
RP676: 13/12/2011 12:56:39 PM - System Checkpoint
RP677: 15/12/2011 8:46:01 AM - System Checkpoint
RP678: 16/12/2011 11:16:13 AM - Software Distribution Service 3.0
RP679: 17/12/2011 8:17:14 PM - System Checkpoint
RP680: 19/12/2011 2:46:54 PM - System Checkpoint
RP681: 22/12/2011 9:19:03 PM - System Checkpoint
RP682: 25/12/2011 10:39:46 AM - System Checkpoint
RP683: 29/12/2011 8:17:56 AM - System Checkpoint
RP684: 31/12/2011 7:43:54 PM - System Checkpoint
RP685: 02/01/2012 10:29:48 AM - System Checkpoint
RP686: 05/01/2012 6:19:16 PM - System Checkpoint
RP687: 08/01/2012 10:38:57 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AUSkey software 1.3.13.2
Bonjour
Canon CanoCraft CS-P 3.8
Canon iP4600 series Printer Driver
Canon S520
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (remove only)
CD-LabelPrint
CDBurnerXP
Common-Use Signing Interface
CommSec Professional Trader
Compatibility Pack for the 2007 Office system
DiMAGE Master Lite
Dulux MyColour4
DVD Solution
e-tax 2009
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
Full Tilt Poker
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
HLPIndex
HLPSFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InCD
iTunes
Java(TM) 6 Update 14
Kaspersky Online Scanner
Kodak EasyShare software
KSU
LG ODD Auto Firmware Update
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components 2.8
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.6.25)
MP3 Player Utilities 1.48
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Launcher
MyVirtualHome
Nokia Connectivity Cable Driver
Notifier
OfotoXMI
OLYMPUS Master 2
OpenOffice.org Installer 1.0
OptusNet Cable Components
OTtBP
OTtBPSDK
ParadisePoker
PCDLNCH
Platform
PokerStars
PowerDVD
PowerProducer
QuickTime
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
Smart Defrag 1.11
Spybot - Search & Destroy
StockMaster
StockMaster Evaluation
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver 6.14.10.0330
VPRINTOL
WebEx
WebFldrs XP
William Hill Poker
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
YHBPM2.0
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Security Toolbar
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
05/01/2012 9:21:30 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
05/01/2012 9:20:56 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Greg Boulton
Active Member
 
Posts: 7
Joined: January 9th, 2012, 6:36 am
Advertisement
Register to Remove

Re: Is my computer infected? please view my logs

Unread postby troy3636 » January 10th, 2012, 3:49 pm

Hello Greg Boulton,

Welcome to the Malware Removal Forum. My name is Troy and I will be assisting you with the malware issues on your computer.
Because I am still in training, all the advice I give must first be checked by an instructor, therefore there may be some delays in my replies.

A few things before we get started
  1. If you have not already done so Please read these forum rules.
  2. Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
  3. Any fixes I may post will be specific to your computer and should not be used on other computers.
  4. While we work on your computer please don't install any new programs, try any other fixes, or run any tools other than those requested.
  5. If at any time my instructions are not clear please ask before proceeding.
  6. Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.

The DDS.txt log appears to have been cut off. Please re-post the complete DDS.txt
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Is my computer infected? please view my logs

Unread postby Greg Boulton » January 10th, 2012, 5:08 pm

Hello Troy I have re-run and posted the DDS.txt logs regards Greg
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Run by user at 7:31:55 on 2012-01-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.47 [GMT 11:00]
.
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2645238
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\Spenser.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [DriverCure] c:\program files\paretologic\drivercure\DriverCure.exe -scan
mRun: [VTTrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/ka ... nicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://prerelease.trendmicro-europe.com ... hcImpl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resourc ... oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 7150530781
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 7717441093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://optionsxpressevents.webex.com/c ... eatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/phot ... NPUpld.cab
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
TCP: Interfaces\{CE8FE2A6-BB76-4C99-87EC-BEA999E8D1F9} : DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\x793x7ke.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\x793x7ke.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\x793x7ke.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\x793x7ke.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\x793x7ke.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\x793x7ke.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCoreGecko8.dll
FF - plugin: c:\documents and settings\user\local settings\application data\abr\plug-in\bin\npAUSkeyPlugin.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common-use signing interface\bin\npCsiPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ZoneAlarm Security Community Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - %profile%\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-3-22 11264]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-12-18 525840]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-4 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-4 497280]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-28 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-28 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2008-12-8 17920]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\drivers\silabser.sys [2008-12-18 62592]
.
=============== Created Last 30 ================
.
2012-01-10 20:24:37 -------- d--h--w- C:\BJPrinter
2012-01-09 09:25:09 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-01-08 06:13:12 -------- d-----w- c:\documents and settings\user\application data\CheckPoint
2012-01-08 06:12:55 -------- d-----w- c:\program files\Conduit
2012-01-08 06:12:53 -------- d-----w- c:\documents and settings\user\local settings\application data\ZoneAlarm_Security
2012-01-08 06:12:49 -------- d-----w- c:\documents and settings\user\local settings\application data\Conduit
2012-01-08 06:12:47 -------- d-----w- c:\program files\ZoneAlarm_Security
2012-01-08 06:12:16 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-01-08 06:10:53 -------- d-----w- c:\program files\CheckPoint
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-13 23:08:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2007-04-26 08:48:18 218112 ----a-w- c:\program files\HijackThis.exe
2004-10-01 04:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 7:33:53.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 13/03/2009 3:35:06 PM
System Uptime: 11/01/2012 7:23:05 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | VM800PMC
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 18.413 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP635: 12/10/2011 9:34:47 AM - System Checkpoint
RP636: 13/10/2011 11:15:20 AM - System Checkpoint
RP637: 14/10/2011 5:56:18 PM - System Checkpoint
RP638: 15/10/2011 6:33:54 PM - System Checkpoint
RP639: 16/10/2011 2:55:28 PM - Software Distribution Service 3.0
RP640: 17/10/2011 4:59:18 PM - System Checkpoint
RP641: 18/10/2011 5:16:07 PM - System Checkpoint
RP642: 19/10/2011 8:42:55 PM - System Checkpoint
RP643: 23/10/2011 5:36:19 PM - System Checkpoint
RP644: 24/10/2011 5:38:34 PM - System Checkpoint
RP645: 25/10/2011 6:10:43 PM - System Checkpoint
RP646: 27/10/2011 10:16:16 PM - Software Distribution Service 3.0
RP647: 29/10/2011 6:28:30 PM - System Checkpoint
RP648: 30/10/2011 7:29:39 PM - System Checkpoint
RP649: 02/11/2011 4:15:33 PM - System Checkpoint
RP650: 04/11/2011 9:30:15 AM - System Checkpoint
RP651: 06/11/2011 3:58:56 PM - System Checkpoint
RP652: 07/11/2011 8:03:02 PM - System Checkpoint
RP653: 11/11/2011 10:23:55 AM - Software Distribution Service 3.0
RP654: 12/11/2011 12:56:24 PM - System Checkpoint
RP655: 12/11/2011 10:58:24 PM - Software Distribution Service 3.0
RP656: 14/11/2011 8:49:35 AM - System Checkpoint
RP657: 15/11/2011 9:10:39 AM - System Checkpoint
RP658: 16/11/2011 9:45:34 AM - System Checkpoint
RP659: 17/11/2011 12:54:11 PM - System Checkpoint
RP660: 19/11/2011 6:14:45 PM - System Checkpoint
RP661: 20/11/2011 7:20:17 PM - System Checkpoint
RP662: 21/11/2011 8:47:33 PM - System Checkpoint
RP663: 23/11/2011 9:00:42 PM - System Checkpoint
RP664: 26/11/2011 8:41:40 AM - System Checkpoint
RP665: 27/11/2011 11:30:23 AM - System Checkpoint
RP666: 28/11/2011 9:36:02 PM - System Checkpoint
RP667: 01/12/2011 12:08:46 PM - System Checkpoint
RP668: 02/12/2011 2:08:09 PM - System Checkpoint
RP669: 03/12/2011 2:14:14 PM - System Checkpoint
RP670: 04/12/2011 3:38:09 PM - System Checkpoint
RP671: 05/12/2011 4:32:43 PM - System Checkpoint
RP672: 08/12/2011 8:22:31 PM - System Checkpoint
RP673: 10/12/2011 10:02:17 AM - System Checkpoint
RP674: 11/12/2011 11:38:10 AM - System Checkpoint
RP675: 12/12/2011 12:19:51 PM - System Checkpoint
RP676: 13/12/2011 12:56:39 PM - System Checkpoint
RP677: 15/12/2011 8:46:01 AM - System Checkpoint
RP678: 16/12/2011 11:16:13 AM - Software Distribution Service 3.0
RP679: 17/12/2011 8:17:14 PM - System Checkpoint
RP680: 19/12/2011 2:46:54 PM - System Checkpoint
RP681: 22/12/2011 9:19:03 PM - System Checkpoint
RP682: 25/12/2011 10:39:46 AM - System Checkpoint
RP683: 29/12/2011 8:17:56 AM - System Checkpoint
RP684: 31/12/2011 7:43:54 PM - System Checkpoint
RP685: 02/01/2012 10:29:48 AM - System Checkpoint
RP686: 05/01/2012 6:19:16 PM - System Checkpoint
RP687: 08/01/2012 10:38:57 AM - System Checkpoint
RP688: 10/01/2012 8:53:16 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AUSkey software 1.3.13.2
Bonjour
Canon CanoCraft CS-P 3.8
Canon iP4600 series Printer Driver
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (remove only)
CD-LabelPrint
CDBurnerXP
Common-Use Signing Interface
CommSec Professional Trader
Compatibility Pack for the 2007 Office system
DiMAGE Master Lite
Dulux MyColour4
DVD Solution
e-tax 2009
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
Full Tilt Poker
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
HLPIndex
HLPSFO
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
InCD
iTunes
Java(TM) 6 Update 14
Kaspersky Online Scanner
Kodak EasyShare software
KSU
LG ODD Auto Firmware Update
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Data Access Components 2.8
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.6.25)
MP3 Player Utilities 1.48
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Multimedia Launcher
MyVirtualHome
Nokia Connectivity Cable Driver
Notifier
OfotoXMI
OLYMPUS Master 2
OpenOffice.org Installer 1.0
OptusNet Cable Components
OTtBP
OTtBPSDK
ParadisePoker
PCDLNCH
Platform
PokerStars
PowerDVD
PowerProducer
QuickTime
Safari
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SFR2
Smart Defrag 1.11
Spybot - Search & Destroy
StockMaster
StockMaster Evaluation
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver 6.14.10.0330
VPRINTOL
WebEx
WebFldrs XP
William Hill Poker
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
YHBPM2.0
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Security Toolbar
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
05/01/2012 9:21:30 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
05/01/2012 9:20:56 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Greg Boulton
Active Member
 
Posts: 7
Joined: January 9th, 2012, 6:36 am

Re: Is my computer infected? please view my logs

Unread postby troy3636 » January 13th, 2012, 4:56 pm

Hello Greg Boulton,

I apologize for the delay. I should have some answers for you shortly.

What is this computer used for?

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Is my computer infected? please view my logs

Unread postby Greg Boulton » January 15th, 2012, 5:06 am

Hi Troy the computer is used for home use - since I posted the logs I have run Microsoft scanner "ert". The scan deleted files "Exploit:HTML/cve-2010-4452A and VIR Tool:35/obfuscator.bh" I have since realized that I should not have run the scanner - is this a problem? regards Greg
Greg Boulton
Active Member
 
Posts: 7
Joined: January 9th, 2012, 6:36 am

Re: Is my computer infected? please view my logs

Unread postby troy3636 » January 16th, 2012, 12:22 pm

Hi Greg Boulton,

Please refrain from running using any additional tools other than the ones I ask for. It makes it harder to research the logs.

The symptoms you describe sound like a compromised e-mail account so I advise you to change your hotmail account password.

You DDS logs do indicate an infection on your computer. Please follow these steps to start the cleanup process.

Step 1
Back up registry with ERUNT
  1. Please download ERUNT by Lars Hederer and save it to your desktop. alternate download
  2. Double click erunt-setup-exe and follow the prompts to install ERUNT using the default settings.
  3. When asked if you want to add ERUNT to the Start-up folder select NO
  4. Make sure the box marked launch ERUNT is checked and click Finish
  5. Follow the prompts to create a backup to the default location.
  6. under backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  7. When you see a pop up message saying Registry backup is complete! click OK to finish. If you do not see this message DO NOT continue let me know.


Step 2
No Anti-Virus!
It is extremely important to keep one up to date Anti-Virus program running on your computer.
I personally recommend one of these free programs.

Installing new Anti-Virus Software
  1. Download the new Anti-virus product to your computer desktop.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Uninstall any existing anti-virus product... Use the AV uninstall option if available.
  4. Reboot your computer, if not done during the uninstall.
  5. Install the new AV product... following installation instructions.
  6. Check for updates to the new AV product, if not done during install setup.
  7. Run a full scan of your computer.

Step 3
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Double click on OTL.exe to run it.
  2. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  3. Click on Run Scan at the top left hand corner.
  4. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  5. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Do you know what the following programs are?
AUSkey software 1.3.13.2
Common-Use Signing Interface


Please include in your next reply
  • OTL.txt
  • Extras.txt
  • Answers to my questions
  • Any changes in the way your computer is behaving
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Is my computer infected? please view my logs

Unread postby Greg Boulton » January 17th, 2012, 6:21 am

Hi Troy yes you are correct my email account has been compromised and my Hotmail account is now blocked (I can not sign in) I have done the registry backup with ERUNT and have downloaded (and run) AVAST. I have also downloaded OTL but when I did the scan it kept freezing so I deleted it and downloaded it from another source. I then ran the scan completly but then it froze - my computer now seems slow and I cannot use Firefox (it will not load). I dont know what the programs are that you have inquired about - I purchased this computer second hand ,it was orignally part of an office network - maybe this is something to do with the programs regards Greg
Greg Boulton
Active Member
 
Posts: 7
Joined: January 9th, 2012, 6:36 am

Re: Is my computer infected? please view my logs

Unread postby troy3636 » January 18th, 2012, 8:44 am

Hi Greg Boulton,

Step 1
MGADiag.exe
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Step 2
TDSSKiller
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. Note: It is VERY IMPORTANT to run this from your desktop.
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. abc123.com).
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If any suspicious or malicious objects are detected ensure Skip is selected then click Continue. Do not attempt to fix anything yet!
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.


When running OTL, did Avast give you the option to "open in sandbox"?
If so, please try to run OTL again making sure to select "open normally".

If OTL still will not run, please reply back and we will have to try another route.

Please include in your next reply:
  • MGADiag log
  • TDSSKiller log
  • OTL.txt
  • Extras.txt
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Is my computer infected? please view my logs

Unread postby Greg Boulton » January 19th, 2012, 7:53 pm

Hi Troy I can not run MGADiag (tried for 4 hours). I have posted OTL.txt and Extras.txt - ihave posted TDSSKiller.exe in a seperate reply regards Greg


OTL logfile created on: 20/01/2012 9:43:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 114.85 Mb Available Physical Memory | 25.67% Memory free
1.03 Gb Paging File | 0.66 Gb Available in Paging File | 64.30% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.99 Gb Free Space | 22.80% Space Free | Partition Type: NTFS

Computer Name: OWNER-7DC03790F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/20 09:42:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2011/11/29 05:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/29 05:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/01/15 23:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/06/13 22:35:00 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/10/20 23:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/05/15 18:26:02 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 12:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2006/08/25 16:52:18 | 000,176,128 | R--- | M] (S3 Graphics Co., Ltd.) -- C:\WINDOWS\system32\VTTrayp.exe
PRC - [2006/08/03 17:53:00 | 000,053,248 | R--- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2005/07/08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/08/11 03:22:40 | 000,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2004/02/13 15:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/20 08:09:30 | 001,681,408 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12011902\algo.dll
MOD - [2012/01/19 19:52:50 | 001,679,360 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12011900\algo.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/10/20 23:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2004/08/11 03:23:16 | 000,229,376 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\PCDLaunchSysX.syx
MOD - [2004/08/11 03:15:28 | 000,491,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaEmail.dll
MOD - [2004/08/11 03:13:58 | 000,925,696 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2004/08/11 03:12:18 | 000,056,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2004/08/11 03:10:08 | 000,286,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2004/08/11 03:09:48 | 000,120,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2004/08/11 03:08:58 | 001,019,904 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.dll
MOD - [2004/08/11 03:08:02 | 000,282,624 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2004/08/11 03:02:16 | 000,253,952 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2004/07/23 09:24:28 | 000,397,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\cameratodos.syx
MOD - [2004/07/23 09:23:58 | 000,380,928 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnLine.dll
MOD - [2004/07/23 09:21:18 | 000,618,496 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistacameraUploadSysx.syx
MOD - [2004/07/23 09:16:44 | 000,352,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Escom.dll
MOD - [2004/07/23 09:04:20 | 000,081,920 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2004/07/23 09:00:16 | 000,012,800 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistaCameraUploadCamBack.dll
MOD - [2004/07/23 09:00:00 | 000,013,824 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCameratodosCamBack.dll
MOD - [2004/07/23 08:20:56 | 000,013,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocVistacameraUploadSysx.dll
MOD - [2004/02/13 15:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
MOD - [2004/02/11 17:58:16 | 000,147,493 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\bwfiles.dll
MOD - [2004/02/11 17:58:16 | 000,094,243 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\FrExt.dll
MOD - [2004/02/11 17:58:16 | 000,061,496 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\6.3.2.62-7288971L\Program\clntutil.dll
MOD - [2003/06/08 20:21:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWTargetInf.dll
MOD - [2003/06/08 18:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\frext-7288971.dll
MOD - [2003/06/08 18:47:42 | 000,020,528 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWfiles-7288971.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/29 05:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/18 17:40:24 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/15 23:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/09 06:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2008/10/20 23:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2005/07/08 16:24:46 | 000,871,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011/11/29 04:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/29 04:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/29 04:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/29 04:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/29 04:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/29 04:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/29 04:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/12/18 18:31:56 | 000,062,592 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2008/12/08 17:09:08 | 000,017,920 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2006/08/10 17:32:14 | 000,204,672 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/03/14 13:06:01 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006/02/23 14:39:06 | 000,011,264 | R--- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006/02/23 14:38:32 | 000,009,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2005/12/22 12:24:52 | 000,137,884 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/12/22 12:24:52 | 000,010,864 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/12/22 12:24:50 | 000,080,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2005/07/08 16:17:54 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/08 16:17:36 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2000/06/07 02:01:00 | 000,016,032 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ScFBPNT3.sys -- (ScFBPNT3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-1292428093-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
IE - HKU\S-1-5-21-839522115-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-839522115-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@csi.business.gov.au/CsiPlugin: C:\Program Files\Common-Use Signing Interface\bin\npCsiPlugin.dll (Commonwealth Government of Australia)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@abr.gov.au/KeyMgmtPlugin: C:\Documents and Settings\user\Local Settings\Application Data\ABR\Plug-In\bin\npAUSkeyPlugin.dll (Commonwealth Government of Australia)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/17 07:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/05 20:12:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/22 14:02:12 | 000,000,000 | ---D | M]

[2009/03/18 12:45:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012/01/17 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x793x7ke.default\extensions
[2009/09/02 20:52:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x793x7ke.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/06 09:01:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x793x7ke.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/10/24 11:14:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\x793x7ke.default\searchplugins\conduit.xml
[2012/01/17 09:48:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/17 07:45:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/06/13 22:35:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2009/03/13 17:10:04 | 000,302,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10436 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-839522115-1292428093-725345543-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTTrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKU\S-1-5-21-839522115-1292428093-725345543-1003..\Run: [DriverCure] C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe -scan File not found
O4 - HKU\S-1-5-21-839522115-1292428093-725345543-1003..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-1292428093-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-839522115-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-839522115-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-839522115-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://prerelease.trendmicro-europe.com ... hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.5.0.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7150530781 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 7717441093 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://optionsxpressevents.webex.com/c ... eatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/phot ... NPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8FE2A6-BB76-4C99-87EC-BEA999E8D1F9}: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Spenser.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/22 13:31:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d7a92eb-d877-11db-a1cd-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0d7a92eb-d877-11db-a1cd-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d7a92eb-d877-11db-a1cd-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{415827d6-f1ff-11db-bd09-001a4d24cc7c}\Shell - "" = AutoRun
O33 - MountPoints2\{415827d6-f1ff-11db-bd09-001a4d24cc7c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{415827d6-f1ff-11db-bd09-001a4d24cc7c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O33 - MountPoints2\{4799c103-9d8a-11de-8728-001a4d24cc7c}\Shell - "" = AutoRun
O33 - MountPoints2\{4799c103-9d8a-11de-8728-001a4d24cc7c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4799c103-9d8a-11de-8728-001a4d24cc7c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O33 - MountPoints2\{5763e8dc-0f92-11de-8583-001a4d24cc7c}\Shell - "" = AutoRun
O33 - MountPoints2\{5763e8dc-0f92-11de-8583-001a4d24cc7c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5763e8dc-0f92-11de-8583-001a4d24cc7c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{57a324c0-80d9-11de-86d0-001a4d24cc7c}\Shell - "" = AutoRun
O33 - MountPoints2\{57a324c0-80d9-11de-86d0-001a4d24cc7c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{57a324c0-80d9-11de-86d0-001a4d24cc7c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O33 - MountPoints2\{670eb642-77be-11dc-bf56-001a4d24cc7c}\Shell\AutoRun\command - "" = achina.exe
O33 - MountPoints2\{87d09692-b7a6-11dd-845a-001a4d24cc7c}\Shell - "" = AutoRun
O33 - MountPoints2\{87d09692-b7a6-11dd-845a-001a4d24cc7c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87d09692-b7a6-11dd-845a-001a4d24cc7c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O33 - MountPoints2\{d7192e7c-b4ec-11df-8a5b-001a4d24cc7c}\Shell - "" = AutoRun
O33 - MountPoints2\{d7192e7c-b4ec-11df-8a5b-001a4d24cc7c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d7192e7c-b4ec-11df-8a5b-001a4d24cc7c}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/20 09:42:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2012/01/20 09:36:49 | 002,054,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2012/01/19 09:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2012/01/19 09:25:53 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\MGADiag.exe
[2012/01/17 07:45:49 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/17 07:45:49 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/17 07:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/01/17 07:45:45 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/17 07:45:45 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/17 07:45:44 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/17 07:45:43 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/17 07:45:43 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/17 07:45:42 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/17 07:45:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/17 07:45:09 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/17 07:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/17 07:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/01/17 07:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/17 07:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/17 07:20:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\user\Desktop\erunt-setup.exe
[2012/01/12 18:39:23 | 077,458,624 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\msert.exe
[2012/01/12 08:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PokerStars
[2012/01/12 08:26:10 | 014,519,328 | ---- | C] (PokerStars) -- C:\Documents and Settings\user\Desktop\PokerStarsInstall.exe
[2012/01/11 07:24:37 | 000,000,000 | -H-D | C] -- C:\BJPrinter
[2012/01/09 21:16:34 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr
[2012/01/09 20:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/01/09 19:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2012/01/09 19:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2012/01/08 17:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\ForceField Shared Files
[2012/01/08 17:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\CheckPoint
[2012/01/08 17:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Conduit
[2012/01/08 17:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2012/01/08 17:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/01/08 17:01:05 | 005,071,216 | ---- | C] (Check Point Software Technologies LTD) -- C:\Documents and Settings\user\My Documents\zaSetupWeb_101_079_000.exe
[2012/01/05 20:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\SKYE
[2007/05/03 10:32:44 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/20 09:42:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2012/01/20 09:36:56 | 002,054,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\user\Desktop\tdsskiller.exe
[2012/01/20 09:20:56 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/20 09:20:53 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/20 09:15:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 21:04:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 09:26:14 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\MGADiag.exe
[2012/01/17 13:55:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/17 07:45:50 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/17 07:45:44 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/17 07:32:59 | 064,207,032 | ---- | M] () -- C:\Documents and Settings\user\Desktop\setup_av_free_cnet.exe
[2012/01/17 07:21:38 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\user\Desktop\NTREGOPT.lnk
[2012/01/17 07:21:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ERUNT.lnk
[2012/01/17 07:20:21 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\user\Desktop\erunt-setup.exe
[2012/01/13 09:07:14 | 000,013,614 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Noosa 2011+ Lorne 2012 Daves Photos.dxp
[2012/01/12 18:51:29 | 077,458,624 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\user\Desktop\msert.exe
[2012/01/12 08:28:56 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/12 08:28:56 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2012/01/12 08:27:23 | 014,519,328 | ---- | M] (PokerStars) -- C:\Documents and Settings\user\Desktop\PokerStarsInstall.exe
[2012/01/11 22:14:51 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/11 22:04:48 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 22:04:48 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/11 20:59:12 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ParadisePoker.lnk
[2012/01/11 20:57:47 | 009,205,192 | ---- | M] () -- C:\Documents and Settings\user\Desktop\paradisepoker_com jan2012.exe
[2012/01/09 21:16:34 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\user\Desktop\dds.scr
[2012/01/09 19:43:12 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2012/01/09 19:43:12 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/01/08 22:00:00 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2012/01/08 17:01:05 | 005,071,216 | ---- | M] (Check Point Software Technologies LTD) -- C:\Documents and Settings\user\My Documents\zaSetupWeb_101_079_000.exe
[2012/01/06 15:32:29 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/24 12:43:20 | 000,327,774 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Christmas-Tree-Red.jpg
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/17 07:45:50 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/01/17 07:32:50 | 064,207,032 | ---- | C] () -- C:\Documents and Settings\user\Desktop\setup_av_free_cnet.exe
[2012/01/17 07:21:38 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\user\Desktop\NTREGOPT.lnk
[2012/01/17 07:21:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ERUNT.lnk
[2012/01/13 09:07:11 | 000,013,614 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Noosa 2011+ Lorne 2012 Daves Photos.dxp
[2012/01/12 08:28:56 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk
[2012/01/12 08:28:56 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PokerStars.lnk
[2012/01/11 20:54:35 | 009,205,192 | ---- | C] () -- C:\Documents and Settings\user\Desktop\paradisepoker_com jan2012.exe
[2011/12/24 12:43:18 | 000,327,774 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Christmas-Tree-Red.jpg
[2011/08/09 11:39:50 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2010/06/16 22:06:10 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2010/06/16 21:54:47 | 000,016,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT3.sys
[2009/06/12 00:23:01 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/30 23:44:20 | 000,000,432 | ---- | C] () -- C:\WINDOWS\SFUND.INI
[2009/03/18 12:46:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/06/01 09:57:53 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2008/06/01 09:57:53 | 000,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2008/06/01 09:57:53 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
[2008/04/14 23:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 23:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/11/19 14:11:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2007/11/19 14:09:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/07/25 16:52:53 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007/06/17 19:02:18 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/14 22:13:59 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\UnPoker.exe
[2007/05/10 23:12:22 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/30 08:51:43 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2007/03/23 00:23:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/03/23 00:20:23 | 000,267,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/22 14:42:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/22 14:36:28 | 000,000,359 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2007/03/22 14:32:45 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2007/03/22 13:34:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/03/22 13:28:27 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/05 22:17:34 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS3m.DLL
[2006/05/25 02:22:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2005/03/01 16:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/09/17 18:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/08/04 23:00:00 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 23:00:00 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/05/19 13:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/09/08 18:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

< End of report >




OTL Extras logfile created on: 20/01/2012 9:43:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd/MM/yyyy

447.48 Mb Total Physical Memory | 114.85 Mb Available Physical Memory | 25.67% Memory free
1.03 Gb Paging File | 0.66 Gb Available in Paging File | 64.30% Paging File free
Paging file location(s): c:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 16.99 Gb Free Space | 22.80% Space Free | Partition Type: NTFS

Computer Name: OWNER-7DC03790F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-839522115-1292428093-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"80:TCP" = 80:TCP:*:Enabled:websrvx
"53:TCP" = 53:TCP:*:Enabled:websrvx

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0815D55A-5EFF-4E1B-8C04-7035E914D90D}" = OLYMPUS Master 2
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{53C4971B-F57C-4EFC-A2B5-74998E119234}" = Samsung PC Studio 3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}" = MP3 Player Utilities 1.48
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73BD08B1-A856-4F4C-8CCA-BD307846FC01}" = Microsoft Data Access Components 2.8
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB4E6854-A093-4E23-AAB8-60A0800BB590}" = AUSkey software 1.3.13.2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD604EFA-117C-4748-A936-1E392CDDB392}" = CommSec Professional Trader
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D312E40B-1C59-4823-AB48-6798D85ABBE4}" = DiMAGE Master Lite
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F4804862-A4F6-4DA2-B380-2EBD6E0E0BAB}" = YHBPM2.0
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{FB3BE405-6BF0-490A-84B3-00611385EA0D}" = Common-Use Signing Interface
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"avast" = avast! Free Antivirus
"CanoCraft CS-P 3.8" = Canon CanoCraft CS-P 3.8
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Common-Use Signing Interface" = Common-Use Signing Interface
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OptusNet Cable Components" = OptusNet Cable Components
"ParadisePoker" = ParadisePoker
"PokerStars" = PokerStars
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Smart Defrag_is1" = Smart Defrag 1.11
"StockMaster" = StockMaster
"StockMaster Evaluation" = StockMaster Evaluation
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0330
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"William Hill Poker" = William Hill Poker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-839522115-1292428093-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dulux MyColour4" = Dulux MyColour4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/01/2012 11:21:30 PM | Computer Name = OWNER-7DC03790F | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4363, faulting
module coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 08/01/2012 4:00:49 AM | Computer Name = OWNER-7DC03790F | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 08/01/2012 4:00:54 AM | Computer Name = OWNER-7DC03790F | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4363, faulting
module coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 08/01/2012 4:01:20 AM | Computer Name = OWNER-7DC03790F | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 08/01/2012 4:01:20 AM | Computer Name = OWNER-7DC03790F | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4363, faulting
module coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 10/01/2012 5:31:55 AM | Computer Name = OWNER-7DC03790F | Source = .NET Runtime | ID = 1023
Description = Application: plugin-container.exe CoreCLR Version: 4.0.60831.0 Description:
The process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 10/01/2012 5:31:58 AM | Computer Name = OWNER-7DC03790F | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4363, faulting
module coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 17/01/2012 5:19:25 AM | Computer Name = OWNER-7DC03790F | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

Error - 17/01/2012 5:25:00 AM | Computer Name = OWNER-7DC03790F | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 17/01/2012 5:51:37 AM | Computer Name = OWNER-7DC03790F | Source = Userenv | ID = 1512
Description = Windows cannot unload your registry file. The memory used by the registry
has not been freed. This is often caused by services running as a user account,
try configuring the services to run in either the LocalService or NetworkService
account. If this problem persists, contact your administrator. DETAIL - Insufficient
system resources exist to complete the requested service.

[ System Events ]
Error - 17/12/2011 6:37:38 AM | Computer Name = OWNER-7DC03790F | Source = Print | ID = 6161
Description = The document 24373129-e-ticket-Y3LGSI.pdf owned by user failed to
print on printer Canon iP4600 series (Copy 1). Data type: NT EMF 1.008. Size of
the spool file in bytes: 1019088. Number of bytes printed: 761192. Total number
of pages in the document: 7. Number of pages printed: 0. Client machine: \\OWNER-7DC03790F.
Win32 error code returned by the print processor: 13 (0xd).

Error - 05/01/2012 6:20:56 AM | Computer Name = OWNER-7DC03790F | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 05/01/2012 6:21:30 AM | Computer Name = OWNER-7DC03790F | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 11/01/2012 6:38:14 AM | Computer Name = OWNER-7DC03790F | Source = Print | ID = 6161
Description = The document Bossini Men's Easy to Match Casual Blue Denim Shorts
Pants | eBay owned by user failed to print on printer Canon iP4600 series (Copy
1). Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes
printed: 0. Total number of pages in the document: 0. Number of pages printed:
0. Client machine: \\OWNER-7DC03790F. Win32 error code returned by the print processor:
259 (0x103).

Error - 11/01/2012 6:39:15 AM | Computer Name = OWNER-7DC03790F | Source = Print | ID = 6161
Description = The document Bossini Men's Easy to Match Casual Blue Denim Shorts
Pants | eBay owned by user failed to print on printer Canon iP4600 series (Copy
1). Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes
printed: 0. Total number of pages in the document: 0. Number of pages printed:
0. Client machine: \\OWNER-7DC03790F. Win32 error code returned by the print processor:
259 (0x103).

Error - 17/01/2012 4:48:30 AM | Computer Name = OWNER-7DC03790F | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Greg Boulton
Active Member
 
Posts: 7
Joined: January 9th, 2012, 6:36 am

Re: Is my computer infected? please view my logs

Unread postby Greg Boulton » January 19th, 2012, 7:57 pm

Hi Troy Here is TDSSKiller.xex regards Greg


09:37:23.0375 3212 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
09:37:24.0484 3212 ============================================================
09:37:24.0484 3212 Current date / time: 2012/01/20 09:37:24.0484
09:37:24.0484 3212 SystemInfo:
09:37:24.0484 3212
09:37:24.0484 3212 OS Version: 5.1.2600 ServicePack: 3.0
09:37:24.0484 3212 Product type: Workstation
09:37:24.0484 3212 ComputerName: OWNER-7DC03790F
09:37:24.0484 3212 UserName: user
09:37:24.0484 3212 Windows directory: C:\WINDOWS
09:37:24.0484 3212 System windows directory: C:\WINDOWS
09:37:24.0484 3212 Processor architecture: Intel x86
09:37:24.0484 3212 Number of processors: 2
09:37:24.0484 3212 Page size: 0x1000
09:37:24.0484 3212 Boot type: Normal boot
09:37:24.0484 3212 ============================================================
09:37:27.0015 3212 Drive \Device\Harddisk0\DR0 - Size: 0x12A1E0DE00 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:37:27.0140 3212 Initialize success
09:37:42.0187 2396 ============================================================
09:37:42.0187 2396 Scan started
09:37:42.0187 2396 Mode: Manual;
09:37:42.0187 2396 ============================================================
09:37:42.0406 2396 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
09:37:42.0406 2396 Aavmker4 - ok
09:37:42.0468 2396 Abiosdsk - ok
09:37:42.0546 2396 abp480n5 - ok
09:37:42.0671 2396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:37:42.0671 2396 ACPI - ok
09:37:42.0812 2396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:37:42.0812 2396 ACPIEC - ok
09:37:42.0921 2396 adpu160m - ok
09:37:43.0031 2396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:37:43.0046 2396 aec - ok
09:37:43.0156 2396 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:37:43.0187 2396 AFD - ok
09:37:43.0250 2396 Aha154x - ok
09:37:43.0328 2396 aic78u2 - ok
09:37:43.0437 2396 aic78xx - ok
09:37:43.0531 2396 AliIde - ok
09:37:43.0609 2396 amsint - ok
09:37:43.0734 2396 asc - ok
09:37:43.0812 2396 asc3350p - ok
09:37:43.0890 2396 asc3550 - ok
09:37:44.0078 2396 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:37:44.0078 2396 aswFsBlk - ok
09:37:44.0187 2396 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
09:37:44.0187 2396 aswMon2 - ok
09:37:44.0328 2396 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
09:37:44.0328 2396 aswRdr - ok
09:37:44.0453 2396 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
09:37:44.0484 2396 aswSnx - ok
09:37:44.0609 2396 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
09:37:44.0609 2396 aswSP - ok
09:37:44.0734 2396 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
09:37:44.0734 2396 aswTdi - ok
09:37:44.0843 2396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:37:44.0843 2396 AsyncMac - ok
09:37:44.0953 2396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:37:44.0953 2396 atapi - ok
09:37:45.0046 2396 Atdisk - ok
09:37:45.0203 2396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:37:45.0203 2396 Atmarpc - ok
09:37:45.0328 2396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:37:45.0328 2396 audstub - ok
09:37:45.0453 2396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:37:45.0453 2396 Beep - ok
09:37:45.0609 2396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:37:45.0609 2396 cbidf2k - ok
09:37:45.0671 2396 cd20xrnt - ok
09:37:45.0781 2396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:37:45.0781 2396 Cdaudio - ok
09:37:45.0906 2396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:37:45.0953 2396 Cdfs - ok
09:37:46.0078 2396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:37:46.0078 2396 Cdrom - ok
09:37:46.0187 2396 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
09:37:46.0203 2396 cercsr6 - ok
09:37:46.0281 2396 Changer - ok
09:37:46.0390 2396 CmdIde - ok
09:37:46.0515 2396 Cpqarray - ok
09:37:46.0609 2396 dac2w2k - ok
09:37:46.0718 2396 dac960nt - ok
09:37:46.0843 2396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:37:46.0843 2396 Disk - ok
09:37:46.0984 2396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:37:47.0015 2396 dmboot - ok
09:37:47.0125 2396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
09:37:47.0140 2396 dmio - ok
09:37:47.0250 2396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:37:47.0250 2396 dmload - ok
09:37:47.0375 2396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:37:47.0375 2396 DMusic - ok
09:37:47.0484 2396 dpti2o - ok
09:37:47.0609 2396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:37:47.0625 2396 drmkaud - ok
09:37:47.0781 2396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:37:47.0796 2396 Fastfat - ok
09:37:47.0937 2396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:37:47.0937 2396 Fdc - ok
09:37:48.0062 2396 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
09:37:48.0062 2396 FETND5BV - ok
09:37:48.0125 2396 FETNDIS - ok
09:37:48.0250 2396 FETNDISB (a583bc166495b07f704533754ce29cbd) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys
09:37:48.0250 2396 FETNDISB - ok
09:37:48.0343 2396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:37:48.0359 2396 Fips - ok
09:37:48.0500 2396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:37:48.0515 2396 Flpydisk - ok
09:37:48.0625 2396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:37:48.0625 2396 FltMgr - ok
09:37:48.0734 2396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:37:48.0734 2396 Fs_Rec - ok
09:37:48.0859 2396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:37:48.0859 2396 Ftdisk - ok
09:37:48.0968 2396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
09:37:48.0968 2396 GEARAspiWDM - ok
09:37:49.0093 2396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:37:49.0093 2396 Gpc - ok
09:37:49.0250 2396 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:37:49.0250 2396 HidUsb - ok
09:37:49.0328 2396 hpn - ok
09:37:49.0453 2396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:37:49.0468 2396 HTTP - ok
09:37:49.0546 2396 i2omgmt - ok
09:37:49.0625 2396 i2omp - ok
09:37:49.0750 2396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:37:49.0750 2396 i8042prt - ok
09:37:49.0890 2396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:37:49.0906 2396 Imapi - ok
09:37:50.0031 2396 InCDfs (b87fc7c71632240dac8f4d20e9ce8377) C:\WINDOWS\system32\drivers\InCDfs.sys
09:37:50.0046 2396 InCDfs - ok
09:37:50.0156 2396 InCDPass (2e878405128ec98886eb9c2216ac7bd6) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
09:37:50.0156 2396 InCDPass - ok
09:37:50.0265 2396 InCDrec (ddf078917a42f105385d7eb6debb3433) C:\WINDOWS\system32\drivers\InCDrec.sys
09:37:50.0281 2396 InCDrec - ok
09:37:50.0406 2396 incdrm (7f352360e947ad2cd4ba60de27b1a299) C:\WINDOWS\system32\drivers\incdrm.sys
09:37:50.0406 2396 incdrm - ok
09:37:50.0500 2396 ini910u - ok
09:37:50.0640 2396 IntelIde - ok
09:37:50.0750 2396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:37:50.0750 2396 intelppm - ok
09:37:50.0859 2396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:37:50.0859 2396 Ip6Fw - ok
09:37:50.0968 2396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:37:50.0968 2396 IpFilterDriver - ok
09:37:51.0062 2396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:37:51.0062 2396 IpInIp - ok
09:37:51.0171 2396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:37:51.0187 2396 IpNat - ok
09:37:51.0312 2396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:37:51.0312 2396 IPSec - ok
09:37:51.0421 2396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:37:51.0421 2396 IRENUM - ok
09:37:51.0546 2396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:37:51.0546 2396 isapnp - ok
09:37:51.0718 2396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:37:51.0718 2396 Kbdclass - ok
09:37:51.0828 2396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:37:51.0843 2396 kmixer - ok
09:37:51.0953 2396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:37:51.0953 2396 KSecDD - ok
09:37:52.0046 2396 lbrtfdc - ok
09:37:52.0281 2396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:37:52.0281 2396 mnmdd - ok
09:37:52.0406 2396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:37:52.0406 2396 Modem - ok
09:37:52.0531 2396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:37:52.0531 2396 Mouclass - ok
09:37:52.0640 2396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:37:52.0656 2396 mouhid - ok
09:37:52.0781 2396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:37:52.0796 2396 MountMgr - ok
09:37:52.0875 2396 mraid35x - ok
09:37:53.0000 2396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:37:53.0000 2396 MRxDAV - ok
09:37:53.0109 2396 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:37:53.0140 2396 MRxSmb - ok
09:37:53.0265 2396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:37:53.0281 2396 Msfs - ok
09:37:53.0390 2396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:37:53.0390 2396 MSKSSRV - ok
09:37:53.0500 2396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:37:53.0500 2396 MSPCLOCK - ok
09:37:53.0609 2396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:37:53.0609 2396 MSPQM - ok
09:37:53.0750 2396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:37:53.0750 2396 mssmbios - ok
09:37:53.0812 2396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:37:53.0828 2396 Mup - ok
09:37:53.0968 2396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:37:53.0968 2396 NDIS - ok
09:37:54.0062 2396 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:37:54.0062 2396 NdisTapi - ok
09:37:54.0187 2396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:37:54.0187 2396 Ndisuio - ok
09:37:54.0296 2396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:37:54.0296 2396 NdisWan - ok
09:37:54.0453 2396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:37:54.0453 2396 NDProxy - ok
09:37:54.0562 2396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:37:54.0562 2396 NetBIOS - ok
09:37:54.0718 2396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:37:54.0718 2396 NetBT - ok
09:37:54.0921 2396 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\WINDOWS\system32\drivers\ccdcmb.sys
09:37:54.0921 2396 nmwcd - ok
09:37:55.0031 2396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:37:55.0031 2396 Npfs - ok
09:37:55.0171 2396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:37:55.0187 2396 Ntfs - ok
09:37:55.0312 2396 NTSIM (a568b9a9ffe2d9387222a5c90f86d731) C:\WINDOWS\system32\ntsim.sys
09:37:55.0343 2396 NTSIM - ok
09:37:55.0421 2396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:37:55.0437 2396 Null - ok
09:37:55.0531 2396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:37:55.0531 2396 NwlnkFlt - ok
09:37:55.0640 2396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:37:55.0656 2396 NwlnkFwd - ok
09:37:55.0812 2396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:37:55.0812 2396 Parport - ok
09:37:55.0937 2396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:37:55.0937 2396 PartMgr - ok
09:37:56.0046 2396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:37:56.0046 2396 ParVdm - ok
09:37:56.0171 2396 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:37:56.0171 2396 PCI - ok
09:37:56.0250 2396 PCIDump - ok
09:37:56.0375 2396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
09:37:56.0375 2396 PCIIde - ok
09:37:56.0500 2396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:37:56.0515 2396 Pcmcia - ok
09:37:56.0593 2396 PDCOMP - ok
09:37:56.0671 2396 PDFRAME - ok
09:37:56.0734 2396 PDRELI - ok
09:37:56.0812 2396 PDRFRAME - ok
09:37:56.0906 2396 perc2 - ok
09:37:57.0000 2396 perc2hib - ok
09:37:57.0203 2396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:37:57.0203 2396 PptpMiniport - ok
09:37:57.0328 2396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:37:57.0328 2396 PSched - ok
09:37:57.0453 2396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:37:57.0453 2396 Ptilink - ok
09:37:57.0546 2396 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
09:37:57.0562 2396 PxHelp20 - ok
09:37:57.0640 2396 ql1080 - ok
09:37:57.0718 2396 Ql10wnt - ok
09:37:57.0796 2396 ql12160 - ok
09:37:57.0890 2396 ql1240 - ok
09:37:57.0968 2396 ql1280 - ok
09:37:58.0093 2396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:37:58.0093 2396 RasAcd - ok
09:37:58.0218 2396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:37:58.0218 2396 Rasl2tp - ok
09:37:58.0343 2396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:37:58.0343 2396 RasPppoe - ok
09:37:58.0468 2396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:37:58.0468 2396 Raspti - ok
09:37:58.0593 2396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:37:58.0593 2396 Rdbss - ok
09:37:58.0718 2396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:37:58.0718 2396 RDPCDD - ok
09:37:58.0859 2396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:37:58.0859 2396 rdpdr - ok
09:37:58.0968 2396 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:37:58.0968 2396 RDPWD - ok
09:37:59.0078 2396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:37:59.0093 2396 redbook - ok
09:37:59.0296 2396 ScFBPNT3 (9609fc0be28fa535ef582fc7e596f561) C:\WINDOWS\system32\drivers\ScFBPNT3.SYS
09:37:59.0296 2396 ScFBPNT3 - ok
09:37:59.0437 2396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:37:59.0437 2396 Secdrv - ok
09:37:59.0593 2396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:37:59.0593 2396 serenum - ok
09:37:59.0703 2396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:37:59.0703 2396 Serial - ok
09:37:59.0812 2396 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
09:37:59.0812 2396 sermouse - ok
09:38:00.0000 2396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:38:00.0000 2396 Sfloppy - ok
09:38:00.0125 2396 silabenm (c16173316918a1360dc22947c4ff6352) C:\WINDOWS\system32\DRIVERS\silabenm.sys
09:38:00.0125 2396 silabenm - ok
09:38:00.0250 2396 silabser (1be2ced35fb9f377bda14fc035691f38) C:\WINDOWS\system32\DRIVERS\silabser.sys
09:38:00.0250 2396 silabser - ok
09:38:00.0328 2396 Simbad - ok
09:38:00.0453 2396 Sparrow - ok
09:38:00.0562 2396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:38:00.0562 2396 splitter - ok
09:38:00.0718 2396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:38:00.0718 2396 sr - ok
09:38:00.0859 2396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:38:00.0890 2396 Srv - ok
09:38:01.0000 2396 sscdbus (2d4027c46b4c6e45875e3c4ba3f67492) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
09:38:01.0015 2396 sscdbus - ok
09:38:01.0125 2396 sscdmdfl (f548f1eba107bc19e91189e6a460bd0e) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
09:38:01.0125 2396 sscdmdfl - ok
09:38:01.0250 2396 sscdmdm (71d348d53597379dfe1de255d70af13c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
09:38:01.0250 2396 sscdmdm - ok
09:38:01.0375 2396 ss_bus (bd15182e9d2d3fabc1d1313badbd2415) C:\WINDOWS\system32\DRIVERS\ss_bus.sys
09:38:01.0375 2396 ss_bus - ok
09:38:01.0500 2396 ss_mdfl (67d1144f249a3c5e03ebd7a2304dee11) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
09:38:01.0500 2396 ss_mdfl - ok
09:38:01.0593 2396 ss_mdm (954b7ce2d54c703d6a8471d6b05a5e13) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
09:38:01.0593 2396 ss_mdm - ok
09:38:01.0703 2396 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys
09:38:01.0703 2396 StarOpen - ok
09:38:01.0828 2396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:38:01.0843 2396 swenum - ok
09:38:01.0953 2396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:38:01.0968 2396 swmidi - ok
09:38:02.0046 2396 symc810 - ok
09:38:02.0140 2396 symc8xx - ok
09:38:02.0218 2396 sym_hi - ok
09:38:02.0312 2396 sym_u3 - ok
09:38:02.0453 2396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:38:02.0453 2396 sysaudio - ok
09:38:02.0578 2396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:38:02.0593 2396 Tcpip - ok
09:38:02.0750 2396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:38:02.0750 2396 TDPIPE - ok
09:38:02.0859 2396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:38:02.0859 2396 TDTCP - ok
09:38:02.0968 2396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:38:02.0968 2396 TermDD - ok
09:38:03.0078 2396 TosIde - ok
09:38:03.0234 2396 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
09:38:03.0234 2396 uagp35 - ok
09:38:03.0359 2396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:38:03.0359 2396 Udfs - ok
09:38:03.0437 2396 ultra - ok
09:38:03.0562 2396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:38:03.0609 2396 Update - ok
09:38:03.0796 2396 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
09:38:03.0812 2396 USBAAPL - ok
09:38:03.0921 2396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:38:03.0937 2396 usbehci - ok
09:38:04.0046 2396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:38:04.0046 2396 usbhub - ok
09:38:04.0171 2396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:38:04.0171 2396 usbprint - ok
09:38:04.0281 2396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:38:04.0296 2396 usbscan - ok
09:38:04.0406 2396 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:38:04.0421 2396 USBSTOR - ok
09:38:04.0531 2396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:38:04.0531 2396 usbuhci - ok
09:38:04.0656 2396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:38:04.0656 2396 VgaSave - ok
09:38:04.0812 2396 viagfx (1287315e92df22e9b67bdd42da6e1bd9) C:\WINDOWS\system32\DRIVERS\vtmini.sys
09:38:04.0812 2396 viagfx - ok
09:38:04.0937 2396 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\drivers\ViaIde.sys
09:38:04.0937 2396 ViaIde - ok
09:38:05.0062 2396 VIAudio (5e02b47671ec147251ab5487d039474d) C:\WINDOWS\system32\drivers\vinyl97.sys
09:38:05.0078 2396 VIAudio - ok
09:38:05.0187 2396 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
09:38:05.0203 2396 videX32 - ok
09:38:05.0312 2396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:38:05.0312 2396 VolSnap - ok
09:38:05.0515 2396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:38:05.0515 2396 Wanarp - ok
09:38:05.0640 2396 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:38:05.0671 2396 Wdf01000 - ok
09:38:05.0765 2396 WDICA - ok
09:38:05.0906 2396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:38:05.0906 2396 wdmaud - ok
09:38:06.0203 2396 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys
09:38:06.0203 2396 xfilt - ok
09:38:06.0265 2396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:38:06.0437 2396 \Device\Harddisk0\DR0 - ok
09:38:06.0468 2396 Boot (0x1200) (8efcd234bf38f6408ec1f2575cd9ef3d) \Device\Harddisk0\DR0\Partition0
09:38:06.0468 2396 \Device\Harddisk0\DR0\Partition0 - ok
09:38:06.0468 2396 ============================================================
09:38:06.0468 2396 Scan finished
09:38:06.0468 2396 ============================================================
09:38:06.0515 2248 Detected object count: 0
09:38:06.0515 2248 Actual detected object count: 0
09:39:15.0484 3216 Deinitialize success
Greg Boulton
Active Member
 
Posts: 7
Joined: January 9th, 2012, 6:36 am

Re: Is my computer infected? please view my logs

Unread postby troy3636 » January 21st, 2012, 1:02 am

Hi Greg Boulton,

I can not run MGADiag (tried for 4 hours).
Because there is something going on that our scans are not detecting, The only responsible thing to do is to reformat your hard drive and re-install Windows.

Please see the following articles for more information.
When should I re-format and reinstall my OS
Back up and restore: frequently asked questions
Restoring your backups

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Is my computer infected? please view my logs

Unread postby Jack&Jill » January 24th, 2012, 10:55 am

As your problems appear to require a reformat, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware