TechSpot

[A] Warning: possible TDL3 rootkit infection !

Inactive
By Reginald Hirsch
Aug 18, 2012
Topic Status:
Not open for further replies.
  1. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    MOD - [2009/02/28 17:19:44 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
    MOD - [2009/02/28 17:19:42 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
    MOD - [2009/02/28 17:19:40 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
    MOD - [2009/02/28 17:19:36 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
    MOD - [2009/02/28 17:19:31 | 000,232,960 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
    MOD - [2009/02/28 17:19:28 | 000,096,768 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
    MOD - [2009/02/28 17:19:22 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
    MOD - [2009/02/28 17:19:19 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
    MOD - [2009/02/28 17:19:16 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
    MOD - [2009/02/28 17:19:08 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
    MOD - [2009/02/28 17:18:58 | 001,240,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
    MOD - [2009/02/28 17:18:45 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
    MOD - [2009/02/28 17:18:27 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
    MOD - [2009/02/28 17:18:25 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
    MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
    MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
    MOD - [2001/08/12 13:35:24 | 000,872,507 | ---- | M] () -- C:\vws\mesa.dll
    MOD - [1999/04/01 11:33:44 | 000,164,352 | ---- | M] () -- C:\vws\weatherlink.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/08/15 01:17:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/20 02:11:38 | 000,686,408 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
    SRV - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/07/12 03:36:52 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
    SRV - [2012/07/12 03:36:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/04/10 22:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) [Auto | Running] -- C:\Program Files\Kingsoft\PcDoctor\KSafeSvc.exe -- (KSafeSvc)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
    SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
    SRV - [2011/07/12 18:01:38 | 000,345,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\DebugDiag\DbgSvc.exe -- (DbgSvc)
    SRV - [2011/07/08 03:24:54 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/06/01 06:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2010/12/08 11:20:14 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2010/09/29 15:30:36 | 001,412,488 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
    SRV - [2010/09/14 17:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
    SRV - [2010/09/14 17:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
    SRV - [2010/09/01 10:58:32 | 003,975,088 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2010/08/21 08:54:08 | 000,779,960 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2010/06/10 04:25:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/04/30 13:35:12 | 004,899,136 | ---- | M] (PY Software) [Disabled | Stopped] -- C:\Program Files\Active WebCam\WebCam.exe -- (ACTIVEWEBCAM)
    SRV - [2010/04/30 13:35:02 | 000,738,640 | ---- | M] (PY Software) [On_Demand | Stopped] -- C:\Program Files\Active WebCam\Watchdog.exe -- (ACTIVEWEBCAMWATCHDOG)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
    SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
    SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/05/17 22:04:00 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe -- (SandraAgentSrv)
    SRV - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2009/03/26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2009/03/26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
    SRV - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2009/02/28 08:53:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/12/01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2008/06/12 12:48:16 | 002,159,992 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
    SRV - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
    SRV - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
    DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
    DRV - File not found [Kernel | Unavailable | Unknown] -- -- (IogearUDSMBus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Reginald\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/08/15 06:10:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2012/07/12 23:49:52 | 000,014,160 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdws.sys -- (asdws)
    DRV - [2012/07/12 23:49:50 | 000,022,864 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
    DRV - [2012/07/12 23:49:50 | 000,016,208 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
    DRV - [2012/07/12 03:36:34 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/04/10 12:51:16 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/08/05 04:49:20 | 000,110,496 | ---- | M] (Kingsoft Corporation) [Kernel | System | Running] -- C:\Program Files\Kingsoft\PcDoctor\kmodurl.sys -- (kmodurl)
    DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/07/08 04:14:42 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2011/07/08 04:14:42 | 008,312,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/07/08 02:46:44 | 000,244,736 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
    DRV - [2011/03/23 17:33:32 | 000,021,120 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
    DRV - [2011/01/27 20:18:32 | 000,058,496 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
    DRV - [2011/01/27 20:18:32 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
    DRV - [2010/11/20 06:30:17 | 000,296,064 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
    DRV - [2010/11/20 06:30:17 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
    DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 04:50:38 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
    DRV - [2010/11/20 04:50:37 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 04:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV - [2010/11/20 03:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/09/29 15:30:40 | 000,018,576 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DU Meter\DUMetr32.sys -- (DUMeterDrv)
    DRV - [2010/09/01 10:58:34 | 000,163,232 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
    DRV - [2010/09/01 10:58:30 | 000,752,128 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpm273.sys -- (tdrpman273)
    DRV - [2010/09/01 10:58:28 | 000,600,928 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
    DRV - [2010/09/01 10:58:19 | 000,170,464 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
    DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010/02/03 00:10:32 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
    DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/07/13 16:13:47 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
    DRV - [2009/06/26 17:21:02 | 002,069,504 | ---- | M] (Microsoft Corporation
    ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX6000Xp.sys -- (VX6000)
    DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
    DRV - [2009/05/05 23:37:52 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\sandra.sys -- (SANDRA)
    DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
    DRV - [2009/03/26 23:05:36 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
    DRV - [2009/03/26 23:05:36 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
    DRV - [2009/03/26 23:05:34 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
    DRV - [2009/03/26 23:05:34 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
    DRV - [2009/03/26 23:05:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV - [2009/03/26 17:31:12 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/12/17 09:43:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2008/12/01 11:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2007/05/09 15:04:54 | 000,018,176 | ---- | M] (Delta Networks, Inc. (DNI)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XE102Sp5.sys -- (XE102Sp5)
    DRV - [2007/05/06 17:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/04/19 11:17:14 | 000,021,120 | ---- | M] (Delta Networks, Inc. (DNI)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XE102Mp5.sys -- (XE102Mp5)
    DRV - [2004/04/26 18:11:32 | 000,017,280 | R--- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PLCNDIS5.SYS -- (PLCNDIS5)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  2. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\URLSearchHook: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - C:\Program Files\AddThis Toolbar\Helper.dll ()
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{53806648-461E-4310-A736-D9AF8C78AB04}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{58DB32C2-A84C-4ACD-ADFB-8C7BD43344EF}: "URL" = http://search.yahoo.com/search?type=61107&fr=freecause&ei=utf-8&p={searchTerms}
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=CXdMmJ8z-RX6dIgZyKxxUwryOCM?q={searchTerms}
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://watch.slingbox.com/watch/sling_player"
    FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Reginald\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Reginald\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Reginald\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012/07/19 15:14:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/28 20:32:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/17 14:47:02 | 000,000,000 | ---D | M]

    [2010/06/10 01:27:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Reginald\AppData\Roaming\Mozilla\Extensions
    [2012/04/16 20:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reginald\AppData\Roaming\Mozilla\Firefox\Profiles\0gixnud9.default\extensions
    [2011/08/17 14:53:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Reginald\AppData\Roaming\Mozilla\Firefox\Profiles\0gixnud9.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2011/08/07 13:22:50 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Reginald\AppData\Roaming\Mozilla\Firefox\Profiles\0gixnud9.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
    [2012/05/10 13:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/19 12:34:46 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2012/04/16 20:14:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/04/16 20:14:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/16 20:14:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://news.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://news.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Reginald\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Reginald\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\Microsoft Office\Office14\NPSPWRAP.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Loki Plugin (Enabled) = C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Reginald\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Pin anything, anywhere. Just press the button and an overlay window will appear. = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl\5.1_0\
    CHR - Extension: Taskforce = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdbfnafnalfjconpgenohfidcaeibkoc\1.4_0\
    CHR - Extension: Flixster = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh\1.0.6_0\
    CHR - Extension: Weather Window by WeatherBug = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
    CHR - Extension: Send from Gmail (by Google) = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.12_0\
    CHR - Extension: Gmail = C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/18 21:44:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1BD0BEFE-F697-4eee-B7E1-76B849A5CB84} - No CLSID value found.
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
    O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (no name) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - No CLSID value found.
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\21.0.1180.79\npchrome_frame.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
    O3 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
    O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application S
  3. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [KSafeTray] C:\Program Files\Kingsoft\PcDoctor\KSafeTray.exe (Kingsoft Corporation)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe (Nicholas Decker)
    O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
    O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
    O4 - HKLM..\Run: [VX6000] C:\Windows\vVX6000.exe (Microsoft Corporation
    )
    O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
    O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
    O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
    O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Active WebCam.LNK = C:\Program Files\Active WebCam\WebCam.exe (PY Software)
    O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActiveWords.lnk = C:\Program Files\ActiveWords\AWMonitor.exe (ActiveWord Systems, Inc.)
    O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Reginald\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Weather Station.lnk = C:\vws\vws.exe (Ambient, LLC)
    O4 - Startup: C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk = C:\Program Files\WePrint\WePrint Server.exe (EuroSmartz Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O7 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
  4. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([connect] * in Trusted sites)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([mygarmin] * in Trusted sites)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: zoombak.com ([locate] https in Trusted sites)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: zoombak.com ([shop] https in Trusted sites)
    O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} http://192.168.1.210/xplugxLiteTW.cab (Gif89 xLite Class)
    O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://I.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab (WebSlingPlayer)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O16 - DPF: CaptureClient http://192.168.1.110/CaptureClient.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.19.128.53 72.19.128.99
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{297982DB-7F42-4718-8D4B-A71C72C5621A}: DhcpNameServer = 72.19.128.53 72.19.128.99
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\21.0.1180.79\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\skyline {3a4f9195-65a8-11d5-85c1-0001023952c1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline software systems Inc.)
  5. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\x-sdch - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/12/23 05:40:02 | 000,000,029 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/18 23:47:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Reginald\Desktop\OTL.exe
    [2012/08/18 22:43:42 | 000,000,000 | ---D | C] -- C:\Users\Reginald\temp
    [2012/08/18 22:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Safe
    [2012/08/18 22:33:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/18 22:31:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/18 22:16:21 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\rkill
    [2012/08/18 22:06:16 | 001,545,120 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Reginald\Desktop\rkill - Copy.exe
    [2012/08/18 22:05:11 | 001,545,120 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Reginald\Desktop\rkill.exe
    [2012/08/18 21:48:28 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\Tech
    [2012/08/18 21:25:07 | 003,470,979 | ---- | C] (Swearware) -- C:\Users\Reginald\Desktop\Unconfirmed 560231.crdownload
    [2012/08/18 20:02:39 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\Reginald\Desktop\ComboFix.exe
    [2012/08/18 12:15:51 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Reginald\Desktop\aswMBR.exe
    [2012/08/18 08:27:54 | 000,000,000 | ---D | C] -- C:\Users\Reginald\AppData\Roaming\Anvisoft
    [2012/08/18 08:27:44 | 000,022,864 | ---- | C] (Anvisoft) -- C:\Windows\System32\drivers\asdrs.sys
    [2012/08/18 08:27:44 | 000,016,208 | ---- | C] (Anvisoft) -- C:\Windows\System32\drivers\asdrm.sys
    [2012/08/18 08:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
    [2012/08/18 08:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
    [2012/08/18 08:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
    [2012/08/17 10:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/08/16 11:25:59 | 000,000,000 | ---D | C] -- C:\Users\Reginald\AppData\Roaming\ActiveWords 2.0
    [2012/08/16 11:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
    [2012/08/16 11:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveWords
    [2012/08/16 11:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\orangequava
    [2012/08/16 11:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\ActiveWords
    [2012/08/16 08:13:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Reginald\Desktop\dds.com
    [2012/08/15 17:44:51 | 000,000,000 | ---D | C] -- C:\Program Files\AirPort
    [2012/08/15 13:11:38 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\rootkit
    [2012/08/15 09:23:34 | 000,000,000 | ---D | C] -- C:\Backreg
    [2012/08/15 09:11:33 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\Warrior
    [2012/08/15 08:56:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/15 08:56:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/15 08:56:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/15 08:55:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/15 08:54:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/15 06:10:06 | 000,000,000 | ---D | C] -- C:\Program Files\LSoft Technologies
    [2012/08/15 06:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
    [2012/08/14 21:59:39 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
    [2012/08/14 21:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
    [2012/08/14 21:29:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RegRunInfo
    [2012/08/14 21:28:23 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Documents\RegRun2
    [2012/08/14 21:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
    [2012/08/14 21:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Greatis
    [2012/08/14 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
    [2012/08/14 20:08:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2012/08/14 19:13:24 | 000,100,864 | ---- | C] (GMER) -- C:\pwlyikod.sys
    [2012/08/14 19:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/08/14 18:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
    [2012/08/14 18:41:04 | 000,000,000 | ---D | C] -- C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
    [2012/08/14 18:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
    [2012/08/14 18:19:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/08/13 22:37:35 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\IrrigationCaddy
    [2012/07/21 05:43:40 | 000,000,000 | ---D | C] -- C:\Users\Reginald\AppData\Roaming\SUPERAntiSpyware.com
    [2012/07/21 05:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/07/21 05:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/07/21 05:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/07/20 17:45:29 | 000,000,000 | ---D | C] -- C:\Users\Reginald\Desktop\WaldonFire
    [2012/07/20 13:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/07/20 13:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/08/13 20:09:28 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Reginald\gotomypc_540.exe
    [2008/12/19 21:07:41 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Reginald\gotomypc_438.exe
    [2008/12/19 21:04:51 | 003,902,784 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Reginald\gosetup.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  6. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    ========== Files - Modified Within 30 Days ==========

    [2012/08/18 23:55:29 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1D9D0871-37AF-43C2-BA55-FCB153C904EF}.job
    [2012/08/18 23:47:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Reginald\Desktop\OTL.exe
    [2012/08/18 23:23:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/18 23:15:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/18 23:07:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359024441-3580254713-1987414973-1000UA.job
    [2012/08/18 22:49:18 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/18 22:49:18 | 000,011,104 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/18 22:43:03 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
    [2012/08/18 22:36:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/18 22:35:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/18 22:34:48 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/18 22:10:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/08/18 22:06:57 | 000,000,114 | ---- | M] () -- C:\Users\Reginald\Desktop\[Active] - Warning- possible TDL3 rootkit infection ! - TechSpot Forums.url
    [2012/08/18 22:05:36 | 001,545,120 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Reginald\Desktop\rkill.exe
    [2012/08/18 22:05:36 | 001,545,120 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Reginald\Desktop\rkill - Copy.exe
    [2012/08/18 21:44:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/08/18 21:25:44 | 003,470,979 | ---- | M] (Swearware) -- C:\Users\Reginald\Desktop\Unconfirmed 560231.crdownload
    [2012/08/18 20:03:17 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\Reginald\Desktop\ComboFix.exe
    [2012/08/18 18:07:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1359024441-3580254713-1987414973-1000Core.job
    [2012/08/18 17:23:00 | 002,189,836 | ---- | M] () -- C:\Users\Reginald\Desktop\tdsskiller.zip
    [2012/08/18 15:09:18 | 000,302,592 | ---- | M] () -- C:\Users\Reginald\Desktop\cztdodz5.exe
    [2012/08/18 12:16:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Reginald\Desktop\aswMBR.exe
    [2012/08/18 08:27:44 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
    [2012/08/18 08:26:07 | 016,259,544 | ---- | M] () -- C:\Users\Reginald\Desktop\asdsetup.exe
    [2012/08/18 06:40:16 | 000,086,913 | ---- | M] () -- C:\Users\Reginald\Desktop\Gadgets for Lawyers1.wpd
    [2012/08/18 06:40:00 | 000,086,913 | ---- | M] () -- C:\Users\Reginald\Desktop\Gadgets for Lawyers.wpd
    [2012/08/17 15:15:39 | 000,002,174 | ---- | M] () -- C:\Users\Reginald\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/08/17 15:15:38 | 000,002,297 | ---- | M] () -- C:\Users\Reginald\Desktop\Google Chrome.lnk
    [2012/08/17 13:35:05 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/08/16 14:29:19 | 001,102,128 | ---- | M] () -- C:\Users\Reginald\Desktop\ProcessMonitor.zip
    [2012/08/16 11:26:00 | 000,001,931 | ---- | M] () -- C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActiveWords.lnk
    [2012/08/16 11:25:45 | 000,232,915 | ---- | M] () -- C:\Windows\ActiveWords Uninstaller.exe
    [2012/08/16 10:11:15 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2012/08/16 08:25:08 | 000,003,274 | ---- | M] () -- C:\Users\Reginald\Desktop\EventSystemWin7.reg
    [2012/08/16 07:48:47 | 000,497,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/08/16 07:29:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Reginald\Desktop\dds.com
    [2012/08/15 14:45:43 | 000,062,386 | ---- | M] () -- C:\Users\Reginald\Desktop\DOC081512-001.pdf
    [2012/08/15 14:17:00 | 000,048,503 | ---- | M] () -- C:\Users\Reginald\Desktop\DOC081512.pdf
    [2012/08/15 09:20:31 | 000,000,506 | -H-- | M] () -- C:\regrun.war
    [2012/08/14 21:28:26 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/08/14 21:28:26 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
    [2012/08/14 21:28:26 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
    [2012/08/14 19:13:24 | 000,100,864 | ---- | M] (GMER) -- C:\pwlyikod.sys
    [2012/08/14 19:08:59 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/08/14 19:08:42 | 000,698,802 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/14 19:08:42 | 000,134,784 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/14 13:03:40 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/08/13 18:00:57 | 000,234,336 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
    [2012/07/21 05:43:34 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/20 18:46:28 | 000,001,366 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/20 13:18:58 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/07/20 13:00:11 | 000,002,551 | ---- | M] () -- C:\Users\Reginald\Desktop\Skype.lnk
    [2012/07/20 11:26:45 | 000,019,039 | ---- | M] () -- C:\Users\Reginald\Desktop\487359_10151053583328330_949994986_n.jpg
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/08/18 22:43:03 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
    [2012/08/18 22:43:03 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
    [2012/08/18 22:06:57 | 000,000,114 | ---- | C] () -- C:\Users\Reginald\Desktop\[Active] - Warning- possible TDL3 rootkit infection ! - TechSpot Forums.url
    [2012/08/18 17:22:36 | 002,189,836 | ---- | C] () -- C:\Users\Reginald\Desktop\tdsskiller.zip
    [2012/08/18 15:09:16 | 000,302,592 | ---- | C] () -- C:\Users\Reginald\Desktop\cztdodz5.exe
    [2012/08/18 08:27:44 | 000,014,160 | ---- | C] () -- C:\Windows\System32\drivers\asdws.sys
    [2012/08/18 08:27:44 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
    [2012/08/18 08:25:10 | 016,259,544 | ---- | C] () -- C:\Users\Reginald\Desktop\asdsetup.exe
    [2012/08/18 06:40:16 | 000,086,913 | ---- | C] () -- C:\Users\Reginald\Desktop\Gadgets for Lawyers1.wpd
    [2012/08/17 08:06:46 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/08/16 14:29:09 | 001,102,128 | ---- | C] () -- C:\Users\Reginald\Desktop\ProcessMonitor.zip
    [2012/08/16 11:25:17 | 000,232,915 | ---- | C] () -- C:\Windows\ActiveWords Uninstaller.exe
    [2012/08/16 11:25:17 | 000,001,931 | ---- | C] () -- C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActiveWords.lnk
    [2012/08/16 08:25:08 | 000,003,274 | ---- | C] () -- C:\Users\Reginald\Desktop\EventSystemWin7.reg
    [2012/08/15 17:45:01 | 000,002,421 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirPort Utility.lnk
    [2012/08/15 14:44:39 | 000,062,386 | ---- | C] () -- C:\Users\Reginald\Desktop\DOC081512-001.pdf
    [2012/08/15 14:41:20 | 000,086,913 | ---- | C] () -- C:\Users\Reginald\Desktop\Gadgets for Lawyers.wpd
    [2012/08/15 14:20:40 | 000,048,503 | ---- | C] () -- C:\Users\Reginald\Desktop\DOC081512.pdf
    [2012/08/15 08:56:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/15 08:56:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/15 08:56:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/15 08:56:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/15 08:56:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/15 06:30:30 | 000,000,506 | -H-- | C] () -- C:\regrun.war
    [2012/08/14 21:28:26 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
    [2012/08/14 19:08:48 | 000,001,933 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/07/21 05:43:34 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/07/20 13:18:58 | 000,002,533 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/07/20 13:00:11 | 000,002,551 | ---- | C] () -- C:\Users\Reginald\Desktop\Skype.lnk
    [2012/07/20 11:27:39 | 000,019,039 | ---- | C] () -- C:\Users\Reginald\Desktop\487359_10151053583328330_949994986_n.jpg
    [2012/04/14 18:16:51 | 000,126,976 | ---- | C] () -- C:\Windows\System32\MC4MIntSetupWizard.dll
    [2012/04/14 18:16:50 | 000,126,976 | ---- | C] () -- C:\Windows\System32\THBIni20.dll
    [2011/08/06 16:06:20 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
    [2011/08/06 16:06:20 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
    [2011/08/06 16:06:20 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
    [2011/08/06 16:06:20 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
    [2011/08/06 16:06:20 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
    [2011/07/08 02:45:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2011/05/13 15:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/03/17 19:52:05 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
    [2011/03/17 19:50:09 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2010/12/04 22:15:08 | 006,918,144 | ---- | C] () -- C:\Users\Reginald\PCPE_3.0.msi
    [2010/09/04 17:52:00 | 000,013,310 | ---- | C] () -- C:\Users\Reginald\Ubuntu.vmc.vpcbackup
    [2010/09/04 17:44:18 | 1034,411,008 | ---- | C] () -- C:\Users\Reginald\Ubuntu.vhd
    [2010/09/04 17:44:18 | 000,012,290 | ---- | C] () -- C:\Users\Reginald\Ubuntu.vmc
    [2010/08/26 08:43:13 | 000,038,431 | ---- | C] () -- C:\Users\Reginald\AppData\Roaming\Comma Separated Values (DOS).ADR
    [2010/08/11 08:40:57 | 000,006,656 | ---- | C] () -- C:\Users\Reginald\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/10 08:52:13 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
  7. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    [2010/06/10 07:20:56 | 000,936,378 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
    [2010/06/10 03:44:55 | 000,000,443 | ---- | C] () -- C:\Users\Reginald\AppData\Local\Win7_Upgrade.bat
    [2010/06/10 03:05:51 | 000,001,087 | ---- | C] () -- C:\Users\Reginald\AppData\Local\Win7_tmp1.htm
    [2009/07/29 10:25:54 | 000,305,823 | -H-- | C] () -- C:\Users\Reginald\windows-7-ultimate-crack.pdf
    [2009/07/28 09:44:59 | 000,139,333 | -H-- | C] () -- C:\Users\Reginald\Better Business Bureau signature form0001.pdf
    [2009/07/27 08:08:25 | 006,536,350 | -H-- | C] () -- C:\Users\Reginald\4637_0750.wmv
    [2009/07/26 17:38:36 | 000,063,219 | -H-- | C] () -- C:\Users\Reginald\STL_052_394x493.jpg
    [2009/07/25 07:08:57 | 000,870,128 | -H-- | C] () -- C:\Users\Reginald\AppData\Roaming\mcs.rma
    [2009/07/25 06:53:19 | 000,037,240 | -H-- | C] () -- C:\Users\Reginald\NYT2010SRXReview.pdf
    [2009/07/23 20:55:28 | 000,034,134 | -H-- | C] () -- C:\Users\Reginald\007.00.000151.00.pdf
    [2009/07/23 20:38:16 | 003,901,263 | -H-- | C] () -- C:\Users\Reginald\100_0066.jpg
    [2009/07/22 19:54:25 | 000,001,659 | -H-- | C] () -- C:\Users\Reginald\boltbb.jad
    [2009/07/22 13:45:12 | 000,479,125 | -H-- | C] () -- C:\Users\Reginald\hack-garmin-2009-gps-update.pdf
    [2009/07/22 13:15:44 | 000,042,205 | -H-- | C] () -- C:\Users\Reginald\hp=&pagew.pdf
    [2009/07/22 13:05:01 | 000,129,573 | -H-- | C] () -- C:\Users\Reginald\AP-ML-UAE-B.pdf
    [2009/07/22 08:21:59 | 000,107,667 | -H-- | C] () -- C:\Users\Reginald\o=IAH&d=COS&tm=&ns=Y.pdf
    [2009/07/21 16:07:03 | 000,111,583 | -H-- | C] () -- C:\Users\Reginald\amexstatement.pdf
    [2009/07/21 13:57:18 | 001,336,857 | -H-- | C] () -- C:\Users\Reginald\2675_OwnersManual.pdf
    [2009/07/16 04:56:29 | 000,027,520 | ---- | C] () -- C:\Users\Reginald\VC.com
    [2009/07/16 04:56:03 | 000,027,520 | -H-- | C] () -- C:\Users\Reginald\VCdotcom
    [2009/07/15 09:51:46 | 001,795,072 | -H-- | C] () -- C:\Users\Reginald\cal715.pst
    [2009/07/14 11:17:17 | 001,015,656 | -H-- | C] () -- C:\Users\Reginald\userguide_0x0D000D04_cdma.pdf
    [2009/07/13 17:52:48 | 000,019,267 | -H-- | C] () -- C:\Users\Reginald\temporary orders 7-13-09r1.pdf
    [2009/07/13 14:56:35 | 000,119,855 | -H-- | C] () -- C:\Users\Reginald\hubtype=TxCaseAlert.pdf
    [2009/07/13 08:58:36 | 000,985,112 | -H-- | C] () -- C:\Users\Reginald\Backup-(2009-07-13).ipd
    [2009/07/12 19:24:59 | 000,261,108 | -H-- | C] () -- C:\Users\Reginald\chrome.pdf
    [2009/07/12 18:51:55 | 001,766,024 | -H-- | C] () -- C:\Users\Reginald\um_q1755_35572_0905.pdf
    [2009/07/10 06:29:24 | 000,087,713 | -H-- | C] () -- C:\Users\Reginald\Leno3dparts.pdf
    [2009/07/10 05:59:22 | 000,189,915 | -H-- | C] () -- C:\Users\Reginald\10cameras.pdf
    [2009/07/09 19:00:04 | 002,910,900 | -H-- | C] () -- C:\Users\Reginald\dish2ndremote.pdf
    [2009/07/09 11:16:40 | 000,277,647 | -H-- | C] () -- C:\Users\Reginald\la-sp-simers9-2009jul09,0,3895433.pdf
    [2009/07/09 00:46:01 | 000,029,332 | -H-- | C] () -- C:\Users\Reginald\SB1000142405297020426170457427602.pdf
    [2009/07/08 13:10:29 | 000,039,215 | -H-- | C] () -- C:\Users\Reginald\Morris Billing Summary0001.pdf
    [2009/07/07 16:49:44 | 000,108,113 | -H-- | C] () -- C:\Users\Reginald\Motion for Protective Time Perion 7-7-090001.pdf
    [2009/07/07 16:46:58 | 000,007,209 | -H-- | C] () -- C:\Users\Reginald\Robertson 7-7-09.pdf
    [2009/07/07 13:07:14 | 000,008,176 | -H-- | C] () -- C:\Users\Reginald\Bucky 7-7-09.wpd
    [2009/07/07 10:15:41 | 000,335,243 | -H-- | C] () -- C:\Users\Reginald\Motion To Compel Atty Contracts etc0001.pdf
    [2009/07/07 07:12:29 | 000,058,189 | -H-- | C] () -- C:\Users\Reginald\usbmicromini.pdf
    [2009/07/06 18:32:39 | 000,018,284 | -H-- | C] () -- C:\Users\Reginald\itouchcopy.pdf
    [2009/07/03 11:33:51 | 000,027,352 | -H-- | C] () -- C:\Users\Reginald\orderconfirmationtour.pdf
    [2009/07/01 19:04:41 | 001,579,815 | -H-- | C] () -- C:\Users\Reginald\100_0004.jpg
    [2009/07/01 16:53:27 | 000,001,286 | -H-- | C] () -- C:\Users\Reginald\The New York Times - Breaking News, World News & Multimedia.url
    [2009/06/27 19:08:13 | 001,551,597 | -H-- | C] () -- C:\Users\Reginald\CameraDockSeries3.pdf

    ========== LOP Check ==========

    [2010/09/01 10:54:42 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Acronis
    [2012/08/18 22:39:37 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\ActiveWords 2.0
    [2012/08/18 08:27:54 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Anvisoft
    [2010/06/10 01:27:29 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\Any Video Converter Professional
    [2011/09/03 19:32:56 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Bandoo
    [2010/06/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\BSplayer PRO
    [2010/06/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\CopyTrans
    [2010/06/10 01:27:31 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\CopyTransPhoto
    [2010/08/29 07:16:34 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\DAEMON Tools Pro
    [2012/08/18 22:39:35 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Dropbox
    [2011/08/17 15:29:41 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\GARMIN
    [2010/06/10 01:27:33 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\GlobalSCAPE
    [2011/08/11 08:23:45 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\GoodSync
    [2010/06/10 01:27:33 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\iCloner
    [2010/06/10 01:27:34 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\iLibs
    [2012/08/18 17:38:05 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\IPViewPro2
    [2011/08/09 07:09:28 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\JawboneUpdater
    [2011/08/15 07:09:53 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\kingsoft
    [2011/08/13 21:24:18 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\KSafe
    [2010/06/10 01:27:50 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\mjusbsp
    [2010/06/10 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Nuance
    [2010/06/10 01:27:51 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\OpenOffice.org
    [2011/01/21 21:21:00 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\PCDr
    [2010/08/13 21:28:03 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Research In Motion
    [2011/08/11 10:36:26 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\RoboForm
    [2010/06/10 01:27:57 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\ScanSoft
    [2009/02/28 17:24:59 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\Skinux
    [2010/06/10 01:27:59 | 000,000,000 | -H-D | M] -- C:\Users\Reginald\AppData\Roaming\Skyline
    [2011/08/08 07:25:28 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Sling Media
    [2010/08/29 07:44:31 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Stardock
    [2011/07/21 10:00:06 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\TeamViewer
    [2011/01/31 15:28:53 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\TightVNC
    [2010/06/10 01:28:00 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\TimeBridge
    [2010/06/10 01:28:00 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Uniblue
    [2010/08/29 06:04:52 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\uTorrent
    [2010/06/10 01:28:01 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\WindSolutions
    [2010/06/10 01:28:01 | 000,000,000 | ---D | M] -- C:\Users\Reginald\AppData\Roaming\Zeon
    [2012/08/14 13:03:40 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2009/07/13 22:53:46 | 000,027,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/08/18 22:10:13 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
    [2012/08/18 23:55:29 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1D9D0871-37AF-43C2-BA55-FCB153C904EF}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========
  8. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    Wow sorry had to resend otl.txt
  9. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    As to continuing issues the DDS run continues to show access issues and other issues of access denied
    for instance from attach file
    /18/2012 10:27:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    8/18/2012 10:18:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    8/18/2012 10:15:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/18/2012 10:15:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/18/2012 10:15:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/18/2012 10:15:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/18/2012 10:15:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/18/2012 10:15:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/18/2012 10:14:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    8/18/2012 10:14:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD asdrm CSC DfsC discache eeCtrl kmodurl MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr sptd tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf ws2ifsl
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Terminal Server Device Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Remote Desktop Services UserMode Port Redirector service depends on the Terminal Server Device Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Remote Desktop Configuration service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:51 PM, Error: Service Control Manager [7001] - The DU Meter Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/18/2012 10:14:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/18/2012 10:13:55 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7043] - The Acronis Nonstop Backup service service did not shut down properly after receiving a preshutdown control.
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7038] - The COMSysApp service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: A system shutdown is in progress.
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not start due to a logon failure.
    8/18/2012 10:13:13 PM, Error: Service Control Manager [7000] - The Certificate Propagation service failed to start due to the following error: A system shutdown is in progress.
    8/18/2012 10:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1115" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    8/18/2012 10:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/18/2012 10:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/18/2012 10:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service ComSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
    8/18/2012 10:12:43 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    8/18/2012 10:12:12 PM, Error: Service Control Manager [7043] - The Acronis Scheduler2 Service service did not shut down properly after receiving a preshutdown control.
    8/18/2012 10:08:03 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    8/15/2012 9:00:28 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    8/15/2012 9:00:28 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    8/15/2012 8:51:56 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    8/15/2012 8:23:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MICROSOFTSCM) service to connect.
    8/15/2012 8:23:56 AM, Error: Service Control Manager [7000] - The SQL Server (MICROSOFTSCM) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/15/2012 8:05:15 AM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
    8/15/2012 7:43:54 AM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    8/15/2012 7:43:52 AM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    8/15/2012 7:43:44 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    8/15/2012 7:08:06 AM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/15/2012 7:08:06 AM, Error: Service Control Manager [7038] - The bthserv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
    8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
    8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
    8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The Human Interface Device Access service failed to start due to the following error: A system shutdown is in progress.
    8/15/2012 7:08:06 AM, Error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The pipe has been ended.
  10. Reginald Hirsch

    Reginald Hirsch TS Rookie Topic Starter Posts: 30

    Also I'm thinking the rootkit did a nmber on my group policy see below although microsoft antimalware shows latest update version and seems to update note this
    /14/2012 9:06:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    8/14/2012 7:55:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 9 service to connect.
    8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/14/2012 7:15:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.2076.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?Lin...0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8050a003 Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
    8/14/2012 7:09:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    8/14/2012 7:09:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    8/14/2012 4:49:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl kmodurl MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr sptd tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
    8/14/2012 11:55:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\14.08.2012_18.17.56\zasubsys0000\file0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbam.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.2076.0, AS: 1.131.2076.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    8/14/2012 11:30:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Virus:Win32/Sirefef.R&threatid=2147657890 Name: Virus:Win32/Sirefef.R ID: 2147657890 Severity: Severe Category: Virus Path: file:_C:\TDSSKiller_Quarantine\14.08.2012_18.17.56\zasubsys0000\file0000\tsk0000.dta Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe Action: Clean Action Status: To see how to finish removing malware and other potentially unwanted software, see the support article on the Microsoft Security website. Error Code: 0x800704ec Error description: This program is blocked by group policy. For more information, contact your system administrator. Signature Version: AV: 1.131.2076.0, AS: 1.131.2076.0, NIS: 11.159.0.0 Engine Version: AM: 1.1.8601.0, NIS: 2.0.8001.0
    8/14/2012 1:04:59 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
  11. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Don't worry about those errors.
    What I want to know is if you have current visible issues with your computer.

    =====================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O2 - BHO: (no name) - {1BD0BEFE-F697-4eee-B7E1-76B849A5CB84} - No CLSID value found.
      O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No CLSID value found.
      O2 - BHO: (no name) - {9EBF8AAF-0A31-4786-909A-97A0EF101743} - No CLSID value found.
      O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([connect] * in Trusted sites)
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([mygarmin] * in Trusted sites)
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: garmin.com ([www] http in Trusted sites)
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: zoombak.com ([locate] https in Trusted sites)
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Domains: zoombak.com ([shop] https in Trusted sites)
      O15 - HKU\S-1-5-21-1359024441-3580254713-1987414973-1000\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: CaptureClient http://192.168.1.110/CaptureClient.cab (Reg Error: Key error.)
      [2012/08/14 21:28:26 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Still with me?
  13. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.