TechSpot

Infected I think??

By kspot
Jul 29, 2012
  1. This PC had commercials playing in the background and multiple blue screens of death. Malwarebytes was run initially and found this:

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Norton 360 is blocking attempts to access harmful websites

    The problem continued, but apparently has fixed itself over the last couple of days although Norton 360 is still randomly popping up windows that are blocking attempts to access harmful websites. Since I really don't believe this PC is clean, I need your help in figuring out.

    Please find the attached logs:

    MBAM

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Leslie Carey :: LESLIELAPTOP [administrator]

    Protection: Enabled

    7/29/2012 1:25:35 PM
    mbam-log-2012-07-29 (13-25-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 247161
    Time elapsed: 47 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-29 16:03:22
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FBEO
    Running: gmer.exe; Driver: C:\DOCUME~1\LESLIE~1\LOCALS~1\Temp\pwtdapog.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    ATTACH.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/3/2009 4:44:56 PM
    System Uptime: 7/29/2012 2:35:31 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0M277C
    Processor: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1777/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 43.741 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02731028&REV_02\4&139D1158&0&00E4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02731028&REV_02\4&139D1158&0&00E4
    Service: RTLE8023xp
    .
    ==== System Restore Points ===================
    .
    RP971: 4/30/2012 12:01:38 PM - System Checkpoint
    RP972: 5/1/2012 3:57:47 PM - System Checkpoint
    RP973: 5/2/2012 6:13:11 PM - System Checkpoint
    RP974: 5/4/2012 6:51:28 AM - System Checkpoint
    RP975: 5/5/2012 5:09:48 PM - System Checkpoint
    RP976: 5/7/2012 9:10:35 AM - System Checkpoint
    RP977: 5/8/2012 9:42:41 AM - System Checkpoint
    RP978: 5/9/2012 7:00:18 AM - Software Distribution Service 3.0
    RP979: 5/10/2012 7:01:00 AM - System Checkpoint
    RP980: 5/10/2012 7:58:48 AM - Software Distribution Service 3.0
    RP981: 5/11/2012 8:30:33 AM - System Checkpoint
    RP982: 5/12/2012 1:39:12 PM - System Checkpoint
    RP983: 5/13/2012 5:20:03 PM - System Checkpoint
    RP984: 5/14/2012 8:49:05 PM - System Checkpoint
    RP985: 5/16/2012 6:51:12 AM - System Checkpoint
    RP986: 5/17/2012 6:59:18 AM - System Checkpoint
    RP987: 5/18/2012 9:47:57 AM - System Checkpoint
    RP988: 5/18/2012 5:58:25 PM - Installed HP Product Detection
    RP989: 5/18/2012 5:58:40 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
    RP990: 5/19/2012 6:30:11 PM - System Checkpoint
    RP991: 5/20/2012 7:02:51 PM - System Checkpoint
    RP992: 5/22/2012 9:11:52 AM - System Checkpoint
    RP993: 5/22/2012 3:03:28 PM - Software Distribution Service 3.0
    RP994: 5/23/2012 5:53:09 AM - Software Distribution Service 3.0
    RP995: 5/24/2012 2:51:18 PM - System Checkpoint
    RP996: 5/25/2012 5:31:05 PM - System Checkpoint
    RP997: 5/26/2012 8:10:12 PM - System Checkpoint
    RP998: 5/28/2012 5:49:30 PM - System Checkpoint
    RP999: 5/30/2012 8:05:36 AM - System Checkpoint
    RP1000: 6/1/2012 5:07:06 PM - System Checkpoint
    RP1001: 6/2/2012 6:02:39 PM - System Checkpoint
    RP1002: 6/4/2012 7:28:10 AM - System Checkpoint
    RP1003: 6/5/2012 8:30:35 AM - System Checkpoint
    RP1004: 6/5/2012 10:55:36 PM - Software Distribution Service 3.0
    RP1005: 6/7/2012 11:15:00 AM - System Checkpoint
    RP1006: 6/8/2012 11:28:13 AM - System Checkpoint
    RP1007: 6/9/2012 12:49:22 PM - System Checkpoint
    RP1008: 6/10/2012 6:03:22 PM - System Checkpoint
    RP1009: 6/11/2012 3:00:15 AM - Software Distribution Service 3.0
    RP1010: 6/11/2012 7:13:19 AM - Software Distribution Service 3.0
    RP1011: 6/11/2012 12:24:23 PM - Software Distribution Service 3.0
    RP1012: 6/11/2012 5:26:46 PM - Software Distribution Service 3.0
    RP1013: 6/11/2012 5:57:46 PM - Software Distribution Service 3.0
    RP1014: 6/11/2012 7:26:28 PM - Software Distribution Service 3.0
    RP1015: 6/12/2012 3:00:17 AM - Software Distribution Service 3.0
    RP1016: 6/12/2012 7:13:27 AM - Software Distribution Service 3.0
    RP1017: 6/12/2012 7:04:03 PM - Software Distribution Service 3.0
    RP1018: 6/13/2012 11:05:37 PM - System Checkpoint
    RP1019: 6/14/2012 11:54:34 PM - System Checkpoint
    RP1020: 6/16/2012 10:41:02 AM - System Checkpoint
    RP1021: 6/17/2012 7:23:47 PM - System Checkpoint
    RP1022: 6/18/2012 9:08:49 PM - System Checkpoint
    RP1023: 6/20/2012 12:10:32 PM - System Checkpoint
    RP1024: 6/21/2012 12:19:08 PM - System Checkpoint
    RP1025: 6/22/2012 12:46:22 PM - System Checkpoint
    RP1026: 6/23/2012 1:09:33 PM - System Checkpoint
    RP1027: 6/23/2012 1:45:06 PM - Software Distribution Service 3.0
    RP1028: 6/23/2012 1:54:52 PM - Software Distribution Service 3.0
    RP1029: 6/23/2012 3:26:37 PM - Software Distribution Service 3.0
    RP1030: 6/25/2012 7:07:38 PM - System Checkpoint
    RP1031: 6/26/2012 8:05:41 PM - System Checkpoint
    RP1032: 6/28/2012 5:15:16 PM - System Checkpoint
    RP1033: 6/29/2012 6:32:12 PM - System Checkpoint
    RP1034: 6/30/2012 6:33:09 PM - System Checkpoint
    RP1035: 7/1/2012 6:45:17 PM - System Checkpoint
    RP1036: 7/3/2012 9:04:20 AM - System Checkpoint
    RP1037: 7/4/2012 9:50:58 AM - System Checkpoint
    RP1038: 7/5/2012 7:50:04 PM - System Checkpoint
    RP1039: 7/7/2012 7:11:47 PM - System Checkpoint
    RP1040: 7/18/2012 10:03:34 PM - System Checkpoint
    RP1041: 7/19/2012 10:27:15 AM - Software Distribution Service 3.0
    RP1042: 7/20/2012 10:36:45 AM - System Checkpoint
    RP1043: 7/20/2012 12:36:26 PM - Software Distribution Service 3.0
    RP1044: 7/21/2012 4:11:42 PM - Software Distribution Service 3.0
    RP1045: 7/23/2012 12:11:22 PM - System Checkpoint
    RP1046: 7/24/2012 12:32:08 PM - System Checkpoint
    RP1047: 7/25/2012 1:28:52 PM - System Checkpoint
    RP1048: 7/25/2012 7:04:09 PM - Unsigned driver install
    RP1049: 7/26/2012 6:07:26 AM - Software Distribution Service 3.0
    RP1050: 7/26/2012 11:53:24 AM - Software Distribution Service 3.0
    RP1051: 7/26/2012 12:25:48 PM - Software Distribution Service 3.0
    RP1052: 7/26/2012 12:42:38 PM - Software Distribution Service 3.0
    RP1053: 7/26/2012 2:17:02 PM - Software Distribution Service 3.0
    RP1054: 7/26/2012 3:53:54 PM - Software Distribution Service 3.0
    RP1055: 7/26/2012 4:16:23 PM - Software Distribution Service 3.0
    RP1056: 7/26/2012 4:27:44 PM - Software Distribution Service 3.0
    RP1057: 7/26/2012 4:41:55 PM - Software Distribution Service 3.0
    RP1058: 7/26/2012 4:49:23 PM - Software Distribution Service 3.0
    RP1059: 7/26/2012 5:24:45 PM - Software Distribution Service 3.0
    RP1060: 7/26/2012 7:49:40 PM - Software Distribution Service 3.0
    RP1061: 7/26/2012 9:45:18 PM - Software Distribution Service 3.0
    RP1062: 7/27/2012 10:32:14 PM - System Checkpoint
    RP1063: 7/28/2012 11:26:36 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Amazing Slow Downer (remove only)
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon IJ Network Tool
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 2.0
    Canon MP620 series MP Drivers
    Canon MP620 series User Registration
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities EOS Utility
    Canon Utilities My Printer
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Solution Menu
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Choice Guard
    ClearType Tuning Control Panel Applet
    DD Poker 3
    Dell Support Center (Support Software)
    Dell System Restore
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card Utility
    DING!
    Flixster Collections
    Garmin City Navigator North America NT 2009.11 Update
    Garmin City Navigator North America NT 2013.10 Update
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToAssist 8.0.0.514
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photo Creations
    HP Photosmart 5510d series Basic Device Software
    HP Photosmart 5510d series Help
    HP Photosmart 5510d series Product Improvement Study
    HP Product Detection
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    iSEEK AnswerWorks English Runtime
    iTunes
    Java(TM) 6 Update 16
    Java(TM) 6 Update 17
    Java(TM) 6 Update 7
    Junk Mail filter update
    Laptop Integrated Webcam Driver (1.01.01.0529)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes Anti-Malware version 1.62.0.1300
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft MapPoint North America 2004
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Standard
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WSE 3.0 Runtime
    Microsoft Zoo Tycoon
    MobileMe Control Panel
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 9.0.1 (x86 en-US)
    MP3 Download Manager
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB927977)
    Norton 360
    PMB
    PowerDVD
    Quicken 2012
    Quicken WillMaker Plus 2012
    QuickSet
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    ShopAtHome.com Toolbar
    Skype Click to Call
    Skype™ 5.8
    Sonic CinePlayer Decoder Pack
    Spotify
    Synaptics Pointing Device Driver
    TWC Customer Controls
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Wireless Download Manager 2.2.3-SNAPSHOT-r10103
    W Photo Studio
    Walmart MP3 Music Downloads
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/28/2012 12:56:26 PM, error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).
    7/27/2012 5:49:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
    7/27/2012 5:49:32 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/25/2012 7:55:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
    7/25/2012 7:55:11 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/25/2012 6:32:17 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95b08570, parameter4 00000000.
    7/25/2012 6:32:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Skype Updater service to connect.
    7/25/2012 6:32:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PMBDeviceInfoProvider service to connect.
    7/25/2012 6:32:11 AM, error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/25/2012 6:32:11 AM, error: Service Control Manager [7000] - The PMBDeviceInfoProvider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/25/2012 6:24:22 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97a83570, parameter4 00000000.
    7/25/2012 6:13:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97e8e570, parameter4 00000000.
    7/25/2012 3:47:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    7/24/2012 5:36:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
    7/23/2012 8:43:12 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 ba277570, parameter4 00000000.
    7/23/2012 6:22:03 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 96c32570, parameter4 00000000.
    7/23/2012 6:11:31 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9509d570, parameter4 00000000.
    7/23/2012 6:09:25 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/23/2012 6:09:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    7/23/2012 6:03:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95b70570, parameter4 00000000.
    7/23/2012 6:00:26 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/23/2012 6:00:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    7/23/2012 5:55:06 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95caa570, parameter4 00000000.
    7/23/2012 5:47:07 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 970f0570, parameter4 00000000.
    7/23/2012 5:45:06 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/23/2012 5:45:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    7/22/2012 6:14:47 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97184570, parameter4 00000000.
    7/22/2012 6:14:43 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94a3e570, parameter4 00000000.
    7/22/2012 6:12:49 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 93ed1570, parameter4 00000000.
    7/22/2012 5:36:33 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94adc570, parameter4 00000000.
    7/22/2012 5:36:29 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 a4783570, parameter4 00000000.
    7/22/2012 5:36:25 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 93b56570, parameter4 00000000.
    7/22/2012 5:35:56 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94f49570, parameter4 00000000.
    7/22/2012 4:52:20 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9690e570, parameter4 00000000.
    7/22/2012 4:38:03 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9777a570, parameter4 00000000.
    7/22/2012 4:27:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 a19d3570, parameter4 00000000.
    .
     
  2. kspot

    kspot TS Rookie Topic Starter Posts: 27

    ==== End Of File ===========================

    DDS.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/3/2009 4:44:56 PM
    System Uptime: 7/29/2012 2:35:31 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0M277C
    Processor: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1777/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 43.741 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02731028&REV_02\4&139D1158&0&00E4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek PCIe GBE Family Controller
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02731028&REV_02\4&139D1158&0&00E4
    Service: RTLE8023xp
    .
    ==== System Restore Points ===================
    .
    RP971: 4/30/2012 12:01:38 PM - System Checkpoint
    RP972: 5/1/2012 3:57:47 PM - System Checkpoint
    RP973: 5/2/2012 6:13:11 PM - System Checkpoint
    RP974: 5/4/2012 6:51:28 AM - System Checkpoint
    RP975: 5/5/2012 5:09:48 PM - System Checkpoint
    RP976: 5/7/2012 9:10:35 AM - System Checkpoint
    RP977: 5/8/2012 9:42:41 AM - System Checkpoint
    RP978: 5/9/2012 7:00:18 AM - Software Distribution Service 3.0
    RP979: 5/10/2012 7:01:00 AM - System Checkpoint
    RP980: 5/10/2012 7:58:48 AM - Software Distribution Service 3.0
    RP981: 5/11/2012 8:30:33 AM - System Checkpoint
    RP982: 5/12/2012 1:39:12 PM - System Checkpoint
    RP983: 5/13/2012 5:20:03 PM - System Checkpoint
    RP984: 5/14/2012 8:49:05 PM - System Checkpoint
    RP985: 5/16/2012 6:51:12 AM - System Checkpoint
    RP986: 5/17/2012 6:59:18 AM - System Checkpoint
    RP987: 5/18/2012 9:47:57 AM - System Checkpoint
    RP988: 5/18/2012 5:58:25 PM - Installed HP Product Detection
    RP989: 5/18/2012 5:58:40 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
    RP990: 5/19/2012 6:30:11 PM - System Checkpoint
    RP991: 5/20/2012 7:02:51 PM - System Checkpoint
    RP992: 5/22/2012 9:11:52 AM - System Checkpoint
    RP993: 5/22/2012 3:03:28 PM - Software Distribution Service 3.0
    RP994: 5/23/2012 5:53:09 AM - Software Distribution Service 3.0
    RP995: 5/24/2012 2:51:18 PM - System Checkpoint
    RP996: 5/25/2012 5:31:05 PM - System Checkpoint
    RP997: 5/26/2012 8:10:12 PM - System Checkpoint
    RP998: 5/28/2012 5:49:30 PM - System Checkpoint
    RP999: 5/30/2012 8:05:36 AM - System Checkpoint
    RP1000: 6/1/2012 5:07:06 PM - System Checkpoint
    RP1001: 6/2/2012 6:02:39 PM - System Checkpoint
    RP1002: 6/4/2012 7:28:10 AM - System Checkpoint
    RP1003: 6/5/2012 8:30:35 AM - System Checkpoint
    RP1004: 6/5/2012 10:55:36 PM - Software Distribution Service 3.0
    RP1005: 6/7/2012 11:15:00 AM - System Checkpoint
    RP1006: 6/8/2012 11:28:13 AM - System Checkpoint
    RP1007: 6/9/2012 12:49:22 PM - System Checkpoint
    RP1008: 6/10/2012 6:03:22 PM - System Checkpoint
    RP1009: 6/11/2012 3:00:15 AM - Software Distribution Service 3.0
    RP1010: 6/11/2012 7:13:19 AM - Software Distribution Service 3.0
    RP1011: 6/11/2012 12:24:23 PM - Software Distribution Service 3.0
    RP1012: 6/11/2012 5:26:46 PM - Software Distribution Service 3.0
    RP1013: 6/11/2012 5:57:46 PM - Software Distribution Service 3.0
    RP1014: 6/11/2012 7:26:28 PM - Software Distribution Service 3.0
    RP1015: 6/12/2012 3:00:17 AM - Software Distribution Service 3.0
    RP1016: 6/12/2012 7:13:27 AM - Software Distribution Service 3.0
    RP1017: 6/12/2012 7:04:03 PM - Software Distribution Service 3.0
    RP1018: 6/13/2012 11:05:37 PM - System Checkpoint
    RP1019: 6/14/2012 11:54:34 PM - System Checkpoint
    RP1020: 6/16/2012 10:41:02 AM - System Checkpoint
    RP1021: 6/17/2012 7:23:47 PM - System Checkpoint
    RP1022: 6/18/2012 9:08:49 PM - System Checkpoint
    RP1023: 6/20/2012 12:10:32 PM - System Checkpoint
    RP1024: 6/21/2012 12:19:08 PM - System Checkpoint
    RP1025: 6/22/2012 12:46:22 PM - System Checkpoint
    RP1026: 6/23/2012 1:09:33 PM - System Checkpoint
    RP1027: 6/23/2012 1:45:06 PM - Software Distribution Service 3.0
    RP1028: 6/23/2012 1:54:52 PM - Software Distribution Service 3.0
    RP1029: 6/23/2012 3:26:37 PM - Software Distribution Service 3.0
    RP1030: 6/25/2012 7:07:38 PM - System Checkpoint
    RP1031: 6/26/2012 8:05:41 PM - System Checkpoint
    RP1032: 6/28/2012 5:15:16 PM - System Checkpoint
    RP1033: 6/29/2012 6:32:12 PM - System Checkpoint
    RP1034: 6/30/2012 6:33:09 PM - System Checkpoint
    RP1035: 7/1/2012 6:45:17 PM - System Checkpoint
    RP1036: 7/3/2012 9:04:20 AM - System Checkpoint
    RP1037: 7/4/2012 9:50:58 AM - System Checkpoint
    RP1038: 7/5/2012 7:50:04 PM - System Checkpoint
    RP1039: 7/7/2012 7:11:47 PM - System Checkpoint
    RP1040: 7/18/2012 10:03:34 PM - System Checkpoint
    RP1041: 7/19/2012 10:27:15 AM - Software Distribution Service 3.0
    RP1042: 7/20/2012 10:36:45 AM - System Checkpoint
    RP1043: 7/20/2012 12:36:26 PM - Software Distribution Service 3.0
    RP1044: 7/21/2012 4:11:42 PM - Software Distribution Service 3.0
    RP1045: 7/23/2012 12:11:22 PM - System Checkpoint
    RP1046: 7/24/2012 12:32:08 PM - System Checkpoint
    RP1047: 7/25/2012 1:28:52 PM - System Checkpoint
    RP1048: 7/25/2012 7:04:09 PM - Unsigned driver install
    RP1049: 7/26/2012 6:07:26 AM - Software Distribution Service 3.0
    RP1050: 7/26/2012 11:53:24 AM - Software Distribution Service 3.0
    RP1051: 7/26/2012 12:25:48 PM - Software Distribution Service 3.0
    RP1052: 7/26/2012 12:42:38 PM - Software Distribution Service 3.0
    RP1053: 7/26/2012 2:17:02 PM - Software Distribution Service 3.0
    RP1054: 7/26/2012 3:53:54 PM - Software Distribution Service 3.0
    RP1055: 7/26/2012 4:16:23 PM - Software Distribution Service 3.0
    RP1056: 7/26/2012 4:27:44 PM - Software Distribution Service 3.0
    RP1057: 7/26/2012 4:41:55 PM - Software Distribution Service 3.0
    RP1058: 7/26/2012 4:49:23 PM - Software Distribution Service 3.0
    RP1059: 7/26/2012 5:24:45 PM - Software Distribution Service 3.0
    RP1060: 7/26/2012 7:49:40 PM - Software Distribution Service 3.0
    RP1061: 7/26/2012 9:45:18 PM - Software Distribution Service 3.0
    RP1062: 7/27/2012 10:32:14 PM - System Checkpoint
    RP1063: 7/28/2012 11:26:36 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player
    Advanced Audio FX Engine
    Advanced Video FX Engine
    Amazing Slow Downer (remove only)
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bing Bar
    Bonjour
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon G.726 WMP-Decoder
    Canon IJ Network Tool
    Canon MovieEdit Task for ZoomBrowser EX
    Canon MP Navigator EX 2.0
    Canon MP620 series MP Drivers
    Canon MP620 series User Registration
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities CameraWindow
    Canon Utilities CameraWindow DC
    Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities EOS Utility
    Canon Utilities My Printer
    Canon Utilities MyCamera
    Canon Utilities MyCamera DC
    Canon Utilities PhotoStitch
    Canon Utilities RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Solution Menu
    Canon Utilities ZoomBrowser EX
    Canon ZoomBrowser EX Memory Card Utility
    Choice Guard
    ClearType Tuning Control Panel Applet
    DD Poker 3
    Dell Support Center (Support Software)
    Dell System Restore
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card Utility
    DING!
    Flixster Collections
    Garmin City Navigator North America NT 2009.11 Update
    Garmin City Navigator North America NT 2013.10 Update
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToAssist 8.0.0.514
    Hewlett-Packard ACLM.NET v1.1.0.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Photo Creations
    HP Photosmart 5510d series Basic Device Software
    HP Photosmart 5510d series Help
    HP Photosmart 5510d series Product Improvement Study
    HP Product Detection
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    iSEEK AnswerWorks English Runtime
    iTunes
    Java(TM) 6 Update 16
    Java(TM) 6 Update 17
    Java(TM) 6 Update 7
    Junk Mail filter update
    Laptop Integrated Webcam Driver (1.01.01.0529)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    Malwarebytes Anti-Malware version 1.62.0.1300
    McAfee Security Scan Plus
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft MapPoint North America 2004
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Standard
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft WSE 3.0 Runtime
    Microsoft Zoo Tycoon
    MobileMe Control Panel
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 9.0.1 (x86 en-US)
    MP3 Download Manager
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    MSXML 6.0 Parser (KB927977)
    Norton 360
    PMB
    PowerDVD
    Quicken 2012
    Quicken WillMaker Plus 2012
    QuickSet
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    ShopAtHome.com Toolbar
    Skype Click to Call
    Skype™ 5.8
    Sonic CinePlayer Decoder Pack
    Spotify
    Synaptics Pointing Device Driver
    TWC Customer Controls
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Verizon Wireless Download Manager 2.2.3-SNAPSHOT-r10103
    W Photo Studio
    Walmart MP3 Music Downloads
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/28/2012 12:56:26 PM, error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).
    7/27/2012 5:49:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
    7/27/2012 5:49:32 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/25/2012 7:55:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
    7/25/2012 7:55:11 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/25/2012 6:32:17 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95b08570, parameter4 00000000.
    7/25/2012 6:32:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Skype Updater service to connect.
    7/25/2012 6:32:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PMBDeviceInfoProvider service to connect.
    7/25/2012 6:32:11 AM, error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/25/2012 6:32:11 AM, error: Service Control Manager [7000] - The PMBDeviceInfoProvider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/25/2012 6:24:22 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97a83570, parameter4 00000000.
    7/25/2012 6:13:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97e8e570, parameter4 00000000.
    7/25/2012 3:47:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    7/24/2012 5:36:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
    7/23/2012 8:43:12 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 ba277570, parameter4 00000000.
    7/23/2012 6:22:03 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 96c32570, parameter4 00000000.
    7/23/2012 6:11:31 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9509d570, parameter4 00000000.
    7/23/2012 6:09:25 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/23/2012 6:09:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    7/23/2012 6:03:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95b70570, parameter4 00000000.
    7/23/2012 6:00:26 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/23/2012 6:00:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    7/23/2012 5:55:06 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95caa570, parameter4 00000000.
    7/23/2012 5:47:07 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 970f0570, parameter4 00000000.
    7/23/2012 5:45:06 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/23/2012 5:45:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    7/22/2012 6:14:47 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97184570, parameter4 00000000.
    7/22/2012 6:14:43 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94a3e570, parameter4 00000000.
    7/22/2012 6:12:49 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 93ed1570, parameter4 00000000.
    7/22/2012 5:36:33 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94adc570, parameter4 00000000.
    7/22/2012 5:36:29 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 a4783570, parameter4 00000000.
    7/22/2012 5:36:25 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 93b56570, parameter4 00000000.
    7/22/2012 5:35:56 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94f49570, parameter4 00000000.
    7/22/2012 4:52:20 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9690e570, parameter4 00000000.
    7/22/2012 4:38:03 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9777a570, parameter4 00000000.
    7/22/2012 4:27:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 a19d3570, parameter4 00000000.
    .
    ==== End Of File ===========================


    Thanks for any help that you can provide.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  4. kspot

    kspot TS Rookie Topic Starter Posts: 27

    Ran TDSSKILLER and got the following report (1 of 2):


    18:58:19.0281 6276 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    18:58:21.0281 6276 ============================================================
    18:58:21.0281 6276 Current date / time: 2012/07/29 18:58:21.0281
    18:58:21.0281 6276 SystemInfo:
    18:58:21.0281 6276
    18:58:21.0281 6276 OS Version: 5.1.2600 ServicePack: 3.0
    18:58:21.0281 6276 Product type: Workstation
    18:58:21.0281 6276 ComputerName: LESLIELAPTOP
    18:58:21.0281 6276 UserName: Leslie Carey
    18:58:21.0281 6276 Windows directory: C:\WINDOWS
    18:58:21.0281 6276 System windows directory: C:\WINDOWS
    18:58:21.0281 6276 Processor architecture: Intel x86
    18:58:21.0281 6276 Number of processors: 2
    18:58:21.0281 6276 Page size: 0x1000
    18:58:21.0281 6276 Boot type: Normal boot
    18:58:21.0281 6276 ============================================================
    18:58:24.0671 6276 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:58:24.0687 6276 ============================================================
    18:58:24.0687 6276 \Device\Harddisk0\DR0:
    18:58:24.0703 6276 MBR partitions:
    18:58:24.0703 6276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1BE29168
    18:58:24.0703 6276 ============================================================
    18:58:24.0828 6276 C: <-> \Device\Harddisk0\DR0\Partition0
    18:58:24.0828 6276 ============================================================
    18:58:24.0828 6276 Initialize success
    18:58:24.0828 6276 ============================================================
    18:58:38.0453 11412 ============================================================
    18:58:38.0468 11412 Scan started
    18:58:38.0468 11412 Mode: Manual;
    18:58:38.0468 11412 ============================================================
    18:58:40.0125 11412 Abiosdsk - ok
    18:58:40.0187 11412 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    18:58:40.0296 11412 abp480n5 - ok
    18:58:40.0359 11412 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:58:40.0359 11412 ACPI - ok
    18:58:40.0375 11412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:58:40.0375 11412 ACPIEC - ok
    18:58:40.0468 11412 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    18:58:40.0468 11412 AdobeFlashPlayerUpdateSvc - ok
    18:58:40.0531 11412 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    18:58:40.0578 11412 adpu160m - ok
    18:58:40.0640 11412 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:58:40.0671 11412 aec - ok
    18:58:40.0734 11412 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    18:58:40.0750 11412 AFD - ok
    18:58:40.0781 11412 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    18:58:40.0796 11412 agp440 - ok
    18:58:40.0843 11412 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    18:58:40.0843 11412 agpCPQ - ok
    18:58:40.0890 11412 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    18:58:40.0906 11412 Aha154x - ok
    18:58:40.0953 11412 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    18:58:40.0984 11412 aic78u2 - ok
    18:58:40.0984 11412 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    18:58:41.0000 11412 aic78xx - ok
    18:58:41.0031 11412 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    18:58:41.0062 11412 Alerter - ok
    18:58:41.0093 11412 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    18:58:41.0093 11412 ALG - ok
    18:58:41.0140 11412 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    18:58:41.0140 11412 AliIde - ok
    18:58:41.0187 11412 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    18:58:41.0203 11412 alim1541 - ok
    18:58:41.0265 11412 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    18:58:41.0265 11412 amdagp - ok
    18:58:41.0328 11412 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    18:58:41.0328 11412 amsint - ok
    18:58:41.0390 11412 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    18:58:41.0437 11412 ApfiltrService - ok
    18:58:41.0484 11412 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
    18:58:41.0484 11412 APPDRV - ok
    18:58:41.0640 11412 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:58:41.0640 11412 Apple Mobile Device - ok
    18:58:41.0687 11412 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    18:58:41.0703 11412 AppMgmt - ok
    18:58:41.0734 11412 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:58:41.0734 11412 Arp1394 - ok
    18:58:41.0765 11412 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    18:58:41.0765 11412 asc - ok
    18:58:41.0796 11412 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    18:58:41.0796 11412 asc3350p - ok
    18:58:41.0859 11412 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    18:58:41.0875 11412 asc3550 - ok
    18:58:41.0984 11412 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:58:42.0015 11412 aspnet_state - ok
    18:58:42.0062 11412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:58:42.0062 11412 AsyncMac - ok
    18:58:42.0125 11412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:58:42.0140 11412 atapi - ok
    18:58:42.0140 11412 Atdisk - ok
    18:58:42.0171 11412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:58:42.0171 11412 Atmarpc - ok
    18:58:42.0234 11412 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    18:58:42.0234 11412 AudioSrv - ok
    18:58:42.0296 11412 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:58:42.0296 11412 audstub - ok
    18:58:42.0406 11412 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    18:58:42.0500 11412 BBSvc - ok
    18:58:42.0578 11412 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    18:58:42.0578 11412 BBUpdate - ok
    18:58:42.0765 11412 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    18:58:42.0796 11412 BCM43XX - ok
    18:58:43.0000 11412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:58:43.0000 11412 Beep - ok
    18:58:43.0125 11412 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys
    18:58:43.0140 11412 BHDrvx86 - ok
    18:58:43.0218 11412 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    18:58:43.0234 11412 BITS - ok
    18:58:43.0343 11412 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    18:58:43.0343 11412 Bonjour Service - ok
    18:58:43.0406 11412 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    18:58:43.0406 11412 Browser - ok
    18:58:43.0484 11412 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    18:58:43.0484 11412 cbidf - ok
    18:58:43.0484 11412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:58:43.0500 11412 cbidf2k - ok
    18:58:43.0562 11412 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
    18:58:43.0578 11412 CCALib8 - ok
    18:58:43.0625 11412 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    18:58:43.0640 11412 CCDECODE - ok
    18:58:43.0796 11412 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys
    18:58:43.0812 11412 ccHP - ok
    18:58:43.0859 11412 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    18:58:43.0859 11412 cd20xrnt - ok
    18:58:43.0921 11412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:58:43.0937 11412 Cdaudio - ok
    18:58:43.0968 11412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:58:43.0968 11412 Cdfs - ok
    18:58:44.0031 11412 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:58:44.0031 11412 Cdrom - ok
    18:58:44.0046 11412 Changer - ok
    18:58:44.0093 11412 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    18:58:44.0125 11412 CiSvc - ok
    18:58:44.0156 11412 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    18:58:44.0187 11412 ClipSrv - ok
    18:58:44.0281 11412 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:58:44.0328 11412 clr_optimization_v2.0.50727_32 - ok
    18:58:44.0406 11412 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:58:44.0421 11412 clr_optimization_v4.0.30319_32 - ok
    18:58:44.0484 11412 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:58:44.0484 11412 CmBatt - ok
    18:58:44.0500 11412 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    18:58:44.0500 11412 CmdIde - ok
    18:58:44.0515 11412 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:58:44.0531 11412 Compbatt - ok
    18:58:44.0531 11412 COMSysApp - ok
    18:58:44.0593 11412 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    18:58:44.0609 11412 Cpqarray - ok
    18:58:44.0656 11412 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    18:58:44.0656 11412 CryptSvc - ok
    18:58:44.0703 11412 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    18:58:44.0703 11412 dac2w2k - ok
    18:58:44.0718 11412 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    18:58:44.0718 11412 dac960nt - ok
    18:58:44.0812 11412 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    18:58:44.0828 11412 DcomLaunch - ok
    18:58:44.0890 11412 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    18:58:44.0890 11412 Dhcp - ok
    18:58:44.0921 11412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:58:44.0921 11412 Disk - ok
    18:58:44.0953 11412 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
    18:58:44.0968 11412 DLABMFSM - ok
    18:58:44.0968 11412 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
    18:58:44.0968 11412 DLABOIOM - ok
    18:58:44.0984 11412 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    18:58:44.0984 11412 DLACDBHM - ok
    18:58:45.0000 11412 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
    18:58:45.0000 11412 DLADResM - ok
    18:58:45.0015 11412 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
    18:58:45.0015 11412 DLAIFS_M - ok
    18:58:45.0015 11412 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
    18:58:45.0031 11412 DLAOPIOM - ok
    18:58:45.0031 11412 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
    18:58:45.0031 11412 DLAPoolM - ok
    18:58:45.0046 11412 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
    18:58:45.0046 11412 DLARTL_M - ok
    18:58:45.0062 11412 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
    18:58:45.0062 11412 DLAUDFAM - ok
    18:58:45.0078 11412 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
    18:58:45.0078 11412 DLAUDF_M - ok
    18:58:45.0078 11412 dmadmin - ok
    18:58:45.0171 11412 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:58:45.0187 11412 dmboot - ok
    18:58:45.0203 11412 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:58:45.0203 11412 dmio - ok
    18:58:45.0218 11412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:58:45.0218 11412 dmload - ok
    18:58:45.0250 11412 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    18:58:45.0281 11412 dmserver - ok
    18:58:45.0328 11412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:58:45.0328 11412 DMusic - ok
    18:58:45.0390 11412 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    18:58:45.0390 11412 Dnscache - ok
    18:58:45.0421 11412 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    18:58:45.0437 11412 Dot3svc - ok
    18:58:45.0453 11412 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    18:58:45.0453 11412 dpti2o - ok
    18:58:45.0468 11412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:58:45.0468 11412 drmkaud - ok
    18:58:45.0531 11412 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    18:58:45.0531 11412 DRVMCDB - ok
    18:58:45.0546 11412 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    18:58:45.0546 11412 DRVNDDM - ok
    18:58:45.0578 11412 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    18:58:45.0609 11412 EapHost - ok
    18:58:45.0765 11412 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    18:58:45.0765 11412 eeCtrl - ok
    18:58:45.0828 11412 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    18:58:45.0828 11412 EraserUtilRebootDrv - ok
    18:58:45.0875 11412 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    18:58:45.0875 11412 ERSvc - ok
    18:58:45.0937 11412 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:58:45.0937 11412 Eventlog - ok
    18:58:46.0015 11412 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    18:58:46.0015 11412 EventSystem - ok
    18:58:46.0078 11412 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:58:46.0078 11412 Fastfat - ok
    18:58:46.0156 11412 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:58:46.0156 11412 FastUserSwitchingCompatibility - ok
    18:58:46.0234 11412 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
    18:58:46.0265 11412 Fax - ok
    18:58:46.0296 11412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    18:58:46.0296 11412 Fdc - ok
    18:58:46.0343 11412 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:58:46.0359 11412 Fips - ok
    18:58:46.0406 11412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:58:46.0406 11412 Flpydisk - ok
    18:58:46.0468 11412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    18:58:46.0468 11412 FltMgr - ok
    18:58:46.0578 11412 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    18:58:46.0609 11412 FontCache3.0.0.0 - ok
    18:58:46.0625 11412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:58:46.0625 11412 Fs_Rec - ok
    18:58:46.0703 11412 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:58:46.0703 11412 Ftdisk - ok
    18:58:46.0734 11412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    18:58:46.0734 11412 GEARAspiWDM - ok
    18:58:46.0828 11412 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    18:58:46.0859 11412 GoToAssist - ok
    18:58:46.0906 11412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:58:46.0921 11412 Gpc - ok
    18:58:47.0046 11412 gupdate1c9e55cd789d57a (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    18:58:47.0046 11412 gupdate1c9e55cd789d57a - ok
    18:58:47.0062 11412 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
    18:58:47.0062 11412 gupdatem - ok
    18:58:47.0156 11412 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:58:47.0156 11412 gusvc - ok
    18:58:47.0218 11412 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:58:47.0218 11412 HDAudBus - ok
    18:58:47.0328 11412 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    18:58:47.0343 11412 helpsvc - ok
    18:58:47.0390 11412 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    18:58:47.0390 11412 HidServ - ok
    18:58:47.0437 11412 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:58:47.0437 11412 hidusb - ok
    18:58:47.0468 11412 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    18:58:47.0515 11412 hkmsvc - ok
    18:58:47.0546 11412 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    18:58:47.0562 11412 hpn - ok
    18:58:47.0640 11412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:58:47.0640 11412 HTTP - ok
    18:58:47.0687 11412 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    18:58:47.0718 11412 HTTPFilter - ok
    18:58:47.0734 11412 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    18:58:47.0734 11412 i2omgmt - ok
    18:58:47.0765 11412 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    18:58:47.0781 11412 i2omp - ok
    18:58:47.0812 11412 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:58:47.0828 11412 i8042prt - ok
    18:58:48.0593 11412 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    18:58:48.0796 11412 ialm - ok
    18:58:49.0031 11412 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
    18:58:49.0031 11412 iaStor - ok
    18:58:49.0234 11412 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:58:49.0296 11412 idsvc - ok
    18:58:49.0562 11412 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120727.001\IDSxpx86.sys
    18:58:49.0562 11412 IDSxpx86 - ok
    18:58:49.0687 11412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:58:49.0687 11412 Imapi - ok
    18:58:49.0765 11412 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    18:58:49.0765 11412 ImapiService - ok
    18:58:49.0796 11412 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    18:58:49.0796 11412 ini910u - ok
    18:58:50.0406 11412 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    18:58:50.0734 11412 IntcAzAudAddService - ok
    18:58:50.0937 11412 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    18:58:51.0031 11412 IntelIde - ok
    18:58:51.0093 11412 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:58:51.0093 11412 intelppm - ok
    18:58:51.0140 11412 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    18:58:51.0140 11412 Ip6Fw - ok
    18:58:51.0171 11412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:58:51.0171 11412 IpFilterDriver - ok
    18:58:51.0218 11412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:58:51.0218 11412 IpInIp - ok
    18:58:51.0328 11412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:58:51.0328 11412 IpNat - ok
    18:58:51.0531 11412 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    18:58:51.0562 11412 iPod Service - ok
    18:58:51.0593 11412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:58:51.0593 11412 IPSec - ok
    18:58:51.0640 11412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:58:51.0671 11412 IRENUM - ok
    18:58:51.0734 11412 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:58:51.0734 11412 isapnp - ok
    18:58:51.0859 11412 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
    18:58:51.0859 11412 JavaQuickStarterService - ok
    18:58:51.0906 11412 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:58:51.0906 11412 Kbdclass - ok
    18:58:51.0921 11412 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:58:51.0921 11412 kbdhid - ok
    18:58:51.0953 11412 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:58:51.0953 11412 kmixer - ok
    18:58:52.0015 11412 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:58:52.0015 11412 KSecDD - ok
    18:58:52.0093 11412 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    18:58:52.0093 11412 LanmanServer - ok
    18:58:52.0171 11412 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    18:58:52.0171 11412 lanmanworkstation - ok
    18:58:52.0171 11412 lbrtfdc - ok
    18:58:52.0234 11412 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    18:58:52.0234 11412 LmHosts - ok
    18:58:52.0281 11412 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
    18:58:52.0281 11412 MBAMProtector - ok
    18:58:52.0421 11412 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    18:58:52.0437 11412 MBAMService - ok
    18:58:52.0515 11412 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    18:58:52.0531 11412 McComponentHostService - ok
    18:58:52.0578 11412 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    18:58:52.0609 11412 Messenger - ok
    18:58:52.0656 11412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:58:52.0656 11412 mnmdd - ok
    18:58:52.0687 11412 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    18:58:52.0703 11412 mnmsrvc - ok
    18:58:52.0734 11412 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:58:52.0734 11412 Modem - ok
    18:58:52.0750 11412 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:58:52.0765 11412 Mouclass - ok
    18:58:52.0765 11412 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:58:52.0781 11412 mouhid - ok
    18:58:52.0812 11412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:58:52.0812 11412 MountMgr - ok
    18:58:52.0859 11412 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    18:58:52.0875 11412 mraid35x - ok
    18:58:52.0921 11412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:58:52.0937 11412 MRxDAV - ok
    18:58:53.0015 11412 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:58:53.0015 11412 MRxSmb - ok
    18:58:53.0078 11412 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    18:58:53.0078 11412 MSDTC - ok
    18:58:53.0093 11412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:58:53.0093 11412 Msfs - ok
    18:58:53.0109 11412 MSIServer - ok
    18:58:53.0156 11412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:58:53.0187 11412 MSKSSRV - ok
    18:58:53.0218 11412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:58:53.0218 11412 MSPCLOCK - ok
    18:58:53.0234 11412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:58:53.0234 11412 MSPQM - ok
    18:58:53.0265 11412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:58:53.0265 11412 mssmbios - ok
    18:58:53.0296 11412 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    18:58:53.0296 11412 MSTEE - ok
    18:58:53.0343 11412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:58:53.0359 11412 Mup - ok
    18:58:53.0531 11412 N360 (64c89db40949fd0e7c8ff303676a91f1) C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
    18:58:53.0531 11412 N360 - ok
    18:58:53.0578 11412 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    18:58:53.0593 11412 NABTSFEC - ok
    18:58:53.0656 11412 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    18:58:53.0671 11412 napagent - ok
    18:58:53.0875 11412 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120728.009\NAVENG.SYS
    18:58:53.0890 11412 NAVENG - ok
    18:58:54.0062 11412 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120728.009\NAVEX15.SYS
    18:58:54.0093 11412 NAVEX15 - ok
    18:58:54.0312 11412 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:58:54.0312 11412 NDIS - ok
    18:58:54.0359 11412 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    18:58:54.0375 11412 NdisIP - ok
    18:58:54.0406 11412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:58:54.0406 11412 NdisTapi - ok
    18:58:54.0421 11412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:58:54.0421 11412 Ndisuio - ok
    18:58:54.0453 11412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:58:54.0468 11412 NdisWan - ok
    18:58:54.0515 11412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:58:54.0515 11412 NDProxy - ok
    18:58:54.0531 11412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:58:54.0531 11412 NetBIOS - ok
    18:58:54.0562 11412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:58:54.0578 11412 NetBT - ok
    18:58:54.0609 11412 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    18:58:54.0640 11412 NetDDE - ok
    18:58:54.0656 11412 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    18:58:54.0656 11412 NetDDEdsdm - ok
    18:58:54.0687 11412 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:58:54.0687 11412 Netlogon - ok
    18:58:54.0734 11412 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    18:58:54.0734 11412 Netman - ok
    18:58:54.0859 11412 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:58:54.0906 11412 NetTcpPortSharing - ok
    18:58:54.0953 11412 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:58:54.0968 11412 NIC1394 - ok
    18:58:55.0015 11412 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    18:58:55.0031 11412 Nla - ok
    18:58:55.0062 11412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:58:55.0062 11412 Npfs - ok
    18:58:55.0187 11412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:58:55.0203 11412 Ntfs - ok
    18:58:55.0203 11412 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:58:55.0203 11412 NtLmSsp - ok
     
  5. kspot

    kspot TS Rookie Topic Starter Posts: 27

    Part 2 of 2:
    18:58:55.0296 11412 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    18:58:55.0343 11412 NtmsSvc - ok
    18:58:55.0406 11412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:58:55.0406 11412 Null - ok
    18:58:55.0437 11412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:58:55.0453 11412 NwlnkFlt - ok
    18:58:55.0500 11412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:58:55.0500 11412 NwlnkFwd - ok
    18:58:55.0531 11412 O2FLASH (bbd5503999f331278db39046888d559c) C:\WINDOWS\system32\DRIVERS\o2flash.exe
    18:58:55.0546 11412 O2FLASH - ok
    18:58:55.0562 11412 O2MDRDR (948aefc4db1e6cc5a8d9fc5740aee392) C:\WINDOWS\system32\DRIVERS\o2media.sys
    18:58:55.0562 11412 O2MDRDR - ok
    18:58:55.0593 11412 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys
    18:58:55.0593 11412 O2SDRDR - ok
    18:58:55.0656 11412 OEM13Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM13Afx.sys
    18:58:55.0656 11412 OEM13Afx - ok
    18:58:55.0718 11412 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
    18:58:55.0718 11412 OEM13Vfx - ok
    18:58:55.0796 11412 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
    18:58:55.0796 11412 OEM13Vid - ok
    18:58:55.0859 11412 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:58:55.0859 11412 ohci1394 - ok
    18:58:55.0921 11412 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    18:58:55.0921 11412 Parport - ok
    18:58:55.0921 11412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:58:55.0937 11412 PartMgr - ok
    18:58:55.0953 11412 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:58:55.0953 11412 ParVdm - ok
    18:58:55.0984 11412 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:58:55.0984 11412 PCI - ok
    18:58:55.0984 11412 PCIDump - ok
    18:58:56.0015 11412 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:58:56.0031 11412 PCIIde - ok
    18:58:56.0078 11412 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:58:56.0078 11412 Pcmcia - ok
    18:58:56.0078 11412 PDCOMP - ok
    18:58:56.0093 11412 PDFRAME - ok
    18:58:56.0093 11412 PDRELI - ok
    18:58:56.0109 11412 PDRFRAME - ok
    18:58:56.0140 11412 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    18:58:56.0140 11412 perc2 - ok
    18:58:56.0156 11412 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    18:58:56.0156 11412 perc2hib - ok
    18:58:56.0218 11412 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:58:56.0218 11412 PlugPlay - ok
    18:58:56.0468 11412 PMBDeviceInfoProvider (80e85394d8cd7f84340b1c6f4b9d698f) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    18:58:56.0468 11412 PMBDeviceInfoProvider - ok
    18:58:56.0515 11412 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:58:56.0531 11412 PolicyAgent - ok
    18:58:56.0578 11412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:58:56.0578 11412 PptpMiniport - ok
    18:58:56.0593 11412 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:58:56.0593 11412 ProtectedStorage - ok
    18:58:56.0609 11412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:58:56.0609 11412 PSched - ok
    18:58:56.0625 11412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:58:56.0625 11412 Ptilink - ok
    18:58:56.0687 11412 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:58:56.0687 11412 PxHelp20 - ok
    18:58:56.0718 11412 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    18:58:56.0718 11412 ql1080 - ok
    18:58:56.0734 11412 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    18:58:56.0750 11412 Ql10wnt - ok
    18:58:56.0765 11412 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    18:58:56.0765 11412 ql12160 - ok
    18:58:56.0781 11412 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    18:58:56.0781 11412 ql1240 - ok
    18:58:56.0812 11412 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    18:58:56.0812 11412 ql1280 - ok
    18:58:56.0843 11412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:58:56.0843 11412 RasAcd - ok
    18:58:56.0890 11412 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    18:58:56.0921 11412 RasAuto - ok
    18:58:56.0937 11412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:58:56.0937 11412 Rasl2tp - ok
    18:58:56.0984 11412 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    18:58:56.0984 11412 RasMan - ok
    18:58:57.0000 11412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:58:57.0000 11412 RasPppoe - ok
    18:58:57.0015 11412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:58:57.0015 11412 Raspti - ok
    18:58:57.0093 11412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:58:57.0093 11412 Rdbss - ok
    18:58:57.0109 11412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:58:57.0109 11412 RDPCDD - ok
    18:58:57.0140 11412 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:58:57.0156 11412 rdpdr - ok
    18:58:57.0218 11412 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:58:57.0250 11412 RDPWD - ok
    18:58:57.0312 11412 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    18:58:57.0515 11412 RDSessMgr - ok
    18:58:57.0578 11412 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:58:57.0578 11412 redbook - ok
    18:58:57.0640 11412 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    18:58:57.0640 11412 RemoteAccess - ok
    18:58:57.0703 11412 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    18:58:57.0718 11412 RemoteRegistry - ok
    18:58:57.0750 11412 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    18:58:57.0781 11412 RpcLocator - ok
    18:58:57.0859 11412 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    18:58:57.0859 11412 RpcSs - ok
    18:58:57.0906 11412 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    18:58:57.0921 11412 RSVP - ok
    18:58:57.0968 11412 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    18:58:58.0015 11412 RTLE8023xp - ok
    18:58:58.0062 11412 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:58:58.0062 11412 SamSs - ok
    18:58:58.0093 11412 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    18:58:58.0093 11412 SCardSvr - ok
    18:58:58.0140 11412 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    18:58:58.0140 11412 Schedule - ok
    18:58:58.0171 11412 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    18:58:58.0203 11412 sdbus - ok
    18:58:58.0234 11412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:58:58.0234 11412 Secdrv - ok
    18:58:58.0281 11412 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    18:58:58.0296 11412 seclogon - ok
    18:58:58.0343 11412 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
    18:58:58.0343 11412 SENS - ok
    18:58:58.0390 11412 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    18:58:58.0406 11412 Serial - ok
    18:58:58.0468 11412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:58:58.0500 11412 Sfloppy - ok
    18:58:58.0578 11412 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    18:58:58.0593 11412 SharedAccess - ok
    18:58:58.0640 11412 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:58:58.0640 11412 ShellHWDetection - ok
    18:58:58.0656 11412 Simbad - ok
    18:58:58.0687 11412 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    18:58:58.0687 11412 sisagp - ok
    18:58:59.0234 11412 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    18:58:59.0312 11412 Skype C2C Service - ok
    18:58:59.0421 11412 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
    18:58:59.0421 11412 SkypeUpdate - ok
    18:58:59.0640 11412 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    18:58:59.0640 11412 SLIP - ok
    18:58:59.0656 11412 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    18:58:59.0671 11412 Sparrow - ok
    18:58:59.0703 11412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:58:59.0718 11412 splitter - ok
    18:58:59.0781 11412 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    18:58:59.0781 11412 Spooler - ok
    18:58:59.0828 11412 sprtsvc_dellsupportcenter - ok
    18:58:59.0890 11412 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:58:59.0890 11412 sr - ok
    18:58:59.0953 11412 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    18:58:59.0968 11412 srservice - ok
    18:59:00.0125 11412 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS
    18:59:00.0125 11412 SRTSP - ok
    18:59:00.0171 11412 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS
    18:59:00.0171 11412 SRTSPX - ok
    18:59:00.0265 11412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:59:00.0265 11412 Srv - ok
    18:59:00.0312 11412 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    18:59:00.0312 11412 SSDPSRV - ok
    18:59:00.0359 11412 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    18:59:00.0359 11412 StillCam - ok
    18:59:00.0406 11412 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    18:59:00.0421 11412 stisvc - ok
    18:59:00.0562 11412 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    18:59:00.0593 11412 stllssvr - ok
    18:59:00.0640 11412 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    18:59:00.0640 11412 streamip - ok
    18:59:00.0734 11412 SupportSoft RemoteAssist (2e5586392cdfbd1d73badb20e9ed6386) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
    18:59:00.0859 11412 SupportSoft RemoteAssist - ok
    18:59:00.0906 11412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:59:00.0906 11412 swenum - ok
    18:59:00.0953 11412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:59:01.0031 11412 swmidi - ok
    18:59:01.0031 11412 SwPrv - ok
    18:59:01.0078 11412 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    18:59:01.0109 11412 symc810 - ok
    18:59:01.0140 11412 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    18:59:01.0171 11412 symc8xx - ok
    18:59:01.0250 11412 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS
    18:59:01.0265 11412 SymEFA - ok
    18:59:01.0296 11412 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    18:59:01.0312 11412 SymEvent - ok
    18:59:01.0343 11412 SYMFW (a8c45c36309ee066f9191e511f88ed76) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS
    18:59:01.0343 11412 SYMFW - ok
    18:59:01.0375 11412 SYMIDS (f4db00bc0c25be3e05d4bbb8637cc3a3) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS
    18:59:01.0375 11412 SYMIDS - ok
    18:59:01.0437 11412 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    18:59:01.0437 11412 SymIM - ok
    18:59:01.0453 11412 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
    18:59:01.0453 11412 SymIMMP - ok
    18:59:01.0468 11412 SYMNDIS (06a8ecfc68d61a26a67f0e96ff1ca9cc) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS
    18:59:01.0468 11412 SYMNDIS - ok
    18:59:01.0562 11412 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS
    18:59:01.0578 11412 SYMTDI - ok
    18:59:01.0609 11412 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    18:59:01.0609 11412 sym_hi - ok
    18:59:01.0656 11412 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    18:59:01.0671 11412 sym_u3 - ok
    18:59:01.0765 11412 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    18:59:01.0765 11412 SynTP - ok
    18:59:01.0828 11412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:59:01.0828 11412 sysaudio - ok
    18:59:01.0875 11412 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    18:59:01.0937 11412 SysmonLog - ok
    18:59:02.0015 11412 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    18:59:02.0015 11412 TapiSrv - ok
    18:59:02.0093 11412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:59:02.0109 11412 Tcpip - ok
    18:59:02.0140 11412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:59:02.0140 11412 TDPIPE - ok
    18:59:02.0156 11412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:59:02.0156 11412 TDTCP - ok
    18:59:02.0187 11412 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:59:02.0187 11412 TermDD - ok
    18:59:02.0281 11412 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    18:59:02.0281 11412 TermService - ok
    18:59:02.0328 11412 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:59:02.0328 11412 Themes - ok
    18:59:02.0375 11412 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    18:59:02.0515 11412 TlntSvr - ok
    18:59:02.0546 11412 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    18:59:02.0562 11412 TosIde - ok
    18:59:02.0609 11412 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    18:59:02.0609 11412 TrkWks - ok
    18:59:02.0656 11412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:59:02.0656 11412 Udfs - ok
    18:59:02.0687 11412 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    18:59:02.0687 11412 ultra - ok
    18:59:02.0750 11412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:59:02.0765 11412 Update - ok
    18:59:02.0828 11412 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    18:59:02.0859 11412 upnphost - ok
    18:59:02.0890 11412 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    18:59:02.0921 11412 UPS - ok
    18:59:02.0953 11412 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
    18:59:02.0984 11412 USBAAPL - ok
    18:59:03.0046 11412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:59:03.0046 11412 usbccgp - ok
    18:59:03.0078 11412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:59:03.0078 11412 usbehci - ok
    18:59:03.0140 11412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:59:03.0140 11412 usbhub - ok
    18:59:03.0187 11412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:59:03.0218 11412 usbscan - ok
    18:59:03.0265 11412 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:59:03.0296 11412 USBSTOR - ok
    18:59:03.0312 11412 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:59:03.0328 11412 usbuhci - ok
    18:59:03.0375 11412 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    18:59:03.0375 11412 usbvideo - ok
    18:59:03.0406 11412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:59:03.0421 11412 VgaSave - ok
    18:59:03.0468 11412 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    18:59:03.0468 11412 viaagp - ok
    18:59:03.0484 11412 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    18:59:03.0500 11412 ViaIde - ok
    18:59:03.0531 11412 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:59:03.0531 11412 VolSnap - ok
    18:59:03.0625 11412 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    18:59:03.0640 11412 VSS - ok
    18:59:03.0671 11412 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    18:59:03.0671 11412 w32time - ok
    18:59:03.0687 11412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:59:03.0703 11412 Wanarp - ok
    18:59:03.0781 11412 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    18:59:03.0796 11412 Wdf01000 - ok
    18:59:03.0796 11412 WDICA - ok
    18:59:03.0875 11412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:59:03.0875 11412 wdmaud - ok
    18:59:03.0937 11412 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    18:59:03.0937 11412 WebClient - ok
    18:59:04.0062 11412 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    18:59:04.0062 11412 winmgmt - ok
    18:59:04.0078 11412 wltrysvc - ok
    18:59:04.0125 11412 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    18:59:04.0156 11412 WmdmPmSN - ok
    18:59:04.0281 11412 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    18:59:04.0296 11412 Wmi - ok
    18:59:04.0343 11412 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    18:59:04.0343 11412 WmiAcpi - ok
    18:59:04.0406 11412 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    18:59:04.0437 11412 WmiApSrv - ok
    18:59:04.0671 11412 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    18:59:04.0718 11412 WMPNetworkSvc - ok
    18:59:04.0937 11412 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    18:59:05.0000 11412 WPFFontCache_v0400 - ok
    18:59:05.0156 11412 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
    18:59:05.0156 11412 wscsvc - ok
    18:59:05.0250 11412 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    18:59:05.0250 11412 WSTCODEC - ok
    18:59:05.0281 11412 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    18:59:05.0281 11412 wuauserv - ok
    18:59:05.0328 11412 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:59:05.0375 11412 WudfPf - ok
    18:59:05.0406 11412 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    18:59:05.0406 11412 WudfSvc - ok
    18:59:05.0500 11412 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    18:59:05.0515 11412 WZCSVC - ok
    18:59:05.0562 11412 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    18:59:05.0609 11412 xmlprov - ok
    18:59:05.0640 11412 MBR (0x1B8) (7b53936afa31aa818ddee1f13c3004e3) \Device\Harddisk0\DR0
    18:59:05.0671 11412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    18:59:05.0671 11412 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    18:59:05.0703 11412 Boot (0x1200) (4c123176ffede24bc41a519ebea754b5) \Device\Harddisk0\DR0\Partition0
    18:59:05.0703 11412 \Device\Harddisk0\DR0\Partition0 - ok
    18:59:05.0703 11412 ============================================================
    18:59:05.0703 11412 Scan finished
    18:59:05.0703 11412 ============================================================
    18:59:05.0718 9396 Detected object count: 1
    18:59:05.0718 9396 Actual detected object count: 1
    18:59:34.0375 9396 \Device\Harddisk0\DR0\# - copied to quarantine
    18:59:34.0375 9396 \Device\Harddisk0\DR0 - copied to quarantine
    18:59:34.0421 9396 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    18:59:34.0468 9396 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    18:59:34.0578 9396 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    18:59:34.0640 9396 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    18:59:35.0421 9396 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    18:59:35.0500 9396 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    18:59:35.0562 9396 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    18:59:35.0609 9396 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    18:59:35.0640 9396 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    18:59:35.0671 9396 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    18:59:35.0796 9396 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    18:59:35.0796 9396 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    18:59:35.0953 9396 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    18:59:36.0140 9396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    18:59:36.0187 9396 \Device\Harddisk0\DR0 - ok
    18:59:36.0640 9396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    18:59:54.0656 10648 Deinitialize success
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good :)

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. kspot

    kspot TS Rookie Topic Starter Posts: 27

    RogueKiller report:

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User: Leslie Carey [Admin rights]
    Mode: Scan -- Date: 07/29/2012 20:00:33

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 1 ¤¤¤
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤
    SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x8A087260)
    SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x8A098810)
    SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x8975E008)
    SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x89EC1820)
    SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x8A194B20)
    SSDT[43] : NtCreateMutant @ 0x806175BE -> HOOKED (Unknown @ 0x89D339F8)
    SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x8A049C08)
    SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x8A072580)
    SSDT[57] : NtDebugActiveProcess @ 0x80643A4C -> HOOKED (Unknown @ 0x8A17D530)
    SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x89752128)
    SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x895CA168)
    SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9288 -> HOOKED (Unknown @ 0x8A093AD8)
    SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x8A0AC3C0)
    SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89EE53B8)
    SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x896AE158)
    SSDT[114] : NtOpenEvent @ 0x8060EF7C -> HOOKED (Unknown @ 0x8A17C1B8)
    SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x89751008)
    SSDT[123] : NtOpenProcessToken @ 0x805EDF56 -> HOOKED (Unknown @ 0x8A097658)
    SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x8A0781C0)
    SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x896E0168)
    SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x89C8AFC0)
    SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x8A0C8388)
    SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x8A09AC10)
    SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x89608168)
    SSDT[240] : NtSetSystemInformation @ 0x8060FC34 -> HOOKED (Unknown @ 0x8A043440)
    SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x8A0802B0)
    SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x8A08F6D8)
    SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x8A096800)
    SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x8A0891F8)
    SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x8A094950)
    SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x89510008)
    S_SSDT[307] : Unknown -> HOOKED (Unknown @ 0x8A1A9AF8)
    S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x89E780B0)
    S_SSDT[414] : Unknown -> HOOKED (Unknown @ 0x89CCA0B0)
    S_SSDT[416] : Unknown -> HOOKED (Unknown @ 0x89D160B0)
    S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x8A1941B8)
    S_SSDT[460] : Unknown -> HOOKED (Unknown @ 0x8A127208)
    S_SSDT[475] : Unknown -> HOOKED (Unknown @ 0x8A103D48)
    S_SSDT[476] : Unknown -> HOOKED (Unknown @ 0x8A0FE278)
    S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x8A274D68)
    S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x89C57E08)

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS543225L9A300 +++++
    --- User ---
    [MBR] 14010e887fb29d9af515bd724f1240de
    [BSP] 3b83ad77660a0b1dca762ed603421109 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 228434 Mo
    2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 467925255 | Size: 9993 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    aswMRG Report:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-29 20:06:18
    -----------------------------
    20:06:18.250 OS Version: Windows 5.1.2600 Service Pack 3
    20:06:18.250 Number of processors: 2 586 0xF0D
    20:06:18.250 ComputerName: LESLIELAPTOP UserName: Leslie Carey
    20:06:20.781 Initialize success
    20:15:42.546 AVAST engine defs: 12072901
    20:16:11.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    20:16:11.625 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
    20:16:11.640 Disk 0 MBR read successfully
    20:16:11.640 Disk 0 MBR scan
    20:16:11.703 Disk 0 unknown MBR code
    20:16:11.703 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    20:16:11.734 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228434 MB offset 81920
    20:16:11.781 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 467925255
    20:16:11.781 Disk 0 scanning sectors +488392065
    20:16:11.890 Disk 0 scanning C:\WINDOWS\system32\drivers
    20:16:33.906 Service scanning
    20:17:15.078 Modules scanning
    20:17:26.281 Disk 0 trace - called modules:
    20:17:26.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
    20:17:26.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aced030]
    20:17:26.671 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8acf4a18]
    20:17:26.687 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a79d030]
    20:17:28.265 AVAST engine scan C:\WINDOWS
    20:17:48.578 AVAST engine scan C:\WINDOWS\system32
    20:22:22.421 AVAST engine scan C:\WINDOWS\system32\drivers
    20:22:51.265 AVAST engine scan C:\Documents and Settings\Leslie Carey
    20:23:39.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Leslie Carey\Desktop\MBR.dat"
    20:23:39.484 The log file has been saved successfully to "C:\Documents and Settings\Leslie Carey\Desktop\aswMBR.txt"

    After running RogueKiller scan, can I close the application? Delete? Fix?
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. kspot

    kspot TS Rookie Topic Starter Posts: 27

    ComboFix 12-07-29.02 - Leslie Carey 07/29/2012 21:02:23.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1661 [GMT -5:00]
    Running from: c:\documents and settings\Leslie Carey\My Documents\Downloads\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Leslie Carey\GoToAssistDownloadHelper.exe
    c:\documents and settings\Leslie Carey\My Documents\~WRL0001.tmp
    c:\documents and settings\Leslie Carey\WINDOWS
    c:\program files\SelectRebates
    c:\program files\SelectRebates\FFToolbar\chrome.manifest
    c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
    c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
    c:\program files\SelectRebates\FFToolbar\install.rdf
    c:\program files\SelectRebates\SahImages\alert.png
    c:\program files\SelectRebates\SahImages\check.png
    c:\program files\SelectRebates\SahImages\close.png
    c:\program files\SelectRebates\SelectAlerts.dat
    c:\program files\SelectRebates\SelectRebates.exe
    c:\program files\SelectRebates\SelectRebates.ini
    c:\program files\SelectRebates\SelectRebatesA.dat
    c:\program files\SelectRebates\SelectRebatesApi.exe
    c:\program files\SelectRebates\SelectRebatesB.dat
    c:\program files\SelectRebates\SelectRebatesBT.dat
    c:\program files\SelectRebates\SelectRebatesDownload.exe
    c:\program files\SelectRebates\SelectRebatesH.dat
    c:\program files\SelectRebates\SelectRebatesUninstall.exe
    c:\program files\SelectRebates\SRebates.dll
    c:\program files\SelectRebates\SRFF3.dll
    c:\program files\SelectRebates\Toolbar\AddtoList.bmp
    c:\program files\SelectRebates\Toolbar\basis.xml
    c:\program files\SelectRebates\Toolbar\Basis.xml.dym
    c:\program files\SelectRebates\Toolbar\Blank.bmp
    c:\program files\SelectRebates\Toolbar\CashBack.bmp
    c:\program files\SelectRebates\Toolbar\Coupons.bmp
    c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
    c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
    c:\program files\SelectRebates\Toolbar\icons.bmp
    c:\program files\SelectRebates\Toolbar\logo.bmp
    c:\program files\SelectRebates\Toolbar\logo_24.bmp
    c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
    c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
    c:\program files\SelectRebates\Toolbar\RightControls.dym
    c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
    c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
    c:\program files\SelectRebates\Toolbar\Scissors.bmp
    c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 00:57 . 2012-07-30 00:57 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2012-07-30 00:08 . 2012-07-30 00:08 -------- d-----w- c:\windows\LastGood
    2012-07-29 23:59 . 2012-07-29 23:59 -------- dc----w- C:\TDSSKiller_Quarantine
    2012-07-19 12:33 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-07-05 23:45 . 2012-07-05 23:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 18:55 . 2012-04-03 22:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-27 18:55 . 2011-05-21 10:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 18:46 . 2012-06-24 21:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2012-06-04 22:35 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-04 22:35 . 2011-03-21 10:49 222448 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:19 . 2008-10-16 20:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2008-10-16 20:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2012-06-29 17:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2008-10-16 20:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2011-03-21 10:49 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2011-03-21 10:49 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-02-27 19:30 . 2011-09-20 22:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 39408]
    "HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 1804648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-21 166424]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
    "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    .
    c:\documents and settings\Leslie Carey\Start Menu\Programs\Startup\
    DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
    Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - c:\windows\system32\RunDll32.exe [2008-4-25 33280]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-03-06 19:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Documents and Settings\\Leslie Carey\\Application Data\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/11/2011 5:54 AM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/11/2011 5:54 AM 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/11/2011 5:54 AM 467592]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120727.001\IDSXpx86.sys [7/27/2012 5:15 PM 369632]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [10/11/2011 5:54 AM 117648]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [6/1/2010 3:01 AM 367456]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2012 11:15 PM 106656]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/18/2009 1:35 AM 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2/18/2009 1:35 AM 43608]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2/18/2009 1:35 AM 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2/18/2009 1:35 AM 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2/18/2009 1:35 AM 235840]
    S2 gupdate1c9e55cd789d57a;Google Update Service (gupdate1c9e55cd789d57a);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 4:38 PM 133104]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 PM 250056]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 4:38 PM 133104]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/24/2012 4:27 PM 22344]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/24/2012 4:27 PM 655944]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - aswMBR
    *Deregistered* - TrueSight
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:55]
    .
    2012-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-07-29 c:\windows\Tasks\At1.job
    - c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 18:57]
    .
    2012-07-30 c:\windows\Tasks\At2.job
    - c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 18:57]
    .
    2012-07-29 c:\windows\Tasks\At3.job
    - c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 18:57]
    .
    2012-07-29 c:\windows\Tasks\At4.job
    - c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 18:57]
    .
    2012-07-28 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 23:35]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 21:38]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 21:38]
    .
    2012-07-30 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.weather.com/weather/my?from=reguserpg
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
    FF - ProfilePath - c:\documents and settings\Leslie Carey\Application Data\Mozilla\Firefox\Profiles\te9kee0f.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-DownloadManagerService - c:\program files\Verizon Wireless\dist\servicerunner.exe
    HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-29 21:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1028)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2012-07-29 21:21:20
    ComboFix-quarantined-files.txt 2012-07-30 02:21
    .
    Pre-Run: 49,450,274,816 bytes free
    Post-Run: 50,366,988,288 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - FF56B24ACD3A6CEC12100F697AC2F8EB
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Uninstall McAfee Security Scan Plus, typical foistware.

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    AtJob::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  11. kspot

    kspot TS Rookie Topic Starter Posts: 27

    ComboFix 12-07-29.02 - Leslie Carey 07/29/2012 21:50:41.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2404 [GMT -5:00]
    Running from: c:\documents and settings\Leslie Carey\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Leslie Carey\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At4.job
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 00:57 . 2012-07-30 00:57 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2012-07-30 00:08 . 2012-07-30 00:08 -------- d-----w- c:\windows\LastGood
    2012-07-29 23:59 . 2012-07-29 23:59 -------- dc----w- C:\TDSSKiller_Quarantine
    2012-07-19 12:33 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-07-05 23:45 . 2012-07-05 23:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 18:55 . 2012-04-03 22:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-27 18:55 . 2011-05-21 10:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 18:46 . 2012-06-24 21:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2012-06-04 22:35 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-04 22:35 . 2011-03-21 10:49 222448 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 20:19 . 2008-10-16 20:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 20:19 . 2008-10-16 20:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 20:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 20:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 20:19 . 2012-06-29 17:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 20:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 20:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 20:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 20:19 . 2008-10-16 20:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 20:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 20:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 20:18 . 2011-03-21 10:49 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-06-02 20:18 . 2011-03-21 10:49 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-02-27 19:30 . 2011-09-20 22:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 39408]
    "HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 1804648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-21 166424]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
    "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
    "PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    .
    c:\documents and settings\Leslie Carey\Start Menu\Programs\Startup\
    DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
    Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - c:\windows\system32\RunDll32.exe [2008-4-25 33280]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-03-06 19:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Documents and Settings\\Leslie Carey\\Application Data\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/11/2011 5:54 AM 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/11/2011 5:54 AM 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/11/2011 5:54 AM 467592]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120727.001\IDSXpx86.sys [7/27/2012 5:15 PM 369632]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [10/11/2011 5:54 AM 117648]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [6/1/2010 3:01 AM 367456]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2012 11:15 PM 106656]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/18/2009 1:35 AM 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2/18/2009 1:35 AM 43608]
    R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2/18/2009 1:35 AM 141376]
    R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2/18/2009 1:35 AM 7424]
    R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2/18/2009 1:35 AM 235840]
    S2 gupdate1c9e55cd789d57a;Google Update Service (gupdate1c9e55cd789d57a);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 4:38 PM 133104]
    S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 PM 250056]
    S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 4:38 PM 133104]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/24/2012 4:27 PM 22344]
    S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/24/2012 4:27 PM 655944]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - TRUESIGHT
    *Deregistered* - aswMBR
    *Deregistered* - TrueSight
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:55]
    .
    2012-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-07-28 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 23:35]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 21:38]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 21:38]
    .
    2012-07-30 c:\windows\Tasks\HP Photo Creations Messager.job
    - c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.weather.com/weather/my?from=reguserpg
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
    FF - ProfilePath - c:\documents and settings\Leslie Carey\Application Data\Mozilla\Firefox\Profiles\te9kee0f.default\
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-29 21:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1028)
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
    c:\windows\System32\BCMLogon.dll
    .
    Completion time: 2012-07-29 22:01:45
    ComboFix-quarantined-files.txt 2012-07-30 03:01
    ComboFix2.txt 2012-07-30 02:21
    .
    Pre-Run: 50,385,776,640 bytes free
    Post-Run: 50,429,038,592 bytes free
    .
    - - End Of File - - A94A7BA1BB6C45C8095DD9D14F48C3E6
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    How is computer doing?

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. kspot

    kspot TS Rookie Topic Starter Posts: 27

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.30.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Leslie Carey :: LESLIELAPTOP [administrator]

    7/29/2012 10:10:02 PM
    mbam-log-2012-07-29 (22-10-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 210925
    Time elapsed: 7 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    OTL logfile created on: 7/29/2012 10:26:38 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Leslie Carey\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 74.04% Memory free
    4.83 Gb Paging File | 4.23 Gb Available in Paging File | 87.66% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 223.08 Gb Total Space | 47.08 Gb Free Space | 21.11% Space Free | Partition Type: NTFS

    Computer Name: LESLIELAPTOP | User Name: Leslie Carey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/29 22:25:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Carey\My Documents\Downloads\OTL.exe
    PRC - [2012/02/27 14:30:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/09/21 19:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
    PRC - [2011/08/16 13:47:04 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
    PRC - [2011/08/16 13:35:08 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
    PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/05/09 07:20:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
    MOD - [2012/05/09 07:20:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
    MOD - [2012/05/09 07:20:05 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
    MOD - [2012/02/27 14:30:38 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/07/17 22:21:00 | 003,883,424 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    MOD - [2008/11/26 12:39:24 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
    MOD - [2008/11/26 12:39:16 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
    MOD - [2008/04/14 07:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
    MOD - [2008/04/14 07:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
    MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
    MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
    MOD - [2007/07/31 03:26:02 | 000,207,344 | ---- | M] () -- C:\Program Files\Common Files\Sonic Shared\SonicHDDemuxer.dll
    MOD - [2007/07/23 16:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/27 13:55:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/09/21 19:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
    SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2009/03/06 14:35:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2008/11/04 22:04:06 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
    SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
    SRV - [2008/07/15 18:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\LESLIE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\LESLIE~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
    DRV - [2012/07/29 19:57:55 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
    DRV - [2012/07/27 11:51:28 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120728.009\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/07/27 11:51:28 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120728.009\NAVENG.SYS -- (NAVENG)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/06/14 13:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120727.001\IDSXpx86.sys -- (IDSxpx86)
    DRV - [2012/05/15 23:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/05/15 23:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/09/21 19:40:13 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\cchpx86.sys -- (ccHP)
    DRV - [2011/09/21 19:40:13 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symtdi.sys -- (SYMTDI)
    DRV - [2011/09/21 19:40:13 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symfw.sys -- (SYMFW)
    DRV - [2011/09/21 19:40:13 | 000,036,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symndis.sys -- (SYMNDIS)
    DRV - [2011/09/21 19:40:13 | 000,033,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symids.sys -- (SYMIDS)
    DRV - [2010/03/08 10:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2010/01/13 09:26:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/01/13 09:26:55 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\SymEFA.sys -- (SymEFA)
    DRV - [2010/01/13 09:26:55 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\srtsp.sys -- (SRTSP)
    DRV - [2010/01/13 09:26:55 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\srtspx.sys -- (SRTSPX)
    DRV - [2010/01/13 09:26:55 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
    DRV - [2010/01/13 09:26:55 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
    DRV - [2010/01/13 09:26:54 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2008/11/26 12:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
    DRV - [2008/11/04 22:04:10 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
    DRV - [2008/11/04 22:04:08 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
    DRV - [2008/07/16 16:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
    DRV - [2008/07/16 16:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
    DRV - [2008/07/16 16:32:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx)
    DRV - [2008/02/21 16:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2008/02/21 16:21:58 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
    DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

    IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/my?from=reguserpg
    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\SearchScopes,DefaultScope = {ACD9B7E2-C5AF-40C3-AE86-037A2DB2C1E2}
    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\SearchScopes\{ACD9B7E2-C5AF-40C3-AE86-037A2DB2C1E2}: "URL" = http://www.google.com/search?q={sea...icrosoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADRA_en
    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 08:30:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/04 16:59:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/09/20 17:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leslie Carey\Application Data\Mozilla\Extensions
    [2012/03/20 14:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leslie Carey\Application Data\Mozilla\Firefox\Profiles\te9kee0f.default\extensions
    [2012/03/20 14:04:32 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Leslie Carey\Application Data\Mozilla\Firefox\Profiles\te9kee0f.default\extensions\toolbar@shopathome.com
    [2012/07/29 19:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/19 07:38:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/02/27 14:30:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/27 14:30:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/27 14:30:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
    CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gears.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Skype Click to Call = C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

    O1 HOSTS File: ([2012/07/29 21:56:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\Leslie Carey\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab (SyncXfer Class)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab (DLM Control)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1340991948875 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1340991937859 (MUWebControl Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF167377-8820-4CC9-B380-51D6AD87926A}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/29 22:21:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/07/29 20:59:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/07/29 20:56:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/07/29 20:56:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/07/29 20:56:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/07/29 20:56:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/07/29 20:56:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/29 20:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/07/29 19:08:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
    [2012/07/29 18:59:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/29 17:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leslie Carey\Desktop\Virus Fix
    [2012/07/29 16:06:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Leslie Carey\Start Menu\Programs\Administrative Tools
    [2012/07/02 20:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leslie Carey\Desktop\Car Accident
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/29 21:56:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/07/29 21:47:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Leslie Carey\Desktop\Shortcut to ComboFix.lnk
    [2012/07/29 21:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/29 20:59:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/07/29 20:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/07/29 20:39:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/29 20:01:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
    [2012/07/29 19:57:55 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
    [2012/07/29 19:02:26 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Leslie Carey\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk
    [2012/07/29 19:02:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/07/29 19:01:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/07/29 19:01:31 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/29 15:59:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/07/29 12:17:29 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/28 14:32:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/07/24 08:31:26 | 000,248,320 | ---- | M] () -- C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/23 16:48:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2012/07/19 15:15:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/29 21:47:16 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Leslie Carey\Desktop\Shortcut to ComboFix.lnk
    [2012/07/29 20:59:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/07/29 20:59:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/07/29 20:56:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/07/29 20:56:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/07/29 20:56:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/07/29 20:56:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/07/29 20:56:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/07/29 19:57:55 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
    [2012/02/15 14:07:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/04 10:48:20 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
    [2011/05/12 14:03:48 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/05/12 13:58:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2011/03/22 18:29:47 | 001,148,780 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3453092672-3945045200-3811205533-1006-0.dat
    [2011/03/22 18:29:45 | 000,147,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2009/03/01 18:35:20 | 000,248,320 | ---- | C] () -- C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2009/03/04 14:37:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2009/03/05 14:06:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2009/04/19 14:42:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2009/03/06 14:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
    [2012/01/22 13:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
    [2009/03/23 15:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2009/02/17 23:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/09/19 18:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
    [2009/03/18 18:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/02 13:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/10/01 18:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/05/15 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2011/01/02 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Canon
    [2009/09/10 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/09/14 08:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1
    [2011/11/26 19:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\ElevatedDiagnostics
    [2011/11/11 11:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\FlixsterCollections
    [2012/06/15 11:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\GARMIN
    [2010/01/22 16:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\OpenOffice.org
    [2009/05/22 19:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Snapfish
    [2009/03/05 17:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Southwest Airlines
    [2012/04/10 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Spotify
    [2010/09/19 18:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\W Photo Studio
    [2010/09/19 18:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\W Photo Studio Viewer
    [2010/09/19 18:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Walgreens

    ========== Purity Check ==========



    < End of report >
     
  14. kspot

    kspot TS Rookie Topic Starter Posts: 27

    OTL Extras logfile created on: 7/29/2012 10:26:38 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Leslie Carey\My Documents\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 74.04% Memory free
    4.83 Gb Paging File | 4.23 Gb Available in Paging File | 87.66% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 223.08 Gb Total Space | 47.08 Gb Free Space | 21.11% Space Free | Partition Type: NTFS

    Computer Name: LESLIELAPTOP | User Name: Leslie Carey | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 5510d series) -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 5510d series) -- (Hewlett-Packard Co.)
    "C:\Documents and Settings\Leslie Carey\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Leslie Carey\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
    "{162F8A0F-3EBF-4E2A-A37C-E8E29C261C25}" = Garmin City Navigator North America NT 2009.11 Update
    "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
    "{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
    "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
    "{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
    "{2B21DAC6-647F-497F-918F-9A389EE24C1D}" = Quicken WillMaker Plus 2012
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
    "{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
    "{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
    "{85D29B91-2BD3-7B95-C4FE-13E226D34090}" = Flixster Collections
    "{8704D51E-25B7-4F23-81E7-AA4F54790230}" = Microsoft MapPoint North America 2004
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9F20A857-26D3-B5E4-0D26-5C64C089F716}" = MP3 Download Manager
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B04FB606-75EA-4174-B750-35E2DEC20AF4}" = HP Photosmart 5510d series Product Improvement Study
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DE2E1909-12C2-4249-8003-7978BEA3A14F}" = Garmin City Navigator North America NT 2013.10 Update
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Help
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F68DF3B3-7E42-4504-9696-82EDA2C669C2}" = HP Photosmart 5510d series Basic Device Software
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "4249-7808-9389-3199" = Verizon Wireless Download Manager 2.2.3-SNAPSHOT-r10103
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Amazing Slow Downer PA" = Amazing Slow Downer (remove only)
    "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
    "CAL" = Canon Camera Access Library
    "CameraWindowDC" = Canon Utilities CameraWindow DC
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
    "Canon MP620 series User Registration" = Canon MP620 series User Registration
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1" = MP3 Download Manager
    "Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
    "CSCLIB" = Canon Camera Support Core Library
    "DD Poker 3 " = DD Poker 3
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "EOS Utility" = Canon Utilities EOS Utility
    "FlixsterCollections" = Flixster Collections
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "GoToAssist" = GoToAssist 8.0.0.514
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Photo Creations" = HP Photo Creations
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyCamera" = Canon Utilities MyCamera
    "MyCameraDC" = Canon Utilities MyCamera DC
    "N360" = Norton 360
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PhotoStitch" = Canon Utilities PhotoStitch
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/23/2012 2:10:43 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 19688

    Error - 7/23/2012 2:10:43 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 19688

    Error - 7/23/2012 2:10:45 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/23/2012 2:10:45 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 21656

    Error - 7/23/2012 2:10:45 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 21656

    Error - 7/23/2012 4:13:53 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/23/2012 4:13:53 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7409703

    Error - 7/23/2012 4:13:53 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7409703

    Error - 7/24/2012 7:25:43 AM | Computer Name = LESLIELAPTOP | Source = Application Hang | ID = 1002
    Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 7/25/2012 3:31:31 AM | Computer Name = LESLIELAPTOP | Source = MsiInstaller | ID = 11706
    Description = Product: Microsoft Office 2000 SR-1 Standard -- Error 1706. No valid
    source could be found for product Microsoft Office 2000 SR-1 Standard. The Windows
    installer cannot continue.

    [ System Events ]
    Error - 7/28/2012 10:24:35 AM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 7/28/2012 10:24:35 AM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 7/28/2012 1:56:26 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7034
    Description = The PMBDeviceInfoProvider service terminated unexpectedly. It has
    done this 1 time(s).

    Error - 7/28/2012 1:58:42 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
    Service service to connect.

    Error - 7/28/2012 1:58:42 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7000
    Description = The Application Layer Gateway Service service failed to start due
    to the following error: %%1053

    Error - 7/28/2012 4:24:29 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
    Service service to connect.

    Error - 7/28/2012 4:24:30 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7000
    Description = The IMAPI CD-Burning COM Service service failed to start due to the
    following error: %%1053

    Error - 7/29/2012 8:57:53 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Skype C2C Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 7/29/2012 9:57:59 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7034
    Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

    Error - 7/29/2012 10:02:05 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7034
    Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    You didn't say:
    [​IMG]

    ===============================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
      O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. kspot

    kspot TS Rookie Topic Starter Posts: 27

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-3453092672-3945045200-3811205533-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control Garmin Communicator Plug-In
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 321 bytes

    Security Check results:
    Results of screen317's Security Check version 0.99.43
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Norton 360
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 17
    Java(TM) 6 Update 16
    Java(TM) 6 Update 7
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.0.32.18 Flash Player out of Date!
    Adobe Reader X (10.1.3)
    Mozilla Firefox (9.0.1)
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 11% Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````

    FSS log:
    Farbar Service Scanner Version: 26-07-2012
    Ran by Leslie Carey (administrator) on 30-07-2012 at 06:14:08
    Running from "C:\Documents and Settings\Leslie Carey\My Documents\Downloads"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(11) Tcpip(3)
    0x0B000000040000000100000002000000030000000B0000000A0000000900000008000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****

    ESET Scan:
    C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ======================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  18. kspot

    kspot TS Rookie Topic Starter Posts: 27

    Broni

    The computer was working very well until I tried to update adobe flash player. The free download manager seems to be messing with everything both in IE and Firefox. I also got the error "cannot find the Registry key specified HKEY_LOCAL_MACHINE\software\Java Runtime Environment 11.7.0_05"

    The OTL log is as follows:
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Dan

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Leslie Carey
    ->Temp folder emptied: 53949057 bytes
    ->Temporary Internet Files folder emptied: 33428092 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 61241769 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2791 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 949104 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 306945524 bytes

    Total Files Cleaned = 435.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Dan

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Leslie Carey
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Dan

    User: Default User

    User: Leslie Carey
    ->Java cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.55.0 log created on 07302012_193419

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\ads[10].htm moved successfully.
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\infected-I-think[1].txt moved successfully.
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\net[2].htm moved successfully.
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\partner[2].htm moved successfully.
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\PXEOK8NC\aclk[1].htm moved successfully.
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\PXEOK8NC\component[1].html moved successfully.
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\J1Y5OKPS\adsCAR01CZH.htm moved successfully.
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\J1Y5OKPS\partner[1].htm moved successfully.
    C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\IIJ10IOD\tad[2].htm moved successfully.
    File\Folder C:\WINDOWS\temp\JETCC73.tmp not found!
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_318.dat not found!

    PendingFileRenameOperations files...
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\ads[10].htm not found!
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\infected-I-think[1].txt not found!
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\net[2].htm not found!
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\partner[2].htm not found!
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\PXEOK8NC\aclk[1].htm not found!
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\PXEOK8NC\component[1].html not found!
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\J1Y5OKPS\adsCAR01CZH.htm not found!
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\J1Y5OKPS\partner[1].htm not found!
    File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\IIJ10IOD\tad[2].htm not found!
    File C:\WINDOWS\temp\JETCC73.tmp not found!
    File C:\WINDOWS\temp\Perflib_Perfdata_318.dat not found!

    Registry entries deleted on Reboot...


    Thanks for the help I just want to get rid of that download manager and make sure that Java is working okay.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    What free download manager are we talking about?
    Something you installed?

    When doing what?
     
  20. kspot

    kspot TS Rookie Topic Starter Posts: 27

    The free download manager was at the top of your last post with the adobe flash player update.

    The error came when the control panel > Java was accessed. When I clicked on Java to try to uncheck the Quick Starter.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    If you used my link there is no download manager present.

    As for Java, run JavaRa first then try to update Java.
    When done you can post new Security Check so we can see what you have there.
     
  22. kspot

    kspot TS Rookie Topic Starter Posts: 27

    Ja Results of screen317's Security Check version 0.99.43
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Norton 360
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    JavaFX 2.1.1
    Java(TM) 6 Update 17
    Java(TM) 6 Update 16
    Java(TM) 7 Update 5
    Java(TM) 6 Update 7
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 10.0.32.18 Flash Player out of Date!
    Adobe Reader X (10.1.3)
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 12% Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````
    va Ra run, Java update, Security check below.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Uninstall:
    JavaFX 2.1.1
    Java(TM) 6 Update 17
    Java(TM) 6 Update 16
    Java(TM) 6 Update 7

    What about Flash?
     
  24. kspot

    kspot TS Rookie Topic Starter Posts: 27

    Java FX 2.1.1 uninstalled
    Flash updated after I read the instructions.
    Java 6 Update 7 does not show up in add remove programs
    Java 6 Update 16 and 17 both give me "fatal error during installation" when I attempt to remove
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Some registry leftovers. Nothing to worry about.

    You should be good to go :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...