TechSpot

Multiple Instances of iexplore.exe running and pc box sounds like an airplane

Solved
By Babbette
Oct 1, 2012
  1. Is anyone available to help me clean up my pc? I have run the scans as directed and have them ready for posting. Thank you!
     
  2. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.10.01.08
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    DeAnna-I :: DMAIN [administrator]
    10/1/2012 4:25:52 PM
    mbam-log-2012-10-01 (16-25-52).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 220963
    Time elapsed: 7 minute(s), 5 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  3. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-01 16:50:04
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005a ST332081 rev.HP22
    Running: r8m7cio8.exe; Driver: C:\Users\DeAnna-I\AppData\Local\Temp\pgldapod.sys

    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    ---- EOF - GMER 1.0.15 ----
     
  4. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by DeAnna-I at 16:51:02 on 2012-10-01
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.994 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\atashost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
    C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\DllHost.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Presario&pf=cndt
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\20.1.1.2\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\20.1.1.2\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SelectionLinks: {f90a5a0d-cd98-49cc-9aa7-9cd11c7478bf} - c:\program files\oapps\bho.dll
    TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\20.1.1.2\coIEPlg.dll
    uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    mRun: [<NO NAME>]
    mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
    mRunOnce: [930_1425580229422] "c:\users\deanna-I\appdata\local\logmein rescue applet\LMIR0002.tmp_r.bat"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    Trusted Zone: alexian.net\meditech
    Trusted Zone: mojohelpdesk.com\keystrokes
    Trusted Zone: samsungsetup.com\www
    Trusted Zone: speechmachines.org\mq1webc2
    Trusted Zone: speechmachines.org\www
    DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F0773300-E819-4DD5-ABBB-5315D224DF8D} : DhcpNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\microsoft\smime client (2010)\mimectl.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2012-9-30 97440]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1401010.002\SymDS.sys [2012-9-30 368288]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1401010.002\SymEFA.sys [2012-9-30 926880]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.1.2\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1401010.002\ccSetx86.sys [2012-9-30 134304]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_20.1.1.2\definitions\ipsdefs\20120928.001\IDSvix86.sys [2012-9-28 386720]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1401010.002\Ironx86.sys [2012-9-30 175264]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1401010.002\symtdiv.sys [2012-9-30 350368]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-10-1 913792]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-9 43912]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-10-1 821592]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-8 47640]
    R2 MSSQL$DOCNET;SQL Server (DOCNET);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\20.1.1.2\ccSvcHst.exe [2012-9-30 143928]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-24 1153368]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2012-6-5 5120]
    R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\microsoft forefront uag\endpoint components\3.1.0\uagqecsvc.exe [2012-3-7 150928]
    R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-10-1 20336]
    R3 HSXHWBS3;HSXHWBS3;c:\windows\system32\drivers\HSXHWBS3.sys [2009-4-29 205824]
    R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-10-1 30640]
    R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-10-1 19832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-9-30 136176]
    S2 WiseBootAssistant;Wise Boot Assistant;c:\program files\wise\wise care 365\BootTime.exe [2012-9-29 580648]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-1-16 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-1-16 79360]
    S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2011-1-16 79360]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-9-30 136176]
    S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2011-1-16 1254400]
    S3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-2-2 20848]
    S3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [2012-6-5 136784]
    S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-6-28 1310720]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-10-01 19:52:08 -------- d-----w- c:\programdata\IObit
    2012-10-01 17:57:50 -------- d-----w- c:\users\deanna-I\appdata\roaming\IObit
    2012-10-01 17:57:47 -------- d-----w- c:\program files\IObit
    2012-09-30 19:44:24 20 ----a-w- c:\windows\system32\drivers\SMR311.dat
    2012-09-30 19:44:23 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
    2012-09-30 19:36:21 -------- d-----w- c:\users\deanna-I\appdata\local\NPE
    2012-09-30 19:32:23 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-09-30 19:32:23 -------- d-----w- c:\program files\Symantec
    2012-09-30 19:32:23 -------- d-----w- c:\program files\common files\Symantec Shared
    2012-09-30 19:08:02 -------- d-----w- c:\users\deanna-I\appdata\local\LogMeIn Rescue Applet
    2012-09-30 16:27:37 -------- d-----w- c:\programdata\AVAST Software
    2012-09-30 16:27:37 -------- d-----w- c:\program files\AVAST Software
    2012-09-30 16:17:33 -------- d--h--w- c:\programdata\Common Files
    2012-09-30 16:17:33 -------- d-----w- c:\users\deanna-I\appdata\local\MFAData
    2012-09-30 16:17:33 -------- d-----w- c:\users\deanna-I\appdata\local\Avg2013
    2012-09-30 16:17:33 -------- d-----w- c:\programdata\MFAData
    2012-09-30 13:35:15 -------- d-----w- c:\users\deanna-I\appdata\roaming\Auslogics
    2012-09-30 13:33:11 -------- d-----w- c:\program files\Auslogics
    2012-09-29 19:15:20 -------- d-----w- c:\users\deanna-I\appdata\roaming\Wise Care 365
    2012-09-29 18:35:00 -------- d-----w- c:\users\deanna-I\appdata\roaming\Wise Registry Cleaner
    2012-09-29 18:34:26 -------- d-----w- c:\program files\Wise
    2012-09-29 18:32:57 -------- d-----w- c:\users\deanna-I\appdata\roaming\RegGenie
    2012-09-29 18:30:19 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
    2012-09-26 11:27:53 -------- d-----w- c:\programdata\LightScribe
    2012-09-19 01:58:21 -------- d-----w- c:\users\deanna-I\appdata\local\Zoom_Downloader
    2012-09-19 01:57:49 -------- d-----w- c:\program files\OApps
    2012-09-19 01:57:30 -------- d-----w- c:\program files\Conduit
    2012-09-19 01:57:27 -------- d-----w- c:\users\deanna-I\appdata\local\Conduit
    2012-09-18 18:07:45 -------- d-----w- c:\users\deanna-I\appdata\roaming\QuickScan
    2012-09-02 15:51:21 -------- d-----w- c:\users\deanna-I\appdata\roaming\SUPERAntiSpyware.com
    2012-09-02 15:50:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-09-02 15:50:59 -------- d-----w- c:\program files\SUPERAntiSpyware
    .
    ==================== Find3M ====================
    .
    2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-21 20:35:14 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-21 20:35:14 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-11 01:26:42 585888 ----a-r- c:\windows\system32\drivers\nis\1401010.002\srtsp.sys
    2012-08-08 05:18:19 926880 ----a-r- c:\windows\system32\drivers\nis\1401010.002\SymEFA.sys
    2012-08-07 18:42:43 134304 ----a-r- c:\windows\system32\drivers\nis\1401010.002\ccSetx86.sys
    2012-07-28 03:25:32 368288 ----a-r- c:\windows\system32\drivers\nis\1401010.002\SymDS.sys
    2012-07-28 03:05:21 175264 ----a-r- c:\windows\system32\drivers\nis\1401010.002\Ironx86.sys
    2012-07-23 01:34:24 350368 ----a-r- c:\windows\system32\drivers\nis\1401010.002\symtdiv.sys
    2012-07-23 01:34:24 338592 ----a-r- c:\windows\system32\drivers\nis\1401010.002\symnets.sys
    2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 16:51:45.36 ===============
     
  5. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/11/2009 5:51:57 PM
    System Uptime: 9/30/2012 2:42:35 PM (26 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | NARRA5
    Processor: AMD Athlon(tm) 7550 Dual-Core Processor | Socket AM2 | 2500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 219.526 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.555 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: ARRIS TOUCHSTONE DEVICE
    Device ID: USB\VID_09C1&PID_1337\DUMMYDUMMYDUMMY
    Manufacturer: ARRIS
    Name: ARRIS TOUCHSTONE DEVICE
    PNP Device ID: USB\VID_09C1&PID_1337\DUMMYDUMMYDUMMY
    Service: USB_RNDIS
    .
    ==== System Restore Points ===================
    .
    RP358: 9/29/2012 2:16:50 PM - Created by Wise Care 365
    RP360: 9/30/2012 4:53:14 AM - RegGenie Safe Scan Backup
    RP361: 9/30/2012 11:27:22 AM - avast! Free Antivirus Setup
    RP362: 9/30/2012 11:39:22 AM - avast! Free Antivirus Setup
    RP363: 9/30/2012 12:08:50 PM - avast! Free Antivirus Setup
    RP364: 9/30/2012 1:15:20 PM - Restore Operation
    RP365: 9/30/2012 1:23:00 PM - Restore Operation
    RP366: 9/30/2012 1:57:45 PM - avast! Free Antivirus Setup
    RP367: 9/30/2012 2:39:59 PM - Norton_Power_Eraser_20120930143959699
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.1
    Advanced SystemCare 5
    AIM Pro
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Auslogics Registry Cleaner
    Bejeweled Twist 1.0
    Bonjour
    CCleaner
    Citrix XenApp Web Plugin
    Compatibility Pack for the 2007 Office system
    Creative Media Toolbox 6
    Creative Media Toolbox 6 (Shared Components)
    Creative System Information
    Creative WaveStudio 7
    CyberLink DVD Suite Deluxe
    D3DX10
    DirectX for Managed Code Update (Summer 2004)
    Express Scribe
    Express Zip File Compression Software
    Free YouTube to MP3 Converter version 3.10.15.1228
    Google Update Helper
    GoToMeeting 4.5.0.457
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP Odometer
    HP Product Detection
    HP Recovery Manager RSS
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    Instant Text 7 Pro
    Instant Text V Pro
    IObit Malware Fighter
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Macro Express Pro
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft S/MIME
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (DOCNET)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Moffsoft FreeCalc
    MP3 Rocket
    MP3 Rocket Toolbar Updater
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NCH Toolbox
    Norton Internet Security
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    Pathology & Lab Medicine Words (Shared Components)
    PCIe Soft Data Fax Modem with SmartCP
    PictureMover
    Plastic Surgery Words 4E (Shared Components)
    Power2Go
    PowerDirector
    Python 2.6 pywin32-212
    Python 2.6.1
    Quick Look Electronic Drug Reference 2008
    Quick Look Electronic Drug Reference 2008 (Shared Components)
    QuickTime
    Ready Reference Bookshelf
    Realtek High Definition Audio Driver
    Samsung Universal Print Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Segoe UI
    SelectionLinks
    Sound Blaster X-Fi Go! Pro
    Spybot - Search & Destroy
    Stedman's Cardiovascular & Pulmonary Words 1.0
    Stedman's Dermatology & Immunology Words 3E 1.0
    Stedman's Electronic Medical Dictionary 7.0
    Stedman's Electronic Medical Dictionary, version 7.0 (Shared Components)
    Stedman's Equipment Words 1.0
    Stedman's GI & GU Words 4E 1.0
    Stedman's Neurology & Neurosurgery Words, 4E 1.0
    Stedman's Neurology & Neurosurgery Words, 4th edition (Shared Components)
    Stedman's Oncology Words, 5E 1.0
    Stedman's Oncology Words, 5th Edition (Shared Components)
    Stedman's Ophthalmology Words, 4e (Shared Components)
    Stedman's Ophthalmology Words, 4E 1.0
    Stedman's Organism's & Infectious Disease Words 1.0
    Stedman's Orthopaedic & Rehab Words 5e (Shared Components)
    Stedman's Orthopaedic & Rehab Words 5E 1.0
    Stedman's Pathology & Lab Medicine Words 4E 1.0
    Stedman's Plastic Surgery Words 4E 1.0
    Stedman's Plus Spellchecker 2008 Standard Edition (Shared Components)
    Stedman's Plus Standard Edition
    Stedman's Psychiatry Words, 4E 1.0
    Stedman's Psychiatry Words, 4th edition (Shared Components)
    Stedman's Radiology Words, 5E 1.0
    Stedman's Radiology Words, 5th Edition (Shared Components)
    SUPERAntiSpyware
    TSP_CODEC
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WebEx
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Wise Care 365 version 2.02
    Wise Registry Cleaner 7.51
    Yahoo! Install Manager
    Yahoo! Messenger
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/30/2012 2:43:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    9/30/2012 2:43:35 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    9/30/2012 2:43:35 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    9/30/2012 2:13:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccSet_NIS eeCtrl i8042prt IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
    9/30/2012 2:13:14 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    9/30/2012 2:13:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    9/30/2012 2:12:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    9/30/2012 2:12:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    9/30/2012 2:12:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/30/2012 2:11:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    9/29/2012 2:15:12 PM, Error: Service Control Manager [7030] - The Wise Boot Assistant service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    9/25/2012 11:06:46 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.133 for the Network Card with network address 00248C9D10C3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    9/25/2012 1:33:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 74.193.209.123 for the Network Card with network address 001DCDABB808 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    10/1/2012 4:28:30 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer GREENOFFICE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F0773300-E819-4DD5-ABBB-5315D2. The master browser is stopping or an election is being forced.
    10/1/2012 2:52:03 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    18:27:52.0613 5708 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    18:27:54.0625 5708 ============================================================
    18:27:54.0625 5708 Current date / time: 2012/10/01 18:27:54.0625
    18:27:54.0625 5708 SystemInfo:
    18:27:54.0625 5708
    18:27:54.0625 5708 OS Version: 6.0.6002 ServicePack: 2.0
    18:27:54.0625 5708 Product type: Workstation
    18:27:54.0625 5708 ComputerName: DMAIN
    18:27:54.0625 5708 UserName: DeAnna-I
    18:27:54.0625 5708 Windows directory: C:\Windows
    18:27:54.0625 5708 System windows directory: C:\Windows
    18:27:54.0625 5708 Processor architecture: Intel x86
    18:27:54.0625 5708 Number of processors: 2
    18:27:54.0625 5708 Page size: 0x1000
    18:27:54.0625 5708 Boot type: Normal boot
    18:27:54.0625 5708 ============================================================
    18:27:55.0967 5708 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:27:55.0983 5708 ============================================================
    18:27:55.0983 5708 \Device\Harddisk0\DR0:
    18:27:55.0983 5708 MBR partitions:
    18:27:55.0983 5708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23D9C201
    18:27:55.0983 5708 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23D9C240, BlocksNum 0x1691481
    18:27:55.0983 5708 ============================================================
    18:27:55.0998 5708 C: <-> \Device\Harddisk0\DR0\Partition1
    18:27:56.0045 5708 D: <-> \Device\Harddisk0\DR0\Partition2
    18:27:56.0045 5708 ============================================================
    18:27:56.0045 5708 Initialize success
    18:27:56.0045 5708 ============================================================
    18:28:12.0706 2792 ============================================================
    18:28:12.0706 2792 Scan started
    18:28:12.0706 2792 Mode: Manual;
    18:28:12.0706 2792 ============================================================
    18:28:13.0002 2792 ================ Scan system memory ========================
    18:28:13.0002 2792 System memory - ok
    18:28:13.0002 2792 ================ Scan services =============================
    18:28:13.0143 2792 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    18:28:13.0143 2792 !SASCORE - ok
    18:28:13.0392 2792 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    18:28:13.0408 2792 ACPI - ok
    18:28:13.0517 2792 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    18:28:13.0533 2792 adp94xx - ok
    18:28:13.0564 2792 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
    18:28:13.0564 2792 adpahci - ok
    18:28:13.0595 2792 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    18:28:13.0595 2792 adpu160m - ok
    18:28:13.0704 2792 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    18:28:13.0704 2792 adpu320 - ok
    18:28:14.0437 2792 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    18:28:14.0453 2792 AdvancedSystemCareService5 - ok
    18:28:14.0484 2792 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:28:14.0484 2792 AeLookupSvc - ok
    18:28:14.0625 2792 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    18:28:14.0734 2792 AFD - ok
    18:28:14.0890 2792 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:28:14.0890 2792 agp440 - ok
    18:28:14.0983 2792 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    18:28:14.0983 2792 aic78xx - ok
    18:28:15.0030 2792 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    18:28:15.0030 2792 ALG - ok
    18:28:15.0093 2792 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:28:15.0093 2792 aliide - ok
    18:28:15.0202 2792 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    18:28:15.0217 2792 amdagp - ok
    18:28:15.0217 2792 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
    18:28:15.0233 2792 amdide - ok
    18:28:15.0249 2792 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    18:28:15.0249 2792 AmdK7 - ok
    18:28:15.0264 2792 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    18:28:15.0280 2792 AmdK8 - ok
    18:28:15.0358 2792 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    18:28:15.0358 2792 Appinfo - ok
    18:28:15.0436 2792 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:28:15.0436 2792 Apple Mobile Device - ok
    18:28:15.0467 2792 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
    18:28:15.0467 2792 arc - ok
    18:28:15.0483 2792 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    18:28:15.0498 2792 arcsas - ok
    18:28:15.0498 2792 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:28:15.0514 2792 AsyncMac - ok
    18:28:15.0529 2792 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
    18:28:15.0529 2792 atapi - ok
    18:28:15.0561 2792 [ DA1B3AD3B06D5DED23F8E1A806731809 ] atashost C:\Windows\system32\atashost.exe
    18:28:15.0561 2792 atashost - ok
    18:28:15.0607 2792 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:28:15.0607 2792 AudioEndpointBuilder - ok
    18:28:15.0623 2792 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    18:28:15.0623 2792 Audiosrv - ok
    18:28:15.0654 2792 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:28:15.0654 2792 Beep - ok
    18:28:15.0701 2792 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    18:28:15.0701 2792 BFE - ok
    18:28:15.0888 2792 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
    18:28:15.0904 2792 BHDrvx86 - ok
    18:28:15.0966 2792 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
    18:28:15.0982 2792 BITS - ok
    18:28:15.0997 2792 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    18:28:15.0997 2792 blbdrive - ok
    18:28:16.0060 2792 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:28:16.0060 2792 Bonjour Service - ok
    18:28:16.0091 2792 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:28:16.0091 2792 bowser - ok
    18:28:16.0200 2792 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    18:28:16.0200 2792 BrFiltLo - ok
    18:28:16.0216 2792 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    18:28:16.0216 2792 BrFiltUp - ok
    18:28:16.0247 2792 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    18:28:16.0247 2792 Browser - ok
    18:28:16.0263 2792 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    18:28:16.0263 2792 Brserid - ok
    18:28:16.0263 2792 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    18:28:16.0278 2792 BrSerWdm - ok
    18:28:16.0278 2792 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    18:28:16.0278 2792 BrUsbMdm - ok
    18:28:16.0294 2792 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    18:28:16.0294 2792 BrUsbSer - ok
    18:28:16.0325 2792 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    18:28:16.0325 2792 BTHMODEM - ok
    18:28:16.0387 2792 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NIS C:\Windows\system32\drivers\NIS\1401010.002\ccSetx86.sys
    18:28:16.0387 2792 ccSet_NIS - ok
    18:28:16.0403 2792 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:28:16.0403 2792 cdfs - ok
    18:28:16.0434 2792 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    18:28:16.0434 2792 cdrom - ok
    18:28:16.0465 2792 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    18:28:16.0465 2792 CertPropSvc - ok
    18:28:16.0497 2792 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
    18:28:16.0497 2792 circlass - ok
    18:28:16.0512 2792 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    18:28:16.0528 2792 CLFS - ok
    18:28:16.0559 2792 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:28:16.0559 2792 clr_optimization_v2.0.50727_32 - ok
    18:28:16.0621 2792 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:28:16.0621 2792 clr_optimization_v4.0.30319_32 - ok
    18:28:16.0653 2792 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:28:16.0653 2792 cmdide - ok
    18:28:16.0653 2792 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    18:28:16.0668 2792 Compbatt - ok
    18:28:16.0668 2792 COMSysApp - ok
    18:28:16.0684 2792 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    18:28:16.0684 2792 crcdisk - ok
    18:28:16.0731 2792 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
    18:28:16.0731 2792 Creative ALchemy AL6 Licensing Service - ok
    18:28:16.0746 2792 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    18:28:16.0746 2792 Creative Audio Engine Licensing Service - ok
    18:28:16.0762 2792 [ D03466C36EF0E5C7694FF38B45271D9D ] Creative Media Toolbox 6 Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
    18:28:16.0762 2792 Creative Media Toolbox 6 Licensing Service - ok
    18:28:16.0777 2792 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    18:28:16.0777 2792 Crusoe - ok
    18:28:16.0824 2792 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:28:16.0824 2792 CryptSvc - ok
    18:28:16.0933 2792 [ 5CE3D0E1D1B3832EE052CFC442EEE0FA ] CTAudSvcService C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    18:28:16.0933 2792 CTAudSvcService - ok
    18:28:16.0980 2792 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
    18:28:16.0980 2792 CVirtA - ok
    18:28:17.0027 2792 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:28:17.0027 2792 DcomLaunch - ok
    18:28:17.0058 2792 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:28:17.0058 2792 DfsC - ok
    18:28:17.0230 2792 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    18:28:17.0261 2792 DFSR - ok
    18:28:17.0323 2792 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    18:28:17.0339 2792 Dhcp - ok
    18:28:17.0355 2792 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    18:28:17.0355 2792 disk - ok
    18:28:17.0401 2792 [ 694616F813FB627A32C9E32DEC133078 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys
    18:28:17.0401 2792 DNE - ok
    18:28:17.0448 2792 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:28:17.0448 2792 Dnscache - ok
    18:28:17.0479 2792 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:28:17.0479 2792 dot3svc - ok
    18:28:17.0511 2792 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    18:28:17.0511 2792 DPS - ok
    18:28:17.0526 2792 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:28:17.0526 2792 drmkaud - ok
    18:28:17.0573 2792 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:28:17.0573 2792 DXGKrnl - ok
    18:28:17.0604 2792 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    18:28:17.0604 2792 E1G60 - ok
    18:28:17.0635 2792 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    18:28:17.0635 2792 EapHost - ok
    18:28:17.0667 2792 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    18:28:17.0667 2792 Ecache - ok
    18:28:17.0713 2792 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    18:28:17.0713 2792 eeCtrl - ok
    18:28:17.0745 2792 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:28:17.0745 2792 ehRecvr - ok
    18:28:17.0760 2792 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
    18:28:17.0760 2792 ehSched - ok
    18:28:17.0776 2792 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
    18:28:17.0776 2792 ehstart - ok
    18:28:17.0807 2792 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    18:28:17.0807 2792 elxstor - ok
    18:28:17.0838 2792 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    18:28:17.0854 2792 EMDMgmt - ok
    18:28:17.0885 2792 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilDrv11220 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys
    18:28:17.0885 2792 EraserUtilDrv11220 - ok
    18:28:17.0916 2792 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:28:17.0916 2792 ErrDev - ok
    18:28:17.0947 2792 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    18:28:17.0947 2792 EventSystem - ok
    18:28:17.0979 2792 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    18:28:17.0979 2792 exfat - ok
    18:28:17.0994 2792 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:28:17.0994 2792 fastfat - ok
    18:28:18.0025 2792 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    18:28:18.0025 2792 fdc - ok
    18:28:18.0057 2792 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    18:28:18.0057 2792 fdPHost - ok
    18:28:18.0072 2792 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    18:28:18.0072 2792 FDResPub - ok
    18:28:18.0073 2792 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:28:18.0104 2792 FileInfo - ok
    18:28:18.0167 2792 [ 47B91551FE7489A323BAF4904CAD757A ] FileMonitor C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
    18:28:18.0167 2792 FileMonitor - ok
    18:28:18.0229 2792 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:28:18.0245 2792 Filetrace - ok
    18:28:18.0245 2792 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    18:28:18.0245 2792 flpydisk - ok
    18:28:18.0276 2792 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:28:18.0276 2792 FltMgr - ok
    18:28:18.0323 2792 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    18:28:18.0338 2792 FontCache - ok
    18:28:18.0401 2792 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    18:28:18.0401 2792 FontCache3.0.0.0 - ok
    18:28:18.0432 2792 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    18:28:18.0432 2792 fssfltr - ok
    18:28:18.0479 2792 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    18:28:18.0526 2792 fsssvc - ok
    18:28:18.0541 2792 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:28:18.0557 2792 Fs_Rec - ok
    18:28:18.0572 2792 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    18:28:18.0572 2792 gagp30kx - ok
    18:28:18.0619 2792 [ DB3D8979064CE299927CC1DA57E9A659 ] GameConsoleService C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
    18:28:18.0619 2792 GameConsoleService - ok
    18:28:18.0666 2792 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:28:18.0666 2792 GEARAspiWDM - ok
    18:28:18.0697 2792 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    18:28:18.0697 2792 gpsvc - ok
    18:28:18.0760 2792 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    18:28:18.0760 2792 gupdate - ok
    18:28:18.0775 2792 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    18:28:18.0775 2792 gupdatem - ok
    18:28:18.0806 2792 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:28:18.0806 2792 HdAudAddService - ok
    18:28:18.0838 2792 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    18:28:18.0853 2792 HDAudBus - ok
    18:28:18.0869 2792 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    18:28:18.0869 2792 HidBth - ok
    18:28:18.0884 2792 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    18:28:18.0884 2792 HidIr - ok
    18:28:18.0900 2792 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    18:28:18.0900 2792 hidserv - ok
    18:28:18.0931 2792 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:28:18.0931 2792 HidUsb - ok
    18:28:18.0962 2792 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:28:18.0962 2792 hkmsvc - ok
    18:28:19.0025 2792 [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    18:28:19.0025 2792 HP Health Check Service - ok
    18:28:19.0056 2792 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    18:28:19.0056 2792 HpCISSs - ok
    18:28:19.0119 2792 [ 78C88781FBD2FDD3BCBA09F58897FE45 ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys
    18:28:19.0135 2792 HSF_DP - ok
    18:28:19.0151 2792 [ 09A623B77613228231CF4A01CB66DC91 ] HSXHWBS3 C:\Windows\system32\DRIVERS\HSXHWBS3.sys
    18:28:19.0151 2792 HSXHWBS3 - ok
    18:28:19.0197 2792 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:28:19.0197 2792 HTTP - ok
    18:28:19.0260 2792 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    18:28:19.0260 2792 i2omp - ok
    18:28:19.0307 2792 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    18:28:19.0307 2792 i8042prt - ok
    18:28:19.0322 2792 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    18:28:19.0338 2792 iaStorV - ok
    18:28:19.0369 2792 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    18:28:19.0369 2792 IDriverT - ok
    18:28:19.0416 2792 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:28:19.0416 2792 idsvc - ok
    18:28:19.0509 2792 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120928.001\IDSvix86.sys
    18:28:19.0509 2792 IDSVix86 - ok
    18:28:19.0541 2792 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    18:28:19.0541 2792 iirsp - ok
    18:28:19.0572 2792 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    18:28:19.0572 2792 IKEEXT - ok
    18:28:19.0634 2792 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    18:28:19.0634 2792 IMFservice - ok
    18:28:19.0728 2792 [ A9D92A2D9F583892C91202502D979BE1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    18:28:19.0775 2792 IntcAzAudAddService - ok
    18:28:19.0806 2792 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
    18:28:19.0806 2792 intelide - ok
    18:28:19.0821 2792 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:28:19.0837 2792 intelppm - ok
    18:28:19.0853 2792 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:28:19.0868 2792 IPBusEnum - ok
    18:28:19.0868 2792 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:28:19.0868 2792 IpFilterDriver - ok
    18:28:19.0915 2792 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    18:28:19.0915 2792 iphlpsvc - ok
    18:28:19.0915 2792 IpInIp - ok
    18:28:19.0946 2792 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    18:28:19.0946 2792 IPMIDRV - ok
    18:28:19.0962 2792 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    18:28:19.0962 2792 IPNAT - ok
    18:28:19.0993 2792 [ E51BD095B2FDF56B17EE010BB794D6ED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:28:20.0009 2792 iPod Service - ok
    18:28:20.0024 2792 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:28:20.0024 2792 IRENUM - ok
    18:28:20.0040 2792 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:28:20.0040 2792 isapnp - ok
    18:28:20.0071 2792 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    18:28:20.0071 2792 iScsiPrt - ok
    18:28:20.0087 2792 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    18:28:20.0087 2792 iteatapi - ok
    18:28:20.0103 2792 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    18:28:20.0103 2792 iteraid - ok
    18:28:20.0166 2792 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    18:28:20.0166 2792 kbdclass - ok
    18:28:20.0181 2792 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    18:28:20.0181 2792 kbdhid - ok
    18:28:20.0244 2792 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    18:28:20.0244 2792 KeyIso - ok
    18:28:20.0306 2792 [ 81AA03E754381EB80BCA3E012CF6E5F1 ] ksaud C:\Windows\system32\drivers\ksaud.sys
    18:28:20.0337 2792 ksaud - ok
    18:28:20.0384 2792 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:28:20.0384 2792 KSecDD - ok
    18:28:20.0415 2792 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:28:20.0415 2792 KtmRm - ok
    18:28:20.0446 2792 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    18:28:20.0462 2792 LanmanServer - ok
    18:28:20.0493 2792 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:28:20.0493 2792 LanmanWorkstation - ok
    18:28:20.0540 2792 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    18:28:20.0540 2792 LightScribeService - ok
    18:28:20.0571 2792 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:28:20.0571 2792 lltdio - ok
    18:28:20.0602 2792 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:28:20.0602 2792 lltdsvc - ok
    18:28:20.0618 2792 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:28:20.0618 2792 lmhosts - ok
    18:28:20.0665 2792 LMIInfo - ok
    18:28:20.0680 2792 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
    18:28:20.0680 2792 lmimirr - ok
    18:28:20.0696 2792 LMIRfsClientNP - ok
    18:28:20.0712 2792 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
    18:28:20.0712 2792 LMIRfsDriver - ok
    18:28:20.0743 2792 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    18:28:20.0743 2792 LSI_FC - ok
    18:28:20.0758 2792 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    18:28:20.0758 2792 LSI_SAS - ok
    18:28:20.0774 2792 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    18:28:20.0774 2792 LSI_SCSI - ok
    18:28:20.0774 2792 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    18:28:20.0790 2792 luafv - ok
    18:28:20.0805 2792 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:28:20.0805 2792 Mcx2Svc - ok
    18:28:20.0836 2792 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    18:28:20.0836 2792 mdmxsdk - ok
    18:28:20.0868 2792 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
    18:28:20.0868 2792 megasas - ok
    18:28:20.0883 2792 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    18:28:20.0883 2792 MegaSR - ok
    18:28:20.0914 2792 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    18:28:20.0914 2792 MMCSS - ok
    18:28:20.0930 2792 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    18:28:20.0930 2792 Modem - ok
    18:28:20.0961 2792 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:28:20.0961 2792 monitor - ok
    18:28:20.0977 2792 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    18:28:20.0977 2792 mouclass - ok
    18:28:21.0008 2792 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:28:21.0008 2792 mouhid - ok
    18:28:21.0008 2792 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    18:28:21.0024 2792 MountMgr - ok
    18:28:21.0039 2792 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:28:21.0039 2792 mpio - ok
    18:28:21.0055 2792 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:28:21.0055 2792 mpsdrv - ok
    18:28:21.0086 2792 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:28:21.0102 2792 MpsSvc - ok
    18:28:21.0117 2792 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    18:28:21.0117 2792 Mraid35x - ok
    18:28:21.0149 2792 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:28:21.0165 2792 MRxDAV - ok
    18:28:21.0196 2792 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:28:21.0212 2792 mrxsmb - ok
    18:28:21.0305 2792 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:28:21.0305 2792 mrxsmb10 - ok
    18:28:21.0321 2792 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:28:21.0321 2792 mrxsmb20 - ok
    18:28:21.0352 2792 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
    18:28:21.0352 2792 msahci - ok
    18:28:21.0368 2792 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:28:21.0368 2792 msdsm - ok
    18:28:21.0368 2792 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    18:28:21.0368 2792 MSDTC - ok
    18:28:21.0399 2792 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:28:21.0399 2792 Msfs - ok
    18:28:21.0415 2792 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:28:21.0415 2792 msisadrv - ok
    18:28:21.0430 2792 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:28:21.0446 2792 MSiSCSI - ok
    18:28:21.0446 2792 msiserver - ok
    18:28:21.0461 2792 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:28:21.0461 2792 MSKSSRV - ok
    18:28:21.0477 2792 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:28:21.0477 2792 MSPCLOCK - ok
    18:28:21.0493 2792 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:28:21.0493 2792 MSPQM - ok
    18:28:21.0539 2792 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:28:21.0539 2792 MsRPC - ok
    18:28:21.0555 2792 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    18:28:21.0555 2792 mssmbios - ok
    18:28:21.0633 2792 MSSQL$DOCNET - ok
    18:28:21.0664 2792 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
    18:28:21.0664 2792 MSSQLServerADHelper - ok
    18:28:21.0680 2792 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:28:21.0680 2792 MSTEE - ok
    18:28:21.0695 2792 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    18:28:21.0711 2792 Mup - ok
    18:28:21.0742 2792 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    18:28:21.0742 2792 napagent - ok
    18:28:21.0773 2792 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:28:21.0773 2792 NativeWifiP - ok
    18:28:21.0851 2792 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121001.004\NAVENG.SYS
    18:28:21.0851 2792 NAVENG - ok
    18:28:21.0914 2792 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121001.004\NAVEX15.SYS
    18:28:21.0945 2792 NAVEX15 - ok
    18:28:21.0992 2792 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:28:22.0007 2792 NDIS - ok
    18:28:22.0023 2792 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:28:22.0023 2792 NdisTapi - ok
    18:28:22.0039 2792 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:28:22.0039 2792 Ndisuio - ok
    18:28:22.0070 2792 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:28:22.0070 2792 NdisWan - ok
    18:28:22.0101 2792 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:28:22.0101 2792 NDProxy - ok
    18:28:22.0101 2792 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32
     
  8. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    \DRIVERS\netbios.sys
    18:28:22.0117 2792 NetBIOS - ok
    18:28:22.0132 2792 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    18:28:22.0133 2792 netbt - ok
    18:28:22.0164 2792 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    18:28:22.0164 2792 Netlogon - ok
    18:28:22.0196 2792 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    18:28:22.0196 2792 Netman - ok
    18:28:22.0227 2792 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    18:28:22.0227 2792 netprofm - ok
    18:28:22.0289 2792 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:28:22.0289 2792 NetTcpPortSharing - ok
    18:28:22.0320 2792 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    18:28:22.0320 2792 nfrd960 - ok
    18:28:22.0383 2792 [ DFD8873E4DC08E621A8366C6CD98AB28 ] NIS C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
    18:28:22.0398 2792 NIS - ok
    18:28:22.0414 2792 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:28:22.0430 2792 NlaSvc - ok
    18:28:22.0445 2792 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:28:22.0461 2792 Npfs - ok
    18:28:22.0461 2792 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    18:28:22.0461 2792 nsi - ok
    18:28:22.0492 2792 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:28:22.0492 2792 nsiproxy - ok
    18:28:22.0539 2792 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:28:22.0554 2792 Ntfs - ok
    18:28:22.0586 2792 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    18:28:22.0586 2792 ntrigdigi - ok
    18:28:22.0601 2792 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    18:28:22.0601 2792 Null - ok
    18:28:22.0648 2792 [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
    18:28:22.0664 2792 NVENETFD - ok
    18:28:22.0820 2792 [ 09F5E33F91E186037262355B0BA72913 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:28:22.0929 2792 nvlddmkm - ok
    18:28:22.0960 2792 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:28:22.0960 2792 nvraid - ok
    18:28:22.0991 2792 [ 5DD1242CABC1EF8DCE4438D72D72A436 ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys
    18:28:22.0991 2792 nvrd32 - ok
    18:28:23.0007 2792 [ 62754E376185EACBB73D06FEA0FFC54A ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
    18:28:23.0022 2792 nvsmu - ok
    18:28:23.0038 2792 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:28:23.0038 2792 nvstor - ok
    18:28:23.0069 2792 [ BB4DD678706510D9249EED1DA0219900 ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys
    18:28:23.0069 2792 nvstor32 - ok
    18:28:23.0100 2792 [ F531F9B76E3E2595049F145160D280DE ] nvsvc C:\Windows\system32\nvvsvc.exe
    18:28:23.0100 2792 nvsvc - ok
    18:28:23.0132 2792 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:28:23.0132 2792 nv_agp - ok
    18:28:23.0132 2792 NwlnkFlt - ok
    18:28:23.0132 2792 NwlnkFwd - ok
    18:28:23.0242 2792 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:28:23.0242 2792 odserv - ok
    18:28:23.0273 2792 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:28:23.0273 2792 ohci1394 - ok
    18:28:23.0367 2792 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:28:23.0367 2792 ose - ok
    18:28:23.0398 2792 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    18:28:23.0413 2792 p2pimsvc - ok
    18:28:23.0413 2792 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:28:23.0429 2792 p2psvc - ok
    18:28:23.0445 2792 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    18:28:23.0445 2792 Parport - ok
    18:28:23.0476 2792 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:28:23.0476 2792 partmgr - ok
    18:28:23.0491 2792 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    18:28:23.0491 2792 Parvdm - ok
    18:28:23.0523 2792 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:28:23.0523 2792 PcaSvc - ok
    18:28:23.0601 2792 [ A88F42AD20418620D08A13AD1A70C083 ] PCDSRVC{4F253FFC-7957E8FC-06000000}_0 c:\program files\pc-doctor for windows\pcdsrvc.pkms
    18:28:23.0725 2792 PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - ok
    18:28:23.0757 2792 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    18:28:23.0757 2792 pci - ok
    18:28:23.0788 2792 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
    18:28:23.0788 2792 pciide - ok
    18:28:23.0788 2792 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    18:28:23.0803 2792 pcmcia - ok
    18:28:23.0835 2792 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:28:23.0850 2792 PEAUTH - ok
    18:28:23.0897 2792 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    18:28:23.0928 2792 pla - ok
    18:28:23.0944 2792 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:28:23.0959 2792 PlugPlay - ok
    18:28:23.0975 2792 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    18:28:23.0975 2792 PNRPAutoReg - ok
    18:28:23.0991 2792 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    18:28:23.0991 2792 PNRPsvc - ok
    18:28:24.0006 2792 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:28:24.0022 2792 PolicyAgent - ok
    18:28:24.0053 2792 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:28:24.0053 2792 PptpMiniport - ok
    18:28:24.0069 2792 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
    18:28:24.0069 2792 Processor - ok
    18:28:24.0084 2792 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    18:28:24.0100 2792 ProfSvc - ok
    18:28:24.0115 2792 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:28:24.0115 2792 ProtectedStorage - ok
    18:28:24.0131 2792 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    18:28:24.0131 2792 PSched - ok
    18:28:24.0163 2792 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    18:28:24.0226 2792 ql2300 - ok
    18:28:24.0288 2792 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    18:28:24.0288 2792 ql40xx - ok
    18:28:24.0319 2792 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    18:28:24.0335 2792 QWAVE - ok
    18:28:24.0350 2792 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:28:24.0350 2792 QWAVEdrv - ok
    18:28:24.0350 2792 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:28:24.0366 2792 RasAcd - ok
    18:28:24.0366 2792 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    18:28:24.0382 2792 RasAuto - ok
    18:28:24.0397 2792 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:28:24.0397 2792 Rasl2tp - ok
    18:28:24.0428 2792 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    18:28:24.0428 2792 RasMan - ok
    18:28:24.0444 2792 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:28:24.0460 2792 RasPppoe - ok
    18:28:24.0475 2792 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:28:24.0491 2792 RasSstp - ok
    18:28:24.0506 2792 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:28:24.0506 2792 rdbss - ok
    18:28:24.0538 2792 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:28:24.0538 2792 RDPCDD - ok
    18:28:24.0553 2792 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    18:28:24.0553 2792 rdpdr - ok
    18:28:24.0553 2792 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:28:24.0569 2792 RDPENCDD - ok
    18:28:24.0600 2792 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:28:24.0600 2792 RDPWD - ok
    18:28:24.0678 2792 [ CDAB5EEF978C31E6CF58EDBFB4485B8F ] RegFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys
    18:28:24.0678 2792 RegFilter - ok
    18:28:24.0709 2792 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:28:24.0709 2792 RemoteAccess - ok
    18:28:24.0740 2792 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:28:24.0740 2792 RemoteRegistry - ok
    18:28:24.0756 2792 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    18:28:24.0756 2792 RpcLocator - ok
    18:28:24.0787 2792 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    18:28:24.0787 2792 RpcSs - ok
    18:28:24.0818 2792 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:28:24.0818 2792 rspndr - ok
    18:28:24.0834 2792 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    18:28:24.0834 2792 SamSs - ok
    18:28:24.0881 2792 [ 2A54EFF79B03A8C2389F2BB0F2264F1E ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
    18:28:24.0881 2792 Samsung UPD Service2 - ok
    18:28:24.0912 2792 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    18:28:24.0912 2792 SASDIFSV - ok
    18:28:24.0928 2792 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    18:28:24.0928 2792 SASKUTIL - ok
    18:28:24.0943 2792 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:28:24.0943 2792 sbp2port - ok
    18:28:25.0006 2792 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    18:28:25.0037 2792 SBSDWSCService - ok
    18:28:25.0068 2792 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:28:25.0068 2792 SCardSvr - ok
    18:28:25.0115 2792 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    18:28:25.0115 2792 Schedule - ok
    18:28:25.0146 2792 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:28:25.0146 2792 SCPolicySvc - ok
    18:28:25.0177 2792 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:28:25.0177 2792 SDRSVC - ok
    18:28:25.0209 2792 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:28:25.0225 2792 secdrv - ok
    18:28:25.0256 2792 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    18:28:25.0272 2792 seclogon - ok
    18:28:25.0319 2792 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    18:28:25.0319 2792 SENS - ok
    18:28:25.0350 2792 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    18:28:25.0350 2792 Serenum - ok
    18:28:25.0365 2792 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    18:28:25.0365 2792 Serial - ok
    18:28:25.0381 2792 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    18:28:25.0381 2792 sermouse - ok
    18:28:25.0397 2792 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:28:25.0412 2792 SessionEnv - ok
    18:28:25.0412 2792 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:28:25.0412 2792 sffdisk - ok
    18:28:25.0428 2792 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:28:25.0428 2792 sffp_mmc - ok
    18:28:25.0428 2792 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:28:25.0443 2792 sffp_sd - ok
    18:28:25.0443 2792 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    18:28:25.0443 2792 sfloppy - ok
    18:28:25.0475 2792 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    18:28:25.0475 2792 SharedAccess - ok
    18:28:25.0521 2792 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:28:25.0521 2792 ShellHWDetection - ok
    18:28:25.0553 2792 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    18:28:25.0553 2792 sisagp - ok
    18:28:25.0568 2792 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    18:28:25.0568 2792 SiSRaid2 - ok
    18:28:25.0584 2792 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    18:28:25.0584 2792 SiSRaid4 - ok
    18:28:25.0646 2792 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    18:28:25.0709 2792 slsvc - ok
    18:28:25.0740 2792 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    18:28:25.0740 2792 SLUINotify - ok
    18:28:25.0755 2792 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:28:25.0755 2792 Smb - ok
    18:28:25.0787 2792 [ CDE05A7FB8F3707391716780427DC0FC ] SMR311 C:\Windows\system32\drivers\SMR311.SYS
    18:28:25.0787 2792 SMR311 - ok
    18:28:25.0818 2792 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:28:25.0818 2792 SNMPTRAP - ok
    18:28:25.0849 2792 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    18:28:25.0849 2792 spldr - ok
    18:28:25.0880 2792 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    18:28:25.0880 2792 Spooler - ok
    18:28:25.0943 2792 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    18:28:25.0958 2792 SQLBrowser - ok
    18:28:25.0989 2792 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    18:28:25.0989 2792 SQLWriter - ok
    18:28:26.0036 2792 [ 5CAC2130C217FF7DDBE6D59AC6131F1D ] SRTSP C:\Windows\system32\drivers\NIS\1401010.002\SRTSP.SYS
    18:28:26.0052 2792 SRTSP - ok
    18:28:26.0067 2792 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\NIS\1401010.002\SRTSPX.SYS
    18:28:26.0067 2792 SRTSPX - ok
    18:28:26.0099 2792 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:28:26.0099 2792 srv - ok
    18:28:26.0145 2792 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:28:26.0145 2792 srv2 - ok
    18:28:26.0177 2792 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:28:26.0192 2792 srvnet - ok
    18:28:26.0224 2792 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:28:26.0224 2792 SSDPSRV - ok
    18:28:26.0287 2792 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
    18:28:26.0302 2792 SSPORT - ok
    18:28:26.0396 2792 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:28:26.0396 2792 SstpSvc - ok
    18:28:26.0427 2792 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    18:28:26.0427 2792 stisvc - ok
    18:28:26.0458 2792 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    18:28:26.0458 2792 swenum - ok
    18:28:26.0490 2792 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    18:28:26.0490 2792 swprv - ok
    18:28:26.0505 2792 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    18:28:26.0505 2792 Symc8xx - ok
    18:28:26.0552 2792 [ 0004CCDD046A873CFF06427B06BE0B28 ] SymDS C:\Windows\system32\drivers\NIS\1401010.002\SYMDS.SYS
    18:28:26.0599 2792 SymDS - ok
    18:28:26.0692 2792 [ 4C24298500C31E84F5FDFAE6339902CD ] SymEFA C:\Windows\system32\drivers\NIS\1401010.002\SYMEFA.SYS
    18:28:26.0708 2792 SymEFA - ok
    18:28:26.0755 2792 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
    18:28:26.0755 2792 SymEvent - ok
    18:28:26.0770 2792 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\NIS\1401010.002\Ironx86.SYS
    18:28:26.0770 2792 SymIRON - ok
    18:28:26.0786 2792 [ 93DE018EC6FBAA9A58FF9F2EB9198092 ] SYMTDIv C:\Windows\system32\drivers\NIS\1401010.002\SYMTDIV.SYS
    18:28:26.0802 2792 SYMTDIv - ok
    18:28:26.0817 2792 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    18:28:26.0817 2792 Sym_hi - ok
    18:28:26.0833 2792 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    18:28:26.0833 2792 Sym_u3 - ok
    18:28:26.0864 2792 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    18:28:26.0880 2792 SysMain - ok
    18:28:26.0895 2792 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:28:26.0895 2792 TabletInputService - ok
    18:28:26.0926 2792 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:28:26.0926 2792 TapiSrv - ok
    18:28:26.0942 2792 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    18:28:26.0942 2792 TBS - ok
    18:28:26.0989 2792 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:28:27.0004 2792 Tcpip - ok
    18:28:27.0020 2792 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:28:27.0020 2792 Tcpip6 - ok
    18:28:27.0051 2792 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:28:27.0051 2792 tcpipreg - ok
    18:28:27.0082 2792 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:28:27.0082 2792 TDPIPE - ok
    18:28:27.0098 2792 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:28:27.0098 2792 TDTCP - ok
    18:28:27.0129 2792 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:28:27.0129 2792 tdx - ok
    18:28:27.0129 2792 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    18:28:27.0129 2792 TermDD - ok
    18:28:27.0160 2792 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    18:28:27.0160 2792 TermService - ok
    18:28:27.0176 2792 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    18:28:27.0192 2792 Themes - ok
    18:28:27.0208 2792 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    18:28:27.0224 2792 THREADORDER - ok
    18:28:27.0271 2792 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    18:28:27.0271 2792 TrkWks - ok
    18:28:27.0349 2792 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:28:27.0349 2792 TrustedInstaller - ok
    18:28:27.0411 2792 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:28:27.0411 2792 tssecsrv - ok
    18:28:27.0411 2792 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    18:28:27.0427 2792 tunmp - ok
    18:28:27.0442 2792 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:28:27.0442 2792 tunnel - ok
    18:28:27.0458 2792 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    18:28:27.0458 2792 uagp35 - ok
    18:28:27.0520 2792 [ E212CD75C7558450C0890710F892084C ] uagqecsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    18:28:27.0520 2792 uagqecsvc - ok
    18:28:27.0536 2792 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:28:27.0551 2792 udfs - ok
    18:28:27.0567 2792 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:28:27.0567 2792 UI0Detect - ok
    18:28:27.0598 2792 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:28:27.0598 2792 uliagpkx - ok
    18:28:27.0614 2792 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
    18:28:27.0614 2792 uliahci - ok
    18:28:27.0629 2792 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    18:28:27.0629 2792 UlSata - ok
    18:28:27.0645 2792 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    18:28:27.0645 2792 ulsata2 - ok
    18:28:27.0661 2792 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    18:28:27.0661 2792 umbus - ok
    18:28:27.0692 2792 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    18:28:27.0692 2792 upnphost - ok
    18:28:27.0707 2792 [ 87F9BCFEC6409C5672722607017FD57B ] UrlFilter C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys
    18:28:27.0707 2792 UrlFilter - ok
    18:28:27.0739 2792 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    18:28:27.0739 2792 usbaudio - ok
    18:28:27.0770 2792 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:28:27.0770 2792 usbccgp - ok
    18:28:27.0785 2792 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:28:27.0785 2792 usbcir - ok
    18:28:27.0817 2792 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    18:28:27.0817 2792 usbehci - ok
    18:28:27.0832 2792 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:28:27.0832 2792 usbhub - ok
    18:28:27.0848 2792 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    18:28:27.0863 2792 usbohci - ok
    18:28:27.0910 2792 [ 41B758CFF0A3C10A69E088F440677399 ] USBPNPA C:\Windows\system32\drivers\CM108.sys
    18:28:27.0941 2792 USBPNPA - ok
    18:28:27.0973 2792 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:28:27.0973 2792 usbprint - ok
    18:28:28.0004 2792 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:28:28.0004 2792 USBSTOR - ok
    18:28:28.0019 2792 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    18:28:28.0019 2792 usbuhci - ok
    18:28:28.0051 2792 [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys
    18:28:28.0051 2792 USB_RNDIS - ok
    18:28:28.0082 2792 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    18:28:28.0082 2792 UxSms - ok
    18:28:28.0113 2792 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    18:28:28.0113 2792 vds - ok
    18:28:28.0129 2792 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:28:28.0129 2792 vga - ok
    18:28:28.0160 2792 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:28:28.0160 2792 VgaSave - ok
    18:28:28.0175 2792 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
    18:28:28.0175 2792 viaagp - ok
    18:28:28.0191 2792 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    18:28:28.0191 2792 ViaC7 - ok
    18:28:28.0207 2792 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
    18:28:28.0207 2792 viaide - ok
    18:28:28.0222 2792 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:28:28.0222 2792 volmgr - ok
    18:28:28.0254 2792 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:28:28.0254 2792 volmgrx - ok
    18:28:28.0301 2792 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:28:28.0317 2792 volsnap - ok
    18:28:28.0379 2792 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    18:28:28.0379 2792 vsmraid - ok
    18:28:28.0442 2792 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    18:28:28.0457 2792 VSS - ok
    18:28:28.0473 2792 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    18:28:28.0473 2792 W32Time - ok
    18:28:28.0504 2792 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    18:28:28.0504 2792 WacomPen - ok
    18:28:28.0520 2792 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    18:28:28.0520 2792 Wanarp - ok
    18:28:28.0520 2792 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:28:28.0520 2792 Wanarpv6 - ok
    18:28:28.0551 2792 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:28:28.0566 2792 wcncsvc - ok
    18:28:28.0598 2792 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:28:28.0598 2792 WcsPlugInService - ok
    18:28:28.0613 2792 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
    18:28:28.0629 2792 Wd - ok
    18:28:28.0644 2792 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:28:28.0644 2792 Wdf01000 - ok
    18:28:28.0660 2792 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:28:28.0676 2792 WdiServiceHost - ok
    18:28:28.0676 2792 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:28:28.0676 2792 WdiSystemHost - ok
    18:28:28.0707 2792 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    18:28:28.0707 2792 WebClient - ok
    18:28:28.0738 2792 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:28:28.0738 2792 Wecsvc - ok
    18:28:28.0769 2792 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:28:28.0769 2792 wercplsupport - ok
    18:28:28.0800 2792 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:28:28.0800 2792 WerSvc - ok
    18:28:28.0847 2792 [ 0869C31E0FF995BF00628AF8C1658E26 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    18:28:28.0847 2792 winachsf - ok
    18:28:28.0910 2792 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    18:28:28.0910 2792 WinDefend - ok
    18:28:28.0910 2792 WinHttpAutoProxySvc - ok
    18:28:28.0972 2792 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:28:28.0988 2792 Winmgmt - ok
    18:28:29.0034 2792 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    18:28:29.0050 2792 WinRM - ok
    18:28:29.0128 2792 [ F514C1C9D814F3DB46A17C59EA8214B2 ] WiseBootAssistant C:\Program Files\Wise\Wise Care 365\BootTime.exe
    18:28:29.0128 2792 WiseBootAssistant - ok
    18:28:29.0159 2792 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:28:29.0175 2792 Wlansvc - ok
    18:28:29.0238 2792 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:28:29.0285 2792 wlidsvc - ok
    18:28:29.0316 2792 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:28:29.0316 2792 WmiAcpi - ok
    18:28:29.0379 2792 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:28:29.0379 2792 wmiApSrv - ok
    18:28:29.0472 2792 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    18:28:29.0488 2792 WMPNetworkSvc - ok
    18:28:29.0519 2792 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:28:29.0519 2792 WPCSvc - ok
    18:28:29.0550 2792 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:28:29.0550 2792 WPDBusEnum - ok
    18:28:29.0722 2792 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    18:28:29.0722 2792 WPFFontCache_v0400 - ok
    18:28:29.0737 2792 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:28:29.0737 2792 ws2ifsl - ok
    18:28:29.0769 2792 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
    18:28:29.0769 2792 wscsvc - ok
    18:28:29.0769 2792 WSearch - ok
    18:28:29.0831 2792 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    18:28:29.0862 2792 wuauserv - ok
    18:28:29.0893 2792 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:28:29.0893 2792 wudfsvc - ok
    18:28:29.0909 2792 [ BFCC507ECA58F11C5FED96E192B878CB ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
    18:28:29.0925 2792 XAudio - ok
    18:28:29.0925 2792 XAudioService - ok
    18:28:29.0925 2792 ================ Scan global ===============================
    18:28:29.0956 2792 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    18:28:29.0987 2792 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    18:28:30.0003 2792 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    18:28:30.0034 2792 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    18:28:30.0049 2792 [Global] - ok
    18:28:30.0049 2792 ================ Scan MBR ==================================
    18:28:30.0049 2792 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
    18:28:30.0394 2792 \Device\Harddisk0\DR0 - ok
    18:28:30.0409 2792 ================ Scan VBR ==================================
    18:28:30.0409 2792 [ 3F5CAF7BA13AAE060AC2BED294543976 ] \Device\Harddisk0\DR0\Partition1
    18:28:30.0409 2792 \Device\Harddisk0\DR0\Partition1 - ok
    18:28:30.0456 2792 [ 0B0DA37ADE752F88D2202D35A96D330D ] \Device\Harddisk0\DR0\Partition2
    18:28:30.0456 2792 \Device\Harddisk0\DR0\Partition2 - ok
    18:28:30.0456 2792 ============================================================
    18:28:30.0456 2792 Scan finished
    18:28:30.0456 2792 ============================================================
    18:28:30.0456 5316 Detected object count: 0
    18:28:30.0456 5316 Actual detected object count: 0
    18:29:23.0161 6120 Deinitialize success
     
  9. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : DeAnna-I [Admin rights]
    Mode : Scan -- Date : 10/01/2012 18:39:49
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\RunOnce : 930_1425580229422 ("C:\Users\DeAnna-I\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp_r.bat") -> FOUND
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[13] : NtAlertResumeThread @ 0x822AD5C3 -> HOOKED (Unknown @ 0x88017BE8)
    SSDT[14] : NtAlertThread @ 0x82226255 -> HOOKED (Unknown @ 0x88017CC8)
    SSDT[18] : NtAllocateVirtualMemory @ 0x822624FB -> HOOKED (Unknown @ 0x8802ABC8)
    SSDT[21] : NtAlpcConnectPort @ 0x82204887 -> HOOKED (Unknown @ 0x87EFA258)
    SSDT[42] : NtAssignProcessToJobObject @ 0x821D7B43 -> HOOKED (Unknown @ 0x880339D8)
    SSDT[67] : NtCreateMutant @ 0x8223A812 -> HOOKED (Unknown @ 0x88033F80)
    SSDT[77] : NtCreateSymbolicLinkObject @ 0x821DA35A -> HOOKED (Unknown @ 0x88029CE8)
    SSDT[78] : NtCreateThread @ 0x822ABBE0 -> HOOKED (Unknown @ 0x880290C0)
    SSDT[116] : NtDebugActiveProcess @ 0x8227ED22 -> HOOKED (Unknown @ 0x88033AB8)
    SSDT[129] : NtDuplicateObject @ 0x82212551 -> HOOKED (Unknown @ 0x8802AD98)
    SSDT[147] : NtFreeVirtualMemory @ 0x8209EF1D -> HOOKED (Unknown @ 0x8802A820)
    SSDT[156] : NtImpersonateAnonymousToken @ 0x821D4F12 -> HOOKED (Unknown @ 0x88017A28)
    SSDT[158] : NtImpersonateThread @ 0x821EA54F -> HOOKED (Unknown @ 0x88017B08)
    SSDT[165] : NtLoadDriver @ 0x82185DEE -> HOOKED (Unknown @ 0x87EFA1E0)
    SSDT[177] : NtMapViewOfSection @ 0x8222A89A -> HOOKED (Unknown @ 0x8802A720)
    SSDT[184] : NtOpenEvent @ 0x82213DCF -> HOOKED (Unknown @ 0x88033EA0)
    SSDT[194] : NtOpenProcess @ 0x8223AFAE -> HOOKED (Unknown @ 0x8802AF38)
    SSDT[195] : NtOpenProcessToken @ 0x8221BA2E -> HOOKED (Unknown @ 0x8802ACB8)
    SSDT[197] : NtOpenSection @ 0x8222B66D -> HOOKED (Unknown @ 0x88033CE0)
    SSDT[201] : NtOpenThread @ 0x822364FF -> HOOKED (Unknown @ 0x8802AE68)
    SSDT[210] : NtProtectVirtualMemory @ 0x822342E2 -> HOOKED (Unknown @ 0x88029EB8)
    SSDT[282] : NtResumeThread @ 0x82235B4A -> HOOKED (Unknown @ 0x88017DA8)
    SSDT[289] : NtSetContextThread @ 0x822AD06F -> HOOKED (Unknown @ 0x8802A470)
    SSDT[305] : NtSetInformationProcess @ 0x8222E8C8 -> HOOKED (Unknown @ 0x8802A550)
    SSDT[317] : NtSetSystemInformation @ 0x82200EEB -> HOOKED (Unknown @ 0x88033B98)
    SSDT[330] : NtSuspendProcess @ 0x822AD4FF -> HOOKED (Unknown @ 0x88033DC0)
    SSDT[331] : NtSuspendThread @ 0x821B492B -> HOOKED (Unknown @ 0x88017E88)
    SSDT[334] : NtTerminateProcess @ 0x8220B143 -> HOOKED (Unknown @ 0x880291A0)
    SSDT[335] : NtTerminateThread @ 0x82236534 -> HOOKED (Unknown @ 0x88017F48)
    SSDT[348] : NtUnmapViewOfSection @ 0x8222AB5D -> HOOKED (Unknown @ 0x8802A640)
    SSDT[358] : NtWriteVirtualMemory @ 0x8222792D -> HOOKED (Unknown @ 0x8802A910)
    SSDT[382] : NtCreateThreadEx @ 0x82235FE9 -> HOOKED (Unknown @ 0x88029DD8)
    S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x880F6CE0)
    S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x87D18180)
    S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x87FC0E38)
    S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x87DD7500)
    S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x87D2BCD8)
    S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x87D0C308)
    S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x87FC0D68)
    S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x87FC0C98)
    S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x87D18580)
    S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x88117458)
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
    --- User ---
    [MBR] 5f72df32465993a8bdf42a8333887123
    [BSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 293688 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 601473600 | Size: 11554 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  10. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    RogueKiller V8.1.0 [09/28/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : DeAnna-I [Admin rights]
    Mode : Remove -- Date : 10/01/2012 18:40:14
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\RunOnce : 930_1425580229422 ("C:\Users\DeAnna-I\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp_r.bat") -> DELETED
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[13] : NtAlertResumeThread @ 0x822AD5C3 -> HOOKED (Unknown @ 0x88017BE8)
    SSDT[14] : NtAlertThread @ 0x82226255 -> HOOKED (Unknown @ 0x88017CC8)
    SSDT[18] : NtAllocateVirtualMemory @ 0x822624FB -> HOOKED (Unknown @ 0x8802ABC8)
    SSDT[21] : NtAlpcConnectPort @ 0x82204887 -> HOOKED (Unknown @ 0x87EFA258)
    SSDT[42] : NtAssignProcessToJobObject @ 0x821D7B43 -> HOOKED (Unknown @ 0x880339D8)
    SSDT[67] : NtCreateMutant @ 0x8223A812 -> HOOKED (Unknown @ 0x88033F80)
    SSDT[77] : NtCreateSymbolicLinkObject @ 0x821DA35A -> HOOKED (Unknown @ 0x88029CE8)
    SSDT[78] : NtCreateThread @ 0x822ABBE0 -> HOOKED (Unknown @ 0x880290C0)
    SSDT[116] : NtDebugActiveProcess @ 0x8227ED22 -> HOOKED (Unknown @ 0x88033AB8)
    SSDT[129] : NtDuplicateObject @ 0x82212551 -> HOOKED (Unknown @ 0x8802AD98)
    SSDT[147] : NtFreeVirtualMemory @ 0x8209EF1D -> HOOKED (Unknown @ 0x8802A820)
    SSDT[156] : NtImpersonateAnonymousToken @ 0x821D4F12 -> HOOKED (Unknown @ 0x88017A28)
    SSDT[158] : NtImpersonateThread @ 0x821EA54F -> HOOKED (Unknown @ 0x88017B08)
    SSDT[165] : NtLoadDriver @ 0x82185DEE -> HOOKED (Unknown @ 0x87EFA1E0)
    SSDT[177] : NtMapViewOfSection @ 0x8222A89A -> HOOKED (Unknown @ 0x8802A720)
    SSDT[184] : NtOpenEvent @ 0x82213DCF -> HOOKED (Unknown @ 0x88033EA0)
    SSDT[194] : NtOpenProcess @ 0x8223AFAE -> HOOKED (Unknown @ 0x8802AF38)
    SSDT[195] : NtOpenProcessToken @ 0x8221BA2E -> HOOKED (Unknown @ 0x8802ACB8)
    SSDT[197] : NtOpenSection @ 0x8222B66D -> HOOKED (Unknown @ 0x88033CE0)
    SSDT[201] : NtOpenThread @ 0x822364FF -> HOOKED (Unknown @ 0x8802AE68)
    SSDT[210] : NtProtectVirtualMemory @ 0x822342E2 -> HOOKED (Unknown @ 0x88029EB8)
    SSDT[282] : NtResumeThread @ 0x82235B4A -> HOOKED (Unknown @ 0x88017DA8)
    SSDT[289] : NtSetContextThread @ 0x822AD06F -> HOOKED (Unknown @ 0x8802A470)
    SSDT[305] : NtSetInformationProcess @ 0x8222E8C8 -> HOOKED (Unknown @ 0x8802A550)
    SSDT[317] : NtSetSystemInformation @ 0x82200EEB -> HOOKED (Unknown @ 0x88033B98)
    SSDT[330] : NtSuspendProcess @ 0x822AD4FF -> HOOKED (Unknown @ 0x88033DC0)
    SSDT[331] : NtSuspendThread @ 0x821B492B -> HOOKED (Unknown @ 0x88017E88)
    SSDT[334] : NtTerminateProcess @ 0x8220B143 -> HOOKED (Unknown @ 0x880291A0)
    SSDT[335] : NtTerminateThread @ 0x82236534 -> HOOKED (Unknown @ 0x88017F48)
    SSDT[348] : NtUnmapViewOfSection @ 0x8222AB5D -> HOOKED (Unknown @ 0x8802A640)
    SSDT[358] : NtWriteVirtualMemory @ 0x8222792D -> HOOKED (Unknown @ 0x8802A910)
    SSDT[382] : NtCreateThreadEx @ 0x82235FE9 -> HOOKED (Unknown @ 0x88029DD8)
    S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x880F6CE0)
    S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x87D18180)
    S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x87FC0E38)
    S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x87DD7500)
    S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x87D2BCD8)
    S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x87D0C308)
    S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x87FC0D68)
    S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x87FC0C98)
    S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x87D18580)
    S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x88117458)
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    [...]

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: ST332081 3AS SCSI Disk Device +++++
    --- User ---
    [MBR] 5f72df32465993a8bdf42a8333887123
    [BSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 293688 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 601473600 | Size: 11554 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  11. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-01 18:42:08
    -----------------------------
    18:42:08.594 OS Version: Windows 6.0.6002 Service Pack 2
    18:42:08.594 Number of processors: 2 586 0x203
    18:42:08.594 ComputerName: DMAIN UserName:
    18:42:10.778 Initialize success
    18:44:19.724 AVAST engine defs: 12100101
    18:44:43.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
    18:44:43.280 Disk 0 Vendor: ST332081 HP22 Size: 305245MB BusType: 3
    18:44:43.296 Disk 0 MBR read successfully
    18:44:43.296 Disk 0 MBR scan
    18:44:43.296 Disk 0 unknown MBR code
    18:44:43.296 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 293688 MB offset 63
    18:44:43.343 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11554 MB offset 601473600
    18:44:43.343 Disk 0 scanning sectors +625137345
    18:44:43.405 Disk 0 scanning C:\Windows\system32\drivers
    18:44:55.713 Service scanning
    18:45:34.043 Modules scanning
    18:45:44.822 Disk 0 trace - called modules:
    18:45:44.838 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    18:45:44.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8649aac8]
    18:45:44.838 3 CLASSPNP.SYS[807a68b3] -> nt!IofCallDriver -> [0x846f6730]
    18:45:44.838 5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\0000005a[0x85489c90]
    18:45:45.805 AVAST engine scan C:\Windows
    18:45:50.672 AVAST engine scan C:\Windows\system32
    18:51:39.987 AVAST engine scan C:\Windows\system32\drivers
    18:52:03.091 AVAST engine scan C:\Users\DeAnna-I
    18:54:22.422 Disk 0 MBR has been saved successfully to "C:\Users\DeAnna-I\Desktop\MBR.dat"
    18:54:22.422 The log file has been saved successfully to "C:\Users\DeAnna-I\Desktop\aswMBR.txt"
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    ComboFix 12-09-30.03 - DeAnna-I 10/01/2012 19:25:17.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1160 [GMT -5:00]
    Running from: c:\users\DeAnna-I\Desktop\ComboFix.exe
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\DeAnna-I\AppData\Local\Temp\ppcrlui_5096_2
    c:\users\DeAnna-I\Desktop\Internet Explorer.lnk
    c:\users\DeAnna-I\g2ax_customer_downloadhelper_win32_x86.exe
    c:\users\DeAnna-I\g2mdlhlpx.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-02 to 2012-10-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-02 00:45 . 2012-10-02 00:45 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
    2012-10-02 00:45 . 2012-10-02 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-01 19:52 . 2012-10-01 19:52 -------- d-----w- c:\programdata\IObit
    2012-10-01 17:57 . 2012-10-01 21:54 -------- d-----w- c:\users\DeAnna-I\AppData\Roaming\IObit
    2012-10-01 17:57 . 2012-10-01 19:51 -------- d-----w- c:\program files\IObit
    2012-09-30 19:44 . 2012-09-30 19:44 20 ----a-w- c:\windows\system32\drivers\SMR311.dat
    2012-09-30 19:44 . 2012-09-30 19:44 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
    2012-09-30 19:36 . 2012-09-30 19:46 -------- d-----w- c:\users\DeAnna-I\AppData\Local\NPE
    2012-09-30 19:32 . 2012-09-30 20:02 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-09-30 19:32 . 2012-09-30 19:32 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-09-30 19:32 . 2012-09-30 19:32 -------- d-----w- c:\program files\Symantec
    2012-09-30 19:31 . 2012-09-30 20:00 -------- d-----w- c:\windows\system32\drivers\NIS\1401010.002
    2012-09-30 19:31 . 2012-09-30 19:31 -------- d-----w- c:\program files\Norton Internet Security
    2012-09-30 19:31 . 2012-09-30 19:31 -------- d-----w- c:\program files\NortonInstaller
    2012-09-30 19:08 . 2012-09-30 19:57 -------- d-----w- c:\users\DeAnna-I\AppData\Local\LogMeIn Rescue Applet
    2012-09-30 16:27 . 2012-09-30 18:59 -------- d-----w- c:\programdata\AVAST Software
    2012-09-30 16:27 . 2012-09-30 17:09 -------- d-----w- c:\program files\AVAST Software
    2012-09-30 16:17 . 2012-09-30 16:18 -------- d-----w- c:\programdata\MFAData
    2012-09-30 16:17 . 2012-09-30 16:17 -------- d--h--w- c:\programdata\Common Files
    2012-09-30 16:17 . 2012-09-30 16:17 -------- d-----w- c:\users\DeAnna-I\AppData\Local\MFAData
    2012-09-30 16:17 . 2012-09-30 16:17 -------- d-----w- c:\users\DeAnna-I\AppData\Local\Avg2013
    2012-09-30 13:35 . 2012-09-30 13:35 -------- d-----w- c:\users\DeAnna-I\AppData\Roaming\Auslogics
    2012-09-30 13:33 . 2012-09-30 13:33 -------- d-----w- c:\program files\Auslogics
    2012-09-29 19:15 . 2012-09-30 19:43 -------- d-----w- c:\users\DeAnna-I\AppData\Roaming\Wise Care 365
    2012-09-29 18:35 . 2012-09-30 18:42 -------- d-----w- c:\users\DeAnna-I\AppData\Roaming\Wise Registry Cleaner
    2012-09-29 18:34 . 2012-09-29 19:15 -------- d-----w- c:\program files\Wise
    2012-09-29 18:32 . 2012-09-29 18:32 -------- d-----w- c:\users\DeAnna-I\AppData\Roaming\RegGenie
    2012-09-29 18:30 . 2011-03-08 08:30 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
    2012-09-26 11:27 . 2012-09-26 11:27 -------- d-----w- c:\programdata\LightScribe
    2012-09-19 01:58 . 2012-09-19 01:58 -------- d-----w- c:\users\DeAnna-I\AppData\Local\Zoom_Downloader
    2012-09-19 01:57 . 2012-09-19 01:57 -------- d-----w- c:\program files\OApps
    2012-09-19 01:57 . 2012-09-19 01:57 -------- d-----w- c:\program files\Conduit
    2012-09-19 01:57 . 2012-09-19 11:40 -------- d-----w- c:\users\DeAnna-I\AppData\Local\Conduit
    2012-09-18 18:07 . 2012-09-18 18:07 -------- d-----w- c:\users\DeAnna-I\AppData\Roaming\QuickScan
    2012-09-02 15:51 . 2012-09-02 15:51 -------- d-----w- c:\users\DeAnna-I\AppData\Roaming\SUPERAntiSpyware.com
    2012-09-02 15:50 . 2012-09-25 15:38 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-09-02 15:50 . 2012-09-02 15:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-07 22:04 . 2010-01-11 02:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-21 20:35 . 2012-04-04 00:26 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-21 20:35 . 2011-07-03 13:24 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-16 07:41 . 2012-08-17 17:55 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D9E4390-F5BD-41CC-B9B5-8ECCB1A5F591}\mpengine.dll
    2012-07-04 14:02 . 2012-08-15 08:01 2047488 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-06-07 02:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF}]
    2012-09-19 01:57 92160 ----a-w- c:\program files\OApps\bho.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-07-02 4473728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Macro Express Pro.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Macro Express Pro.lnk
    backup=c:\windows\pss\Macro Express Pro.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
    backup=c:\windows\pss\PictureMover.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^DeAnna-I^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ActiveWords.lnk]
    path=c:\users\DeAnna-I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActiveWords.lnk
    backup=c:\windows\pss\ActiveWords.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^DeAnna-I^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
    path=c:\users\DeAnna-I\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    backup=c:\windows\pss\EvernoteClipper.lnk.Startup
    backupExtension=.Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
    2012-06-07 02:33 1564872 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2011-09-27 12:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative SB Monitoring Utility]
    2010-08-03 04:28 104448 ----a-w- c:\windows\System32\SBAVMon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2008-12-04 15:14 75016 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2008-12-08 22:34 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
    2009-04-04 00:25 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    2008-11-20 17:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2006-03-20 22:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-04-27 06:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 21:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-11-10 07:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2009-03-08 22:51 13687328 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2009-03-08 22:51 92704 ----a-w- c:\windows\System32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDVCPL]
    2010-01-20 01:10 8452640 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
    2008-01-21 02:24 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2012-09-25 15:36 4780928 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
    2008-12-04 05:15 218408 ------w- c:\program files\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
    2008-12-04 05:15 218408 ------w- c:\program files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
    2008-12-04 05:15 218408 ------w- c:\program files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
    2009-02-02 21:05 210216 ------w- c:\program files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
    2010-02-19 00:27 241789 ------w- c:\program files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1958714084-3576785742-3840764162-1000]
    "EnableNotificationsRef"=dword:00000001
    .
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 87216374
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - EECTRL
    *NewlyCreated* - FILEMONITOR
    *NewlyCreated* - PGLDAPOD
    *NewlyCreated* - REGFILTER
    *NewlyCreated* - SMR311
    *NewlyCreated* - TRUESIGHT
    *NewlyCreated* - URLFILTER
    *Deregistered* - 87216374
    *Deregistered* - aswMBR
    *Deregistered* - EraserUtilDrv11220
    *Deregistered* - pgldapod
    *Deregistered* - TrueSight
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-30 16:28]
    .
    2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-30 16:28]
    .
    2012-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 19:00]
    .
    2012-09-30 c:\windows\Tasks\Wise Care 365.job
    - c:\program files\Wise\Wise Care 365\WiseTray.exe [2012-09-29 22:24]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Presario&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    Trusted Zone: alexian.net\meditech
    Trusted Zone: mojohelpdesk.com\keystrokes
    Trusted Zone: samsungsetup.com\www
    Trusted Zone: speechmachines.org\mq1webc2
    Trusted Zone: speechmachines.org\www
    TCP: DhcpNameServer = 192.168.1.1
    Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - c:\program files\Microsoft\SMIME Client (2010)\mimectl.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    MSConfigStartUp-Google Update - c:\users\DeAnna-I\AppData\Local\Google\Update\GoogleUpdate.exe
    MSConfigStartUp-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
    MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    MSConfigStartUp-Pedalware - c:\program files\NCH Swift Sound\Pedalware\pedalware.exe
    MSConfigStartUp-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
    AddRemove-Instant Text 7 Pro - c:\insttext\Exe_v7\UndoIT7
    AddRemove-Instant Text V Pro - c:\insttext\Exe32\UndoIT32
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-01 19:45
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\20.1.1.2\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{4F253FFC-7957E8FC-06000000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-10-01 19:48:57
    ComboFix-quarantined-files.txt 2012-10-02 00:48
    .
    Pre-Run: 234,610,429,952 bytes free
    Post-Run: 233,225,592,832 bytes free
    .
    - - End Of File - - 0DA786F4A93AE0330B27736C4F415EC8
     
  14. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Looks good.

    How is computer doing?

    ==========================

    Uninstall Ask Toolbar, typical foistware.

    ==========================

    Uninstall:
    Advanced SystemCare 5
    Auslogics Registry Cleaner
    Wise Registry Cleaner
    Wise Care 365
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    OTL Extras logfile created on: 10/1/2012 8:16:08 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DeAnna-I\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 59.87% Memory free
    5.95 Gb Paging File | 4.79 Gb Available in Paging File | 80.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 286.80 Gb Total Space | 217.08 Gb Free Space | 75.69% Space Free | Partition Type: NTFS
    Drive D: | 11.28 Gb Total Space | 1.55 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

    Computer Name: DMAIN | User Name: DeAnna-I | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1958714084-3576785742-3840764162-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{29883B76-B2B4-416E-A4F0-477A43365E33}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{650C897D-BCB9-45E9-9CFB-56ACC3D562E8}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{73A1BDCD-8287-48AF-BB75-D85901905942}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{E3BDF1B4-F51D-4F2D-9A20-17A280E2ADE4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1EDF1966-9EFB-4947-A1DE-1BFFB4E6411B}" = protocol=17 | dir=in | app=c:\users\deanna-I\appdata\local\temp\7zs59e2.tmp\symnrt.exe |
    "{271D9840-9B96-4EFF-B4AC-C93B2A3D5B5B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
    "{2879B1B1-60FB-4008-89CC-7FBD15CD92D3}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{295477C7-B9D0-4341-8DDA-4814671FD9D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{3C9354B6-8F42-45A5-A520-C32318128F49}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{5CE2D4B2-71A9-4711-99EB-920E049660B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{6AC6F48E-FCDA-4B3A-821B-7F5891C26E5B}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{6BE95538-51DE-4F58-BFE6-41E7C5A302B9}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{7690EC6E-A413-465F-8B0D-30B7D8631198}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
    "{99E5818D-0937-4237-B25D-1ADEC3481083}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{9B742F5A-E87C-48D8-ADBB-137B2CBCDDEF}" = protocol=6 | dir=in | app=c:\users\deanna-I\appdata\local\temp\7zs59e2.tmp\symnrt.exe |
    "{A163A62F-C0B9-4B59-945B-EA53E70D23C1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{C8D4378C-8446-4D53-B13F-7FB6F91077F4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{D5B4B952-FCC3-41D0-BD55-FE8437C1A26A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DF75B07E-9D97-4525-BB29-E076A9ACF91B}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
    "{E56369BB-54FB-4260-948F-7D8CC66AE8AE}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
    "{E84E8471-873D-4B71-AC33-0FB117D5DCD0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{ED4DA0A0-0338-4C2D-96E9-E972DCEB2FA8}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (DOCNET)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3C3A2DAF-B67B-4324-8629-718D1F25F18A}" = Quick Look Electronic Drug Reference 2008
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{466FA99A-8676-4824-89D2-A50F5EC13A19}" = Ready Reference Bookshelf
    "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{587B7A6F-CA1F-4639-9083-16F9BB2363B4}" = Sound Blaster X-Fi Go! Pro
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8554901-BC7A-4ACE-955B-D4B435F6CBC7}" = Microsoft S/MIME
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}" = AIM Pro
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
    "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
    "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Bejeweled Twist 1.0" = Bejeweled Twist 1.0
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_HSF" = PCIe Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ExpressZip" = Express Zip File Compression Software
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{8F73DC53-04A6-4D35-B876-0DDB3C136A6B}" = Stedman's Plus Standard Edition
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "IObit Malware Fighter_is1" = IObit Malware Fighter
    "Macro Express Pro" = Macro Express Pro
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MoffFreeCalc_is1" = Moffsoft FreeCalc
    "MP3 Rocket" = MP3 Rocket
    "NIS" = Norton Internet Security
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC-Doctor for Windows" = Hardware Diagnostic Tools
    "pywin32-py2.6" = Python 2.6 pywin32-212
    "Samsung Universal Print Driver" = Samsung Universal Print Driver
    "Scribe" = Express Scribe
    "sl-adk" = SelectionLinks
    "Stedman's Cardiovascular & Pulmonary Words" = Stedman's Cardiovascular & Pulmonary Words 1.0
    "Stedman's Dermatology & Immunology Words 3E" = Stedman's Dermatology & Immunology Words 3E 1.0
    "Stedman's Electronic Medical Dictionary 7.0" = Stedman's Electronic Medical Dictionary 7.0
    "Stedman's Equipment Words" = Stedman's Equipment Words 1.0
    "Stedman's GI & GU Words 4E" = Stedman's GI & GU Words 4E 1.0
    "Stedman's Neurology & Neurosurgery Words, 4E" = Stedman's Neurology & Neurosurgery Words, 4E 1.0
    "Stedman's Oncology Words, 5E" = Stedman's Oncology Words, 5E 1.0
    "Stedman's Ophthalmology Words, 4E" = Stedman's Ophthalmology Words, 4E 1.0
    "Stedman's Organism's & Infectious Disease Words" = Stedman's Organism's & Infectious Disease Words 1.0
    "Stedman's Orthopaedic & Rehab Words 5E" = Stedman's Orthopaedic & Rehab Words 5E 1.0
    "Stedman's Pathology & Lab Medicine Words 4E" = Stedman's Pathology & Lab Medicine Words 4E 1.0
    "Stedman's Plastic Surgery Words 4E" = Stedman's Plastic Surgery Words 4E 1.0
    "Stedman's Psychiatry Words, 4E" = Stedman's Psychiatry Words, 4E 1.0
    "Stedman's Radiology Words, 5E" = Stedman's Radiology Words, 5E 1.0
    "SysInfo" = Creative System Information
    "Uninstaller_B37B2000_Plastic Surgery Words 4E" = Plastic Surgery Words 4E (Shared Components)
    "Uninstaller_B3847000_Pathology & Lab Medicine Words" = Pathology & Lab Medicine Words (Shared Components)
    "Uninstaller_B3B4C000_Stedman's Orthopaedic & Rehab Words 5e" = Stedman's Orthopaedic & Rehab Words 5e (Shared Components)
    "Uninstaller_B3DDC000_Stedman's Neurology & Neurosurgery Words, 4th edition" = Stedman's Neurology & Neurosurgery Words, 4th edition (Shared Components)
    "Uninstaller_B41C0000_Stedman's Electronic Medical Dictionary, version 7.0" = Stedman's Electronic Medical Dictionary, version 7.0 (Shared Components)
    "Uninstaller_B44BB000_Stedman's Radiology Words, 5th Edition" = Stedman's Radiology Words, 5th Edition (Shared Components)
    "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
    "Uninstaller_B4A21000_Stedman's Oncology Words, 5th Edition" = Stedman's Oncology Words, 5th Edition (Shared Components)
    "Uninstaller_B501B000_Stedman's Psychiatry Words, 4th edition" = Stedman's Psychiatry Words, 4th edition (Shared Components)
    "Uninstaller_B503F000_Stedman's Ophthalmology Words, 4e" = Stedman's Ophthalmology Words, 4e (Shared Components)
    "Uninstaller_B5223000_Stedman's Plus Spellchecker 2008 Standard Edition" = Stedman's Plus Spellchecker 2008 Standard Edition (Shared Components)
    "Uninstaller_B5858000_Quick Look Electronic Drug Reference 2008" = Quick Look Electronic Drug Reference 2008 (Shared Components)
    "WaveStudio 7" = Creative WaveStudio 7
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Messenger" = Yahoo! Messenger
    "YInstHelper" = Yahoo! Install Manager
    "Zuma Deluxe" = Zuma Deluxe

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/17/2012 4:16:04 PM | Computer Name = DMain | Source = WinMgmt | ID = 10
    Description =

    Error - 8/21/2012 4:20:31 PM | Computer Name = DMain | Source = uagqecsvc | ID = 16
    Description = The Microsoft Forefront UAG Quarantine Enforcement Client component
    cannot retrieve the status of the Network Access Protection (NAP) Agent service.
    System
    error 1115: A system shutdown is in progress. (0x45b). When the Microsoft Forefront
    UAG Quarantine Enforcement Client component starts, it attempts to query settings
    for the NAP agent service.

    Error - 8/21/2012 4:22:30 PM | Computer Name = DMain | Source = WinMgmt | ID = 10
    Description =

    Error - 8/23/2012 5:33:10 PM | Computer Name = DMain | Source = Windows Search Service | ID = 3013
    Description =

    Error - 8/23/2012 5:33:10 PM | Computer Name = DMain | Source = Windows Search Service | ID = 3013
    Description =

    Error - 8/27/2012 9:40:00 AM | Computer Name = DMain | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 9.0.8112.16448, time stamp
    0x4fecf1b7, faulting module MSHTML.dll, version 9.0.8112.16448, time stamp 0x4fecfb0e,
    exception code 0xc0000005, fault offset 0x00179a22, process id 0x654, application
    start time 0x01cd84596cdd4491.

    Error - 8/28/2012 6:17:40 PM | Computer Name = DMain | Source = Windows Search Service | ID = 3013
    Description =

    Error - 8/28/2012 6:17:40 PM | Computer Name = DMain | Source = Windows Search Service | ID = 3013
    Description =

    Error - 8/28/2012 10:06:15 PM | Computer Name = DMain | Source = uagqecsvc | ID = 16
    Description = The Microsoft Forefront UAG Quarantine Enforcement Client component
    cannot retrieve the status of the Network Access Protection (NAP) Agent service.
    System
    error 1115: A system shutdown is in progress. (0x45b). When the Microsoft Forefront
    UAG Quarantine Enforcement Client component starts, it attempts to query settings
    for the NAP agent service.

    Error - 8/28/2012 10:08:17 PM | Computer Name = DMain | Source = WinMgmt | ID = 10
    Description =

    Error - 8/29/2012 1:51:46 PM | Computer Name = DMain | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 10/7/2009 7:45:21 PM | Computer Name = Office-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/12/2010 10:45:55 PM | Computer Name = Office-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 4/30/2012 12:39:45 PM | Computer Name = Office-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    [ System Events ]
    Error - 10/1/2012 6:28:27 PM | Computer Name = DMain | Source = bowser | ID = 8003
    Description =

    Error - 10/1/2012 6:40:25 PM | Computer Name = DMain | Source = bowser | ID = 8003
    Description =

    Error - 10/1/2012 7:04:23 PM | Computer Name = DMain | Source = bowser | ID = 8003
    Description =

    Error - 10/1/2012 8:24:05 PM | Computer Name = DMain | Source = Service Control Manager | ID = 7034
    Description =

    Error - 10/1/2012 8:24:47 PM | Computer Name = DMain | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/1/2012 8:39:32 PM | Computer Name = DMain | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/1/2012 8:45:30 PM | Computer Name = DMain | Source = Service Control Manager | ID = 7030
    Description =

    Error - 10/1/2012 8:57:24 PM | Computer Name = DMain | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/1/2012 8:57:24 PM | Computer Name = DMain | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/1/2012 8:57:25 PM | Computer Name = DMain | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  16. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    OTL logfile created on: 10/1/2012 8:16:08 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DeAnna-I\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.87 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 59.87% Memory free
    5.95 Gb Paging File | 4.79 Gb Available in Paging File | 80.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 286.80 Gb Total Space | 217.08 Gb Free Space | 75.69% Space Free | Partition Type: NTFS
    Drive D: | 11.28 Gb Total Space | 1.55 Gb Free Space | 13.78% Space Free | Partition Type: NTFS

    Computer Name: DMAIN | User Name: DeAnna-I | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/01 20:15:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DeAnna-I\Desktop\OTL (1).exe
    PRC - [2012/09/25 10:36:45 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2012/08/29 14:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe
    PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    PRC - [2010/11/25 06:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
    PRC - [2010/08/09 16:29:24 | 000,043,912 | ---- | M] (Cisco WebEx LLC) -- C:\Windows\System32\atashost.exe
    PRC - [2010/02/11 21:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/01/20 21:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/18 13:50:36 | 000,082,944 | ---- | M] () -- C:\Program Files\NCH Software\ExpressZip\ezcm.dll
    MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\wincfi39.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
    SRV - [2012/09/25 10:36:45 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2012/08/29 14:17:48 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.1.1.2\ccSvcHst.exe -- (NIS)
    SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
    SRV - [2011/12/01 22:11:59 | 000,136,784 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\System32\SUPDSvc2.exe -- (Samsung UPD Service2)
    SRV - [2011/01/16 21:57:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
    SRV - [2011/01/16 21:42:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
    SRV - [2011/01/16 21:41:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/11/25 06:05:00 | 000,150,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe -- (uagqecsvc)
    SRV - [2010/08/09 16:29:24 | 000,043,912 | ---- | M] (Cisco WebEx LLC) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2010/02/11 21:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2008/12/08 21:51:08 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DeAnna-I\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/09/30 14:59:11 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121001.020\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/09/30 14:59:11 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20121001.020\NAVENG.SYS -- (NAVENG)
    DRV - [2012/09/30 14:32:23 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/09/28 12:32:14 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120928.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2012/09/13 20:07:12 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120928.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2012/08/18 04:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/18 04:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/08/10 20:26:42 | 000,585,888 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\srtsp.sys -- (SRTSP)
    DRV - [2012/08/08 00:18:19 | 000,926,880 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\SymEFA.sys -- (SymEFA)
    DRV - [2012/08/07 13:42:43 | 000,134,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\ccSetx86.sys -- (ccSet_NIS)
    DRV - [2012/07/27 22:25:32 | 000,368,288 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\SymDS.sys -- (SymDS)
    DRV - [2012/07/27 22:05:21 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\Ironx86.sys -- (SymIRON)
    DRV - [2012/07/22 20:34:24 | 000,350,368 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\symtdiv.sys -- (SYMTDIv)
    DRV - [2012/07/05 13:53:52 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
    DRV - [2012/07/05 13:53:50 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
    DRV - [2012/05/25 00:36:55 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1401010.002\srtspx.sys -- (SRTSPX)
    DRV - [2012/01/05 18:07:28 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
    DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/08/11 09:50:00 | 001,254,400 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ksaud.sys -- (ksaud)
    DRV - [2010/06/09 06:02:43 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2009/12/17 17:17:11 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2009/03/08 17:51:00 | 007,764,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/02/02 13:59:28 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc.pkms -- (PCDSRVC{4F253FFC-7957E8FC-06000000}_0)
    DRV - [2008/11/12 12:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2008/11/12 12:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2008/09/10 07:48:32 | 000,205,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
    DRV - [2008/09/10 07:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
    DRV - [2008/09/04 06:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/08/01 07:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/05/22 04:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/06/28 07:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
    DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Presario&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
    IE - HKLM\..\SearchScopes,DefaultScope = {7EC8BA1B-2B50-420B-90C1-2D326F4F9A57}
    IE - HKLM\..\SearchScopes\{368D14BD-39A3-4856-8B05-85CBD1891B7D}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE - HKLM\..\SearchScopes\{7EC8BA1B-2B50-420B-90C1-2D326F4F9A57}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\DeAnna-I\Desktop
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..\SearchScopes,DefaultScope = {7EC8BA1B-2B50-420B-90C1-2D326F4F9A57}
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=7A67B7E9-F472-41D8-AEEA-933B96ED20E0
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..\SearchScopes\{368D14BD-39A3-4856-8B05-85CBD1891B7D}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..\SearchScopes\{453811AD-473F-4188-BE00-3E0629930261}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..\SearchScopes\{7EC8BA1B-2B50-420B-90C1-2D326F4F9A57}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=US&ver=18
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..\SearchScopes\{C65BCF16-F746-4A01-BE97-17BE0093C342}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012/09/30 14:32:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2012/10/01 19:59:58 | 000,000,000 | ---D | M]

    [2011/04/20 15:46:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DeAnna-I\AppData\Roaming\mozilla\Extensions

    O1 HOSTS File: ([2012/10/01 19:45:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\IPS\IPSBHO.dll (Symantec Corporation)
    O2 - BHO: (SelectionLinks) - {F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} - C:\Program Files\OApps\bho.dll (SelectionLinks)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.1.1.2\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
    O7 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: alexian.net ([meditech] https in Trusted sites)
    O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: mojohelpdesk.com ([keystrokes] https in Trusted sites)
    O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
    O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: speechmachines.org ([mq1webc2] https in Trusted sites)
    O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: speechmachines.org ([www] * in Trusted sites)
    O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0773300-E819-4DD5-ABBB-5315D224DF8D}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\DeAnna-I\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\DeAnna-I\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/01 20:15:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DeAnna-I\Desktop\OTL (1).exe
    [2012/10/01 20:12:32 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\DeAnna-I\Desktop\OTL.exe
    [2012/10/01 19:46:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/01 19:23:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/01 19:23:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/01 19:23:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/01 19:20:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/01 19:18:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/01 19:16:06 | 004,759,381 | R--- | C] (Swearware) -- C:\Users\DeAnna-I\Desktop\ComboFix.exe
    [2012/10/01 18:41:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\DeAnna-I\Desktop\aswMBR.exe
    [2012/10/01 18:36:04 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\Desktop\RK_Quarantine
    [2012/10/01 14:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2012/10/01 12:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
    [2012/10/01 12:57:50 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Roaming\IObit
    [2012/10/01 12:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2012/09/30 14:36:21 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Local\NPE
    [2012/09/30 14:32:23 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012/09/30 14:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2012/09/30 14:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2012/09/30 14:31:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
    [2012/09/30 14:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
    [2012/09/30 14:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2012/09/30 14:22:43 | 145,979,176 | ---- | C] (Symantec Corporation) -- C:\Users\DeAnna-I\Desktop\NIS-ESD-20-1-1-2-EN.exe
    [2012/09/30 14:08:02 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Local\LogMeIn Rescue Applet
    [2012/09/30 11:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/09/30 11:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/09/30 11:17:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/09/30 11:17:33 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Local\MFAData
    [2012/09/30 11:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/09/30 11:17:33 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Local\Avg2013
    [2012/09/30 08:35:15 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Roaming\Auslogics
    [2012/09/29 13:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
    [2012/09/29 13:32:57 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Roaming\RegGenie
    [2012/09/26 06:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
    [2012/09/18 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Local\Zoom_Downloader
    [2012/09/18 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
    [2012/09/18 20:57:30 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2012/09/18 20:57:27 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Local\Conduit
    [2012/09/18 18:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
    [2012/09/18 13:07:45 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Roaming\QuickScan
    [2012/09/02 10:51:21 | 000,000,000 | ---D | C] -- C:\Users\DeAnna-I\AppData\Roaming\SUPERAntiSpyware.com
    [2012/09/02 10:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2012/09/02 10:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/09/02 10:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/01 20:15:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DeAnna-I\Desktop\OTL (1).exe
    [2012/10/01 20:12:48 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\DeAnna-I\Desktop\OTL.exe
    [2012/10/01 20:04:00 | 000,651,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/01 20:04:00 | 000,121,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/10/01 19:58:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
    [2012/10/01 19:57:13 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/01 19:57:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/01 19:57:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/01 19:57:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/01 19:45:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/10/01 19:16:16 | 004,759,381 | R--- | M] (Swearware) -- C:\Users\DeAnna-I\Desktop\ComboFix.exe
    [2012/10/01 18:54:22 | 000,000,512 | ---- | M] () -- C:\Users\DeAnna-I\Desktop\MBR.dat
    [2012/10/01 18:41:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\DeAnna-I\Desktop\aswMBR.exe
    [2012/10/01 18:38:44 | 001,412,096 | ---- | M] () -- C:\Users\DeAnna-I\Desktop\roguekiller (1).exe
    [2012/10/01 18:27:31 | 002,193,278 | ---- | M] () -- C:\Users\DeAnna-I\Desktop\tdsskiller.zip
    [2012/10/01 14:52:09 | 000,005,101 | ---- | M] () -- C:\Windows\InstText.ini
    [2012/10/01 12:57:55 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
    [2012/09/30 19:39:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/30 14:59:06 | 000,008,888 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\VT20120921.034
    [2012/09/30 14:36:20 | 145,979,176 | ---- | M] (Symantec Corporation) -- C:\Users\DeAnna-I\Desktop\NIS-ESD-20-1-1-2-EN.exe
    [2012/09/30 14:33:21 | 002,334,451 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1401010.002\Cat.DB
    [2012/09/30 14:32:23 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
    [2012/09/30 14:32:23 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012/09/30 14:32:23 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012/09/30 14:15:15 | 000,001,356 | ---- | M] () -- C:\Users\DeAnna-I\AppData\Local\d3d9caps.dat
    [2012/09/30 12:09:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/09/30 11:14:51 | 000,000,830 | ---- | M] () -- C:\Users\DeAnna-I\Desktop\Norton Installation Files.lnk
    [2012/09/30 11:11:52 | 000,322,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/09/29 22:54:12 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/25 14:17:52 | 000,008,888 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\VT20120921.034
    [2012/09/25 10:09:30 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/09/22 09:53:37 | 002,334,451 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1308000.00E\Cat.DB
    [2012/09/18 18:05:01 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
    [2012/09/18 12:56:20 | 000,000,259 | ---- | M] () -- C:\Windows\Brownie.ini
    [2012/09/18 12:56:20 | 000,000,012 | ---- | M] () -- C:\Windows\BRVIDEO.INI
    [2012/09/15 09:12:29 | 000,000,010 | ---- | M] () -- C:\Windows\SCAR.bkm
    [2012/09/12 16:56:50 | 000,000,010 | ---- | M] () -- C:\Windows\SPTH.bkm
    [2012/09/11 12:21:32 | 000,000,010 | ---- | M] () -- C:\Windows\SPSW.bkm
    [2012/09/11 12:20:43 | 000,000,010 | ---- | M] () -- C:\Windows\SEQU.bkm
    [2012/09/10 08:00:06 | 000,000,010 | ---- | M] () -- C:\Windows\SORW.bkm
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/02 10:51:02 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/01 19:23:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/01 19:23:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/01 19:23:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/01 19:23:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/01 19:23:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/01 18:54:22 | 000,000,512 | ---- | C] () -- C:\Users\DeAnna-I\Desktop\MBR.dat
    [2012/10/01 18:38:44 | 001,412,096 | ---- | C] () -- C:\Users\DeAnna-I\Desktop\roguekiller (1).exe
    [2012/10/01 18:27:31 | 002,193,278 | ---- | C] () -- C:\Users\DeAnna-I\Desktop\tdsskiller.zip
    [2012/10/01 12:57:55 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
    [2012/09/30 14:32:23 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
    [2012/09/30 14:32:23 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
    [2012/09/30 11:29:04 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/30 11:29:03 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/30 11:10:19 | 000,322,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/09/29 14:27:46 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\Wise Care 365.job
    [2012/09/29 13:30:19 | 000,299,544 | ---- | C] () -- C:\Windows\RegGenieOnUninstall.exe
    [2012/09/18 18:05:01 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
    [2012/09/02 10:51:02 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2012/06/05 21:16:29 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
    [2012/06/05 21:04:14 | 000,349,264 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll
    [2012/06/05 21:04:14 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll
    [2012/06/05 21:04:13 | 000,261,712 | ---- | C] () -- C:\Windows\SUPDRun.exe
    [2012/06/05 21:04:13 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
    [2012/05/07 07:19:30 | 000,000,008 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Roaming\usb.dat.bin
    [2011/06/17 07:49:14 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ssp8ml3.dll
    [2011/04/24 09:04:42 | 000,324,784 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Local\census.cache
    [2011/04/24 09:04:26 | 000,191,320 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Local\ars.cache
    [2011/01/27 20:40:32 | 000,000,272 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Local\custom_colors.cfg
    [2011/01/19 17:52:06 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
    [2011/01/16 21:47:00 | 000,181,760 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
    [2011/01/16 21:47:00 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
    [2011/01/16 21:46:39 | 000,044,795 | R--- | C] () -- C:\Windows\System32\kschimp.ini
    [2011/01/16 21:44:10 | 000,034,637 | ---- | C] () -- C:\Windows\System32\ksaud.ini
    [2011/01/16 21:44:10 | 000,003,077 | ---- | C] () -- C:\ProgramData\cfSB1290.ini
    [2010/12/12 10:05:37 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2010/04/26 09:36:38 | 000,012,190 | -HS- | C] () -- C:\Users\DeAnna-I\AppData\Local\6yB3PQs2
    [2010/04/26 09:36:38 | 000,012,190 | -HS- | C] () -- C:\ProgramData\6yB3PQs2
    [2009/12/15 13:54:53 | 000,000,036 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Local\housecall.guid.cache
    [2009/11/25 01:00:00 | 000,000,029 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Local\htpdp.dil
    [2009/09/19 10:47:19 | 000,039,936 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/05 17:48:24 | 000,001,356 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Local\d3d9caps.dat
    [2009/09/05 17:14:54 | 000,031,007 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Roaming\UserTile.png
    [2009/09/05 17:07:31 | 000,000,000 | ---- | C] () -- C:\Users\DeAnna-I\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2010/08/17 09:37:22 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\acccore
    [2010/10/05 18:27:04 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\ActiveWords
    [2010/06/14 10:09:57 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\Acusis
    [2010/08/17 09:36:56 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\AIM
    [2010/08/17 09:39:17 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\AIMPro
    [2010/04/29 08:43:15 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\AnyModalEdit
    [2010/01/26 18:47:42 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\AstoundStereoExpander
    [2012/09/30 08:35:15 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\Auslogics
    [2011/06/10 19:05:43 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\chartnet
    [2012/06/14 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\Dextronet
    [2009/09/09 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\Dictaphone
    [2010/08/13 16:24:50 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\Dropbox
    [2012/01/22 18:35:34 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\DVDVideoSoft
    [2012/01/22 18:34:46 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\DVDVideoSoftIEHelpers
    [2010/03/04 13:15:35 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\eScription
    [2010/06/15 16:49:05 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\FileZilla
    [2012/03/19 09:31:23 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\FrostWire
    [2010/04/18 13:34:47 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\ICAClient
    [2012/10/01 16:54:48 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\IObit
    [2012/08/28 16:41:35 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\MP3Rocket
    [2011/09/01 16:04:04 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\NCH Swift Sound
    [2009/09/05 17:14:54 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\PeerNetworking
    [2009/09/04 13:24:16 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\PictureMover
    [2012/09/18 13:07:48 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\QuickScan
    [2012/09/29 13:32:57 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\RegGenie
    [2010/08/25 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\TeamViewer
    [2010/01/07 08:13:58 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\Typing Assistant (English) 5.1
    [2010/09/13 10:47:36 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\Typing Assistant (English) 5.3
    [2009/09/05 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\WinBatch
    [2009/09/05 17:49:48 | 000,000,000 | ---D | M] -- C:\Users\DeAnna-I\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:C7461AB9
    @Alternate Data Stream - 1043 bytes -> C:\ProgramData\Temp:CFAFAA98
    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    I can't proceed because you didn't answer my question:
     
  18. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    It seems to be better. Not as "jerky" as before. I have 58 processes running right now! Some are repetitious. Is this normal? I would send you a print screen of it but it would not allow me to paste it here.

    I have used those Registry Cleaners lately, but I deleted them as you suggested. Should I do something to repair Vista? Or is there anything else I can check to make sure all the files are there and I did not delete something necessary.

    By the way, all the scanning and posting flew by me. Was there anything really bad on my computer or did those scans take care of it?
     
  19. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Leave processes alone.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
      O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: alexian.net ([meditech] https in Trusted sites)
      O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: mojohelpdesk.com ([keystrokes] https in Trusted sites)
      O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
      O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: speechmachines.org ([mq1webc2] https in Trusted sites)
      O15 - HKU\S-1-5-21-1958714084-3576785742-3840764162-1000\..Trusted Domains: speechmachines.org ([www] * in Trusted sites)
      O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2010/04/26 09:36:38 | 000,012,190 | -HS- | C] () -- C:\Users\DeAnna-I\AppData\Local\6yB3PQs2
      [2010/04/26 09:36:38 | 000,012,190 | -HS- | C] () -- C:\ProgramData\6yB3PQs2
      [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      @Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:C7461AB9
      @Alternate Data Stream - 1043 bytes -> C:\ProgramData\Temp:CFAFAA98
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    All processes killed
    ========== OTL ==========
    Error: No service named SBSDWSCService was found to stop!
    Service\Driver key SBSDWSCService not found.
    File C:\Program Files\Spybot not found.
    Registry key HKEY_USERS\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alexian.net\meditech\ not found.
    Registry key HKEY_USERS\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojohelpdesk.com\keystrokes\ not found.
    Registry key HKEY_USERS\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\samsungsetup.com\www\ not found.
    Registry key HKEY_USERS\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\speechmachines.org\mq1webc2\ not found.
    Registry key HKEY_USERS\S-1-5-21-1958714084-3576785742-3840764162-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\speechmachines.org\www\ not found.
    Starting removal of ActiveX control {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    File C:\Users\DeAnna-I\AppData\Local\6yB3PQs2 not found.
    File C:\ProgramData\6yB3PQs2 not found.
    File C:\Windows\assembly\Desktop.ini not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    Unable to delete ADS C:\ProgramData\Temp:C7461AB9 .
    Unable to delete ADS C:\ProgramData\Temp:CFAFAA98 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: DeAnna-I
    ->Temp folder emptied: 31832 bytes
    ->Temporary Internet Files folder emptied: 33237 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 524642 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1.00 mb


    [EMPTYJAVA]

    User: All Users

    User: DeAnna-I
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: LogMeInRemoteUser

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: DeAnna-I
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LogMeInRemoteUser

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10012012_221308
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  21. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    Results of screen317's Security Check version 0.99.51
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Java(TM) 6 Update 21
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 19.0.1084.56
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    IObit IObit Malware Fighter IMFsrv.exe
    IObit IObit Malware Fighter IMF.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1 %
    ````````````````````End of Log``````````````````````
     
  22. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    Farbar Service Scanner Version: 19-09-2012
    Ran by DeAnna-I (administrator) on 01-10-2012 at 22:29:22
    Running from "C:\Users\DeAnna-I\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  23. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    # AdwCleaner v2.003 - Logfile created 10/01/2012 at 22:31:24
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : DeAnna-I - DMAIN
    # Boot Mode : Normal
    # Running from : C:\Users\DeAnna-I\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\Windows\Uninstall.exe
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\OApps
    Folder Deleted : C:\Users\DeAnna-I\AppData\Local\Conduit
    Folder Deleted : C:\Users\DeAnna-I\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\DeAnna-I\AppData\LocalLow\PriceGong
    ***** [Registry] *****
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Software
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    *************************
    AdwCleaner[S1].txt - [2338 octets] - [01/10/2012 22:31:24]
    ########## EOF - C:\AdwCleaner[S1].txt - [2398 octets] ##########
     
  24. Babbette

    Babbette TS Rookie Topic Starter Posts: 84

    C:\Program Files\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan cleaned by deleting - quarantined
     
  25. Broni

    Broni Malware Annihilator Posts: 47,975   +271

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===============================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.