TechSpot

Need help removing svchost.exe trojan

Solved
By kcihteteyr
Nov 28, 2012
  1. I am helping a friend with her computer and while running malwarebytes I have found svchost.exe trojan. I also keep getting a pop up reguarding sndappv2.exe, I tried to diable in cmd but it would not let me. None of which I am able to do anything about. The computer doesn't always boot into windows and will go into system recovery but doesn't actually recover or if it does I will get into the windows screen and than it will go black. Many times it will go into bsod before I am able to do anything. So far after installing malwarebytes and runner ccleaner I am able to keep it running without bsod. Please any assistance in getting this computer up and running properly would greatly be appreciated.

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Please observe forum rules: http://www.techspot.com/community/t...lware-removal-preliminary-instructions.58138/

  3. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.27.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Katie :: DAPHNE [administrator]
    Protection: Enabled
    11/28/2012 8:11:37 PM
    mbam-log-2012-11-28 (20-15-27).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 276119
    Time elapsed: 2 minute(s), 47 second(s)
    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 2384 -> No action taken.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCR\Interface\{66666666-6666-6666-6666-660066466639} (PUP.CrossFire.SA) -> No action taken.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> No action taken.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.
    (end)
  4. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514
    Run by Katie at 20:53:38 on 2012-11-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6133.4325 [GMT -6:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Nova Development\Scrapbooks Plus 3.0\ReminderApp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\jusched.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\System32\cscript.exe
    .
  5. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mWinlogon: Userinit = userinit.exe,
    BHO: mefeediaTest: {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: mefeediaTest: {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll
    TB: PasswordBox: {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
    uRun: [EPSON NX410 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_SCEC4.tmp" /EF "HKCU"
    uRun: [ctfmon.exe] C:\Windows\System32\ctfmon.exe
    uRun: [Google Update] "C:\Users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
    mRun: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbooks Plus 3.0\ReminderApp.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE
    StartupFolder: C:\Users\Katie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\Katie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPSONA~1.LNK - D:\Common\EpsonReg\EpsonReg.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    LSP: C:\Windows\System32\Sendori.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{72DDB7C1-DF51-43F2-920E-34C6BFAAC950} : NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
    TCP: Interfaces\{72DDB7C1-DF51-43F2-920E-34C6BFAAC950} : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
    SSODL: WebCheck - <orphaned>
    x64-BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
  6. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-20 55280]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-2-20 92160]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-11-26 118632]
    R2 DefaultTabUpdate;DefaultTabUpdate;C:\Users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-10-16 107520]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-12-24 48488]
    R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    R2 IB Updater Updater;IB Updater Updater;C:\Program Files\IB Updater\ExtensionUpdaterService.exe [2012-10-16 188760]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-27 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-27 676936]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
    R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2012-10-29 55808]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-11-26 14696]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-2-20 656624]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-11-26 3569512]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-27 25928]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-20 215040]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-10-13 131912]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-6 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\Windows\System32\drivers\lgx64gps.sys [2011-2-19 27136]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-11-29 02:17:55 20480 ------w- C:\Windows\svchost.exe
    2012-11-29 00:28:27 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5DEB2D0-06A4-41A7-B479-6E516144FD63}\gapaengine.dll
    2012-11-29 00:26:58 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6744ABCF-DA89-4CF2-9D3C-EDBC87181F8B}\mpengine.dll
    2012-11-29 00:25:06 -------- d-----w- C:\Program Files\CCleaner
    2012-11-27 16:14:57 -------- d-----w- C:\Users\Katie\AppData\Roaming\Malwarebytes
    2012-11-27 16:14:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-11-27 16:14:41 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-27 16:14:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-27 09:08:26 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-27 09:08:25 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-27 09:08:25 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-27 09:08:25 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-27 09:00:58 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-27 09:00:57 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-27 09:00:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-27 09:00:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-27 09:00:52 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-27 09:00:52 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-27 09:00:52 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-27 04:15:41 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-27 04:10:05 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-11-27 04:10:05 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-11-16 14:21:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-11-16 14:21:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-11-16 14:21:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-11-16 14:21:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-11-16 14:21:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-11-16 14:21:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-11-16 14:21:32 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-11-06 13:30:18 -------- d-----w- C:\Users\Katie\AppData\Local\APN
    2012-11-06 13:30:16 -------- d-----w- C:\Firefox
    2012-11-06 13:20:04 -------- d-----w- C:\ProgramData\Ask
    2012-11-06 13:19:32 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-11-02 22:00:52 -------- d-----w- C:\ProgramData\raoydanhkjhgwto
    2012-11-02 21:11:32 -------- d-----w- C:\2a0b30a6093e9ccb3f5775
    2012-11-01 01:30:53 -------- d-----w- C:\Users\Katie\AppData\Roaming\PC Utility Kit
    2012-11-01 01:30:53 -------- d-----w- C:\Users\Katie\AppData\Roaming\DriverCure
    2012-11-01 01:30:43 -------- d-----w- C:\ProgramData\PC Utility Kit
    .
    ==================== Find3M ====================
    .
    2012-11-26 19:12:42 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll
    2012-11-06 13:19:13 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-09 23:28:25 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 23:28:25 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-26 17:00:08 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll.old.jxlirx
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    .
    ============= FINISH: 20:54:07.19 ===============
  7. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/6/2010 9:22:53 PM
    System Uptime: 11/28/2012 8:16:28 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0N826N
    Processor: Pentium(R) Dual-Core CPU E5400 @ 2.70GHz | Socket 775 | 1188/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 506.195 GiB free.
    D: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP194: 10/31/2012 11:11:09 PM - Windows Update
    RP196: 11/2/2012 4:09:29 PM - Microsoft Antimalware Checkpoint
    RP199: 11/4/2012 9:15:59 PM - Windows Update
    RP198: 11/4/2012 11:07:25 PM - Microsoft Antimalware Checkpoint
    RP201: 11/6/2012 7:14:09 AM - Microsoft Antimalware Checkpoint
    RP202: 11/6/2012 7:18:22 AM - Installed Java(TM) 6 Update 37
    RP203: 11/6/2012 7:19:38 AM - Installed Java Runtime Environment
    RP204: 11/10/2012 10:12:01 AM - Windows Update
    RP205: 11/16/2012 8:10:06 AM - Windows Update
    RP206: 11/16/2012 8:18:19 AM - Windows Update
    RP207: 11/26/2012 10:14:39 PM - Windows Update
    RP208: 11/27/2012 3:00:23 AM - Windows Update
    RP210: 11/27/2012 10:29:35 AM - Microsoft Antimalware Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CCleaner
    Comcast High-Speed Internet Install Wizard
    Compatibility Pack for the 2007 Office system
    Consumer In-Home Service Agreement
    CWA Reminder by We-Care.com v4.1.19.3
    D3DX10
    DealPly
    DefaultTab
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Dock
    Dell Edoc Viewer
    Desura
    Desura: ERIE
    Epson CreativeZone
    Epson Easy Photo Print 2
    EPSON NX410 Series Printer Uninstall
    EPSON Scan
    Evernote v. 4.5.8
    Google Chrome
    GoToAssist 8.0.0.514
    IB Updater 2.0.0.530
    iLivid
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 17 (64-bit)
    Java(TM) 6 Update 37
    Junk Mail filter update
    LG USB Modem driver
    LTCM Client
    Malwarebytes Anti-Malware version 1.65.1.1000
    MeFeedia
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Search Enhancement Pack
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    MobileMe Control Panel
    MSVCRT
    MSVCRT_amd64
    PasswordBox
    PowerDVD DX
    PricePeep
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Burn
    Safari
    SCRABBLE
    Scrapbooks Plus 3.0
    Search-Results Toolbar
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    SelectionLinks
    Sendori
    SMPlayer 0.6.9
    TelevisionFanatic Toolbar Chrome Extension
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VoiceOver Kit
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yontoo 1.10.02
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/28/2012 8:18:19 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    11/28/2012 8:18:14 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s).
    11/28/2012 8:18:14 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service.
    11/28/2012 6:10:57 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
    11/26/2012 9:46:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/26/2012 9:46:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/26/2012 9:46:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/26/2012 9:38:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/26/2012 9:38:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/26/2012 9:37:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/26/2012 9:37:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/26/2012 9:37:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/26/2012 9:37:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/26/2012 9:37:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
    11/26/2012 9:37:20 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/26/2012 9:37:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/26/2012 9:36:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002d0e0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112612-39421-01.
    11/26/2012 9:34:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/26/2012 9:34:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/26/2012 9:34:09 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/26/2012 9:31:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa8006608bb0, 0x0000000000000000, 0x000000007efa8000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112612-40903-01.
    11/26/2012 9:13:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/26/2012 9:13:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...5.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/26/2012 9:13:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.2225.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/26/2012 6:12:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8006c9cb30, 0xfffffa8006c9ce10, 0xfffff80002f8f460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 112612-37346-01.
    .
    ==== End Of File ===========================
  8. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.

    Next...

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  9. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.27.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Katie :: DAPHNE [administrator]
    Protection: Enabled
    11/29/2012 11:03:17 AM
    mbam-log-2012-11-29 (11-03-17).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 275917
    Time elapsed: 4 minute(s), 4 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    (end)
  10. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    11:34:53.0452 0320 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
    11:34:55.0464 0320 ============================================================
    11:34:55.0464 0320 Current date / time: 2012/11/29 11:34:55.0464
    11:34:55.0464 0320 SystemInfo:
    11:34:55.0464 0320
    11:34:55.0464 0320 OS Version: 6.1.7601 ServicePack: 1.0
    11:34:55.0464 0320 Product type: Workstation
    11:34:55.0464 0320 ComputerName: DAPHNE
    11:34:55.0464 0320 UserName: Katie
    11:34:55.0464 0320 Windows directory: C:\Windows
    11:34:55.0464 0320 System windows directory: C:\Windows
    11:34:55.0464 0320 Running under WOW64
    11:34:55.0464 0320 Processor architecture: Intel x64
    11:34:55.0464 0320 Number of processors: 2
    11:34:55.0464 0320 Page size: 0x1000
    11:34:55.0464 0320 Boot type: Normal boot
    11:34:55.0464 0320 ============================================================
    11:34:56.0728 0320 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:34:56.0759 0320 ============================================================
    11:34:56.0759 0320 \Device\Harddisk0\DR0:
    11:34:56.0759 0320 MBR partitions:
    11:34:56.0759 0320 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    11:34:56.0759 0320 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x48AF7AB0
    11:34:56.0759 0320 ============================================================
    11:34:56.0775 0320 C: <-> \Device\Harddisk0\DR0\Partition2
    11:34:56.0775 0320 ============================================================
    11:34:56.0775 0320 Initialize success
    11:34:56.0775 0320 ============================================================
    11:35:01.0081 4136 ============================================================
    11:35:01.0081 4136 Scan started
    11:35:01.0081 4136 Mode: Manual;
    11:35:01.0081 4136 ============================================================
    11:35:01.0705 4136 ================ Scan system memory ========================
    11:35:01.0705 4136 System memory - ok
    11:35:01.0705 4136 ================ Scan services =============================
    11:35:01.0800 4136 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    11:35:01.0800 4136 1394ohci - ok
    11:35:01.0831 4136 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    11:35:01.0831 4136 ACPI - ok
    11:35:01.0862 4136 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    11:35:01.0862 4136 AcpiPmi - ok
    11:35:01.0956 4136 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:35:01.0956 4136 AdobeFlashPlayerUpdateSvc - ok
    11:35:01.0987 4136 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    11:35:02.0018 4136 adp94xx - ok
    11:35:02.0065 4136 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    11:35:02.0065 4136 adpahci - ok
    11:35:02.0081 4136 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    11:35:02.0081 4136 adpu320 - ok
    11:35:02.0112 4136 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    11:35:02.0112 4136 AeLookupSvc - ok
    11:35:02.0159 4136 [ 3AC22A3DFA8A050E35F0E3CD99D0CDF2 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    11:35:02.0159 4136 AERTFilters - ok
    11:35:02.0221 4136 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    11:35:02.0237 4136 AFD - ok
    11:35:02.0268 4136 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    11:35:02.0268 4136 agp440 - ok
    11:35:02.0268 4136 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    11:35:02.0283 4136 ALG - ok
    11:35:02.0299 4136 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    11:35:02.0299 4136 aliide - ok
    11:35:02.0315 4136 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    11:35:02.0315 4136 amdide - ok
    11:35:02.0346 4136 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    11:35:02.0346 4136 AmdK8 - ok
    11:35:02.0361 4136 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    11:35:02.0361 4136 AmdPPM - ok
    11:35:02.0393 4136 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    11:35:02.0393 4136 amdsata - ok
    11:35:02.0408 4136 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    11:35:02.0408 4136 amdsbs - ok
    11:35:02.0424 4136 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    11:35:02.0424 4136 amdxata - ok
    11:35:02.0455 4136 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    11:35:02.0455 4136 AppID - ok
    11:35:02.0471 4136 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    11:35:02.0471 4136 AppIDSvc - ok
    11:35:02.0502 4136 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    11:35:02.0502 4136 Appinfo - ok
    11:35:02.0595 4136 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    11:35:02.0595 4136 Apple Mobile Device - ok
    11:35:02.0642 4136 [ 4D43EBBFE624FC12A68AA7BF82F7A5D1 ] Application Sendori C:\Program Files (x86)\Sendori\SendoriSvc.exe
    11:35:02.0689 4136 Application Sendori - ok
    11:35:02.0720 4136 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    11:35:02.0720 4136 arc - ok
    11:35:02.0736 4136 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    11:35:02.0768 4136 arcsas - ok
    11:35:02.0830 4136 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    11:35:02.0862 4136 AsyncMac - ok
    11:35:02.0908 4136 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    11:35:02.0908 4136 atapi - ok
    11:35:03.0002 4136 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    11:35:03.0033 4136 AudioEndpointBuilder - ok
    11:35:03.0049 4136 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    11:35:03.0049 4136 AudioSrv - ok
    11:35:03.0096 4136 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    11:35:03.0096 4136 AxInstSV - ok
    11:35:03.0142 4136 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    11:35:03.0158 4136 b06bdrv - ok
    11:35:03.0189 4136 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:35:03.0189 4136 b57nd60a - ok
    11:35:03.0236 4136 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    11:35:03.0236 4136 BDESVC - ok
    11:35:03.0252 4136 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    11:35:03.0252 4136 Beep - ok
    11:35:03.0298 4136 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    11:35:03.0314 4136 BFE - ok
    11:35:03.0330 4136 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    11:35:03.0345 4136 BITS - ok
    11:35:03.0361 4136 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    11:35:03.0376 4136 blbdrive - ok
    11:35:03.0423 4136 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    11:35:03.0439 4136 Bonjour Service - ok
    11:35:03.0470 4136 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    11:35:03.0470 4136 bowser - ok
    11:35:03.0486 4136 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:35:03.0486 4136 BrFiltLo - ok
    11:35:03.0501 4136 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:35:03.0501 4136 BrFiltUp - ok
    11:35:03.0532 4136 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    11:35:03.0532 4136 Browser - ok
    11:35:03.0548 4136 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    11:35:03.0564 4136 Brserid - ok
    11:35:03.0579 4136 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    11:35:03.0579 4136 BrSerWdm - ok
    11:35:03.0595 4136 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:35:03.0595 4136 BrUsbMdm - ok
    11:35:03.0610 4136 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    11:35:03.0610 4136 BrUsbSer - ok
    11:35:03.0610 4136 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    11:35:03.0610 4136 BTHMODEM - ok
    11:35:03.0642 4136 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    11:35:03.0657 4136 bthserv - ok
    11:35:03.0673 4136 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    11:35:03.0673 4136 cdfs - ok
    11:35:03.0704 4136 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    11:35:03.0704 4136 cdrom - ok
    11:35:03.0751 4136 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    11:35:03.0751 4136 CertPropSvc - ok
    11:35:03.0766 4136 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    11:35:03.0766 4136 circlass - ok
    11:35:03.0798 4136 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    11:35:03.0798 4136 CLFS - ok
    11:35:03.0860 4136 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:35:03.0860 4136 clr_optimization_v2.0.50727_32 - ok
    11:35:03.0891 4136 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:35:03.0891 4136 clr_optimization_v2.0.50727_64 - ok
    11:35:03.0969 4136 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:35:03.0969 4136 clr_optimization_v4.0.30319_32 - ok
    11:35:04.0000 4136 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:35:04.0000 4136 clr_optimization_v4.0.30319_64 - ok
    11:35:04.0032 4136 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    11:35:04.0032 4136 CmBatt - ok
    11:35:04.0047 4136 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    11:35:04.0047 4136 cmdide - ok
    11:35:04.0094 4136 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    11:35:04.0094 4136 CNG - ok
    11:35:04.0110 4136 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    11:35:04.0110 4136 Compbatt - ok
    11:35:04.0156 4136 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    11:35:04.0172 4136 CompositeBus - ok
    11:35:04.0188 4136 COMSysApp - ok
    11:35:04.0203 4136 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    11:35:04.0203 4136 crcdisk - ok
    11:35:04.0250 4136 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    11:35:04.0250 4136 CryptSvc - ok
    11:35:04.0297 4136 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    11:35:04.0312 4136 DcomLaunch - ok
    11:35:04.0406 4136 [ 34AE0DFA3EE3B5B9975042D87332D0B7 ] DefaultTabUpdate C:\Users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    11:35:04.0453 4136 DefaultTabUpdate - ok
    11:35:04.0484 4136 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    11:35:04.0484 4136 defragsvc - ok
    11:35:04.0531 4136 [ 2B9A817DC1BDAD9CE5495099B6A7136A ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
    11:35:04.0765 4136 Desura Install Service - ok
    11:35:04.0812 4136 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    11:35:04.0812 4136 DfsC - ok
    11:35:04.0843 4136 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    11:35:04.0843 4136 Dhcp - ok
    11:35:04.0874 4136 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    11:35:04.0874 4136 discache - ok
    11:35:04.0905 4136 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    11:35:04.0905 4136 Disk - ok
    11:35:04.0936 4136 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    11:35:04.0952 4136 Dnscache - ok
    11:35:04.0999 4136 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    11:35:05.0014 4136 DockLoginService - ok
    11:35:05.0046 4136 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    11:35:05.0046 4136 dot3svc - ok
    11:35:05.0061 4136 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    11:35:05.0077 4136 DPS - ok
    11:35:05.0092 4136 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    11:35:05.0092 4136 drmkaud - ok
    11:35:05.0124 4136 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    11:35:05.0124 4136 DXGKrnl - ok
    11:35:05.0155 4136 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    11:35:05.0155 4136 EapHost - ok
    11:35:06.0356 4136 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    11:35:06.0387 4136 ebdrv - ok
    11:35:06.0418 4136 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    11:35:06.0418 4136 EFS - ok
    11:35:06.0465 4136 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    11:35:06.0465 4136 ehRecvr - ok
    11:35:06.0512 4136 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    11:35:06.0512 4136 ehSched - ok
    11:35:06.0543 4136 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    11:35:06.0559 4136 elxstor - ok
    11:35:06.0590 4136 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    11:35:06.0590 4136 ErrDev - ok
    11:35:06.0621 4136 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    11:35:06.0637 4136 EventSystem - ok
    11:35:06.0652 4136 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    11:35:06.0652 4136 exfat - ok
    11:35:06.0668 4136 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    11:35:06.0668 4136 fastfat - ok
    11:35:06.0715 4136 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    11:35:06.0730 4136 Fax - ok
    11:35:06.0746 4136 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    11:35:06.0746 4136 fdc - ok
    11:35:06.0777 4136 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    11:35:06.0777 4136 fdPHost - ok
    11:35:06.0777 4136 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    11:35:06.0777 4136 FDResPub - ok
    11:35:06.0793 4136 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    11:35:06.0793 4136 FileInfo - ok
    11:35:06.0808 4136 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    11:35:06.0808 4136 Filetrace - ok
    11:35:06.0824 4136 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    11:35:06.0824 4136 flpydisk - ok
    11:35:06.0855 4136 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    11:35:06.0855 4136 FltMgr - ok
    11:35:06.0902 4136 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    11:35:06.0918 4136 FontCache - ok
    11:35:06.0964 4136 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:35:06.0980 4136 FontCache3.0.0.0 - ok
    11:35:06.0980 4136 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    11:35:06.0996 4136 FsDepends - ok
    11:35:07.0027 4136 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    11:35:07.0027 4136 fssfltr - ok
    11:35:07.0105 4136 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    11:35:07.0105 4136 fsssvc - ok
    11:35:07.0152 4136 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    11:35:07.0152 4136 Fs_Rec - ok
    11:35:07.0292 4136 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    11:35:07.0292 4136 fvevol - ok
    11:35:07.0308 4136 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:35:07.0323 4136 gagp30kx - ok
    11:35:07.0354 4136 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:35:07.0354 4136 GEARAspiWDM - ok
    11:35:07.0417 4136 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    11:35:07.0417 4136 GoToAssist - ok
    11:35:07.0448 4136 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    11:35:07.0464 4136 gpsvc - ok
    11:35:07.0479 4136 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    11:35:07.0479 4136 hcw85cir - ok
    11:35:07.0510 4136 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    11:35:07.0510 4136 HDAudBus - ok
    11:35:07.0526 4136 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    11:35:07.0526 4136 HidBatt - ok
    11:35:07.0557 4136 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    11:35:07.0557 4136 HidBth - ok
    11:35:07.0573 4136 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    11:35:07.0573 4136 HidIr - ok
    11:35:07.0604 4136 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    11:35:07.0604 4136 hidserv - ok
    11:35:07.0635 4136 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    11:35:07.0635 4136 HidUsb - ok
    11:35:07.0666 4136 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    11:35:07.0666 4136 hkmsvc - ok
    11:35:07.0682 4136 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    11:35:07.0698 4136 HomeGroupListener - ok
    11:35:07.0713 4136 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    11:35:07.0713 4136 HomeGroupProvider - ok
    11:35:07.0744 4136 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    11:35:07.0744 4136 HpSAMD - ok
    11:35:07.0791 4136 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    11:35:07.0822 4136 HTTP - ok
    11:35:07.0838 4136 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    11:35:07.0838 4136 hwpolicy - ok
    11:35:07.0869 4136 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    11:35:07.0869 4136 i8042prt - ok
    11:35:07.0900 4136 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    11:35:07.0900 4136 iaStorV - ok
    11:35:07.0947 4136 [ 585F5F03EC38B163DC1C12EABC5C800A ] IB Updater Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    11:35:08.0010 4136 IB Updater Updater - ok
    11:35:08.0056 4136 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:35:08.0072 4136 idsvc - ok
    11:35:08.0212 4136 [ 24CC43ECDEEFD4C19FBBEE4951B647F1 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:35:08.0322 4136 igfx - ok
    11:35:08.0353 4136 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    11:35:08.0353 4136 iirsp - ok
    11:35:08.0400 4136 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    11:35:08.0431 4136 IKEEXT - ok
    11:35:08.0478 4136 [ F2B52C7B1C8E6A4FC4C4564F4A421F23 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    11:35:08.0493 4136 IntcAzAudAddService - ok
    11:35:08.0509 4136 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    11:35:08.0509 4136 intelide - ok
    11:35:08.0540 4136 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    11:35:08.0540 4136 intelppm - ok
    11:35:08.0571 4136 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    11:35:08.0571 4136 IPBusEnum - ok
    11:35:08.0602 4136 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:35:08.0602 4136 IpFilterDriver - ok
    11:35:08.0649 4136 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    11:35:08.0665 4136 iphlpsvc - ok
    11:35:08.0696 4136 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    11:35:08.0696 4136 IPMIDRV - ok
    11:35:08.0712 4136 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    11:35:08.0712 4136 IPNAT - ok
    11:35:08.0758 4136 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    11:35:08.0774 4136 iPod Service - ok
    11:35:08.0790 4136 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    11:35:08.0790 4136 IRENUM - ok
    11:35:08.0805 4136 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    11:35:08.0805 4136 isapnp - ok
    11:35:08.0836 4136 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    11:35:08.0836 4136 iScsiPrt - ok
    11:35:08.0852 4136 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    11:35:08.0852 4136 kbdclass - ok
    11:35:08.0868 4136 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    11:35:08.0883 4136 kbdhid - ok
    11:35:08.0883 4136 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    11:35:08.0883 4136 KeyIso - ok
    11:35:08.0914 4136 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    11:35:08.0914 4136 KSecDD - ok
    11:35:08.0930 4136 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    11:35:08.0930 4136 KSecPkg - ok
    11:35:08.0946 4136 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    11:35:08.0946 4136 ksthunk - ok
    11:35:08.0961 4136 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    11:35:08.0977 4136 KtmRm - ok
    11:35:09.0008 4136 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    11:35:09.0008 4136 LanmanServer - ok
    11:35:09.0039 4136 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    11:35:09.0039 4136 LanmanWorkstation - ok
    11:35:09.0070 4136 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    11:35:09.0086 4136 lltdio - ok
    11:35:09.0117 4136 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    11:35:09.0117 4136 lltdsvc - ok
    11:35:09.0133 4136 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    11:35:09.0148 4136 lmhosts - ok
    11:35:09.0164 4136 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:35:09.0180 4136 LSI_FC - ok
    11:35:09.0195 4136 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:35:09.0195 4136 LSI_SAS - ok
    11:35:09.0226 4136 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:35:09.0226 4136 LSI_SAS2 - ok
    11:35:09.0242 4136 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:35:09.0242 4136 LSI_SCSI - ok
    11:35:09.0258 4136 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    11:35:09.0258 4136 luafv - ok
    11:35:09.0304 4136 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    11:35:09.0304 4136 MBAMProtector - ok
    11:35:09.0398 4136 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    11:35:09.0414 4136 MBAMScheduler - ok
    11:35:09.0445 4136 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    11:35:09.0460 4136 MBAMService - ok
    11:35:09.0492 4136 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    11:35:09.0492 4136 Mcx2Svc - ok
    11:35:09.0507 4136 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    11:35:09.0507 4136 megasas - ok
    11:35:09.0523 4136 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    11:35:09.0523 4136 MegaSR - ok
    11:35:09.0538 4136 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    11:35:09.0554 4136 MMCSS - ok
    11:35:09.0570 4136 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    11:35:09.0570 4136 Modem - ok
    11:35:09.0585 4136 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    11:35:09.0585 4136 monitor - ok
    11:35:09.0616 4136 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    11:35:09.0616 4136 mouclass - ok
    11:35:09.0632 4136 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    11:35:09.0632 4136 mouhid - ok
    11:35:09.0663 4136 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    11:35:09.0663 4136 mountmgr - ok
    11:35:09.0710 4136 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    11:35:09.0710 4136 MpFilter - ok
    11:35:09.0741 4136 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    11:35:09.0741 4136 mpio - ok
    11:35:09.0757 4136 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    11:35:09.0757 4136 mpsdrv - ok
    11:35:09.0788 4136 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    11:35:09.0819 4136 MpsSvc - ok
    11:35:09.0835 4136 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    11:35:09.0835 4136 MRxDAV - ok
    11:35:09.0866 4136 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:35:09.0866 4136 mrxsmb - ok
    11:35:09.0897 4136 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:35:09.0897 4136 mrxsmb10 - ok
    11:35:09.0913 4136 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:35:09.0913 4136 mrxsmb20 - ok
    11:35:09.0944 4136 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    11:35:09.0944 4136 msahci - ok
    11:35:09.0975 4136 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    11:35:09.0975 4136 msdsm - ok
    11:35:09.0991 4136 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    11:35:10.0006 4136 MSDTC - ok
    11:35:10.0022 4136 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    11:35:10.0022 4136 Msfs - ok
    11:35:10.0022 4136 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    11:35:10.0038 4136 mshidkmdf - ok
    11:35:10.0038 4136 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    11:35:10.0038 4136 msisadrv - ok
    11:35:10.0084 4136 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    11:35:10.0084 4136 MSiSCSI - ok
    11:35:10.0100 4136 msiserver - ok
    11:35:10.0116 4136 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    11:35:10.0116 4136 MSKSSRV - ok
    11:35:10.0178 4136 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    11:35:10.0178 4136 MsMpSvc - ok
    11:35:10.0194 4136 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    11:35:10.0209 4136 MSPCLOCK - ok
    11:35:10.0240 4136 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    11:35:10.0240 4136 MSPQM - ok
    11:35:10.0272 4136 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    11:35:10.0272 4136 MsRPC - ok
    11:35:10.0318 4136 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    11:35:10.0318 4136 mssmbios - ok
    11:35:10.0334 4136 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    11:35:10.0334 4136 MSTEE - ok
    11:35:10.0365 4136 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    11:35:10.0365 4136 MTConfig - ok
    11:35:10.0396 4136 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    11:35:10.0396 4136 Mup - ok
    11:35:10.0412 4136 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    11:35:10.0428 4136 napagent - ok
    11:35:10.0459 4136 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    11:35:10.0459 4136 NativeWifiP - ok
    11:35:10.0506 4136 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    11:35:10.0521 4136 NDIS - ok
    11:35:10.0537 4136 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    11:35:10.0537 4136 NdisCap - ok
    11:35:10.0568 4136 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    11:35:10.0568 4136 NdisTapi - ok
    11:35:10.0599 4136 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    11:35:10.0599 4136 Ndisuio - ok
    11:35:10.0630 4136 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    11:35:10.0630 4136 NdisWan - ok
    11:35:10.0662 4136 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
  11. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    11:35:10.0662 4136 NDProxy - ok
    11:35:10.0677 4136 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    11:35:10.0677 4136 NetBIOS - ok
    11:35:10.0693 4136 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    11:35:10.0693 4136 NetBT - ok
    11:35:10.0708 4136 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    11:35:10.0724 4136 Netlogon - ok
    11:35:10.0755 4136 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    11:35:10.0755 4136 Netman - ok
    11:35:10.0786 4136 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    11:35:10.0802 4136 netprofm - ok
    11:35:10.0833 4136 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    11:35:10.0833 4136 NetTcpPortSharing - ok
    11:35:10.0849 4136 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    11:35:10.0849 4136 nfrd960 - ok
    11:35:10.0880 4136 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    11:35:10.0880 4136 NisDrv - ok
    11:35:10.0927 4136 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    11:35:10.0927 4136 NisSrv - ok
    11:35:10.0942 4136 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
    11:35:10.0942 4136 NlaSvc - ok
    11:35:10.0974 4136 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    11:35:10.0974 4136 Npfs - ok
    11:35:10.0989 4136 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    11:35:10.0989 4136 nsi - ok
    11:35:11.0005 4136 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    11:35:11.0005 4136 nsiproxy - ok
    11:35:11.0052 4136 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    11:35:11.0083 4136 Ntfs - ok
    11:35:11.0098 4136 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    11:35:11.0098 4136 Null - ok
    11:35:11.0145 4136 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    11:35:11.0145 4136 nvraid - ok
    11:35:11.0161 4136 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    11:35:11.0161 4136 nvstor - ok
    11:35:11.0192 4136 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    11:35:11.0192 4136 nv_agp - ok
    11:35:11.0208 4136 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    11:35:11.0208 4136 ohci1394 - ok
    11:35:11.0239 4136 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    11:35:11.0239 4136 p2pimsvc - ok
    11:35:11.0270 4136 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    11:35:11.0286 4136 p2psvc - ok
    11:35:11.0317 4136 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    11:35:11.0317 4136 Parport - ok
    11:35:11.0348 4136 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    11:35:11.0348 4136 partmgr - ok
    11:35:11.0410 4136 [ 2F436CAA73E16A8211C2CBAA838FFE62 ] PasswordBox C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    11:35:11.0410 4136 PasswordBox - ok
    11:35:11.0426 4136 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    11:35:11.0426 4136 PcaSvc - ok
    11:35:11.0442 4136 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    11:35:11.0442 4136 pci - ok
    11:35:11.0457 4136 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    11:35:11.0457 4136 pciide - ok
    11:35:11.0488 4136 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    11:35:11.0488 4136 pcmcia - ok
    11:35:11.0504 4136 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    11:35:11.0504 4136 pcw - ok
    11:35:11.0535 4136 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    11:35:11.0551 4136 PEAUTH - ok
    11:35:11.0613 4136 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    11:35:11.0629 4136 PerfHost - ok
    11:35:11.0691 4136 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    11:35:11.0722 4136 pla - ok
    11:35:11.0754 4136 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    11:35:11.0769 4136 PlugPlay - ok
    11:35:11.0769 4136 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    11:35:11.0769 4136 PNRPAutoReg - ok
    11:35:11.0800 4136 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    11:35:11.0800 4136 PNRPsvc - ok
    11:35:11.0816 4136 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    11:35:11.0832 4136 PolicyAgent - ok
    11:35:11.0863 4136 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    11:35:11.0863 4136 Power - ok
    11:35:11.0894 4136 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    11:35:11.0894 4136 PptpMiniport - ok
    11:35:11.0925 4136 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    11:35:11.0925 4136 Processor - ok
    11:35:11.0956 4136 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    11:35:11.0956 4136 ProfSvc - ok
    11:35:11.0972 4136 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    11:35:11.0972 4136 ProtectedStorage - ok
    11:35:12.0003 4136 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    11:35:12.0003 4136 Psched - ok
    11:35:12.0019 4136 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    11:35:12.0019 4136 PxHlpa64 - ok
    11:35:12.0066 4136 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    11:35:12.0097 4136 ql2300 - ok
    11:35:12.0112 4136 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    11:35:12.0112 4136 ql40xx - ok
    11:35:12.0144 4136 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    11:35:12.0144 4136 QWAVE - ok
    11:35:12.0159 4136 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    11:35:12.0159 4136 QWAVEdrv - ok
    11:35:12.0159 4136 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    11:35:12.0159 4136 RasAcd - ok
    11:35:12.0206 4136 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:35:12.0206 4136 RasAgileVpn - ok
    11:35:12.0222 4136 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    11:35:12.0222 4136 RasAuto - ok
    11:35:12.0253 4136 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:35:12.0253 4136 Rasl2tp - ok
    11:35:12.0268 4136 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    11:35:12.0268 4136 RasMan - ok
    11:35:12.0284 4136 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    11:35:12.0284 4136 RasPppoe - ok
    11:35:12.0315 4136 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    11:35:12.0315 4136 RasSstp - ok
    11:35:12.0331 4136 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    11:35:12.0331 4136 rdbss - ok
    11:35:12.0362 4136 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    11:35:12.0378 4136 rdpbus - ok
    11:35:12.0378 4136 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:35:12.0393 4136 RDPCDD - ok
    11:35:12.0424 4136 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    11:35:12.0424 4136 RDPENCDD - ok
    11:35:12.0440 4136 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    11:35:12.0440 4136 RDPREFMP - ok
    11:35:12.0471 4136 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    11:35:12.0471 4136 RDPWD - ok
    11:35:12.0518 4136 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    11:35:12.0518 4136 rdyboost - ok
    11:35:12.0534 4136 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    11:35:12.0534 4136 RemoteAccess - ok
    11:35:12.0549 4136 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    11:35:12.0565 4136 RemoteRegistry - ok
    11:35:12.0580 4136 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    11:35:12.0580 4136 RpcEptMapper - ok
    11:35:12.0596 4136 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    11:35:12.0596 4136 RpcLocator - ok
    11:35:12.0627 4136 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    11:35:12.0627 4136 RpcSs - ok
    11:35:12.0643 4136 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    11:35:12.0643 4136 rspndr - ok
    11:35:12.0690 4136 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    11:35:12.0690 4136 RTL8167 - ok
    11:35:12.0705 4136 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    11:35:12.0705 4136 SamSs - ok
    11:35:12.0736 4136 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    11:35:12.0736 4136 sbp2port - ok
    11:35:12.0752 4136 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    11:35:12.0752 4136 SCardSvr - ok
    11:35:12.0783 4136 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    11:35:12.0783 4136 scfilter - ok
    11:35:12.0814 4136 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    11:35:12.0830 4136 Schedule - ok
    11:35:12.0861 4136 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    11:35:12.0861 4136 SCPolicySvc - ok
    11:35:12.0877 4136 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    11:35:12.0877 4136 SDRSVC - ok
    11:35:12.0924 4136 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    11:35:12.0924 4136 SeaPort - ok
    11:35:12.0939 4136 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    11:35:12.0939 4136 secdrv - ok
    11:35:12.0970 4136 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    11:35:12.0970 4136 seclogon - ok
    11:35:12.0986 4136 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    11:35:12.0986 4136 SENS - ok
    11:35:13.0002 4136 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    11:35:13.0002 4136 SensrSvc - ok
    11:35:13.0017 4136 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    11:35:13.0017 4136 Serenum - ok
    11:35:13.0033 4136 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    11:35:13.0033 4136 Serial - ok
    11:35:13.0048 4136 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    11:35:13.0048 4136 sermouse - ok
    11:35:13.0095 4136 [ 4A9D0AC2EA3275EFE75D7446C3E08F02 ] Service Sendori C:\Program Files (x86)\Sendori\Sendori.Service.exe
    11:35:13.0095 4136 Service Sendori - ok
    11:35:13.0142 4136 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    11:35:13.0142 4136 SessionEnv - ok
    11:35:13.0173 4136 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    11:35:13.0173 4136 sffdisk - ok
    11:35:13.0189 4136 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    11:35:13.0189 4136 sffp_mmc - ok
    11:35:13.0220 4136 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    11:35:13.0220 4136 sffp_sd - ok
    11:35:13.0236 4136 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    11:35:13.0236 4136 sfloppy - ok
    11:35:13.0282 4136 [ 7F475425582163602EF1589C0071E521 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    11:35:13.0298 4136 SftService - ok
    11:35:13.0329 4136 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    11:35:13.0329 4136 SharedAccess - ok
    11:35:13.0345 4136 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    11:35:13.0360 4136 ShellHWDetection - ok
    11:35:13.0392 4136 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:35:13.0392 4136 SiSRaid2 - ok
     
  12. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    11:35:13.0407 4136 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    11:35:13.0407 4136 SiSRaid4 - ok
    11:35:13.0423 4136 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    11:35:13.0423 4136 Smb - ok
    11:35:13.0532 4136 [ 69304446E04111DC3656F71570D1075A ] sndappv2 C:\Program Files (x86)\Sendori\sndappv2.exe
    11:35:13.0548 4136 sndappv2 - ok
    11:35:13.0579 4136 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    11:35:13.0579 4136 SNMPTRAP - ok
    11:35:13.0594 4136 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    11:35:13.0594 4136 spldr - ok
    11:35:13.0626 4136 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    11:35:13.0641 4136 Spooler - ok
    11:35:13.0735 4136 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    11:35:13.0797 4136 sppsvc - ok
    11:35:13.0813 4136 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    11:35:13.0813 4136 sppuinotify - ok
    11:35:13.0844 4136 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    11:35:13.0844 4136 srv - ok
    11:35:13.0860 4136 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    11:35:13.0875 4136 srv2 - ok
    11:35:13.0891 4136 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    11:35:13.0891 4136 srvnet - ok
    11:35:13.0922 4136 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    11:35:13.0922 4136 SSDPSRV - ok
    11:35:13.0938 4136 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    11:35:13.0938 4136 SstpSvc - ok
    11:35:13.0953 4136 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    11:35:13.0953 4136 stexstor - ok
    11:35:13.0984 4136 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    11:35:14.0000 4136 stisvc - ok
    11:35:14.0031 4136 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    11:35:14.0031 4136 swenum - ok
    11:35:14.0047 4136 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    11:35:14.0062 4136 swprv - ok
    11:35:14.0109 4136 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    11:35:14.0156 4136 SysMain - ok
    11:35:14.0172 4136 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    11:35:14.0187 4136 TabletInputService - ok
    11:35:14.0203 4136 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    11:35:14.0203 4136 TapiSrv - ok
    11:35:14.0218 4136 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    11:35:14.0218 4136 TBS - ok
    11:35:14.0281 4136 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    11:35:14.0312 4136 Tcpip - ok
    11:35:14.0374 4136 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    11:35:14.0374 4136 TCPIP6 - ok
    11:35:14.0421 4136 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    11:35:14.0421 4136 tcpipreg - ok
    11:35:14.0437 4136 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    11:35:14.0437 4136 TDPIPE - ok
    11:35:14.0468 4136 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    11:35:14.0468 4136 TDTCP - ok
    11:35:14.0515 4136 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    11:35:14.0515 4136 tdx - ok
    11:35:14.0530 4136 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    11:35:14.0530 4136 TermDD - ok
    11:35:14.0546 4136 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    11:35:14.0577 4136 TermService - ok
    11:35:14.0593 4136 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    11:35:14.0593 4136 Themes - ok
    11:35:14.0608 4136 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    11:35:14.0608 4136 THREADORDER - ok
    11:35:14.0624 4136 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    11:35:14.0640 4136 TrkWks - ok
    11:35:14.0671 4136 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    11:35:14.0686 4136 TrustedInstaller - ok
    11:35:14.0718 4136 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:35:14.0718 4136 tssecsrv - ok
    11:35:14.0764 4136 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    11:35:14.0764 4136 TsUsbFlt - ok
    11:35:14.0796 4136 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    11:35:14.0796 4136 tunnel - ok
    11:35:14.0811 4136 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    11:35:14.0827 4136 uagp35 - ok
    11:35:14.0842 4136 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    11:35:14.0842 4136 udfs - ok
    11:35:14.0874 4136 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    11:35:14.0874 4136 UI0Detect - ok
    11:35:14.0889 4136 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    11:35:14.0889 4136 uliagpkx - ok
    11:35:14.0936 4136 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    11:35:14.0936 4136 umbus - ok
    11:35:14.0952 4136 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    11:35:14.0952 4136 UmPass - ok
    11:35:14.0983 4136 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    11:35:14.0983 4136 upnphost - ok
    11:35:15.0045 4136 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    11:35:15.0045 4136 USBAAPL64 - ok
    11:35:15.0170 4136 [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
    11:35:15.0170 4136 usbbus - ok
    11:35:15.0201 4136 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    11:35:15.0201 4136 usbccgp - ok
    11:35:15.0217 4136 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    11:35:15.0217 4136 usbcir - ok
    11:35:15.0232 4136 [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
    11:35:15.0232 4136 UsbDiag - ok
    11:35:15.0248 4136 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    11:35:15.0248 4136 usbehci - ok
    11:35:15.0264 4136 [ 8E36E68C0B7FA174012A61A290351E49 ] UsbGps C:\Windows\system32\DRIVERS\lgx64gps.sys
    11:35:15.0264 4136 UsbGps - ok
    11:35:15.0326 4136 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    11:35:15.0342 4136 usbhub - ok
    11:35:15.0373 4136 [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
    11:35:15.0373 4136 USBModem - ok
    11:35:15.0388 4136 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    11:35:15.0388 4136 usbohci - ok
    11:35:15.0435 4136 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    11:35:15.0435 4136 usbprint - ok
    11:35:15.0451 4136 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    11:35:15.0451 4136 usbscan - ok
    11:35:15.0482 4136 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:35:15.0482 4136 USBSTOR - ok
    11:35:15.0482 4136 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    11:35:15.0482 4136 usbuhci - ok
    11:35:15.0513 4136 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    11:35:15.0513 4136 UxSms - ok
    11:35:15.0529 4136 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    11:35:15.0529 4136 VaultSvc - ok
    11:35:15.0544 4136 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    11:35:15.0544 4136 vdrvroot - ok
    11:35:15.0576 4136 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    11:35:15.0591 4136 vds - ok
    11:35:15.0622 4136 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    11:35:15.0622 4136 vga - ok
    11:35:15.0638 4136 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    11:35:15.0638 4136 VgaSave - ok
    11:35:15.0654 4136 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    11:35:15.0654 4136 vhdmp - ok
    11:35:15.0669 4136 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    11:35:15.0669 4136 viaide - ok
    11:35:15.0685 4136 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    11:35:15.0685 4136 volmgr - ok
    11:35:15.0716 4136 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    11:35:15.0716 4136 volmgrx - ok
    11:35:15.0732 4136 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    11:35:15.0732 4136 volsnap - ok
    11:35:15.0763 4136 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    11:35:15.0763 4136 vsmraid - ok
    11:35:15.0810 4136 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    11:35:15.0856 4136 VSS - ok
    11:35:15.0856 4136 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    11:35:15.0856 4136 vwifibus - ok
    11:35:15.0903 4136 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    11:35:15.0919 4136 W32Time - ok
    11:35:15.0950 4136 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    11:35:15.0950 4136 WacomPen - ok
    11:35:15.0981 4136 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    11:35:15.0981 4136 WANARP - ok
    11:35:15.0997 4136 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    11:35:15.0997 4136 Wanarpv6 - ok
    11:35:16.0044 4136 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    11:35:16.0075 4136 WatAdminSvc - ok
    11:35:16.0106 4136 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    11:35:16.0137 4136 wbengine - ok
    11:35:16.0153 4136 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    11:35:16.0184 4136 WbioSrvc - ok
    11:35:16.0215 4136 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    11:35:16.0215 4136 wcncsvc - ok
    11:35:16.0246 4136 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    11:35:16.0246 4136 WcsPlugInService - ok
    11:35:16.0278 4136 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    11:35:16.0278 4136 Wd - ok
    11:35:16.0309 4136 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    11:35:16.0340 4136 Wdf01000 - ok
    11:35:16.0371 4136 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    11:35:16.0371 4136 WdiServiceHost - ok
    11:35:16.0371 4136 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    11:35:16.0371 4136 WdiSystemHost - ok
    11:35:16.0402 4136 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    11:35:16.0418 4136 WebClient - ok
    11:35:16.0434 4136 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    11:35:16.0465 4136 Wecsvc - ok
    11:35:16.0496 4136 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    11:35:16.0512 4136 wercplsupport - ok
    11:35:16.0512 4136 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    11:35:16.0527 4136 WerSvc - ok
    11:35:16.0543 4136 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    11:35:16.0543 4136 WfpLwf - ok
    11:35:16.0590 4136 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    11:35:16.0590 4136 WimFltr - ok
    11:35:16.0605 4136 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    11:35:16.0605 4136 WIMMount - ok
    11:35:16.0621 4136 WinHttpAutoProxySvc - ok
    11:35:16.0668 4136 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    11:35:16.0668 4136 Winmgmt - ok
    11:35:16.0730 4136 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    11:35:16.0761 4136 WinRM - ok
    11:35:16.0808 4136 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    11:35:16.0808 4136 WinUsb - ok
    11:35:16.0824 4136 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    11:35:16.0855 4136 Wlansvc - ok
    11:35:16.0917 4136 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    11:35:16.0917 4136 wlcrasvc - ok
    11:35:16.0995 4136 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    11:35:17.0011 4136 wlidsvc - ok
    11:35:17.0026 4136 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    11:35:17.0026 4136 WmiAcpi - ok
    11:35:17.0058 4136 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    11:35:17.0058 4136 wmiApSrv - ok
    11:35:17.0073 4136 WMPNetworkSvc - ok
    11:35:17.0073 4136 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    11:35:17.0089 4136 WPCSvc - ok
    11:35:17.0104 4136 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    11:35:17.0104 4136 WPDBusEnum - ok
    11:35:17.0136 4136 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    11:35:17.0136 4136 ws2ifsl - ok
    11:35:17.0151 4136 WSearch - ok
    11:35:17.0214 4136 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
  13. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    11:35:17.0260 4136 wuauserv - ok
    11:35:17.0276 4136 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    11:35:17.0276 4136 WudfPf - ok
    11:35:17.0307 4136 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:35:17.0307 4136 WUDFRd - ok
    11:35:17.0323 4136 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    11:35:17.0338 4136 wudfsvc - ok
    11:35:17.0354 4136 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    11:35:17.0354 4136 WwanSvc - ok
    11:35:17.0370 4136 ================ Scan global ===============================
    11:35:17.0385 4136 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    11:35:17.0416 4136 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    11:35:17.0448 4136 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    11:35:17.0463 4136 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    11:35:17.0494 4136 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    11:35:17.0510 4136 [Global] - ok
    11:35:17.0510 4136 ================ Scan MBR ==================================
    11:35:17.0526 4136 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
    11:35:17.0526 4136 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    11:35:17.0588 4136 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    11:35:17.0588 4136 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    11:35:17.0588 4136 ================ Scan VBR ==================================
    11:35:17.0588 4136 [ 6ACAB21DB5BC6B3C0A5AF312CDC4616F ] \Device\Harddisk0\DR0\Partition1
    11:35:17.0588 4136 \Device\Harddisk0\DR0\Partition1 - ok
    11:35:17.0619 4136 [ 5D9C7D3D03BC284D464D74F108AB9CAE ] \Device\Harddisk0\DR0\Partition2
    11:35:17.0619 4136 \Device\Harddisk0\DR0\Partition2 - ok
    11:35:17.0619 4136 ============================================================
    11:35:17.0619 4136 Scan finished
    11:35:17.0619 4136 ============================================================
    11:35:17.0635 5216 Detected object count: 1
    11:35:17.0635 5216 Actual detected object count: 1
    11:35:40.0910 5216 \Device\Harddisk0\DR0\# - copied to quarantine
    11:35:40.0926 5216 \Device\Harddisk0\DR0 - copied to quarantine
    11:35:40.0973 5216 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    11:35:41.0066 5216 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    11:35:41.0144 5216 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    11:35:43.0515 5216 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    11:35:43.0562 5216 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    11:35:43.0562 5216 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    11:35:43.0578 5216 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    11:35:43.0718 5216 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    11:35:43.0734 5216 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    11:35:43.0749 5216 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    11:35:43.0749 5216 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    11:35:43.0749 5216 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    11:35:43.0812 5216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    11:35:43.0812 5216 \Device\Harddisk0\DR0 - ok
    11:35:43.0827 5216 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    11:35:59.0318 4676 Deinitialize success
  14. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Good :)

    Re-run MBAM one more time and post new log.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  15. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.27.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Katie :: DAPHNE [administrator]
    Protection: Enabled
    11/29/2012 6:18:51 PM
    mbam-log-2012-11-29 (18-18-51).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 275891
    Time elapsed: 3 minute(s), 44 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    (end)
  16. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Katie [Admin rights]
    Mode : Remove -- Date : 11/29/2012 18:30:35
    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] DTUpdate.exe -- C:\Users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{72DDB7C1-DF51-43F2-920E-34C6BFAAC950} : NameServer (216.146.35.240,216.146.36.240,192.168.1.1) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{72DDB7C1-DF51-43F2-920E-34C6BFAAC950} : NameServer (216.146.35.240,216.146.36.240,192.168.1.1) -> NOT REMOVED, USE DNSFIX
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD6400AAKS-75A7B2 ATA Device +++++
    --- User ---
    [MBR] 5eea1d8ccfb939eb16cc4ad62d31fb4a
    [BSP] aeb3e64950a6ce5897c70e1d46501dea : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[5]_D_11292012_02d1830.txt >>
    RKreport[1]_S_11292012_02d1829.txt ; RKreport[2]_D_11292012_02d1829.txt ; RKreport[3]_D_11292012_02d1830.txt ; RKreport[4]_D_11292012_02d1830.txt ; RKreport[5]_D_11292012_02d1830.txt
  17. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  18. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    ComboFix 12-11-29.02 - Katie 11/29/2012 19:03:48.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6133.4647 [GMT -6:00]
    Running from: c:\users\Katie\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\DealPly
    c:\program files (x86)\DealPly\DealPly.crx
    c:\program files (x86)\DealPly\DealPlyIE.dll
    c:\program files (x86)\DealPly\DealPlyUpdate.exe
    c:\program files (x86)\DealPly\DealPlyUpdate.log
    c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
    c:\program files (x86)\DealPly\icon.ico
    c:\program files (x86)\DealPly\sqlite3.dll
    c:\program files (x86)\DealPly\uninst.exe
    c:\users\Katie\GoToAssistDownloadHelper.exe
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
    c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DefaultTabUpdate
    -------\Service_DefaultTabUpdate
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-30 01:45 . 2012-11-30 01:45 -------- d-----w- c:\users\Peanut\AppData\Local\temp
    2012-11-30 01:45 . 2012-11-30 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-30 00:36 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A9A150CB-B4C7-442A-90FD-97DBFF61FF05}\mpengine.dll
    2012-11-29 17:35 . 2012-11-29 17:35 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-29 00:28 . 2012-11-29 00:26 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5DEB2D0-06A4-41A7-B479-6E516144FD63}\gapaengine.dll
    2012-11-29 00:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-29 00:25 . 2012-11-29 00:25 -------- d-----w- c:\program files\CCleaner
    2012-11-27 16:14 . 2012-11-27 16:14 -------- d-----w- c:\users\Katie\AppData\Roaming\Malwarebytes
    2012-11-27 16:14 . 2012-11-27 16:14 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-27 16:14 . 2012-11-27 16:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-27 16:14 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-27 09:08 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-27 09:08 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-27 09:08 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-27 09:08 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-27 09:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-27 09:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-27 09:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-27 09:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-27 09:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-27 09:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-27 09:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-27 04:10 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
    2012-11-27 04:10 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
    2012-11-16 14:21 . 2012-09-24 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-11-16 14:21 . 2012-09-24 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-11-16 14:21 . 2012-09-24 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-11-16 14:21 . 2012-09-24 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-11-16 14:21 . 2012-09-24 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-11-16 14:21 . 2012-09-24 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-11-16 14:21 . 2012-09-24 21:51 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-11-06 13:30 . 2012-11-06 13:30 -------- d-----w- c:\users\Katie\AppData\Local\APN
    2012-11-06 13:30 . 2012-11-06 13:30 -------- d-----w- C:\Firefox
    2012-11-06 13:20 . 2012-11-06 13:20 -------- d-----w- c:\programdata\Ask
    2012-11-06 13:19 . 2012-11-06 13:19 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-11-02 22:00 . 2012-11-02 22:00 -------- d-----w- c:\programdata\raoydanhkjhgwto
    2012-11-02 21:11 . 2012-11-02 21:12 -------- d-----w- C:\2a0b30a6093e9ccb3f5775
    2012-11-01 01:30 . 2012-11-01 01:30 -------- d-----w- c:\users\Katie\AppData\Roaming\PC Utility Kit
    2012-11-01 01:30 . 2012-11-01 01:30 -------- d-----w- c:\users\Katie\AppData\Roaming\DriverCure
    2012-11-01 01:30 . 2012-11-01 01:41 -------- d-----w- c:\programdata\PC Utility Kit
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-27 09:01 . 2010-04-17 02:58 66395536 ----a-w- c:\windows\system32\MRT.exe
    2012-11-26 19:12 . 2012-10-16 21:26 321384 ----a-w- c:\windows\SysWow64\Sendori.dll
    2012-11-06 13:19 . 2010-04-22 13:00 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-10-16 08:38 . 2012-11-29 00:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2012-11-29 00:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2012-11-29 00:21 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-09 23:28 . 2012-09-24 23:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 23:28 . 2011-07-16 13:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-02 22:42 . 2011-04-05 02:57 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-14 19:19 . 2012-10-09 22:56 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-09 22:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}]
    2011-05-04 16:04 81920 ----a-w- c:\program files (x86)\mefeediatest\w3itemplateX.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
    2012-10-03 19:24 170840 ----a-w- c:\program files\IB Updater\Extension32.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
    2012-09-25 18:02 497008 ----a-w- c:\program files (x86)\PricePeep\pricepeep.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2012-10-12 20:57 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{154d932f-dc51-4a4f-9d52-b78b1419d3b4}"= "c:\program files (x86)\mefeediatest\w3itemplateX.dll" [2011-05-04 81920]
    "{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE}"= "c:\program files (x86)\PasswordBox\Application\pbbtn.dll" [2012-11-05 113232]
    .
    [HKEY_CLASSES_ROOT\clsid\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{25e2e5c9-c43c-4ee8-b23e-4383915f2bce}]
    [HKEY_CLASSES_ROOT\TypeLib\{578831CD-31E3-4F64-9377-003954281C85}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
    "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
    "ReminderApp"="c:\program files (x86)\Nova Development\Scrapbooks Plus 3.0\ReminderApp.exe" [2010-04-16 144672]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2012-11-26 82792]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    c:\users\Hallie 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    c:\users\Peanut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-8-14 1014624]
    .
    c:\users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-10-13 131912]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [2008-11-11 27136]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-13 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]
    S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe [2012-11-26 118632]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 IB Updater Updater;IB Updater Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2012-10-03 188760]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe [2012-10-29 55808]
    S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe [2012-11-26 14696]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-09-17 656624]
    S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe [2012-11-26 3569512]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 23:28]
    .
    2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324645058-1522038740-528898963-1000Core.job
    - c:\users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-01 01:56]
    .
    2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324645058-1522038740-528898963-1000UA.job
    - c:\users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-01 01:56]
    .
    2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324645058-1522038740-528898963-1001Core.job
    - c:\users\Peanut\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 21:47]
    .
    2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-324645058-1522038740-528898963-1001UA.job
    - c:\users\Peanut\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-24 21:47]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 363544]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{72DDB7C1-DF51-43F2-920E-34C6BFAAC950}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
    BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    SafeBoot-42783049.sys
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe
    AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
    AddRemove-DefaultTab - c:\users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-324645058-1522038740-528898963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-324645058-1522038740-528898963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-324645058-1522038740-528898963-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:da,bc,04,b3,bc,eb,0e,ce,81,a9,15,c5,99,b0,a6,2b,14,0f,59,06,c0,ad,47,
    73,b8,0f,44,29,10,c3,10,bd,e2,5b,d8,8f,75,49,4d,e7,04,63,d1,f0,d4,95,ca,0a,\
    "??"=hex:e0,cd,3b,00,77,f2,51,73,39,91,ff,04,f7,4a,3a,62
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Sendori\SendoriUp.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-29 20:00:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-30 01:59
    .
    Pre-Run: 546,416,603,136 bytes free
    Post-Run: 546,143,019,008 bytes free
    .
    - - End Of File - - CF1FCD45D5138FFF6856A0F8ADC668FF
  19. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Looks good.

    Any current issues?

    ==========================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    # AdwCleaner v2.011 - Logfile created 12/05/2012 at 14:15:28
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Katie - DAPHNE
    # Boot Mode : Normal
    # Running from : C:\Users\Katie\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    Deleted on reboot : C:\Program Files (x86)\Searchqu Toolbar
    Deleted on reboot : C:\Program Files\IB Updater
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\Ilivid
    Folder Deleted : C:\Program Files (x86)\OApps
    Folder Deleted : C:\Program Files (x86)\PricePeep
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\Katie\AppData\Local\APN
    Folder Deleted : C:\Users\Katie\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Peanut\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Peanut\AppData\Local\SavingsApp
    Folder Deleted : C:\Users\Peanut\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Peanut\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Peanut\AppData\Roaming\DefaultTab
    ***** [Registry] *****
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll
    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll
    Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
    Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\DefaultTab
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
    Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
    Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\Software\DealPly
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\Software\DefaultTab
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\Software\ilivid
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055465539}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v8.0.7601.17514
    [OK] Registry is clean.
    -\\ Google Chrome v23.0.1271.95
    File : C:\Users\Katie\AppData\Local\Google\Chrome\User Data\Default\Preferences
    [OK] File is clean.
    File : C:\Users\Peanut\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hs[...]
    Deleted [l.64] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=390&systemid=406&apn_dtid[...]
    Deleted [l.4052] : urls_to_restore_on_startup = [ "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp[...]
    *************************
    AdwCleaner[R1].txt - [11655 octets] - [05/12/2012 14:15:13]
    AdwCleaner[S1].txt - [11387 octets] - [05/12/2012 14:15:28]
    ########## EOF - C:\AdwCleaner[S1].txt - [11448 octets] ##########
  21. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    Seems to be running good at this point. Which programs do you think I need to keep on her computer incase for future and which ones do you think I can remove?
  22. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    OTL logfile created on: 12/5/2012 2:24:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katie\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.27% Memory free
    11.98 Gb Paging File | 10.07 Gb Available in Paging File | 84.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 508.99 Gb Free Space | 87.53% Space Free | Partition Type: NTFS

    Computer Name: DAPHNE | User Name: Katie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/05 14:24:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katie\Desktop\OTL.exe
    PRC - [2012/12/05 14:20:43 | 000,999,888 | ---- | M] (Solid State Networks) -- C:\Users\Katie\AppData\Local\Temp\install_flashplayer11x32axau_gtba_chra_dy_aih[1].exe
    PRC - [2012/11/26 13:12:42 | 003,569,512 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe
    PRC - [2012/11/26 13:12:42 | 000,196,456 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe
    PRC - [2012/11/26 13:12:42 | 000,118,632 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe
    PRC - [2012/11/26 13:12:42 | 000,082,792 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe
    PRC - [2012/11/26 13:12:42 | 000,014,696 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe
    PRC - [2012/10/29 14:21:48 | 000,055,808 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe
    PRC - [2012/10/09 17:28:25 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
    PRC - [2012/10/03 13:24:14 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2010/04/16 12:24:24 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbooks Plus 3.0\ReminderApp.exe
    PRC - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2009/06/24 20:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/27 10:09:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
    MOD - [2012/11/27 10:09:04 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll
    MOD - [2012/11/27 10:09:04 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
    MOD - [2012/11/27 10:09:03 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
    MOD - [2012/11/27 10:08:53 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
    MOD - [2012/11/27 10:08:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
    MOD - [2012/11/27 10:08:33 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
    MOD - [2012/11/27 10:08:29 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
    MOD - [2012/11/27 10:08:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
    MOD - [2012/11/27 10:08:14 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
    MOD - [2012/11/27 10:08:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
    MOD - [2012/11/27 10:08:08 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
    MOD - [2012/11/27 10:08:03 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
    MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/04/16 12:24:32 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbooks Plus 3.0\AddressBookCore.dll
    MOD - [2010/04/16 12:24:24 | 000,144,672 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbooks Plus 3.0\ReminderApp.exe
    MOD - [2010/04/16 12:04:12 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Nova Development\Scrapbooks Plus 3.0\en-US\ReminderApp.resources.dll
    MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/10/03 13:24:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater Updater)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2009/03/31 16:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV - [2012/12/05 14:23:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/11/26 13:12:42 | 003,569,512 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)
    SRV - [2012/11/26 13:12:42 | 000,118,632 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)
    SRV - [2012/11/26 13:12:42 | 000,014,696 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)
    SRV - [2012/10/29 14:21:48 | 000,055,808 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
    SRV - [2012/10/13 12:22:33 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/20 10:41:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/09/17 13:05:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
    DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64gps.sys -- (UsbGps)
    DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
    DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{738128FA-C711-44BF-803D-5074240B5F09}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{EE42FA5D-70C2-4A16-99CE-C898A436209A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-324645058-1522038740-528898963-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-324645058-1522038740-528898963-1000\..\SearchScopes,DefaultScope = {43367460-7C4E-473F-8D53-D75ED7409CA9}
    IE - HKU\S-1-5-21-324645058-1522038740-528898963-1000\..\SearchScopes\{43367460-7C4E-473F-8D53-D75ED7409CA9}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7MXGB_enUS513
    IE - HKU\S-1-5-21-324645058-1522038740-528898963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-324645058-1522038740-528898963-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Katie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Katie\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX


    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - homepage: http://www.google.com/

    O1 HOSTS File: ([2012/11/29 19:48:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
    O2 - BHO: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Peanut\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll ()
    O3 - HKLM\..\Toolbar: (PasswordBox) - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-324645058-1522038740-528898963-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Scrapbooks Plus 3.0\ReminderApp.exe ()
    O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Hallie 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
    O4 - Startup: C:\Users\Peanut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Peanut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-324645058-1522038740-528898963-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-324645058-1522038740-528898963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-324645058-1522038740-528898963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-324645058-1522038740-528898963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-324645058-1522038740-528898963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72DDB7C1-DF51-43F2-920E-34C6BFAAC950}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72DDB7C1-DF51-43F2-920E-34C6BFAAC950}: NameServer = 216.146.35.240,216.146.36.240,192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - File not found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-324645058-1522038740-528898963-1000..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/05 14:24:53 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\Google
    [2012/12/05 14:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2012/12/05 14:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
    [2012/12/05 14:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/12/05 14:21:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Katie\Desktop\OTL.exe
    [2012/11/29 19:48:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/11/29 19:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/29 19:02:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/29 19:02:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/29 18:57:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/29 18:56:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/29 18:53:49 | 005,009,014 | R--- | C] (Swearware) -- C:\Users\Katie\Desktop\ComboFix.exe
    [2012/11/29 18:29:12 | 000,000,000 | ---D | C] -- C:\Users\Katie\Desktop\RK_Quarantine
    [2012/11/29 11:35:40 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/11/28 20:53:07 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Katie\Desktop\dds.com
    [2012/11/28 18:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/11/28 18:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/11/27 10:14:57 | 000,000,000 | ---D | C] -- C:\Users\Katie\AppData\Roaming\Malwarebytes
    [2012/11/27 10:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/27 10:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/27 10:14:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/27 10:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/11/10 09:55:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/11/06 07:30:16 | 000,000,000 | ---D | C] -- C:\Firefox

    ========== Files - Modified Within 30 Days ==========

    [2012/12/05 14:28:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/05 14:28:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/05 14:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/05 14:25:27 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/05 14:25:27 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/05 14:24:28 | 000,002,362 | ---- | M] () -- C:\Users\Katie\Desktop\Google Chrome.lnk
    [2012/12/05 14:24:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katie\Desktop\OTL.exe
    [2012/12/05 14:16:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/05 14:16:30 | 528,355,327 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/05 14:11:42 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-324645058-1522038740-528898963-1000Core.job
    [2012/12/05 14:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-324645058-1522038740-528898963-1000UA.job
    [2012/12/05 14:03:13 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-324645058-1522038740-528898963-1001UA.job
    [2012/12/05 14:03:13 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-324645058-1522038740-528898963-1001Core.job
    [2012/11/29 19:48:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/29 18:56:42 | 005,009,014 | R--- | M] (Swearware) -- C:\Users\Katie\Desktop\ComboFix.exe
    [2012/11/29 18:29:10 | 000,752,128 | ---- | M] () -- C:\Users\Katie\Desktop\RogueKiller.exe
    [2012/11/29 11:34:23 | 002,193,345 | ---- | M] () -- C:\Users\Katie\Desktop\tdsskiller.zip
    [2012/11/28 20:56:33 | 000,003,531 | ---- | M] () -- C:\Users\Katie\Desktop\attach.zip
    [2012/11/28 20:53:16 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Katie\Desktop\dds.com
    [2012/11/28 18:25:09 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/11/27 10:14:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/27 10:01:02 | 000,367,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/27 03:09:59 | 000,771,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/27 03:09:59 | 000,647,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/27 03:09:59 | 000,114,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/27 03:03:52 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/11/26 13:12:42 | 000,321,384 | ---- | M] (Sendori) -- C:\Windows\SysWow64\Sendori.dll

    ========== Files Created - No Company Name ==========

    [2012/12/05 14:24:28 | 000,002,362 | ---- | C] () -- C:\Users\Katie\Desktop\Google Chrome.lnk
    [2012/12/05 14:23:58 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/05 14:23:58 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/29 19:02:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/29 19:02:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/29 19:02:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/29 19:02:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/29 19:02:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/29 18:28:48 | 000,752,128 | ---- | C] () -- C:\Users\Katie\Desktop\RogueKiller.exe
    [2012/11/29 11:33:54 | 002,193,345 | ---- | C] () -- C:\Users\Katie\Desktop\tdsskiller.zip
    [2012/11/28 20:56:33 | 000,003,531 | ---- | C] () -- C:\Users\Katie\Desktop\attach.zip
    [2012/11/28 18:25:09 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/11/27 10:14:46 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/27 03:08:28 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/11/27 03:00:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/11/02 15:58:48 | 000,097,640 | ---- | C] () -- C:\ProgramData\mqohyjlcsuephcg
    [2011/05/31 18:07:34 | 000,011,804 | -HS- | C] () -- C:\ProgramData\oh4m46451yb0604t15h2snob0yptb3ngpu34rm8vi1
    [2011/05/26 17:51:26 | 000,011,878 | -HS- | C] () -- C:\ProgramData\i5re2gv3m1233hbpcm116p34yaa03tf773rinikt3q1x
    [2011/04/04 20:50:55 | 000,775,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/04/14 06:26:27 | 000,000,096 | ---- | C] () -- C:\Users\Katie\AppData\Roaming\wklnhst.dat
    [2010/04/06 20:49:58 | 000,000,632 | RHS- | C] () -- C:\Users\Katie\ntuser.pol

    ========== ZeroAccess Check ==========

    [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2010/12/24 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Leader Technologies
    [2011/02/02 10:56:00 | 000,000,000 | ---D | M] -- C:\Users\Hallie 2\AppData\Roaming\Leader Technologies
    [2012/10/31 19:30:53 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\DriverCure
    [2010/04/11 19:46:13 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\EPSON
    [2010/04/11 19:20:15 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\Leader Technologies
    [2010/04/11 17:40:44 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\Leadertech
    [2012/10/31 19:30:53 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\PC Utility Kit
    [2010/04/14 06:26:28 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\Template
    [2010/04/06 21:58:37 | 000,000,000 | ---D | M] -- C:\Users\Katie\AppData\Roaming\Windows Live Writer
    [2010/04/14 19:23:37 | 000,000,000 | ---D | M] -- C:\Users\Peanut\AppData\Roaming\Leader Technologies
    [2010/04/14 19:26:59 | 000,000,000 | ---D | M] -- C:\Users\Peanut\AppData\Roaming\Template

    ========== Purity Check ==========


    < End of report >
  23. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    OTL Extras logfile created on: 12/5/2012 2:24:48 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katie\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 4.15 Gb Available Physical Memory | 69.27% Memory free
    11.98 Gb Paging File | 10.07 Gb Available in Paging File | 84.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.48 Gb Total Space | 508.99 Gb Free Space | 87.53% Space Free | Partition Type: NTFS

    Computer Name: DAPHNE | User Name: Katie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1B983129-A803-4C7D-B563-57D56DBD8449}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{A85E2F70-50C9-439E-85CD-F4C4438D6CBB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{CC58F9BE-58AA-4593-AD08-2D8DFC2DA34C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EE4FD430-8325-4162-B081-094481F76739}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{13C53501-38B8-4E93-9913-6B1AC6BE5ED4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{15C0FCC2-396A-4DC1-9D49-FC99D679602B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1C74B150-892D-41C8-8D15-C2C972D789B3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{1E682C9D-3737-4ED3-B0B8-F6193E69BC45}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
    "{2B780BCC-8082-442B-BCE5-B40144F699EF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{41E6072D-597A-406A-A08E-720674E36EA9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{6BE8D789-6718-4FF6-B74F-09BA58B8BA8B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{737B7A97-F65D-4648-9649-F14C6F57CAC2}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\srtool~1\dtuser.exe |
    "{76B352B1-9820-4F42-913F-D4391930FF4E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{B97DE97F-3365-41E3-A377-583C15C6C5F0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{BD2B9202-5AF7-4389-94F9-EEC99FC53CCB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{D7A2388D-7769-4C8F-B897-0B3F338E9F9A}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\srtool~1\dtuser.exe |
    "{F0EC8E11-404D-4C4B-84B9-6460F66EEC54}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{F2E50B68-EE63-4E71-9CEE-40B61002D063}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "TCP Query User{BEE782AF-4082-49D1-9674-D4BBE484EDC8}C:\program files (x86)\desura\common\erie\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\desura\common\erie\binaries\win32\udk.exe |
    "UDP Query User{44EF2F50-C35E-4073-B74C-266D4AAAF010}C:\program files (x86)\desura\common\erie\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\desura\common\erie\binaries\win32\udk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "EPSON NX410 Series" = EPSON NX410 Series Printer Uninstall
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{615A3B3A-565E-41F6-9792-82BA4C2A9F58}" = Scrapbooks Plus 3.0
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F5575DD6-8112-45A6-8FFA-C7249C3D8E1F}" = CWA Reminder by We-Care.com v4.1.19.3
    "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "Desura" = Desura
    "Desura_81776177315872" = Desura: ERIE
    "EPSON Scanner" = EPSON Scan
    "GoToAssist" = GoToAssist 8.0.0.514
    "ilividtoolbarguid" = Search-Results Toolbar
    "LTCM Client" = LTCM Client
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "mefeediatest" = MeFeedia
    "PasswordBox" = PasswordBox
    "SCRABBLE" = SCRABBLE
    "Sendori" = Sendori
    "sl-adk" = SelectionLinks
    "SMPlayer" = SMPlayer 0.6.9
    "TelevisionFanatic Chrome Extension Uninstall" = TelevisionFanatic Toolbar Chrome Extension
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-324645058-1522038740-528898963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/27/2012 5:26:29 AM | Computer Name = Daphne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6701491

    Error - 11/27/2012 5:26:29 AM | Computer Name = Daphne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6701491

    Error - 11/27/2012 5:26:44 AM | Computer Name = Daphne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/27/2012 5:26:44 AM | Computer Name = Daphne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6717091

    Error - 11/27/2012 5:26:44 AM | Computer Name = Daphne | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6717091

    Error - 11/27/2012 12:07:42 PM | Computer Name = Daphne | Source = Application Error | ID = 1000
    Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time
    stamp: 0x4ba21f5d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
    process id: 0x14c4 Faulting application start time: 0x01cdccb951b4948d Faulting application
    path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Faulting module
    path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 924a2e23-38ac-11e2-9c45-a4badbe73281

    Error - 11/27/2012 12:29:34 PM | Computer Name = Daphne | Source = VSS | ID = 8194
    Description =

    Error - 11/28/2012 9:14:15 PM | Computer Name = Daphne | Source = Application Error | ID = 1000
    Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time
    stamp: 0x4ba21f5d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
    process id: 0x1bbc Faulting application start time: 0x01cdcdced1f60e17 Faulting application
    path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Faulting module
    path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 16fbdb63-39c2-11e2-a06a-a4badbe73281

    Error - 11/28/2012 9:14:19 PM | Computer Name = Daphne | Source = .NET Runtime Optimization Service | ID = 1101
    Description =

    Error - 11/28/2012 9:15:43 PM | Computer Name = Daphne | Source = Application Error | ID = 1000
    Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time
    stamp: 0x4ba21f5d Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
    stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000009970a Faulting
    process id: 0x10bc Faulting application start time: 0x01cdcdcf0d266cf4 Faulting application
    path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe Faulting module
    path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 4b7736c8-39c2-11e2-a06a-a4badbe73281

    [ Media Center Events ]
    Error - 5/18/2012 6:19:33 PM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 5:19:25 PM - Error connecting to the internet. 5:19:25 PM - Unable
    to contact server..

    Error - 5/23/2012 7:11:54 AM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 6:11:54 AM - Error connecting to the internet. 6:11:54 AM - Unable
    to contact server..

    Error - 5/23/2012 7:12:05 AM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 6:12:00 AM - Error connecting to the internet. 6:12:00 AM - Unable
    to contact server..

    Error - 5/24/2012 1:37:30 AM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 12:37:30 AM - Error connecting to the internet. 12:37:30 AM - Unable
    to contact server..

    Error - 5/24/2012 1:37:36 AM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 12:37:35 AM - Error connecting to the internet. 12:37:35 AM - Unable
    to contact server..

    Error - 5/24/2012 1:09:32 PM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 12:09:32 PM - Error connecting to the internet. 12:09:32 PM - Unable
    to contact server..

    Error - 5/24/2012 1:09:38 PM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 12:09:37 PM - Error connecting to the internet. 12:09:37 PM - Unable
    to contact server..

    Error - 5/28/2012 9:52:34 PM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 8:52:34 PM - Error connecting to the internet. 8:52:34 PM - Unable
    to contact server..

    Error - 5/28/2012 9:52:44 PM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 8:52:39 PM - Error connecting to the internet. 8:52:39 PM - Unable
    to contact server..

    Error - 9/10/2012 5:02:53 PM | Computer Name = Daphne | Source = MCUpdate | ID = 0
    Description = 4:02:48 PM - Error connecting to the internet. 4:02:48 PM - Unable
    to contact server..

    [ System Events ]
    Error - 12/2/2012 4:09:54 PM | Computer Name = Daphne | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.141.763.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 12/3/2012 5:10:12 AM | Computer Name = Daphne | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.141.763.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 12/3/2012 5:20:12 AM | Computer Name = Daphne | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.141.763.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 12/4/2012 12:40:54 AM | Computer Name = Daphne | Source = Microsoft Antimalware | ID = 2001
    Description = %%860 has encountered an error trying to update signatures. New Signature
    Version: Previous Signature Version: 1.141.763.0 Update Source: %%859 Update Stage:
    %%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
    User:
    NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error
    code: 0x8024402c Error description: An unexpected problem occurred while checking
    for updates. For information on installing or troubleshooting updates, see Help
    and Support.

    Error - 12/4/2012 11:20:57 AM | Computer Name = Daphne | Source = Service Control Manager | ID = 7022
    Description = The Service Sendori service hung on starting.

    Error - 12/4/2012 11:21:02 AM | Computer Name = Daphne | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 12/4/2012 11:21:02 AM | Computer Name = Daphne | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 12/5/2012 4:18:22 PM | Computer Name = Daphne | Source = Service Control Manager | ID = 7022
    Description = The Service Sendori service hung on starting.

    Error - 12/5/2012 4:18:29 PM | Computer Name = Daphne | Source = VDS Basic Provider | ID = 33554433
    Description =

    Error - 12/5/2012 4:18:29 PM | Computer Name = Daphne | Source = VDS Basic Provider | ID = 33554433
    Description =


    < End of report >
  24. Broni

    Broni Malware Annihilator Posts: 46,797   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-324645058-1522038740-528898963-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      [2011/05/31 18:07:34 | 000,011,804 | -HS- | C] () -- C:\ProgramData\oh4m46451yb0604t15h2snob0yptb3ngpu34rm8vi1
      [2011/05/26 17:51:26 | 000,011,878 | -HS- | C] () -- C:\ProgramData\i5re2gv3m1233hbpcm116p34yaa03tf773rinikt3q1x
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. kcihteteyr

    kcihteteyr TS Rookie Topic Starter Posts: 26

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-324645058-1522038740-528898963-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    C:\ProgramData\oh4m46451yb0604t15h2snob0yptb3ngpu34rm8vi1 moved successfully.
    C:\ProgramData\i5re2gv3m1233hbpcm116p34yaa03tf773rinikt3q1x moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Hallie 2
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Katie
    ->Temp folder emptied: 261823 bytes
    ->Temporary Internet Files folder emptied: 54940072 bytes
    ->Java cache emptied: 26676904 bytes
    ->Google Chrome cache emptied: 819568 bytes
    ->Flash cache emptied: 2883 bytes

    User: Peanut
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 341852858 bytes
    ->Java cache emptied: 32212514 bytes
    ->Google Chrome cache emptied: 56306878 bytes
    ->Apple Safari cache emptied: 10303488 bytes
    ->Flash cache emptied: 164340 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 935511 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 500.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Hallie 2

    User: Katie
    ->Java cache emptied: 0 bytes

    User: Peanut
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Hallie 2

    User: Katie
    ->Flash cache emptied: 0 bytes

    User: Peanut
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12052012_194833
    Files\Folders moved on Reboot...
    C:\Users\Katie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Katie\AppData\Local\Temp\~DF96C71C2B6A033873.TMP not found!
    File\Folder C:\Users\Katie\AppData\Local\Temp\~DFA8AD857CED6B0BDA.TMP not found!
    File\Folder C:\Users\Katie\AppData\Local\Temp\~DFBE87B5448B39FFFF.TMP not found!
    File\Folder C:\Users\Katie\AppData\Local\Temp\~DFC4B8773F627D7504.TMP not found!
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WIUDLIT7\918[2].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PBL5F4A6\partner[2].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PBL5F4A6\partner[3].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PBL5F4A6\partner[4].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8X8429XF\ads[3].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8X8429XF\atids[1].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8X8429XF\iframe[1].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4P4RM4EQ\gplus_notifications_gadget[1].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4P4RM4EQ\page-2[1].htm moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    C:\Users\Katie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File move failed. C:\Windows\temp\sndappv2.log scheduled to be moved on reboot.
    C:\Windows\temp\~DFC66EA4B998729CF6.TMP moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.