TechSpot

Virus infestation

Solved
By poohgc
Nov 15, 2012
  1. MBAM Log:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.15.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    khermanson :: ADELEP [administrator]

    11/15/2012 9:40:45 AM
    mbam-log-2012-11-15 (09-40-45).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 715901
    Time elapsed: 1 hour(s), 48 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\System Volume Information\_restore{55356021-C966-4E4B-A715-75105CF0B9C7}\RP822\A0048509.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

    (end)

    GMER.LOG
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-11-15 11:58:13
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
    Running: krnkffun.exe; Driver: C:\DOCUME~1\ADMIN~1.LSN\LOCALS~1\Temp\uxtdrpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS logs:
    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
    Run by admin at 13:01:18 on 2012-11-15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.519 [GMT -6:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    ============== Running Processes ================
    .
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\WINNT\System32\alg.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINNT\system32\hphmon05.exe
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\WINNT\system32\ctfmon.exe
    C:\WINNT\system32\igfxsrvc.exe
    C:\WINNT\system32\wbem\wmiprvse.exe
    C:\WINNT\system32\svchost.exe -k DcomLaunch
    C:\WINNT\system32\svchost.exe -k rpcss
    C:\WINNT\System32\svchost.exe -k netsvcs
    C:\WINNT\system32\svchost.exe -k NetworkService
    C:\WINNT\system32\svchost.exe -k LocalService
    C:\WINNT\system32\svchost.exe -k LocalService
    C:\WINNT\system32\svchost.exe -k netsvcs
    C:\WINNT\System32\svchost.exe -k HPZ12
    C:\WINNT\System32\svchost.exe -k HPZ12
    C:\WINNT\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.legalassist.org/
    BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: <No Name>: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
    mRun: [Synchronization Manager] mobsync.exe /logon
    mRun: [SC_DAEMON] "c:\program files\mailshell spamcatcher universal desktop client\sc_daemon.exe"
    mRun: [OE_Plugin_Startup] "c:\program files\mailshell spamcatcher universal desktop client\Launcher.exe"
    mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [HPDJ Taskbar Utility] c:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe
    mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
    mRun: [HPHmon05] c:\winnt\system32\hphmon05.exe
    mRun: [igfxtray] c:\winnt\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\winnt\system32\hkcmd.exe
    mRun: [igfxpers] c:\winnt\system32\igfxpers.exe
    mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x4\programs\QFSCHD140.EXE"
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
    dRunOnce: [tscuninstall] c:\winnt\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\winnt\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Windows\System: CompatibleRUPSecurity = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
    DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/157d37c333621a912406/netzip/RdxIE601.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132007159500
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132065967140
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    TCP: Interfaces\{730475C2-769E-4930-BEDB-799399D41193} : NameServer = 192.168.2.4,192.168.2.5,192.168.2.6
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: igfxcui - igfxdev.dll
    Notify: PCANotify - PCANotify.dll
    Notify: wzcnotif - wzcdlg.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\admin.lsnd\application data\mozilla\firefox\profiles\6x6or03l.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.legalassist.org/
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\winnt\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - plugin: c:\winnt\system32\npDeployJava1.dll
    FF - plugin: c:\winnt\system32\npptools.dll
    FF - ExtSQL: 2012-10-10 17:08; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Achernar;Achernar - SCSI Command Filters;c:\winnt\system32\drivers\Achernar.sys [2006-4-24 16855]
    R1 AW_HOST;AW_HOST;c:\winnt\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
    R2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2005-5-20 106496]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-2 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-2 108392]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-6-2 1839776]
    R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\winnt\system32\drivers\Aldebaran.sys [2006-4-24 21808]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-27 106656]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20121114.008\NAVENG.SYS [2012-11-15 92704]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20121114.008\NAVEX15.SYS [2012-11-15 1601184]
    S3 COH_Mon;COH_Mon;c:\winnt\system32\drivers\COH_Mon.sys [2011-6-2 23888]
    S3 NPF;WinPcap Packet Driver (NPF);c:\winnt\system32\drivers\npf.sys [2012-11-14 50704]
    S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2005-11-14 49776]
    S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\clt-inst\vpremote.exe --> c:\temp\clt-inst\vpremote.exe [?]
    S4 SpamCatcherUniversal;SpamCatcherUniversal;"c:\program files\mailshell spamcatcher universal desktop client\spamcatcher.exe" -d "c:\program files\mailshell spamcatcher universal desktop client\conf\\" --> c:\program files\mailshell spamcatcher universal desktop client\spamcatcher.exe [?]
    .
    =============== File Associations ===============
    .
    ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect lightning\programs\LightningNavigator.exe" "-ViewDocument" "%1"
    ShellExec: wordpad.exe: print="c:\program files\windows nt\accessories\WORDPAD.EXE"/p "%1"
    ShellExec: wordpad.exe: printto="c:\program files\windows nt\accessories\WORDPAD.EXE"/pt "%1" "%2" "%3" "%4"
    .
    =============== Created Last 30 ================
    .
    2012-11-15 13:28:33 -------- d-sha-r- C:\cmdcons
    2012-11-15 13:22:28 98816 ----a-w- c:\winnt\sed.exe
    2012-11-15 13:22:28 256000 ----a-w- c:\winnt\PEV.exe
    2012-11-15 13:22:28 208896 ----a-w- c:\winnt\MBR.exe
    2012-11-15 13:22:14 -------- d-s---w- C:\ComboFix
    2012-11-14 20:33:07 -------- d-----w- c:\documents and settings\admin.lsnd\application data\Malwarebytes
    2012-11-14 20:32:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-11-14 20:32:26 22856 ----a-w- c:\winnt\system32\drivers\mbam.sys
    2012-11-14 20:32:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-11-14 18:50:36 -------- d-----w- c:\documents and settings\all users\application data\AC62295460A1D4A80000AC617CFDDFA4
    2012-11-14 18:49:47 50704 ----a-w- c:\winnt\system32\drivers\npf.sys
    2012-11-14 18:49:46 281104 ----a-w- c:\winnt\system32\wpcap.dll
    2012-11-14 18:49:45 100880 ----a-w- c:\winnt\system32\Packet.dll
    .
    ==================== Find3M ====================
    .
    2012-11-14 19:44:20 60808 -c--a-w- c:\winnt\system32\S32EVNT1.DLL
    2012-11-14 19:44:20 125488 -c--a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
    2012-11-13 19:46:49 1682 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
    2012-10-10 22:02:57 93672 ----a-w- c:\winnt\system32\WindowsAccessBridge.dll
    2012-10-10 22:02:52 821736 ----a-w- c:\winnt\system32\npDeployJava1.dll
    2012-10-10 22:02:52 746984 ----a-w- c:\winnt\system32\deployJava1.dll
    2012-10-10 22:02:52 143872 ----a-w- c:\winnt\system32\javacpl.cpl
    2012-10-10 21:57:59 73656 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
    2012-10-10 21:57:59 696760 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
    2012-08-30 20:29:36 81920 ------w- c:\winnt\system32\ieencode.dll
    2012-08-28 15:14:53 916992 ----a-w- c:\winnt\system32\wininet.dll
    2012-08-28 15:14:53 43520 ------w- c:\winnt\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ------w- c:\winnt\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ------w- c:\winnt\system32\html.iec
    2012-08-24 13:53:22 177664 ----a-w- c:\winnt\system32\wintrust.dll
    2012-08-21 13:29:19 2192896 ----a-w- c:\winnt\system32\ntoskrnl.exe
    2012-08-21 12:58:06 2069632 ----a-w- c:\winnt\system32\ntkrnlpa.exe
    .
    ============= FINISH: 13:02:33.36 ===============


    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/21/2009 4:07:29 PM
    System Uptime: 11/15/2012 11:46:16 AM (2 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0C7018
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 41.493 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP762: 9/13/2012 12:35:12 PM - System Checkpoint
    RP763: 9/14/2012 1:30:19 PM - System Checkpoint
    RP764: 9/15/2012 2:30:26 PM - System Checkpoint
    RP765: 9/16/2012 3:30:21 PM - System Checkpoint
    RP766: 9/17/2012 4:30:26 PM - System Checkpoint
    RP767: 9/18/2012 5:30:21 PM - System Checkpoint
    RP768: 9/19/2012 6:30:21 PM - System Checkpoint
    RP769: 9/20/2012 7:30:26 PM - System Checkpoint
    RP770: 9/21/2012 8:30:38 PM - System Checkpoint
    RP771: 9/22/2012 9:30:32 PM - System Checkpoint
    RP772: 9/23/2012 10:30:22 PM - System Checkpoint
    RP773: 9/24/2012 11:30:23 PM - System Checkpoint
    RP774: 9/26/2012 12:30:21 AM - System Checkpoint
    RP775: 9/27/2012 1:30:22 AM - System Checkpoint
    RP776: 9/28/2012 1:34:24 AM - System Checkpoint
    RP777: 9/29/2012 2:34:24 AM - System Checkpoint
    RP778: 9/30/2012 3:34:26 AM - System Checkpoint
    RP779: 10/1/2012 4:34:30 AM - System Checkpoint
    RP780: 10/2/2012 5:34:34 AM - System Checkpoint
    RP781: 10/3/2012 6:34:28 AM - System Checkpoint
    RP782: 10/4/2012 5:05:42 PM - System Checkpoint
    RP783: 10/5/2012 5:16:16 PM - System Checkpoint
    RP784: 10/6/2012 6:16:21 PM - System Checkpoint
    RP785: 10/7/2012 7:16:19 PM - System Checkpoint
    RP786: 10/8/2012 7:58:44 PM - System Checkpoint
    RP787: 10/9/2012 8:58:44 PM - System Checkpoint
    RP788: 10/10/2012 1:53:56 PM - Software Distribution Service 3.0
    RP789: 10/10/2012 4:05:41 PM - Software Distribution Service 3.0
    RP790: 10/10/2012 5:02:42 PM - Installed Java 7 Update 7
    RP791: 10/11/2012 6:02:42 PM - System Checkpoint
    RP792: 10/12/2012 7:02:42 PM - System Checkpoint
    RP793: 10/13/2012 8:02:42 PM - System Checkpoint
    RP794: 10/14/2012 9:02:49 PM - System Checkpoint
    RP795: 10/15/2012 10:02:43 PM - System Checkpoint
    RP796: 10/16/2012 11:02:44 PM - System Checkpoint
    RP797: 10/18/2012 12:02:45 AM - System Checkpoint
    RP798: 10/19/2012 12:33:09 AM - System Checkpoint
    RP799: 10/20/2012 1:33:05 AM - System Checkpoint
    RP800: 10/21/2012 2:33:03 AM - System Checkpoint
    RP801: 10/22/2012 3:33:00 AM - System Checkpoint
    RP802: 10/23/2012 4:30:27 AM - System Checkpoint
    RP803: 10/24/2012 5:30:26 AM - System Checkpoint
    RP804: 10/26/2012 1:17:25 PM - System Checkpoint
    RP805: 10/27/2012 1:23:03 PM - System Checkpoint
    RP806: 10/28/2012 2:22:30 PM - System Checkpoint
    RP807: 10/29/2012 5:22:59 PM - System Checkpoint
    RP808: 10/30/2012 5:25:42 PM - System Checkpoint
    RP809: 10/31/2012 6:22:32 PM - System Checkpoint
    RP810: 11/1/2012 7:22:29 PM - System Checkpoint
    RP811: 11/2/2012 8:22:40 PM - System Checkpoint
    RP812: 11/3/2012 8:22:31 PM - System Checkpoint
    RP813: 11/4/2012 9:22:43 PM - System Checkpoint
    RP814: 11/5/2012 10:22:29 PM - System Checkpoint
    RP815: 11/6/2012 11:22:29 PM - System Checkpoint
    RP816: 11/8/2012 12:22:26 AM - System Checkpoint
    RP817: 11/9/2012 1:22:27 AM - System Checkpoint
    RP818: 11/10/2012 2:22:30 AM - System Checkpoint
    RP819: 11/11/2012 3:22:31 AM - System Checkpoint
    RP820: 11/12/2012 4:22:24 AM - System Checkpoint
    RP821: 11/13/2012 5:22:32 AM - System Checkpoint
    RP822: 11/14/2012 6:22:19 AM - System Checkpoint
    RP823: 11/15/2012 6:29:47 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    32 Bit HP BiDi Channel Components Installer
    Acrobat.com
    Ad-Aware SE Personal
    Adobe Acrobat 7.0 Standard
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    AnswerWorks Runtime
    Compatibility Pack for the 2007 Office system
    Corel WordPerfect Office - iFilter
    Critical Update for Windows Media Player 11 (KB959772)
    Hotfix for MDAC 2.53 (KB911562)
    Hotfix for MDAC 2.53 (KB927779)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Commercial Scanjet 5590 TWAIN Driver
    HP Memories Disc
    HP Photo and Imaging 2.5 - Scanjet 5590 Series
    HP Software Update
    HPScanjet5590Corporate11
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Connections Drivers
    Java 7 Update 7
    Java Auto Updater
    LiveReg (Symantec Corporation)
    LiveUpdate 3.3 (Symantec Corporation)
    Macromedia Shockwave Player
    Mailshell Anti-Spam Universal
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB947742)
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer 2003
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook 2003
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OGA Notifier 2.0.0048.0
    Photosmart 140,240,7200,7600,7700,7900 Series
    Presto! PageManager 7.11
    PS7200
    PSShortcutsP
    PSUsage
    QFolder
    Readiris Pro 8
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealPopup
    RealUpgrade 1.1
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2530548)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2559049)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219-v2)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135-v2)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847-v2)
    Security Update for Windows XP (KB2744842)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    ShareIns
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.3
    Symantec Endpoint Protection
    Symantec pcAnywhere
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    WebFldrs
    WebFldrs XP
    WebIQ Technology Engine
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 9 Hotfix [See KB885492 for more information]
    Windows XP Service Pack 3
    WinZip
    WordPerfect Lightning
    WordPerfect Lightning - EN
    WordPerfect Lightning - IPM
    WordPerfect Lightning - Messages
    WordPerfect Lightning - MSOM
    WordPerfect Office 2000 Hot Fix
    WordPerfect Office X4
    WordPerfect Office X4 - Common
    WordPerfect Office X4 - Content
    WordPerfect Office X4 - EN
    WordPerfect Office X4 - Filters
    WordPerfect Office X4 - Graphics
    WordPerfect Office X4 - ICA
    WordPerfect Office X4 - IPM
    WordPerfect Office X4 - IPM EN
    WordPerfect Office X4 - Migration Manager
    WordPerfect Office X4 - PerfectExperts
    WordPerfect Office X4 - PR
    WordPerfect Office X4 - QP
    WordPerfect Office X4 - Skins
    WordPerfect Office X4 - System
    WordPerfect Office X4 - WP
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/14/2012 4:14:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    11/14/2012 2:52:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/14/2012 2:51:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AW_HOST eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI
    11/14/2012 2:15:01 PM, error: Srv [2020] - The server was unable to allocate from the system paged pool because the pool was empty.
    11/14/2012 12:53:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Management Client service to connect.
    11/14/2012 12:53:39 PM, error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/14/2012 12:53:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Settings Manager service to connect.
    11/14/2012 12:53:37 PM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/14/2012 12:53:36 PM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    11/14/2012 12:53:36 PM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
    11/14/2012 12:53:36 PM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    11/14/2012 12:53:36 PM, error: Service Control Manager [7000] - The pcAnywhere Host Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/14/2012 12:53:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the pcAnywhere Host Service service to connect.
    11/14/2012 12:53:31 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
    11/14/2012 12:53:31 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
    11/14/2012 12:53:31 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/14/2012 12:53:31 PM, error: Service Control Manager [7031] - The pcAnywhere Host Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/14/2012 1:55:20 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\authmgr.dll. Reference error message: Error Message is unavailable .
    11/13/2012 11:28:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
    11/13/2012 11:28:23 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/13/2012 11:28:23 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
    11/12/2012 2:35:32 PM, error: NETLOGON [5719] - No Domain Controller is available for domain LSND due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    .
    ==== End Of File ===========================
  2. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Oops, forgot an explanation. Yesterday this machine was extremely slow. A box popped up and the use clicked on it to "clean the viruses off" as the message told her the computer was full of viruses. I run the three files and it seems to be working properly. We have Symantec Endpoint Protection.

    Thank you.

    Gale
  3. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  4. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Thank you Broni for your help. After I run the previous two scans and turned my virus scan back on it stated I was infected with Trojan.Gen.2. Following are the scans for RogueKiller and aswMBR

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : admin [Admin rights]
    Mode : Scan -- Date : 11/16/2012 07:10:51

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[12] : NtAlertResumeThread @ 0x8062FF2C -> HOOKED (Unknown @ 0x8627BDA8)
    SSDT[13] : NtAlertThread @ 0x80577278 -> HOOKED (Unknown @ 0x862DDAC0)
    SSDT[17] : NtAllocateVirtualMemory @ 0x8056926A -> HOOKED (Unknown @ 0x862DDAF8)
    SSDT[31] : NtConnectPort @ 0x8058CA79 -> HOOKED (Unknown @ 0x8626AA88)
    SSDT[43] : NtCreateMutant @ 0x80577648 -> HOOKED (Unknown @ 0x8627EAF8)
    SSDT[53] : NtCreateThread @ 0x8057888D -> HOOKED (Unknown @ 0x8623D308)
    SSDT[83] : NtFreeVirtualMemory @ 0x80569B95 -> HOOKED (Unknown @ 0x862A1548)
    SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC17E -> HOOKED (Unknown @ 0x862BF5B0)
    SSDT[91] : NtImpersonateThread @ 0x80581729 -> HOOKED (Unknown @ 0x86252858)
    SSDT[108] : NtMapViewOfSection @ 0x8057CA99 -> HOOKED (Unknown @ 0x8623D360)
    SSDT[114] : NtOpenEvent @ 0x80581A98 -> HOOKED (Unknown @ 0x862A1510)
    SSDT[123] : NtOpenProcessToken @ 0x80571089 -> HOOKED (Unknown @ 0x862B6BC0)
    SSDT[129] : NtOpenThreadToken @ 0x80570B26 -> HOOKED (Unknown @ 0x86297BF8)
    SSDT[206] : NtResumeThread @ 0x80578F00 -> HOOKED (Unknown @ 0x862E7068)
    SSDT[213] : NtSetContextThread @ 0x8062E75B -> HOOKED (Unknown @ 0x8626DBF0)
    SSDT[228] : NtSetInformationProcess @ 0x80570D95 -> HOOKED (Unknown @ 0x8628F890)
    SSDT[229] : NtSetInformationThread @ 0x8056C596 -> HOOKED (Unknown @ 0x86260628)
    SSDT[253] : NtSuspendProcess @ 0x8062FE71 -> HOOKED (Unknown @ 0x8629ADA8)
    SSDT[254] : NtSuspendThread @ 0x805E0535 -> HOOKED (Unknown @ 0x862A8AA8)
    SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (Unknown @ 0x862E91A8)
    SSDT[258] : NtTerminateThread @ 0x80577F9F -> HOOKED (Unknown @ 0x862A7DA8)
    SSDT[267] : NtUnmapViewOfSection @ 0x8057C61E -> HOOKED (Unknown @ 0x8626EDA8)
    SSDT[277] : NtWriteVirtualMemory @ 0x80581512 -> HOOKED (Unknown @ 0x86252890)
    S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x85D03FD0)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINNT\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST380011A +++++
    --- User ---
    [MBR] 977fea8615f54927445233f59fbb9d7e
    [BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_11162012_02d0710.txt >>
    RKreport[1]_S_11162012_02d0710.txt

    *********************************************************************************************************
    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : admin [Admin rights]
    Mode : Remove -- Date : 11/16/2012 07:12:11

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤
    SSDT[12] : NtAlertResumeThread @ 0x8062FF2C -> HOOKED (Unknown @ 0x8627BDA8)
    SSDT[13] : NtAlertThread @ 0x80577278 -> HOOKED (Unknown @ 0x862DDAC0)
    SSDT[17] : NtAllocateVirtualMemory @ 0x8056926A -> HOOKED (Unknown @ 0x862DDAF8)
    SSDT[31] : NtConnectPort @ 0x8058CA79 -> HOOKED (Unknown @ 0x8626AA88)
    SSDT[43] : NtCreateMutant @ 0x80577648 -> HOOKED (Unknown @ 0x8627EAF8)
    SSDT[53] : NtCreateThread @ 0x8057888D -> HOOKED (Unknown @ 0x8623D308)
    SSDT[83] : NtFreeVirtualMemory @ 0x80569B95 -> HOOKED (Unknown @ 0x862A1548)
    SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC17E -> HOOKED (Unknown @ 0x862BF5B0)
    SSDT[91] : NtImpersonateThread @ 0x80581729 -> HOOKED (Unknown @ 0x86252858)
    SSDT[108] : NtMapViewOfSection @ 0x8057CA99 -> HOOKED (Unknown @ 0x8623D360)
    SSDT[114] : NtOpenEvent @ 0x80581A98 -> HOOKED (Unknown @ 0x862A1510)
    SSDT[123] : NtOpenProcessToken @ 0x80571089 -> HOOKED (Unknown @ 0x862B6BC0)
    SSDT[129] : NtOpenThreadToken @ 0x80570B26 -> HOOKED (Unknown @ 0x86297BF8)
    SSDT[206] : NtResumeThread @ 0x80578F00 -> HOOKED (Unknown @ 0x862E7068)
    SSDT[213] : NtSetContextThread @ 0x8062E75B -> HOOKED (Unknown @ 0x8626DBF0)
    SSDT[228] : NtSetInformationProcess @ 0x80570D95 -> HOOKED (Unknown @ 0x8628F890)
    SSDT[229] : NtSetInformationThread @ 0x8056C596 -> HOOKED (Unknown @ 0x86260628)
    SSDT[253] : NtSuspendProcess @ 0x8062FE71 -> HOOKED (Unknown @ 0x8629ADA8)
    SSDT[254] : NtSuspendThread @ 0x805E0535 -> HOOKED (Unknown @ 0x862A8AA8)
    SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (Unknown @ 0x862E91A8)
    SSDT[258] : NtTerminateThread @ 0x80577F9F -> HOOKED (Unknown @ 0x862A7DA8)
    SSDT[267] : NtUnmapViewOfSection @ 0x8057C61E -> HOOKED (Unknown @ 0x8626EDA8)
    SSDT[277] : NtWriteVirtualMemory @ 0x80581512 -> HOOKED (Unknown @ 0x86252890)
    S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x85D03FD0)

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINNT\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST380011A +++++
    --- User ---
    [MBR] 977fea8615f54927445233f59fbb9d7e
    [BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11162012_02d0712.txt >>
    RKreport[1]_S_11162012_02d0710.txt ; RKreport[2]_D_11162012_02d0712.txt

    **************************************************************************************************************************
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-16 07:19:06
    -----------------------------
    07:19:06.085 OS Version: Windows 5.1.2600 Service Pack 3
    07:19:06.085 Number of processors: 1 586 0x401
    07:19:06.101 ComputerName: ADELEP UserName: admin
    07:19:06.913 Initialize success
    07:20:45.552 AVAST engine defs: 12111600
    07:21:55.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    07:21:55.441 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
    07:21:55.472 Disk 0 MBR read successfully
    07:21:55.472 Disk 0 MBR scan
    07:21:55.582 Disk 0 Windows XP default MBR code
    07:21:55.597 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
    07:21:55.613 Disk 0 scanning sectors +156232125
    07:21:55.722 Disk 0 scanning C:\WINNT\system32\drivers
    07:22:25.956 Service scanning
    07:22:57.455 Modules scanning
    07:23:18.439 Disk 0 trace - called modules:
    07:23:18.455 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    07:23:18.455 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863d5ab8]
    07:23:18.955 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x863d6b00]
    07:23:19.596 AVAST engine scan C:\WINNT
    07:24:25.360 AVAST engine scan C:\WINNT\system32
    07:33:57.537 AVAST engine scan C:\WINNT\system32\drivers
    07:34:38.864 AVAST engine scan C:\Documents and Settings\admin.LSND
    07:36:50.799 AVAST engine scan C:\Documents and Settings\All Users
    07:39:32.811 Scan finished successfully
    07:42:10.590 Disk 0 MBR has been saved successfully to "\\Xpfsfrg\work - frg\Docs\Virus Info Adele\MBR.dat"
    07:42:10.590 The log file has been saved successfully to "\\Xpfsfrg\work - frg\Docs\Virus Info Adele\aswMBR.txt"
  5. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  6. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Broni, I have left the machine for the day. Would it be possible to take this up on Monday morning?
  7. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    No problem :)
  8. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Broni,

    I tried to run combofix, it just sat there (3 1/2 hours) at a screen that says "scanning for infected files".

    I then downloaded rkill.exe, booted into safe mode, stopped the virus scan and tried to run it from the desktop. A black box popped up really quick, but before the notepad log file could come up I got a BSOD, something looking like this: http://i1307.photobucket.com/albums/s595/finaltactics/IMAG0091_zps8062c76a.jpg.

    I then downloaded iexplore.exe from the site above and booted into safe mode and tried to run that scan from the desktop. I got the same type of BSOD.

    I then tried to run combofix which had been downloaded onto the desktop with a different name. That one is stuck at "scanning for infected files" also. The computer clock is still running also. It was also still running when it sat there for 3 1/2 hours also.
  9. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  10. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    OK, I had to do this scan twice. The same threat keeps showing up. The first scan was as follows:

    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org

    Database version: v2012.11.20.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    admin :: ADELEP [administrator]

    11/20/2012 8:37:41 AM
    mbar-log-2012-11-20 (08-37-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 30727
    Time elapsed: 1 hour(s), 18 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [0a77fabf3627a393d4811311d62e7c84]

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    *******************************************************************
    The second scan was as follows:

    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org

    Database version: v2012.11.20.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    admin :: ADELEP [administrator]

    11/20/2012 9:55:53 AM
    mbar-log-2012-11-20 (09-55-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 30727
    Time elapsed: 1 hour(s), 3 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [473a2099b0adbf77035234f02dd7bd43]

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ****************************************************************

    System_log.txt
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 1071628288, free: 423309312

    DDA Driver installation error.
    Driver installed on boot. Reboot required.
    System shutdown occured
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 1071628288, free: 612425728

    Downloaded database version: v2012.11.20.02
    Downloaded database version: v2012.11.19.01
    Initializing...
    Done!
    Scanning directory: C:\WINNT\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 80

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 156232062
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 80000000000 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occured
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 1071628288, free: 627650560

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 1071628288, free: 580050944

    DDA Driver installation error.
    Driver installed on boot. Reboot required.
    System shutdown occured
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 1071628288, free: 618340352

    Initializing...
    Done!
    Scanning directory: C:\WINNT\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 80

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 156232062
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 80000000000 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occured
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 8.0.6001.18702

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 1071628288, free: 636456960
  11. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Please retry Combofix now.
     
  12. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    OK, tried to run combofix again from the first link above. It asked me to update to the newest version which I agreed to. I let it sit there for about 20 minutes. It never knocked me off the internet. I looked at the instructions again and they didn't mention that it would need to be updated, so I stopped it, deleted it off the desktop, cleaned the recycle bin and I downloaded a new version, saved it to the desktop and started it again. It has been close to 20 minutes or so again, and it is still sitting there saying it typically only takes 10 minutes but badly infected machines could more than double. Should I continue to let it run?
  13. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Stop it and...
  14. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    OK, tried :
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

    When trying to run Rkill or Iexplore, I get the blue screen of death and I downloaded a new copy of combofix and gave it a different name, that will not run either.
  15. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  16. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    TDSSKILLER Log file:

    10:27:24.0868 3160 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    10:27:25.0367 3160 ============================================================
    10:27:25.0367 3160 Current date / time: 2012/11/21 10:27:25.0367
    10:27:25.0367 3160 SystemInfo:
    10:27:25.0367 3160
    10:27:25.0367 3160 OS Version: 5.1.2600 ServicePack: 3.0
    10:27:25.0367 3160 Product type: Workstation
    10:27:25.0367 3160 ComputerName: ADELEP
    10:27:25.0367 3160 UserName: admin
    10:27:25.0367 3160 Windows directory: C:\WINNT
    10:27:25.0367 3160 System windows directory: C:\WINNT
    10:27:25.0367 3160 Processor architecture: Intel x86
    10:27:25.0367 3160 Number of processors: 1
    10:27:25.0367 3160 Page size: 0x1000
    10:27:25.0367 3160 Boot type: Normal boot
    10:27:25.0367 3160 ============================================================
    10:27:28.0159 3160 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    10:27:28.0159 3160 ============================================================
    10:27:28.0159 3160 \Device\Harddisk0\DR0:
    10:27:28.0159 3160 MBR partitions:
    10:27:28.0159 3160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
    10:27:28.0159 3160 ============================================================
    10:27:28.0253 3160 C: <-> \Device\Harddisk0\DR0\Partition1
    10:27:28.0253 3160 ============================================================
    10:27:28.0253 3160 Initialize success
    10:27:28.0253 3160 ============================================================
    10:27:38.0811 3540 ============================================================
    10:27:38.0811 3540 Scan started
    10:27:38.0811 3540 Mode: Manual;
    10:27:38.0811 3540 ============================================================
    10:27:42.0523 3540 ================ Scan system memory ========================
    10:27:46.0297 3540 System memory - ok
    10:27:46.0297 3540 ================ Scan services =============================
    10:27:46.0422 3540 Abiosdsk - ok
    10:27:46.0438 3540 abp480n5 - ok
    10:27:46.0500 3540 [ 4848ABF6D2F38C8A1F2138D4FE8F9455 ] Achernar C:\WINNT\system32\Drivers\Achernar.sys
    10:27:46.0500 3540 Achernar - ok
    10:27:46.0531 3540 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys
    10:27:46.0531 3540 ACPI - ok
    10:27:46.0578 3540 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys
    10:27:46.0578 3540 ACPIEC - ok
    10:27:46.0656 3540 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    10:27:46.0687 3540 Adobe LM Service - ok
    10:27:46.0797 3540 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    10:27:46.0859 3540 AdobeFlashPlayerUpdateSvc - ok
    10:27:46.0875 3540 adpu160m - ok
    10:27:46.0921 3540 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINNT\system32\drivers\aeaudio.sys
    10:27:46.0921 3540 aeaudio - ok
    10:27:46.0984 3540 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINNT\system32\drivers\aec.sys
    10:27:46.0984 3540 aec - ok
    10:27:47.0046 3540 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINNT\System32\drivers\afd.sys
    10:27:47.0046 3540 AFD - ok
    10:27:47.0108 3540 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINNT\system32\drivers\AFS2K.sys
    10:27:47.0108 3540 AFS2K - ok
    10:27:47.0108 3540 Aha154x - ok
    10:27:47.0124 3540 aic116x - ok
    10:27:47.0155 3540 aic78u2 - ok
    10:27:47.0155 3540 aic78xx - ok
    10:27:47.0218 3540 [ 03A26904786D78552B93BB4D64F0B72F ] Aldebaran C:\WINNT\System32\Drivers\Aldebaran.sys
    10:27:47.0218 3540 Aldebaran - ok
    10:27:47.0280 3540 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINNT\system32\alrsvc.dll
    10:27:47.0280 3540 Alerter - ok
    10:27:47.0327 3540 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINNT\System32\alg.exe
    10:27:47.0327 3540 ALG - ok
    10:27:47.0342 3540 AliIde - ok
    10:27:47.0342 3540 ami0nt - ok
    10:27:47.0358 3540 amsint - ok
    10:27:47.0420 3540 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINNT\System32\appmgmts.dll
    10:27:47.0483 3540 AppMgmt - ok
    10:27:47.0498 3540 asc - ok
    10:27:47.0514 3540 asc3350p - ok
    10:27:47.0530 3540 asc3550 - ok
    10:27:47.0608 3540 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINNT\system32\drivers\Aspi32.sys
    10:27:47.0608 3540 Aspi32 - ok
    10:27:47.0748 3540 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    10:27:47.0842 3540 aspnet_state - ok
    10:27:47.0873 3540 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys
    10:27:47.0873 3540 AsyncMac - ok
    10:27:47.0951 3540 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys
    10:27:47.0951 3540 atapi - ok
    10:27:47.0966 3540 Atdisk - ok
    10:27:48.0013 3540 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys
    10:27:48.0013 3540 Atmarpc - ok
    10:27:48.0060 3540 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINNT\System32\audiosrv.dll
    10:27:48.0075 3540 AudioSrv - ok
    10:27:48.0122 3540 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys
    10:27:48.0122 3540 audstub - ok
    10:27:48.0200 3540 [ 7305E36433AE7CE4A878CCC900BCF2A8 ] awecho C:\WINNT\system32\drivers\awechomd.sys
    10:27:48.0200 3540 awecho - ok
    10:27:48.0372 3540 [ 66847905242D7C66CD628643EB3413FE ] awhost32 C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    10:27:48.0372 3540 awhost32 - ok
    10:27:48.0387 3540 [ 71C32536B50136E9E439306A2E9296E2 ] AW_HOST C:\WINNT\system32\drivers\aw_host5.sys
    10:27:48.0387 3540 AW_HOST - ok
    10:27:48.0450 3540 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys
    10:27:48.0450 3540 Beep - ok
    10:27:48.0528 3540 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINNT\system32\qmgr.dll
    10:27:48.0606 3540 BITS - ok
    10:27:48.0668 3540 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINNT\System32\browser.dll
    10:27:48.0668 3540 Browser - ok
    10:27:48.0684 3540 BusLogic - ok
    10:27:48.0715 3540 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys
    10:27:48.0715 3540 cbidf2k - ok
    10:27:48.0824 3540 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    10:27:48.0824 3540 ccEvtMgr - ok
    10:27:48.0840 3540 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    10:27:48.0855 3540 ccSetMgr - ok
    10:27:48.0871 3540 cd20xrnt - ok
    10:27:48.0918 3540 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys
    10:27:48.0918 3540 Cdaudio - ok
    10:27:48.0964 3540 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys
    10:27:48.0980 3540 Cdfs - ok
    10:27:49.0027 3540 [ 9880F86F4261699273F818AE50216B8C ] Cdr4_2K C:\WINNT\system32\drivers\Cdr4_2K.sys
    10:27:49.0027 3540 Cdr4_2K - ok
    10:27:49.0042 3540 [ 300500FB3EF21374F7194F9F42B130BC ] Cdralw2k C:\WINNT\system32\drivers\Cdralw2k.sys
    10:27:49.0058 3540 Cdralw2k - ok
    10:27:49.0074 3540 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys
    10:27:49.0074 3540 Cdrom - ok
    10:27:49.0074 3540 Changer - ok
    10:27:49.0136 3540 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINNT\system32\cisvc.exe
    10:27:49.0136 3540 cisvc - ok
    10:27:49.0198 3540 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINNT\system32\clipsrv.exe
    10:27:49.0230 3540 ClipSrv - ok
    10:27:49.0276 3540 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:27:49.0479 3540 clr_optimization_v2.0.50727_32 - ok
    10:27:49.0495 3540 CmdIde - ok
    10:27:49.0526 3540 [ 4F2DEDEED7C091FAFC4DADA5534F3D37 ] COH_Mon C:\WINNT\system32\Drivers\COH_Mon.sys
    10:27:49.0526 3540 COH_Mon - ok
    10:27:49.0542 3540 COMSysApp - ok
    10:27:49.0573 3540 Cpqarray - ok
    10:27:49.0573 3540 cpqarry2 - ok
    10:27:49.0588 3540 cpqfcalm - ok
    10:27:49.0619 3540 cpqfws2e - ok
    10:27:49.0682 3540 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINNT\System32\cryptsvc.dll
    10:27:49.0682 3540 CryptSvc - ok
    10:27:49.0697 3540 dac2w2k - ok
    10:27:49.0713 3540 dac960nt - ok
    10:27:49.0775 3540 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINNT\system32\rpcss.dll
    10:27:49.0791 3540 DcomLaunch - ok
    10:27:49.0807 3540 deckzpsx - ok
    10:27:49.0900 3540 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll
    10:27:49.0900 3540 Dhcp - ok
    10:27:49.0931 3540 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINNT\system32\DRIVERS\disk.sys
    10:27:49.0947 3540 Disk - ok
    10:27:49.0963 3540 dmadmin - ok
    10:27:50.0056 3540 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINNT\system32\drivers\dmboot.sys
    10:27:50.0119 3540 dmboot - ok
    10:27:50.0165 3540 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINNT\system32\DRIVERS\dmio.sys
    10:27:50.0181 3540 dmio - ok
    10:27:50.0212 3540 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys
    10:27:50.0212 3540 dmload - ok
    10:27:50.0243 3540 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINNT\System32\dmserver.dll
    10:27:50.0243 3540 dmserver - ok
    10:27:50.0290 3540 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINNT\system32\drivers\DMusic.sys
    10:27:50.0290 3540 DMusic - ok
    10:27:50.0353 3540 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINNT\System32\dnsrslvr.dll
    10:27:50.0368 3540 Dnscache - ok
    10:27:50.0446 3540 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINNT\System32\dot3svc.dll
    10:27:50.0462 3540 Dot3svc - ok
    10:27:50.0477 3540 dpti2o - ok
    10:27:50.0493 3540 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys
    10:27:50.0493 3540 drmkaud - ok
    10:27:50.0555 3540 [ 8179A01475F75417011E27E322C7E0E3 ] E1000 C:\WINNT\system32\DRIVERS\e1000325.sys
    10:27:50.0555 3540 E1000 - ok
    10:27:50.0618 3540 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINNT\system32\DRIVERS\e100b325.sys
    10:27:50.0633 3540 E100B - ok
    10:27:50.0711 3540 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINNT\System32\eapsvc.dll
    10:27:50.0727 3540 EapHost - ok
    10:27:50.0789 3540 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    10:27:50.0805 3540 eeCtrl - ok
    10:27:50.0820 3540 EFS - ok
    10:27:50.0867 3540 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    10:27:50.0867 3540 EraserUtilRebootDrv - ok
    10:27:50.0898 3540 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINNT\System32\ersvc.dll
    10:27:50.0898 3540 ERSvc - ok
    10:27:50.0945 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINNT\system32\services.exe
    10:27:50.0945 3540 Eventlog - ok
    10:27:51.0023 3540 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINNT\system32\es.dll
    10:27:51.0023 3540 EventSystem - ok
    10:27:51.0086 3540 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys
    10:27:51.0101 3540 Fastfat - ok
    10:27:51.0164 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll
    10:27:51.0164 3540 FastUserSwitchingCompatibility - ok
    10:27:51.0226 3540 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINNT\system32\fxssvc.exe
    10:27:51.0241 3540 Fax - ok
    10:27:51.0241 3540 Fd16_700 - ok
    10:27:51.0273 3540 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINNT\system32\drivers\Fdc.sys
    10:27:51.0273 3540 Fdc - ok
    10:27:51.0288 3540 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINNT\system32\drivers\Fips.sys
    10:27:51.0304 3540 Fips - ok
    10:27:51.0304 3540 fireport - ok
    10:27:51.0319 3540 flashpnt - ok
    10:27:51.0335 3540 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINNT\system32\drivers\Flpydisk.sys
    10:27:51.0335 3540 Flpydisk - ok
    10:27:51.0413 3540 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINNT\system32\drivers\fltmgr.sys
    10:27:51.0429 3540 FltMgr - ok
    10:27:51.0522 3540 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    10:27:51.0569 3540 FontCache3.0.0.0 - ok
    10:27:51.0631 3540 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys
    10:27:51.0631 3540 Fs_Rec - ok
    10:27:51.0678 3540 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys
    10:27:51.0678 3540 Ftdisk - ok
    10:27:51.0725 3540 [ FD25177CED6751C14DE170D8282CED90 ] Gernuwa C:\WINNT\system32\drivers\Gernuwa.sys
    10:27:51.0725 3540 Gernuwa - ok
    10:27:51.0787 3540 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys
    10:27:51.0787 3540 Gpc - ok
    10:27:51.0912 3540 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll
    10:27:51.0912 3540 helpsvc - ok
    10:27:51.0928 3540 HidServ - ok
    10:27:51.0959 3540 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINNT\system32\DRIVERS\hidusb.sys
    10:27:51.0975 3540 hidusb - ok
    10:27:52.0037 3540 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINNT\System32\kmsvc.dll
    10:27:52.0037 3540 hkmsvc - ok
    10:27:52.0052 3540 hpn - ok
    10:27:52.0099 3540 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINNT\system32\DRIVERS\HPZid412.sys
    10:27:52.0099 3540 HPZid412 - ok
    10:27:52.0130 3540 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINNT\system32\DRIVERS\HPZipr12.sys
    10:27:52.0130 3540 HPZipr12 - ok
    10:27:52.0177 3540 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINNT\system32\DRIVERS\HPZius12.sys
    10:27:52.0177 3540 HPZius12 - ok
    10:27:52.0255 3540 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys
    10:27:52.0255 3540 HTTP - ok
    10:27:52.0318 3540 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINNT\System32\w3ssl.dll
    10:27:52.0364 3540 HTTPFilter - ok
    10:27:52.0380 3540 i2omgmt - ok
    10:27:52.0396 3540 i2omp - ok
    10:27:52.0427 3540 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys
    10:27:52.0427 3540 i8042prt - ok
    10:27:52.0536 3540 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINNT\system32\DRIVERS\ialmnt5.sys
    10:27:52.0583 3540 ialm - ok
    10:27:52.0723 3540 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    10:27:52.0863 3540 idsvc - ok
    10:27:52.0910 3540 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys
    10:27:52.0910 3540 Imapi - ok
    10:27:52.0973 3540 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINNT\system32\imapi.exe
    10:27:53.0035 3540 ImapiService - ok
    10:27:53.0051 3540 ini910u - ok
    10:27:53.0097 3540 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINNT\system32\DRIVERS\intelide.sys
    10:27:53.0113 3540 IntelIde - ok
    10:27:53.0175 3540 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINNT\system32\DRIVERS\intelppm.sys
    10:27:53.0175 3540 intelppm - ok
    10:27:53.0207 3540 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINNT\system32\drivers\ip6fw.sys
    10:27:53.0207 3540 Ip6Fw - ok
    10:27:53.0253 3540 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys
    10:27:53.0253 3540 IpFilterDriver - ok
    10:27:53.0285 3540 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys
    10:27:53.0285 3540 IpInIp - ok
    10:27:53.0331 3540 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys
    10:27:53.0347 3540 IpNat - ok
    10:27:53.0409 3540 [ 23C74D75E36E7158768DD63D92789A91 ] IPSEC C:\WINNT\system32\DRIVERS\ipsec.sys
    10:27:53.0409 3540 IPSEC - ok
    10:27:53.0409 3540 ipsraidn - ok
    10:27:53.0441 3540 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys
    10:27:53.0441 3540 IRENUM - ok
    10:27:53.0503 3540 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys
    10:27:53.0503 3540 isapnp - ok
    10:27:53.0612 3540 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    10:27:53.0612 3540 JavaQuickStarterService - ok
    10:27:53.0628 3540 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys
    10:27:53.0628 3540 Kbdclass - ok
    10:27:53.0690 3540 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINNT\system32\DRIVERS\kbdhid.sys
    10:27:53.0690 3540 kbdhid - ok
    10:27:53.0752 3540 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINNT\system32\drivers\kmixer.sys
    10:27:53.0752 3540 kmixer - ok
    10:27:53.0815 3540 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys
    10:27:53.0815 3540 KSecDD - ok
    10:27:53.0877 3540 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINNT\System32\srvsvc.dll
    10:27:53.0877 3540 lanmanserver - ok
    10:27:53.0924 3540 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINNT\System32\wkssvc.dll
    10:27:53.0924 3540 lanmanworkstation - ok
    10:27:53.0940 3540 lbrtfdc - ok
    10:27:54.0189 3540 [ 6ABE9ECAAB7DD0CC6F46EC830E0FE8FC ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    10:27:54.0236 3540 LiveUpdate - ok
    10:27:54.0298 3540 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINNT\System32\lmhsvc.dll
    10:27:54.0298 3540 LmHosts - ok
    10:27:54.0314 3540 lp6nds35 - ok
    10:27:54.0392 3540 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINNT\system32\drivers\mbamchameleon.sys
    10:27:54.0392 3540 mbamchameleon - ok
    10:27:54.0501 3540 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    10:27:54.0517 3540 MDM - ok
    10:27:54.0563 3540 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINNT\System32\msgsvc.dll
    10:27:54.0641 3540 Messenger - ok
    10:27:54.0719 3540 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys
    10:27:54.0719 3540 mnmdd - ok
    10:27:54.0782 3540 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINNT\system32\mnmsrvc.exe
    10:27:54.0797 3540 mnmsrvc - ok
    10:27:54.0860 3540 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINNT\system32\drivers\Modem.sys
    10:27:54.0860 3540 Modem - ok
    10:27:54.0891 3540 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys
    10:27:54.0891 3540 Mouclass - ok
    10:27:54.0938 3540 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINNT\system32\DRIVERS\mouhid.sys
    10:27:54.0938 3540 mouhid - ok
    10:27:54.0985 3540 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys
    10:27:54.0985 3540 MountMgr - ok
    10:27:55.0047 3540 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    10:27:55.0078 3540 MozillaMaintenance - ok
    10:27:55.0094 3540 mraid35x - ok
    10:27:55.0125 3540 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys
    10:27:55.0125 3540 MRxDAV - ok
    10:27:55.0187 3540 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys
    10:27:55.0203 3540 MRxSmb - ok
    10:27:55.0250 3540 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINNT\system32\msdtc.exe
    10:27:55.0265 3540 MSDTC - ok
    10:27:55.0312 3540 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINNT\system32\drivers\Msfs.sys
    10:27:55.0312 3540 Msfs - ok
    10:27:55.0328 3540 MSIServer - ok
    10:27:55.0390 3540 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys
    10:27:55.0390 3540 MSKSSRV - ok
    10:27:55.0406 3540 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys
    10:27:55.0406 3540 MSPCLOCK - ok
    10:27:55.0437 3540 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys
    10:27:55.0437 3540 MSPQM - ok
    10:27:55.0468 3540 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys
    10:27:55.0468 3540 mssmbios - ok
    10:27:55.0515 3540 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINNT\system32\drivers\Mup.sys
    10:27:55.0515 3540 Mup - ok
    10:27:55.0608 3540 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINNT\System32\qagentrt.dll
    10:27:55.0671 3540 napagent - ok
    10:27:55.0811 3540 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121120.017\NAVENG.SYS
    10:27:55.0811 3540 NAVENG - ok
    10:27:55.0889 3540 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121120.017\NAVEX15.SYS
    10:27:55.0905 3540 NAVEX15 - ok
    10:27:55.0905 3540 Nbf - ok
    10:27:55.0920 3540 Ncrc710 - ok
    10:27:55.0998 3540 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINNT\system32\drivers\NDIS.sys
    10:27:55.0998 3540 NDIS - ok
    10:27:56.0045 3540 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys
    10:27:56.0045 3540 NdisTapi - ok
    10:27:56.0076 3540 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys
    10:27:56.0076 3540 Ndisuio - ok
    10:27:56.0139 3540 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys
    10:27:56.0154 3540 NdisWan - ok
    10:27:56.0201 3540 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys
    10:27:56.0201 3540 NDProxy - ok
    10:27:56.0263 3540 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINNT\system32\HPZinw12.dll
    10:27:56.0263 3540 Net Driver HPZ12 - ok
    10:27:56.0279 3540 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys
    10:27:56.0279 3540 NetBIOS - ok
    10:27:56.0310 3540 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys
    10:27:56.0310 3540 NetBT - ok
    10:27:56.0357 3540 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINNT\system32\netdde.exe
    10:27:56.0388 3540 NetDDE - ok
    10:27:56.0404 3540 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINNT\system32\netdde.exe
    10:27:56.0404 3540 NetDDEdsdm - ok
    10:27:56.0466 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINNT\system32\lsass.exe
    10:27:56.0466 3540 Netlogon - ok
    10:27:56.0497 3540 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINNT\System32\netman.dll
    10:27:56.0497 3540 Netman - ok
    10:27:56.0560 3540 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    10:27:56.0591 3540 NetTcpPortSharing - ok
    10:27:56.0653 3540 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINNT\System32\mswsock.dll
    10:27:56.0700 3540 Nla - ok
    10:27:56.0763 3540 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINNT\system32\drivers\NPF.sys
    10:27:56.0763 3540 NPF - ok
    10:27:56.0809 3540 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINNT\system32\drivers\Npfs.sys
    10:27:56.0809 3540 Npfs - ok
    10:27:56.0841 3540 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys
    10:27:56.0872 3540 Ntfs - ok
    10:27:56.0887 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINNT\system32\lsass.exe
    10:27:56.0887 3540 NtLmSsp - ok
    10:27:56.0934 3540 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll
    10:27:56.0981 3540 NtmsSvc - ok
    10:27:57.0012 3540 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys
    10:27:57.0028 3540 Null - ok
    10:27:57.0074 3540 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys
    10:27:57.0074 3540 NwlnkFlt - ok
    10:27:57.0106 3540 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
    10:27:57.0106 3540 NwlnkFwd - ok
    10:27:57.0215 3540 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    10:27:57.0262 3540 odserv - ok
    10:27:57.0324 3540 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    10:27:57.0418 3540 ose - ok
    10:27:57.0433 3540 Parallel - ok
    10:27:57.0496 3540 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINNT\system32\DRIVERS\parport.sys
    10:27:57.0496 3540 Parport - ok
    10:27:57.0527 3540 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys
    10:27:57.0527 3540 PartMgr - ok
    10:27:57.0574 3540 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys
    10:27:57.0589 3540 ParVdm - ok
    10:27:57.0636 3540 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINNT\system32\DRIVERS\pci.sys
    10:27:57.0636 3540 PCI - ok
    10:27:57.0652 3540 PCIDump - ok
    10:27:57.0683 3540 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys
    10:27:57.0683 3540 PCIIde - ok
    10:27:57.0761 3540 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINNT\system32\drivers\Pcmcia.sys
    10:27:57.0776 3540 Pcmcia - ok
    10:27:57.0776 3540 PDCOMP - ok
    10:27:57.0807 3540 PDFRAME - ok
    10:27:57.0807 3540 PDRELI - ok
    10:27:57.0823 3540 PDRFRAME - ok
    10:27:57.0839 3540 perc2 - ok
    10:27:57.0870 3540 perc2hib - ok
    10:27:57.0932 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINNT\system32\services.exe
    10:27:57.0948 3540 PlugPlay - ok
    10:27:57.0963 3540 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINNT\system32\HPZipm12.dll
    10:27:57.0963 3540 Pml Driver HPZ12 - ok
    10:27:57.0979 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINNT\system32\lsass.exe
    10:27:57.0979 3540 PolicyAgent - ok
    10:27:58.0041 3540 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys
    10:27:58.0057 3540 PptpMiniport - ok
    10:27:58.0057 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINNT\system32\lsass.exe
    10:27:58.0073 3540 ProtectedStorage - ok
    10:27:58.0119 3540 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    10:27:58.0135 3540 PSI_SVC_2 - ok
    10:27:58.0182 3540 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys
    10:27:58.0182 3540 Ptilink - ok
    10:27:58.0197 3540 ql1080 - ok
    10:27:58.0213 3540 Ql10wnt - ok
    10:27:58.0229 3540 ql12160 - ok
    10:27:58.0244 3540 ql1240 - ok
    10:27:58.0260 3540 ql1280 - ok
    10:27:58.0260 3540 ql2100 - ok
    10:27:58.0322 3540 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys
    10:27:58.0322 3540 RasAcd - ok
    10:27:58.0369 3540 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINNT\System32\rasauto.dll
    10:27:58.0385 3540 RasAuto - ok
    10:27:58.0431 3540 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys
    10:27:58.0431 3540 Rasl2tp - ok
    10:27:58.0494 3540 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINNT\System32\rasmans.dll
    10:27:58.0509 3540 RasMan - ok
    10:27:58.0525 3540 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys
    10:27:58.0541 3540 RasPppoe - ok
    10:27:58.0556 3540 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys
    10:27:58.0556 3540 Raspti - ok
    10:27:58.0587 3540 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys
    10:27:58.0587 3540 Rdbss - ok
    10:27:58.0650 3540 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys
    10:27:58.0650 3540 RDPCDD - ok
    10:27:58.0712 3540 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINNT\system32\DRIVERS\rdpdr.sys
    10:27:58.0728 3540 rdpdr - ok
    10:27:58.0790 3540 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys
    10:27:58.0790 3540 RDPWD - ok
    10:27:58.0837 3540 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINNT\system32\sessmgr.exe
    10:27:58.0884 3540 RDSessMgr - ok
    10:27:58.0946 3540 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys
    10:27:58.0946 3540 redbook - ok
    10:27:58.0993 3540 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINNT\System32\mprdim.dll
    10:27:59.0024 3540 RemoteAccess - ok
    10:27:59.0071 3540 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINNT\system32\regsvc.dll
    10:27:59.0071 3540 RemoteRegistry - ok
    10:27:59.0102 3540 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINNT\system32\locator.exe
    10:27:59.0133 3540 RpcLocator - ok
    10:27:59.0180 3540 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINNT\system32\rpcss.dll
    10:27:59.0196 3540 RpcSs - ok
    10:27:59.0258 3540 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINNT\system32\rsvp.exe
    10:27:59.0320 3540 RSVP - ok
    10:27:59.0352 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINNT\system32\lsass.exe
    10:27:59.0352 3540 SamSs - ok
    10:27:59.0367 3540 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINNT\System32\SCardSvr.exe
    10:27:59.0445 3540 SCardSvr - ok
    10:27:59.0507 3540 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINNT\system32\schedsvc.dll
    10:27:59.0507 3540 Schedule - ok
    10:27:59.0585 3540 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys
    10:27:59.0585 3540 Secdrv - ok
    10:27:59.0617 3540 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINNT\System32\seclogon.dll
    10:27:59.0617 3540 seclogon - ok
    10:27:59.0663 3540 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINNT\system32\sens.dll
    10:27:59.0663 3540 SENS - ok
    10:27:59.0695 3540 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINNT\system32\DRIVERS\serenum.sys
    10:27:59.0695 3540 serenum - ok
    10:27:59.0710 3540 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINNT\system32\DRIVERS\serial.sys
    10:27:59.0710 3540 Serial - ok
    10:27:59.0741 3540 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINNT\system32\drivers\Sfloppy.sys
    10:27:59.0741 3540 Sfloppy - ok
    10:27:59.0804 3540 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINNT\System32\ipnathlp.dll
    10:27:59.0819 3540 SharedAccess - ok
    10:27:59.0866 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINNT\System32\shsvcs.dll
    10:27:59.0866 3540 ShellHWDetection - ok
    10:27:59.0882 3540 Simbad - ok
    10:28:00.0069 3540 [ 8317AD0C7E640411C746D5664EB7957A ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    10:28:00.0178 3540 SmcService - ok
    10:28:00.0272 3540 [ 5018A9DB5EB62E3EDB3110F82F556285 ] smwdm C:\WINNT\system32\drivers\smwdm.sys
    10:28:00.0287 3540 smwdm - ok
    10:28:00.0334 3540 [ 95293A76341B1DB125EE125474657728 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
    10:28:00.0490 3540 SNAC - ok
    10:28:00.0537 3540 SpamCatcherUniversal - ok
    10:28:00.0552 3540 Sparrow - ok
    10:28:00.0677 3540 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    10:28:00.0708 3540 SPBBCDrv - ok
    10:28:00.0755 3540 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINNT\system32\drivers\splitter.sys
    10:28:00.0755 3540 splitter - ok
    10:28:00.0833 3540 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINNT\system32\spoolsv.exe
    10:28:00.0849 3540 Spooler - ok
    10:28:00.0896 3540 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINNT\system32\DRIVERS\sr.sys
    10:28:00.0896 3540 sr - ok
    10:28:00.0958 3540 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINNT\system32\srsvc.dll
    10:28:00.0974 3540 srservice - ok
    10:28:01.0036 3540 [ B36F8D6A02FF2B3A53E250A629782F29 ] SRTSP C:\WINNT\system32\Drivers\SRTSP.SYS
    10:28:01.0036 3540 SRTSP - ok
    10:28:01.0129 3540 [ E99BD98AC171A29FC1BA9376BE87AE73 ] SRTSPL C:\WINNT\system32\Drivers\SRTSPL.SYS
    10:28:01.0129 3540 SRTSPL - ok
    10:28:01.0176 3540 [ 1AF34729898063E9B7DF8D149D767E07 ] SRTSPX C:\WINNT\system32\Drivers\SRTSPX.SYS
    10:28:01.0176 3540 SRTSPX - ok
    10:28:01.0239 3540 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINNT\system32\DRIVERS\srv.sys
    10:28:01.0254 3540 Srv - ok
    10:28:01.0301 3540 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll
    10:28:01.0301 3540 SSDPSRV - ok
    10:28:01.0363 3540 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] StiSvc C:\WINNT\system32\wiaservc.dll
    10:28:01.0379 3540 StiSvc - ok
    10:28:01.0441 3540 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINNT\system32\DRIVERS\swenum.sys
    10:28:01.0441 3540 swenum - ok
    10:28:01.0473 3540 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINNT\system32\drivers\swmidi.sys
    10:28:01.0473 3540 swmidi - ok
    10:28:01.0473 3540 SwPrv - ok
    10:28:01.0613 3540 [ 4402CF4959A30CB6A008099ABA8F22A9 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    10:28:01.0629 3540 Symantec AntiVirus - ok
    10:28:01.0644 3540 symc810 - ok
    10:28:01.0675 3540 symc8xx - ok
    10:28:01.0722 3540 [ E42A34E6F5CA71A84D4C2DE620AAD13D ] SymEvent C:\WINNT\system32\Drivers\SYMEVENT.SYS
    10:28:01.0753 3540 SymEvent - ok
    10:28:01.0800 3540 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\WINNT\System32\Drivers\SYMREDRV.SYS
    10:28:01.0800 3540 SYMREDRV - ok
    10:28:01.0831 3540 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\WINNT\System32\Drivers\SYMTDI.SYS
    10:28:01.0831 3540 SYMTDI - ok
    10:28:01.0847 3540 sym_hi - ok
    10:28:01.0863 3540 sym_u3 - ok
    10:28:01.0894 3540 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys
    10:28:01.0894 3540 sysaudio - ok
    10:28:01.0940 3540 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINNT\system32\smlogsvc.exe
    10:28:02.0003 3540 SysmonLog - ok
    10:28:02.0065 3540 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINNT\System32\tapisrv.dll
    10:28:02.0065 3540 TapiSrv - ok
    10:28:02.0143 3540 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys
    10:28:02.0159 3540 Tcpip - ok
    10:28:02.0206 3540 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys
    10:28:02.0206 3540 TDPIPE - ok
    10:28:02.0237 3540 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys
    10:28:02.0237 3540 TDTCP - ok
    10:28:02.0268 3540 [ 88155247177638048422893737429D9E ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys
    10:28:02.0268 3540 TermDD - ok
    10:28:02.0330 3540 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINNT\System32\termsrv.dll
    10:28:02.0346 3540 TermService - ok
    10:28:02.0346 3540 tga - ok
    10:28:02.0393 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINNT\System32\shsvcs.dll
    10:28:02.0393 3540 Themes - ok
    10:28:02.0455 3540 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINNT\system32\tlntsvr.exe
    10:28:02.0486 3540 TlntSvr - ok
    10:28:02.0502 3540 TosIde - ok
    10:28:02.0549 3540 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINNT\system32\trkwks.dll
    10:28:02.0549 3540 TrkWks - ok
    10:28:02.0596 3540 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINNT\system32\drivers\Udfs.sys
    10:28:02.0596 3540 Udfs - ok
    10:28:02.0611 3540 ultra - ok
    10:28:02.0627 3540 ultra66 - ok
    10:28:02.0689 3540 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINNT\system32\DRIVERS\update.sys
    10:28:02.0736 3540 Update - ok
    10:28:02.0798 3540 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINNT\System32\upnphost.dll
    10:28:02.0829 3540 upnphost - ok
    10:28:02.0861 3540 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINNT\System32\ups.exe
    10:28:02.0907 3540 UPS - ok
    10:28:02.0939 3540 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys
    10:28:02.0939 3540 usbehci - ok
    10:28:03.0017 3540 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys
    10:28:03.0017 3540 usbhub - ok
    10:28:03.0079 3540 [ B0205D19BA25CA654810D0AED04496A8 ] usbhub20 C:\WINNT\system32\DRIVERS\usbhub20.sys
    10:28:03.0079 3540 usbhub20 - ok
    10:28:03.0126 3540 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys
    10:28:03.0126 3540 usbprint - ok
    10:28:03.0157 3540 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINNT\system32\DRIVERS\usbscan.sys
    10:28:03.0157 3540 usbscan - ok
    10:28:03.0188 3540 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINNT\system32\DRIVERS\USBSTOR.SYS
    10:28:03.0188 3540 USBSTOR - ok
    10:28:03.0251 3540 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINNT\system32\DRIVERS\usbuhci.sys
    10:28:03.0251 3540 usbuhci - ok
    10:28:03.0297 3540 [ 0845E936C85AD45B452CBC86A316CF2A ] UtilMan C:\WINNT\System32\UtilMan.exe
    10:28:03.0329 3540 UtilMan - ok
    10:28:03.0360 3540 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINNT\System32\drivers\vga.sys
    10:28:03.0360 3540 VgaSave - ok
    10:28:03.0375 3540 ViaIde - ok
    10:28:03.0438 3540 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys
    10:28:03.0438 3540 VolSnap - ok
    10:28:03.0485 3540 VPREMOTE - ok
    10:28:03.0547 3540 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINNT\System32\vssvc.exe
    10:28:03.0594 3540 VSS - ok
    10:28:03.0734 3540 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINNT\system32\w32time.dll
    10:28:03.0750 3540 W32Time - ok
    10:28:03.0781 3540 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys
    10:28:03.0781 3540 Wanarp - ok
    10:28:03.0796 3540 WDICA - ok
    10:28:03.0828 3540 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys
    10:28:03.0843 3540 wdmaud - ok
    10:28:03.0890 3540 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINNT\System32\webclnt.dll
    10:28:03.0906 3540 WebClient - ok
    10:28:03.0999 3540 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINNT\system32\wbem\WMIsvc.dll
    10:28:03.0999 3540 winmgmt - ok
    10:28:04.0062 3540 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINNT\system32\MsPMSNSv.dll
    10:28:04.0077 3540 WmdmPmSN - ok
    10:28:04.0140 3540 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINNT\System32\advapi32.dll
    10:28:04.0202 3540 Wmi - ok
    10:28:04.0249 3540 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINNT\system32\wbem\wmiapsrv.exe
    10:28:04.0327 3540 WmiApSrv - ok
    10:28:04.0436 3540 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    10:28:04.0545 3540 WMPNetworkSvc - ok
    10:28:04.0592 3540 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINNT\System32\drivers\ws2ifsl.sys
    10:28:04.0592 3540 WS2IFSL - ok
    10:28:04.0623 3540 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINNT\system32\wscsvc.dll
    10:28:04.0639 3540 wscsvc - ok
    10:28:04.0670 3540 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINNT\system32\wuauserv.dll
    10:28:04.0685 3540 wuauserv - ok
    10:28:04.0717 3540 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINNT\system32\DRIVERS\WudfPf.sys
    10:28:04.0717 3540 WudfPf - ok
    10:28:04.0748 3540 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINNT\system32\DRIVERS\wudfrd.sys
    10:28:04.0748 3540 WudfRd - ok
    10:28:04.0763 3540 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINNT\System32\WUDFSvc.dll
    10:28:04.0795 3540 WudfSvc - ok
    10:28:04.0873 3540 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINNT\System32\wzcsvc.dll
    10:28:04.0951 3540 WZCSVC - ok
    10:28:05.0029 3540 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINNT\System32\xmlprov.dll
    10:28:05.0075 3540 xmlprov - ok
    10:28:05.0091 3540 ================ Scan global ===============================
    10:28:05.0122 3540 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINNT\system32\basesrv.dll
    10:28:05.0184 3540 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
    10:28:05.0231 3540 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
    10:28:05.0262 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINNT\system32\services.exe
    10:28:05.0262 3540 [Global] - ok
    10:28:05.0262 3540 ================ Scan MBR ==================================
    10:28:05.0294 3540 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
    10:28:05.0481 3540 \Device\Harddisk0\DR0 - ok
    10:28:05.0481 3540 ================ Scan VBR ==================================
    10:28:05.0481 3540 [ 18D4824943B7174594F7258FA1DD1A81 ] \Device\Harddisk0\DR0\Partition1
    10:28:05.0481 3540 \Device\Harddisk0\DR0\Partition1 - ok
    10:28:05.0496 3540 ============================================================
    10:28:05.0496 3540 Scan finished
    10:28:05.0496 3540 ============================================================
    10:28:05.0512 3532 Detected object count: 0
    10:28:05.0512 3532 Actual detected object count: 0
  17. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    How is computer doing at the moment?

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    =============================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    The computer seems to be doing ok, just a little slow.

    # AdwCleaner v2.008 - Logfile created 11/21/2012 at 10:58:11
    # Updated 17/11/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : admin - ADELEP
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\admin\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v16.0.2 (en-US)

    Profile name : default
    File : C:\Documents and Settings\admin.LSND\Application Data\Mozilla\Firefox\Profiles\6x6or03l.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\kmacintosh-ellig\Application Data\Mozilla\Firefox\Profiles\u8z3wdi1.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\khart\Application Data\Mozilla\Firefox\Profiles\d08sw6ay.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\flotemp\Application Data\Mozilla\Firefox\Profiles\4u8pj0x8.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\wdavenport\Application Data\Mozilla\Firefox\Profiles\kxvc8ln2.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\apage\Application Data\Mozilla\Firefox\Profiles\znzmvrvn.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\g9psrhjj.default\prefs.js

    [OK] File is clean.

    Profile name : default
    File : C:\Documents and Settings\khart\Application Data\Mozilla\Firefox\Profiles\d08sw6ay.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1934 octets] - [21/11/2012 10:58:11]

    ########## EOF - C:\AdwCleaner[S1].txt - [1994 octets] ##########

    ***********************************************************************************************************************************
  19. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    OTL.txt

    OTL logfile created on: 11/21/2012 11:12:33 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1021.98 Mb Total Physical Memory | 593.04 Mb Available Physical Memory | 58.03% Memory free
    2.41 Gb Paging File | 2.14 Gb Available in Paging File | 88.86% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 38.79 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
    Drive F: | 147.00 Gb Total Space | 122.07 Gb Free Space | 83.04% Space Free | Partition Type: NTFS

    Computer Name: ADELEP | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/21 10:46:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
    PRC - [2012/10/10 16:02:54 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2011/06/02 12:01:34 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2011/06/02 12:01:34 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2011/06/02 12:01:34 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2011/06/02 12:01:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2011/06/02 12:01:32 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
    PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2005/07/07 22:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINNT\system32\hphmon05.exe
    PRC - [2005/07/07 22:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
    PRC - [2005/05/20 10:51:00 | 000,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    PRC - [2003/12/05 15:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
    PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    PRC - [2002/04/17 09:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2002/04/17 09:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
    MOD - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\TEMP\Clt-Inst\vpremote.exe -- (VPREMOTE)
    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Mailshell SpamCatcher Universal Desktop Client\spamcatcher.exe -- (SpamCatcherUniversal)
    SRV - File not found [Unavailable | Unknown] -- -- (IAS)
    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/10/29 09:16:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/10 16:02:54 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2012/10/10 15:57:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2011/06/02 12:01:34 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2011/06/02 12:01:34 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2011/06/02 12:01:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2011/06/02 12:01:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2011/06/02 12:01:32 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/09/07 15:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2008/04/14 04:42:40 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
    SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2005/05/20 10:51:00 | 000,106,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | System | Stopped] -- -- (tga)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\parallel.sys -- (Parallel)
    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nbf.sys -- (Nbf)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - [2012/11/20 07:13:12 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV - [2012/11/14 13:44:20 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2012/11/14 12:49:48 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\npf.sys -- (NPF)
    DRV - [2012/09/13 02:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121120.017\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/09/13 02:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121120.017\NAVENG.SYS -- (NAVENG)
    DRV - [2012/08/15 13:26:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/15 13:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/06/02 12:01:36 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2011/06/02 12:01:36 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINNT\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2011/06/02 12:01:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2011/06/02 12:01:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2011/06/02 12:01:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2011/06/02 12:01:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2011/06/02 12:01:30 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2005/11/15 09:02:12 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
    DRV - [2005/11/15 09:02:12 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINNT\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/04/22 13:22:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\ASPI32.SYS -- (Aspi32)
    DRV - [2004/03/05 11:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\awechomd.sys -- (awecho)
    DRV - [2004/02/11 14:34:50 | 000,021,808 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Aldebaran.sys -- (Aldebaran)
    DRV - [2004/02/11 14:34:46 | 000,016,855 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\Achernar.sys -- (Achernar)
    DRV - [2003/10/23 09:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\AW_HOST5.sys -- (AW_HOST)
    DRV - [2003/06/19 06:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
    DRV - [2003/04/21 12:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\GERNUWA.sys -- (Gernuwa)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKU\S-1-5-21-854245398-492894223-839522115-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-854245398-492894223-839522115-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-854245398-492894223-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINNT\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2009/06/17 13:57:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/10 16:08:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/29 09:16:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/11/20 07:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
    [2012/10/29 09:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/10/29 09:16:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/09/05 19:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/23 15:41:47 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2003/07/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
    O4 - HKLM..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
    O4 - HKLM..\Run: [OE_Plugin_Startup] "C:\Program Files\Mailshell SpamCatcher Universal Desktop Client\Launcher.exe" File not found
    O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
    O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime File not found
    O4 - HKLM..\Run: [SC_DAEMON] "C:\Program Files\Mailshell SpamCatcher Universal Desktop Client\sc_daemon.exe" File not found
    O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\RunOnce: [PixelInstall] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnce: [Reboot] Reg Error: Invalid data type. File not found
    O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKU\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...n&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/157d37c333621a912406/netzip/RdxIE601.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132007159500 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132065967140 (MUWebControl Class)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lsnd.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{730475C2-769E-4930-BEDB-799399D41193}: Domain = lsnd.local
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{730475C2-769E-4930-BEDB-799399D41193}: NameServer = 192.168.2.4,192.168.2.5,192.168.2.6
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINNT\System32\PCANotify.dll (Symantec Corporation)
    O20 - Winlogon\Notify\wzcnotif: DllName - (wzcdlg.dll) - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/05/21 15:03:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/21 11:09:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
    [2012/11/21 09:07:38 | 000,000,000 | --SD | C] -- C:\****
    [2012/11/21 08:46:40 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/11/20 22:07:28 | 005,004,421 | R--- | C] (Swearware) -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
    [2012/11/20 21:20:31 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\admin\Desktop\aswMBR.exe
    [2012/11/20 21:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\RK_Quarantine
    [2012/11/20 20:59:18 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\admin\Desktop\iExplore.exe
    [2012/11/20 20:32:59 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\admin\Desktop\rkill.exe
    [2012/11/20 20:32:25 | 005,004,421 | R--- | C] (Swearware) -- C:\Documents and Settings\admin\Desktop\ouch.exe
    [2012/11/20 19:25:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Videos
    [2012/11/20 19:25:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Administrative Tools
    [2012/11/20 07:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Downloads
    [2012/11/20 07:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla
    [2012/11/20 07:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Mozilla
    [2012/11/19 15:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Sun
    [2012/11/19 15:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Sun
    [2012/11/19 10:11:03 | 000,000,000 | --SD | C] -- C:\adeleMachine
    [2012/11/19 09:57:22 | 000,000,000 | ---D | C] -- C:\WINNT\Minidump
    [2012/11/19 09:44:04 | 005,002,404 | ---- | C] (Swearware) -- C:\adeleMachine.exe
    [2012/11/19 09:44:01 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\rkill.exe
    [2012/11/15 07:28:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/11/15 07:22:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
    [2012/11/15 07:22:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
    [2012/11/15 07:22:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
    [2012/11/15 07:22:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
    [2012/11/15 07:18:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/15 07:18:29 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
    [2012/11/14 16:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Symantec
    [2012/11/14 14:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
    [2012/11/14 14:53:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IETldCache
    [2012/11/14 14:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/14 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2012/11/14 14:32:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
    [2012/11/14 14:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/11/14 12:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AC62295460A1D4A80000AC617CFDDFA4
    [2012/11/14 12:49:47 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\drivers\npf.sys
    [2012/11/14 12:49:46 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\wpcap.dll
    [2012/11/14 12:49:45 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\Packet.dll
    [2012/10/31 21:49:22 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\TDSSKiller.exe
    [2012/10/29 09:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/10/22 13:55:47 | 000,000,000 | ---D | C] -- C:\WINNT\Sun
    [8 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
    [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/21 11:09:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\HP Usg Daily.job
    [2012/11/21 11:04:26 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    [2012/11/21 11:04:02 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
    [2012/11/21 11:03:38 | 000,000,278 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-1280154943-3072627930-680104954-1113.job
    [2012/11/21 11:03:37 | 000,000,278 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-1280154943-3072627930-680104954-1327.job
    [2012/11/21 11:01:10 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
    [2012/11/21 11:01:01 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/21 10:46:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
    [2012/11/21 10:35:00 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
    [2012/11/21 10:18:20 | 002,195,061 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\tdsskiller.zip
    [2012/11/21 09:03:34 | 1071,726,592 | ---- | M] () -- C:\WINNT\MEMORY.DMP
    [2012/11/20 21:18:29 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to Virus Info Adele.lnk
    [2012/11/20 21:15:20 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
    [2012/11/20 20:29:32 | 005,004,421 | R--- | M] (Swearware) -- C:\Documents and Settings\admin\Desktop\ouch.exe
    [2012/11/20 20:06:58 | 005,004,421 | R--- | M] (Swearware) -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
    [2012/11/20 07:13:12 | 000,035,144 | ---- | M] () -- C:\WINNT\System32\drivers\mbamchameleon.sys
    [2012/11/19 09:57:34 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\admin\Desktop\iExplore.exe
    [2012/11/19 09:42:38 | 000,000,286 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-1280154943-3072627930-680104954-1113.job
    [2012/11/19 09:28:56 | 005,002,404 | ---- | M] (Swearware) -- C:\adeleMachine.exe
    [2012/11/19 09:25:27 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\rkill.exe
    [2012/11/19 09:25:27 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\admin\Desktop\rkill.exe
    [2012/11/16 12:26:13 | 000,335,464 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
    [2012/11/16 12:09:14 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
    [2012/11/16 12:04:47 | 000,464,914 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
    [2012/11/16 12:04:47 | 000,080,450 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
    [2012/11/16 07:15:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\admin\Desktop\aswMBR.exe
    [2012/11/16 07:14:56 | 000,673,280 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\RogueKiller(1).exe
    [2012/11/15 07:28:41 | 000,000,323 | RHS- | M] () -- C:\boot.ini
    [2012/11/14 16:14:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/11/14 14:32:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/14 13:44:20 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
    [2012/11/14 13:44:20 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
    [2012/11/14 13:44:20 | 000,007,456 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
    [2012/11/14 13:44:20 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
    [2012/11/14 12:49:48 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\drivers\npf.sys
    [2012/11/14 12:49:47 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\wpcap.dll
    [2012/11/14 12:49:46 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\Packet.dll
    [2012/11/14 09:21:08 | 000,000,286 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-1280154943-3072627930-680104954-1327.job
    [2012/11/13 13:46:49 | 000,001,682 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\TDSSKiller.exe
    [8 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
    [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/21 10:26:50 | 002,195,061 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\tdsskiller.zip
    [2012/11/21 10:22:12 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
    [2012/11/20 21:40:21 | 000,673,280 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\RogueKiller(1).exe
    [2012/11/20 21:18:32 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to Virus Info Adele.lnk
    [2012/11/20 07:13:12 | 000,035,144 | ---- | C] () -- C:\WINNT\System32\drivers\mbamchameleon.sys
    [2012/11/19 16:13:02 | 000,001,324 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
    [2012/11/15 07:28:41 | 000,000,207 | ---- | C] () -- C:\Boot.bak
    [2012/11/15 07:28:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/11/15 07:22:28 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
    [2012/11/15 07:22:28 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
    [2012/11/15 07:22:28 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
    [2012/11/15 07:22:28 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
    [2012/11/15 07:22:28 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
    [2012/11/14 16:14:44 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Internet Explorer.lnk
    [2012/11/14 14:32:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/11/07 09:20:43 | 000,000,278 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-1280154943-3072627930-680104954-1327.job
    [2012/11/07 09:20:41 | 000,000,286 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-1280154943-3072627930-680104954-1327.job
    [2012/10/10 12:41:46 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
    [2011/08/09 10:20:01 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
    [2009/11/23 15:41:27 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\74663C8418.sys
    [2009/06/18 08:39:36 | 000,001,682 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
    [2005/11/15 08:52:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\dm.ini
    [2005/11/14 15:00:38 | 000,004,928 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2005/11/14 14:56:51 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt

    ========== ZeroAccess Check ==========

    [2005/11/15 13:22:44 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 14:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/11/14 12:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AC62295460A1D4A80000AC617CFDDFA4
    [2009/06/18 09:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
    [2009/01/09 12:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2009/07/09 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khart\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/10/22 13:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmacintosh-ellig\Application Data\webex
    [2012/10/18 12:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmacintosh-ellig\Application Data\Windows Desktop Search
    [2007/12/05 12:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sweisz\Application Data\OfficeUpdate12

    ========== Purity Check ==========



    < End of report >
  20. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Extra.txt

    OTL Extras logfile created on: 11/21/2012 11:12:33 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1021.98 Mb Total Physical Memory | 593.04 Mb Available Physical Memory | 58.03% Memory free
    2.41 Gb Paging File | 2.14 Gb Available in Paging File | 88.86% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 38.79 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
    Drive F: | 147.00 Gb Total Space | 122.07 Gb Free Space | 83.04% Space Free | Partition Type: NTFS

    Computer Name: ADELEP | User Name: admin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- %1
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{11518183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
    "{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{27D99B78-1CA5-43DA-9D57-B50D1039FA4F}" = Mailshell Anti-Spam Universal
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
    "{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
    "{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
    "{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
    "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{69A83D99-D41B-4396-BCC4-3DCB77DFFED0}" = WebIQ Technology Engine
    "{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{84B70C16-7032-41EE-965C-3C8D9D566CBB}" = Symantec Endpoint Protection
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{8EAC1D0C-80BA-4077-932A-7E9E2F680845}" = HPScanjet5590Corporate11
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
    "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
    "{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
    "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{AC76BA86-1033-0000-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BAE4A43D-6DDE-4E19-A2A5-BBD89A3ED48C}" = PS7200
    "{BC5FDFC6-D617-11D6-86D3-00055DF3561E}" = Presto! PageManager 7.11
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC12B3AC-0A75-4F85-8BC9-89D440BE3846}" = HP Photo and Imaging 2.5 - Scanjet 5590 Series
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529041}" = WordPerfect Office X4 - IPM EN
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
    "{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
    "{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
    "{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
    "Ad-Aware SE Personal" = Ad-Aware SE Personal
    "Adobe Acrobat 7.0 Standard" = Adobe Acrobat 7.0 Standard
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AnswerWorks" = AnswerWorks Runtime
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "HP Commercial Scanjet 5590 TWAIN Driver" = HP Commercial Scanjet 5590 TWAIN Driver
    "ie8" = Windows Internet Explorer 8
    "LiveReg" = LiveReg (Symantec Corporation)
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Macromedia Shockwave Player" = Macromedia Shockwave Player
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 15.0" = RealPlayer
    "RealPopup_is1" = RealPopup
    "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WordPerfect Office 2000 Hot Fix" = WordPerfect Office 2000 Hot Fix
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/19/2012 4:12:14 PM | Computer Name = ADELEP | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (A socket operation was attempted to an unreachable host. ). Group Policy
    processing aborted.

    Error - 11/20/2012 10:06:33 PM | Computer Name = ADELEP | Source = Userenv | ID = 1054
    Description = Windows cannot obtain the domain controller name for your computer
    network. (A socket operation was attempted to an unreachable host. ). Group Policy
    processing aborted.

    Error - 11/20/2012 10:33:14 PM | Computer Name = ADELEP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 11/20/2012 10:33:14 PM | Computer Name = ADELEP | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This network connection does not exist.

    Error - 11/20/2012 10:51:48 PM | Computer Name = ADELEP | Source = Application Hang | ID = 1002
    Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 11/20/2012 11:54:18 PM | Computer Name = ADELEP | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Trojan.Gen.2 in File: C:\Documents and Settings\admin\Local
    Settings\Temp\_avast4_\unp268028799.tmp by: Auto-Protect scan. Action: Quarantine
    succeeded : Access denied. Action Description: The file was quarantined successfully.



    Error - 11/21/2012 12:08:42 AM | Computer Name = ADELEP | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    Error - 11/21/2012 12:09:02 AM | Computer Name = ADELEP | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
    Event
    Info: Terminate Process Action Taken: Logged Actor Process: C:\32788R22FWJFW\License\iexplore.exe
    (PID 3848) Time: Tuesday, November 20, 2012 10:09:01 PM

    Error - 11/21/2012 12:58:11 PM | Computer Name = ADELEP | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
    Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged
    Actor
    Process: C:\Documents and Settings\admin\Desktop\adwcleaner.exe (PID 1064) Time:
    Wednesday, November 21, 2012 10:58:11 AM

    Error - 11/21/2012 12:58:11 PM | Computer Name = ADELEP | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
    C:\Documents and Settings\admin\Desktop\adwcleaner.exe (PID 1064) Time: Wednesday,
    November 21, 2012 10:58:11 AM

    [ System Events ]
    Error - 11/21/2012 10:30:21 AM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AW_HOST eeCtrl Fips IntelIde intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

    Error - 11/21/2012 10:42:26 AM | Computer Name = ADELEP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 11/21/2012 10:43:19 AM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AW_HOST eeCtrl Fips IntelIde intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

    Error - 11/21/2012 10:49:12 AM | Computer Name = ADELEP | Source = NETLOGON | ID = 5719
    Description = No Domain Controller is available for domain LSND due to the following:
    %%1311. Make sure that the computer is connected to the network and try again. If
    the problem persists, please contact your domain administrator.

    Error - 11/21/2012 11:04:35 AM | Computer Name = ADELEP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 11/21/2012 11:05:26 AM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AW_HOST eeCtrl Fips IntelIde intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

    Error - 11/21/2012 12:20:21 PM | Computer Name = ADELEP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 11/21/2012 12:24:14 PM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    IntelIde

    Error - 11/21/2012 12:25:31 PM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for DeleteFlag with the following
    error: %%5

    Error - 11/21/2012 12:27:32 PM | Computer Name = ADELEP | Source = System Error | ID = 1003
    Description = Error code 000000f4, parameter1 00000003, parameter2 860b2020, parameter3
    860b2194, parameter4 805fafec.


    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,713   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\RunOnce: [PixelInstall] Reg Error: Invalid data type. File not found
      O4 - HKLM..\RunOnce: [Reboot] Reg Error: Invalid data type. File not found
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/157d37c333621a912406/netzip/RdxIE601.cab (Reg Error: Key error.)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    OTL Fix Scan:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\PixelInstall deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Reboot deleted successfully.
    Starting removal of ActiveX control {56336BCB-3D8A-11D6-A00B-0050DA18DE71}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: admin
    ->Temp folder emptied: 137793726 bytes
    ->Temporary Internet Files folder emptied: 546407 bytes
    ->FireFox cache emptied: 18041595 bytes
    ->Flash cache emptied: 492 bytes

    User: admin.LAND-DOMAIN
    ->Temp folder emptied: 12347595 bytes
    ->Temporary Internet Files folder emptied: 141856 bytes

    User: admin.LSND
    ->Temp folder emptied: 228207949 bytes
    ->Temporary Internet Files folder emptied: 114914 bytes
    ->FireFox cache emptied: 44808611 bytes
    ->Flash cache emptied: 492 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: All Users

    User: apage
    ->Temp folder emptied: 12822837 bytes
    ->Temporary Internet Files folder emptied: 131072 bytes
    ->FireFox cache emptied: 78608471 bytes
    ->Flash cache emptied: 3863 bytes

    User: astenson
    ->Temp folder emptied: 4736038 bytes
    ->Temporary Internet Files folder emptied: 227363263 bytes
    ->Flash cache emptied: 3289 bytes

    User: cramanathan
    ->Temp folder emptied: 16417 bytes
    ->Temporary Internet Files folder emptied: 1698408 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: flotemp
    ->Temp folder emptied: 105758 bytes
    ->Temporary Internet Files folder emptied: 58778065 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 59997641 bytes
    ->Flash cache emptied: 74273 bytes

    User: jfitzsimmons
    ->Temp folder emptied: 928 bytes
    ->Temporary Internet Files folder emptied: 7462610 bytes

    User: khart
    ->Temp folder emptied: 4036780 bytes
    ->Temporary Internet Files folder emptied: 3794452 bytes
    ->Java cache emptied: 670389 bytes
    ->Flash cache emptied: 118274 bytes

    User: kmacintosh-ellig
    ->Temp folder emptied: 2971464 bytes
    ->Temporary Internet Files folder emptied: 29962294 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 119244464 bytes
    ->Flash cache emptied: 20089 bytes

    User: lcatalano
    ->Temp folder emptied: 1513624 bytes
    ->Temporary Internet Files folder emptied: 34177566 bytes

    User: LocalService
    ->Temp folder emptied: 65984 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: miwen
    ->Temp folder emptied: 1352 bytes
    ->Temporary Internet Files folder emptied: 1976503 bytes
    ->Flash cache emptied: 1095 bytes

    User: MWService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: OLD

    User: snocho
    ->Temp folder emptied: 275 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: sschaar
    ->Temp folder emptied: 2373934 bytes
    ->Temporary Internet Files folder emptied: 363021649 bytes
    ->Flash cache emptied: 5962 bytes

    User: sweisz
    ->Temp folder emptied: 16115141 bytes
    ->Temporary Internet Files folder emptied: 255030 bytes
    ->Flash cache emptied: 46982 bytes

    User: vkirkhorn
    ->Temp folder emptied: 5115 bytes
    ->Temporary Internet Files folder emptied: 19751938 bytes
    ->Flash cache emptied: 968 bytes

    User: wdavenport
    ->Temp folder emptied: 7705653 bytes
    ->Temporary Internet Files folder emptied: 211087806 bytes
    ->FireFox cache emptied: 6533182 bytes
    ->Flash cache emptied: 1060 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 3408164 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 108556852 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 158468046 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,898.00 mb


    [EMPTYJAVA]

    User: admin

    User: admin.LAND-DOMAIN

    User: admin.LSND

    User: Administrator

    User: All Users

    User: apage

    User: astenson

    User: cramanathan

    User: Default User

    User: flotemp
    ->Java cache emptied: 0 bytes

    User: jfitzsimmons

    User: khart
    ->Java cache emptied: 0 bytes

    User: kmacintosh-ellig
    ->Java cache emptied: 0 bytes

    User: lcatalano

    User: LocalService

    User: miwen

    User: MWService

    User: NetworkService

    User: OLD

    User: snocho

    User: sschaar

    User: sweisz

    User: vkirkhorn

    User: wdavenport

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: admin
    ->Flash cache emptied: 0 bytes

    User: admin.LAND-DOMAIN

    User: admin.LSND
    ->Flash cache emptied: 0 bytes

    User: Administrator

    User: All Users

    User: apage
    ->Flash cache emptied: 0 bytes

    User: astenson
    ->Flash cache emptied: 0 bytes

    User: cramanathan

    User: Default User

    User: flotemp
    ->Flash cache emptied: 0 bytes

    User: jfitzsimmons

    User: khart
    ->Flash cache emptied: 0 bytes

    User: kmacintosh-ellig
    ->Flash cache emptied: 0 bytes

    User: lcatalano

    User: LocalService

    User: miwen
    ->Flash cache emptied: 0 bytes

    User: MWService

    User: NetworkService

    User: OLD

    User: snocho

    User: sschaar
    ->Flash cache emptied: 0 bytes

    User: sweisz
    ->Flash cache emptied: 0 bytes

    User: vkirkhorn
    ->Flash cache emptied: 0 bytes

    User: wdavenport
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11212012_150850

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  23. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Security Check :

    Results of screen317's Security Check version 0.99.54
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    Please wait while WMIC compiles updated MOF files.d
    I
    s
    p
    l
    a
    y
    N
    a
    m
    e
    ECHO is off.
    S
    y
    m
    a
    n
    t
    e
    c
    ECHO is off.
    E
    n
    d
    p
    o
    I
    n
    t
    ECHO is off.
    P
    r
    o
    t
    e
    c
    t
    I
    o
    n
    ECHO is off.
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Out of date Spybot installed!
    Ad-Aware
    Spybot - Search & Destroy 1.3
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java 7 Update 7
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader 9 Adobe Reader out of Date!
    Adobe Reader X (10.1.4)
    Mozilla Firefox (16.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````
  24. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    Farbar Service Scanner:

    Farbar Service Scanner Version: 09-11-2012
    Ran by admin (administrator) on 21-11-2012 at 15:35:50
    Running from "C:\Documents and Settings\admin\Desktop"
    Microsoft Windows XP Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINNT\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINNT\system32\Drivers\afd.sys => MD5 is legit
    C:\WINNT\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINNT\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINNT\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINNT\system32\dnsrslvr.dll => MD5 is legit
    C:\WINNT\system32\ipnathlp.dll => MD5 is legit
    C:\WINNT\system32\netman.dll => MD5 is legit
    C:\WINNT\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINNT\system32\srsvc.dll => MD5 is legit
    C:\WINNT\system32\Drivers\sr.sys => MD5 is legit
    C:\WINNT\system32\wscsvc.dll => MD5 is legit
    C:\WINNT\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINNT\system32\wuauserv.dll => MD5 is legit
    C:\WINNT\system32\qmgr.dll => MD5 is legit
    C:\WINNT\system32\es.dll => MD5 is legit
    C:\WINNT\system32\cryptsvc.dll => MD5 is legit
    C:\WINNT\system32\svchost.exe => MD5 is legit
    C:\WINNT\system32\rpcss.dll => MD5 is legit
    C:\WINNT\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(3) IPSEC(7) Nbf(6) NetBT(5) SYMTDI(8) Tcpip(4)
    0x080000000700000001000000020000000300000004000000080000000500000006000000


    **** End of log ****
  25. poohgc

    poohgc TS Rookie Topic Starter Posts: 67

    There was no report for Temp File Cleaner


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.