Solved Infected I think??

K

kspot

Posts: 27   +0
This PC had commercials playing in the background and multiple blue screens of death. Malwarebytes was run initially and found this:

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Norton 360 is blocking attempts to access harmful websites

The problem continued, but apparently has fixed itself over the last couple of days although Norton 360 is still randomly popping up windows that are blocking attempts to access harmful websites. Since I really don't believe this PC is clean, I need your help in figuring out.

Please find the attached logs:

MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Leslie Carey :: LESLIELAPTOP [administrator]

Protection: Enabled

7/29/2012 1:25:35 PM
mbam-log-2012-07-29 (13-25-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 247161
Time elapsed: 47 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-29 16:03:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FBEO
Running: gmer.exe; Driver: C:\DOCUME~1\LESLIE~1\LOCALS~1\Temp\pwtdapog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

ATTACH.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/3/2009 4:44:56 PM
System Uptime: 7/29/2012 2:35:31 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0M277C
Processor: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1777/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 43.741 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02731028&REV_02\4&139D1158&0&00E4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02731028&REV_02\4&139D1158&0&00E4
Service: RTLE8023xp
.
==== System Restore Points ===================
.
RP971: 4/30/2012 12:01:38 PM - System Checkpoint
RP972: 5/1/2012 3:57:47 PM - System Checkpoint
RP973: 5/2/2012 6:13:11 PM - System Checkpoint
RP974: 5/4/2012 6:51:28 AM - System Checkpoint
RP975: 5/5/2012 5:09:48 PM - System Checkpoint
RP976: 5/7/2012 9:10:35 AM - System Checkpoint
RP977: 5/8/2012 9:42:41 AM - System Checkpoint
RP978: 5/9/2012 7:00:18 AM - Software Distribution Service 3.0
RP979: 5/10/2012 7:01:00 AM - System Checkpoint
RP980: 5/10/2012 7:58:48 AM - Software Distribution Service 3.0
RP981: 5/11/2012 8:30:33 AM - System Checkpoint
RP982: 5/12/2012 1:39:12 PM - System Checkpoint
RP983: 5/13/2012 5:20:03 PM - System Checkpoint
RP984: 5/14/2012 8:49:05 PM - System Checkpoint
RP985: 5/16/2012 6:51:12 AM - System Checkpoint
RP986: 5/17/2012 6:59:18 AM - System Checkpoint
RP987: 5/18/2012 9:47:57 AM - System Checkpoint
RP988: 5/18/2012 5:58:25 PM - Installed HP Product Detection
RP989: 5/18/2012 5:58:40 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP990: 5/19/2012 6:30:11 PM - System Checkpoint
RP991: 5/20/2012 7:02:51 PM - System Checkpoint
RP992: 5/22/2012 9:11:52 AM - System Checkpoint
RP993: 5/22/2012 3:03:28 PM - Software Distribution Service 3.0
RP994: 5/23/2012 5:53:09 AM - Software Distribution Service 3.0
RP995: 5/24/2012 2:51:18 PM - System Checkpoint
RP996: 5/25/2012 5:31:05 PM - System Checkpoint
RP997: 5/26/2012 8:10:12 PM - System Checkpoint
RP998: 5/28/2012 5:49:30 PM - System Checkpoint
RP999: 5/30/2012 8:05:36 AM - System Checkpoint
RP1000: 6/1/2012 5:07:06 PM - System Checkpoint
RP1001: 6/2/2012 6:02:39 PM - System Checkpoint
RP1002: 6/4/2012 7:28:10 AM - System Checkpoint
RP1003: 6/5/2012 8:30:35 AM - System Checkpoint
RP1004: 6/5/2012 10:55:36 PM - Software Distribution Service 3.0
RP1005: 6/7/2012 11:15:00 AM - System Checkpoint
RP1006: 6/8/2012 11:28:13 AM - System Checkpoint
RP1007: 6/9/2012 12:49:22 PM - System Checkpoint
RP1008: 6/10/2012 6:03:22 PM - System Checkpoint
RP1009: 6/11/2012 3:00:15 AM - Software Distribution Service 3.0
RP1010: 6/11/2012 7:13:19 AM - Software Distribution Service 3.0
RP1011: 6/11/2012 12:24:23 PM - Software Distribution Service 3.0
RP1012: 6/11/2012 5:26:46 PM - Software Distribution Service 3.0
RP1013: 6/11/2012 5:57:46 PM - Software Distribution Service 3.0
RP1014: 6/11/2012 7:26:28 PM - Software Distribution Service 3.0
RP1015: 6/12/2012 3:00:17 AM - Software Distribution Service 3.0
RP1016: 6/12/2012 7:13:27 AM - Software Distribution Service 3.0
RP1017: 6/12/2012 7:04:03 PM - Software Distribution Service 3.0
RP1018: 6/13/2012 11:05:37 PM - System Checkpoint
RP1019: 6/14/2012 11:54:34 PM - System Checkpoint
RP1020: 6/16/2012 10:41:02 AM - System Checkpoint
RP1021: 6/17/2012 7:23:47 PM - System Checkpoint
RP1022: 6/18/2012 9:08:49 PM - System Checkpoint
RP1023: 6/20/2012 12:10:32 PM - System Checkpoint
RP1024: 6/21/2012 12:19:08 PM - System Checkpoint
RP1025: 6/22/2012 12:46:22 PM - System Checkpoint
RP1026: 6/23/2012 1:09:33 PM - System Checkpoint
RP1027: 6/23/2012 1:45:06 PM - Software Distribution Service 3.0
RP1028: 6/23/2012 1:54:52 PM - Software Distribution Service 3.0
RP1029: 6/23/2012 3:26:37 PM - Software Distribution Service 3.0
RP1030: 6/25/2012 7:07:38 PM - System Checkpoint
RP1031: 6/26/2012 8:05:41 PM - System Checkpoint
RP1032: 6/28/2012 5:15:16 PM - System Checkpoint
RP1033: 6/29/2012 6:32:12 PM - System Checkpoint
RP1034: 6/30/2012 6:33:09 PM - System Checkpoint
RP1035: 7/1/2012 6:45:17 PM - System Checkpoint
RP1036: 7/3/2012 9:04:20 AM - System Checkpoint
RP1037: 7/4/2012 9:50:58 AM - System Checkpoint
RP1038: 7/5/2012 7:50:04 PM - System Checkpoint
RP1039: 7/7/2012 7:11:47 PM - System Checkpoint
RP1040: 7/18/2012 10:03:34 PM - System Checkpoint
RP1041: 7/19/2012 10:27:15 AM - Software Distribution Service 3.0
RP1042: 7/20/2012 10:36:45 AM - System Checkpoint
RP1043: 7/20/2012 12:36:26 PM - Software Distribution Service 3.0
RP1044: 7/21/2012 4:11:42 PM - Software Distribution Service 3.0
RP1045: 7/23/2012 12:11:22 PM - System Checkpoint
RP1046: 7/24/2012 12:32:08 PM - System Checkpoint
RP1047: 7/25/2012 1:28:52 PM - System Checkpoint
RP1048: 7/25/2012 7:04:09 PM - Unsigned driver install
RP1049: 7/26/2012 6:07:26 AM - Software Distribution Service 3.0
RP1050: 7/26/2012 11:53:24 AM - Software Distribution Service 3.0
RP1051: 7/26/2012 12:25:48 PM - Software Distribution Service 3.0
RP1052: 7/26/2012 12:42:38 PM - Software Distribution Service 3.0
RP1053: 7/26/2012 2:17:02 PM - Software Distribution Service 3.0
RP1054: 7/26/2012 3:53:54 PM - Software Distribution Service 3.0
RP1055: 7/26/2012 4:16:23 PM - Software Distribution Service 3.0
RP1056: 7/26/2012 4:27:44 PM - Software Distribution Service 3.0
RP1057: 7/26/2012 4:41:55 PM - Software Distribution Service 3.0
RP1058: 7/26/2012 4:49:23 PM - Software Distribution Service 3.0
RP1059: 7/26/2012 5:24:45 PM - Software Distribution Service 3.0
RP1060: 7/26/2012 7:49:40 PM - Software Distribution Service 3.0
RP1061: 7/26/2012 9:45:18 PM - Software Distribution Service 3.0
RP1062: 7/27/2012 10:32:14 PM - System Checkpoint
RP1063: 7/28/2012 11:26:36 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
Amazing Slow Downer (remove only)
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon IJ Network Tool
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Choice Guard
ClearType Tuning Control Panel Applet
DD Poker 3
Dell Support Center (Support Software)
Dell System Restore
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
DING!
Flixster Collections
Garmin City Navigator North America NT 2009.11 Update
Garmin City Navigator North America NT 2013.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo Creations
HP Photosmart 5510d series Basic Device Software
HP Photosmart 5510d series Help
HP Photosmart 5510d series Product Improvement Study
HP Product Detection
HP Update
Intel(R) Graphics Media Accelerator Driver
iSEEK AnswerWorks English Runtime
iTunes
Java(TM) 6 Update 16
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
Laptop Integrated Webcam Driver (1.01.01.0529)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft MapPoint North America 2004
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Standard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Microsoft Zoo Tycoon
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox 9.0.1 (x86 en-US)
MP3 Download Manager
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB927977)
Norton 360
PMB
PowerDVD
Quicken 2012
Quicken WillMaker Plus 2012
QuickSet
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
ShopAtHome.com Toolbar
Skype Click to Call
Skype™ 5.8
Sonic CinePlayer Decoder Pack
Spotify
Synaptics Pointing Device Driver
TWC Customer Controls
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Download Manager 2.2.3-SNAPSHOT-r10103
W Photo Studio
Walmart MP3 Music Downloads
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
7/28/2012 12:56:26 PM, error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 5:49:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
7/27/2012 5:49:32 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2012 7:55:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
7/25/2012 7:55:11 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2012 6:32:17 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95b08570, parameter4 00000000.
7/25/2012 6:32:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Skype Updater service to connect.
7/25/2012 6:32:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PMBDeviceInfoProvider service to connect.
7/25/2012 6:32:11 AM, error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2012 6:32:11 AM, error: Service Control Manager [7000] - The PMBDeviceInfoProvider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2012 6:24:22 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97a83570, parameter4 00000000.
7/25/2012 6:13:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97e8e570, parameter4 00000000.
7/25/2012 3:47:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/24/2012 5:36:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
7/23/2012 8:43:12 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 ba277570, parameter4 00000000.
7/23/2012 6:22:03 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 96c32570, parameter4 00000000.
7/23/2012 6:11:31 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9509d570, parameter4 00000000.
7/23/2012 6:09:25 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2012 6:09:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
7/23/2012 6:03:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95b70570, parameter4 00000000.
7/23/2012 6:00:26 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2012 6:00:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/23/2012 5:55:06 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95caa570, parameter4 00000000.
7/23/2012 5:47:07 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 970f0570, parameter4 00000000.
7/23/2012 5:45:06 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2012 5:45:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
7/22/2012 6:14:47 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97184570, parameter4 00000000.
7/22/2012 6:14:43 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94a3e570, parameter4 00000000.
7/22/2012 6:12:49 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 93ed1570, parameter4 00000000.
7/22/2012 5:36:33 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94adc570, parameter4 00000000.
7/22/2012 5:36:29 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 a4783570, parameter4 00000000.
7/22/2012 5:36:25 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 93b56570, parameter4 00000000.
7/22/2012 5:35:56 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94f49570, parameter4 00000000.
7/22/2012 4:52:20 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9690e570, parameter4 00000000.
7/22/2012 4:38:03 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9777a570, parameter4 00000000.
7/22/2012 4:27:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 a19d3570, parameter4 00000000.
.
 
==== End Of File ===========================

DDS.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/3/2009 4:44:56 PM
System Uptime: 7/29/2012 2:35:31 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0M277C
Processor: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz | U2E1 | 1777/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 43.741 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02731028&REV_02\4&139D1158&0&00E4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_02731028&REV_02\4&139D1158&0&00E4
Service: RTLE8023xp
.
==== System Restore Points ===================
.
RP971: 4/30/2012 12:01:38 PM - System Checkpoint
RP972: 5/1/2012 3:57:47 PM - System Checkpoint
RP973: 5/2/2012 6:13:11 PM - System Checkpoint
RP974: 5/4/2012 6:51:28 AM - System Checkpoint
RP975: 5/5/2012 5:09:48 PM - System Checkpoint
RP976: 5/7/2012 9:10:35 AM - System Checkpoint
RP977: 5/8/2012 9:42:41 AM - System Checkpoint
RP978: 5/9/2012 7:00:18 AM - Software Distribution Service 3.0
RP979: 5/10/2012 7:01:00 AM - System Checkpoint
RP980: 5/10/2012 7:58:48 AM - Software Distribution Service 3.0
RP981: 5/11/2012 8:30:33 AM - System Checkpoint
RP982: 5/12/2012 1:39:12 PM - System Checkpoint
RP983: 5/13/2012 5:20:03 PM - System Checkpoint
RP984: 5/14/2012 8:49:05 PM - System Checkpoint
RP985: 5/16/2012 6:51:12 AM - System Checkpoint
RP986: 5/17/2012 6:59:18 AM - System Checkpoint
RP987: 5/18/2012 9:47:57 AM - System Checkpoint
RP988: 5/18/2012 5:58:25 PM - Installed HP Product Detection
RP989: 5/18/2012 5:58:40 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP990: 5/19/2012 6:30:11 PM - System Checkpoint
RP991: 5/20/2012 7:02:51 PM - System Checkpoint
RP992: 5/22/2012 9:11:52 AM - System Checkpoint
RP993: 5/22/2012 3:03:28 PM - Software Distribution Service 3.0
RP994: 5/23/2012 5:53:09 AM - Software Distribution Service 3.0
RP995: 5/24/2012 2:51:18 PM - System Checkpoint
RP996: 5/25/2012 5:31:05 PM - System Checkpoint
RP997: 5/26/2012 8:10:12 PM - System Checkpoint
RP998: 5/28/2012 5:49:30 PM - System Checkpoint
RP999: 5/30/2012 8:05:36 AM - System Checkpoint
RP1000: 6/1/2012 5:07:06 PM - System Checkpoint
RP1001: 6/2/2012 6:02:39 PM - System Checkpoint
RP1002: 6/4/2012 7:28:10 AM - System Checkpoint
RP1003: 6/5/2012 8:30:35 AM - System Checkpoint
RP1004: 6/5/2012 10:55:36 PM - Software Distribution Service 3.0
RP1005: 6/7/2012 11:15:00 AM - System Checkpoint
RP1006: 6/8/2012 11:28:13 AM - System Checkpoint
RP1007: 6/9/2012 12:49:22 PM - System Checkpoint
RP1008: 6/10/2012 6:03:22 PM - System Checkpoint
RP1009: 6/11/2012 3:00:15 AM - Software Distribution Service 3.0
RP1010: 6/11/2012 7:13:19 AM - Software Distribution Service 3.0
RP1011: 6/11/2012 12:24:23 PM - Software Distribution Service 3.0
RP1012: 6/11/2012 5:26:46 PM - Software Distribution Service 3.0
RP1013: 6/11/2012 5:57:46 PM - Software Distribution Service 3.0
RP1014: 6/11/2012 7:26:28 PM - Software Distribution Service 3.0
RP1015: 6/12/2012 3:00:17 AM - Software Distribution Service 3.0
RP1016: 6/12/2012 7:13:27 AM - Software Distribution Service 3.0
RP1017: 6/12/2012 7:04:03 PM - Software Distribution Service 3.0
RP1018: 6/13/2012 11:05:37 PM - System Checkpoint
RP1019: 6/14/2012 11:54:34 PM - System Checkpoint
RP1020: 6/16/2012 10:41:02 AM - System Checkpoint
RP1021: 6/17/2012 7:23:47 PM - System Checkpoint
RP1022: 6/18/2012 9:08:49 PM - System Checkpoint
RP1023: 6/20/2012 12:10:32 PM - System Checkpoint
RP1024: 6/21/2012 12:19:08 PM - System Checkpoint
RP1025: 6/22/2012 12:46:22 PM - System Checkpoint
RP1026: 6/23/2012 1:09:33 PM - System Checkpoint
RP1027: 6/23/2012 1:45:06 PM - Software Distribution Service 3.0
RP1028: 6/23/2012 1:54:52 PM - Software Distribution Service 3.0
RP1029: 6/23/2012 3:26:37 PM - Software Distribution Service 3.0
RP1030: 6/25/2012 7:07:38 PM - System Checkpoint
RP1031: 6/26/2012 8:05:41 PM - System Checkpoint
RP1032: 6/28/2012 5:15:16 PM - System Checkpoint
RP1033: 6/29/2012 6:32:12 PM - System Checkpoint
RP1034: 6/30/2012 6:33:09 PM - System Checkpoint
RP1035: 7/1/2012 6:45:17 PM - System Checkpoint
RP1036: 7/3/2012 9:04:20 AM - System Checkpoint
RP1037: 7/4/2012 9:50:58 AM - System Checkpoint
RP1038: 7/5/2012 7:50:04 PM - System Checkpoint
RP1039: 7/7/2012 7:11:47 PM - System Checkpoint
RP1040: 7/18/2012 10:03:34 PM - System Checkpoint
RP1041: 7/19/2012 10:27:15 AM - Software Distribution Service 3.0
RP1042: 7/20/2012 10:36:45 AM - System Checkpoint
RP1043: 7/20/2012 12:36:26 PM - Software Distribution Service 3.0
RP1044: 7/21/2012 4:11:42 PM - Software Distribution Service 3.0
RP1045: 7/23/2012 12:11:22 PM - System Checkpoint
RP1046: 7/24/2012 12:32:08 PM - System Checkpoint
RP1047: 7/25/2012 1:28:52 PM - System Checkpoint
RP1048: 7/25/2012 7:04:09 PM - Unsigned driver install
RP1049: 7/26/2012 6:07:26 AM - Software Distribution Service 3.0
RP1050: 7/26/2012 11:53:24 AM - Software Distribution Service 3.0
RP1051: 7/26/2012 12:25:48 PM - Software Distribution Service 3.0
RP1052: 7/26/2012 12:42:38 PM - Software Distribution Service 3.0
RP1053: 7/26/2012 2:17:02 PM - Software Distribution Service 3.0
RP1054: 7/26/2012 3:53:54 PM - Software Distribution Service 3.0
RP1055: 7/26/2012 4:16:23 PM - Software Distribution Service 3.0
RP1056: 7/26/2012 4:27:44 PM - Software Distribution Service 3.0
RP1057: 7/26/2012 4:41:55 PM - Software Distribution Service 3.0
RP1058: 7/26/2012 4:49:23 PM - Software Distribution Service 3.0
RP1059: 7/26/2012 5:24:45 PM - Software Distribution Service 3.0
RP1060: 7/26/2012 7:49:40 PM - Software Distribution Service 3.0
RP1061: 7/26/2012 9:45:18 PM - Software Distribution Service 3.0
RP1062: 7/27/2012 10:32:14 PM - System Checkpoint
RP1063: 7/28/2012 11:26:36 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player
Advanced Audio FX Engine
Advanced Video FX Engine
Amazing Slow Downer (remove only)
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon IJ Network Tool
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 2.0
Canon MP620 series MP Drivers
Canon MP620 series User Registration
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Choice Guard
ClearType Tuning Control Panel Applet
DD Poker 3
Dell Support Center (Support Software)
Dell System Restore
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility
DING!
Flixster Collections
Garmin City Navigator North America NT 2009.11 Update
Garmin City Navigator North America NT 2013.10 Update
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Photo Creations
HP Photosmart 5510d series Basic Device Software
HP Photosmart 5510d series Help
HP Photosmart 5510d series Product Improvement Study
HP Product Detection
HP Update
Intel(R) Graphics Media Accelerator Driver
iSEEK AnswerWorks English Runtime
iTunes
Java(TM) 6 Update 16
Java(TM) 6 Update 17
Java(TM) 6 Update 7
Junk Mail filter update
Laptop Integrated Webcam Driver (1.01.01.0529)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft MapPoint North America 2004
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Standard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Microsoft Zoo Tycoon
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox 9.0.1 (x86 en-US)
MP3 Download Manager
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6.0 Parser (KB927977)
Norton 360
PMB
PowerDVD
Quicken 2012
Quicken WillMaker Plus 2012
QuickSet
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
ShopAtHome.com Toolbar
Skype Click to Call
Skype™ 5.8
Sonic CinePlayer Decoder Pack
Spotify
Synaptics Pointing Device Driver
TWC Customer Controls
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Wireless Download Manager 2.2.3-SNAPSHOT-r10103
W Photo Studio
Walmart MP3 Music Downloads
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
7/28/2012 12:56:26 PM, error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).
7/27/2012 5:49:32 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
7/27/2012 5:49:32 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2012 7:55:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
7/25/2012 7:55:11 PM, error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2012 6:32:17 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95b08570, parameter4 00000000.
7/25/2012 6:32:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Skype Updater service to connect.
7/25/2012 6:32:11 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PMBDeviceInfoProvider service to connect.
7/25/2012 6:32:11 AM, error: Service Control Manager [7000] - The Skype Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2012 6:32:11 AM, error: Service Control Manager [7000] - The PMBDeviceInfoProvider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/25/2012 6:24:22 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97a83570, parameter4 00000000.
7/25/2012 6:13:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97e8e570, parameter4 00000000.
7/25/2012 3:47:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/24/2012 5:36:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the N360 service.
7/23/2012 8:43:12 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 ba277570, parameter4 00000000.
7/23/2012 6:22:03 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 96c32570, parameter4 00000000.
7/23/2012 6:11:31 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9509d570, parameter4 00000000.
7/23/2012 6:09:25 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2012 6:09:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
7/23/2012 6:03:04 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95b70570, parameter4 00000000.
7/23/2012 6:00:26 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2012 6:00:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
7/23/2012 5:55:06 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 95caa570, parameter4 00000000.
7/23/2012 5:47:07 AM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 970f0570, parameter4 00000000.
7/23/2012 5:45:06 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/23/2012 5:45:00 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
7/22/2012 6:14:47 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 97184570, parameter4 00000000.
7/22/2012 6:14:43 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94a3e570, parameter4 00000000.
7/22/2012 6:12:49 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 93ed1570, parameter4 00000000.
7/22/2012 5:36:33 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94adc570, parameter4 00000000.
7/22/2012 5:36:29 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 a4783570, parameter4 00000000.
7/22/2012 5:36:25 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 93b56570, parameter4 00000000.
7/22/2012 5:35:56 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 94f49570, parameter4 00000000.
7/22/2012 4:52:20 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9690e570, parameter4 00000000.
7/22/2012 4:38:03 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 9777a570, parameter4 00000000.
7/22/2012 4:27:30 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 b9e81464, parameter3 a19d3570, parameter4 00000000.
.
==== End Of File ===========================


Thanks for any help that you can provide.
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Ran TDSSKILLER and got the following report (1 of 2):


18:58:19.0281 6276 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:58:21.0281 6276 ============================================================
18:58:21.0281 6276 Current date / time: 2012/07/29 18:58:21.0281
18:58:21.0281 6276 SystemInfo:
18:58:21.0281 6276
18:58:21.0281 6276 OS Version: 5.1.2600 ServicePack: 3.0
18:58:21.0281 6276 Product type: Workstation
18:58:21.0281 6276 ComputerName: LESLIELAPTOP
18:58:21.0281 6276 UserName: Leslie Carey
18:58:21.0281 6276 Windows directory: C:\WINDOWS
18:58:21.0281 6276 System windows directory: C:\WINDOWS
18:58:21.0281 6276 Processor architecture: Intel x86
18:58:21.0281 6276 Number of processors: 2
18:58:21.0281 6276 Page size: 0x1000
18:58:21.0281 6276 Boot type: Normal boot
18:58:21.0281 6276 ============================================================
18:58:24.0671 6276 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:58:24.0687 6276 ============================================================
18:58:24.0687 6276 \Device\Harddisk0\DR0:
18:58:24.0703 6276 MBR partitions:
18:58:24.0703 6276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1BE29168
18:58:24.0703 6276 ============================================================
18:58:24.0828 6276 C: <-> \Device\Harddisk0\DR0\Partition0
18:58:24.0828 6276 ============================================================
18:58:24.0828 6276 Initialize success
18:58:24.0828 6276 ============================================================
18:58:38.0453 11412 ============================================================
18:58:38.0468 11412 Scan started
18:58:38.0468 11412 Mode: Manual;
18:58:38.0468 11412 ============================================================
18:58:40.0125 11412 Abiosdsk - ok
18:58:40.0187 11412 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:58:40.0296 11412 abp480n5 - ok
18:58:40.0359 11412 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:58:40.0359 11412 ACPI - ok
18:58:40.0375 11412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:58:40.0375 11412 ACPIEC - ok
18:58:40.0468 11412 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:58:40.0468 11412 AdobeFlashPlayerUpdateSvc - ok
18:58:40.0531 11412 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:58:40.0578 11412 adpu160m - ok
18:58:40.0640 11412 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:58:40.0671 11412 aec - ok
18:58:40.0734 11412 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:58:40.0750 11412 AFD - ok
18:58:40.0781 11412 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:58:40.0796 11412 agp440 - ok
18:58:40.0843 11412 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:58:40.0843 11412 agpCPQ - ok
18:58:40.0890 11412 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:58:40.0906 11412 Aha154x - ok
18:58:40.0953 11412 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:58:40.0984 11412 aic78u2 - ok
18:58:40.0984 11412 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:58:41.0000 11412 aic78xx - ok
18:58:41.0031 11412 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:58:41.0062 11412 Alerter - ok
18:58:41.0093 11412 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:58:41.0093 11412 ALG - ok
18:58:41.0140 11412 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:58:41.0140 11412 AliIde - ok
18:58:41.0187 11412 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:58:41.0203 11412 alim1541 - ok
18:58:41.0265 11412 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:58:41.0265 11412 amdagp - ok
18:58:41.0328 11412 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:58:41.0328 11412 amsint - ok
18:58:41.0390 11412 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
18:58:41.0437 11412 ApfiltrService - ok
18:58:41.0484 11412 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
18:58:41.0484 11412 APPDRV - ok
18:58:41.0640 11412 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:58:41.0640 11412 Apple Mobile Device - ok
18:58:41.0687 11412 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:58:41.0703 11412 AppMgmt - ok
18:58:41.0734 11412 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:58:41.0734 11412 Arp1394 - ok
18:58:41.0765 11412 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:58:41.0765 11412 asc - ok
18:58:41.0796 11412 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:58:41.0796 11412 asc3350p - ok
18:58:41.0859 11412 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:58:41.0875 11412 asc3550 - ok
18:58:41.0984 11412 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:58:42.0015 11412 aspnet_state - ok
18:58:42.0062 11412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:58:42.0062 11412 AsyncMac - ok
18:58:42.0125 11412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:58:42.0140 11412 atapi - ok
18:58:42.0140 11412 Atdisk - ok
18:58:42.0171 11412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:58:42.0171 11412 Atmarpc - ok
18:58:42.0234 11412 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:58:42.0234 11412 AudioSrv - ok
18:58:42.0296 11412 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:58:42.0296 11412 audstub - ok
18:58:42.0406 11412 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
18:58:42.0500 11412 BBSvc - ok
18:58:42.0578 11412 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
18:58:42.0578 11412 BBUpdate - ok
18:58:42.0765 11412 BCM43XX (37f385a93c620cbe0f89c17e45f697a1) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:58:42.0796 11412 BCM43XX - ok
18:58:43.0000 11412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:58:43.0000 11412 Beep - ok
18:58:43.0125 11412 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys
18:58:43.0140 11412 BHDrvx86 - ok
18:58:43.0218 11412 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:58:43.0234 11412 BITS - ok
18:58:43.0343 11412 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:58:43.0343 11412 Bonjour Service - ok
18:58:43.0406 11412 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:58:43.0406 11412 Browser - ok
18:58:43.0484 11412 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:58:43.0484 11412 cbidf - ok
18:58:43.0484 11412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:58:43.0500 11412 cbidf2k - ok
18:58:43.0562 11412 CCALib8 (8ef654045e518ac00e52e7a1e2d3ad70) C:\Program Files\Canon\CAL\CALMAIN.exe
18:58:43.0578 11412 CCALib8 - ok
18:58:43.0625 11412 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:58:43.0640 11412 CCDECODE - ok
18:58:43.0796 11412 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys
18:58:43.0812 11412 ccHP - ok
18:58:43.0859 11412 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:58:43.0859 11412 cd20xrnt - ok
18:58:43.0921 11412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:58:43.0937 11412 Cdaudio - ok
18:58:43.0968 11412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:58:43.0968 11412 Cdfs - ok
18:58:44.0031 11412 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:58:44.0031 11412 Cdrom - ok
18:58:44.0046 11412 Changer - ok
18:58:44.0093 11412 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:58:44.0125 11412 CiSvc - ok
18:58:44.0156 11412 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:58:44.0187 11412 ClipSrv - ok
18:58:44.0281 11412 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:58:44.0328 11412 clr_optimization_v2.0.50727_32 - ok
18:58:44.0406 11412 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:58:44.0421 11412 clr_optimization_v4.0.30319_32 - ok
18:58:44.0484 11412 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:58:44.0484 11412 CmBatt - ok
18:58:44.0500 11412 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:58:44.0500 11412 CmdIde - ok
18:58:44.0515 11412 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:58:44.0531 11412 Compbatt - ok
18:58:44.0531 11412 COMSysApp - ok
18:58:44.0593 11412 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:58:44.0609 11412 Cpqarray - ok
18:58:44.0656 11412 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:58:44.0656 11412 CryptSvc - ok
18:58:44.0703 11412 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:58:44.0703 11412 dac2w2k - ok
18:58:44.0718 11412 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:58:44.0718 11412 dac960nt - ok
18:58:44.0812 11412 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:58:44.0828 11412 DcomLaunch - ok
18:58:44.0890 11412 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:58:44.0890 11412 Dhcp - ok
18:58:44.0921 11412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:58:44.0921 11412 Disk - ok
18:58:44.0953 11412 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
18:58:44.0968 11412 DLABMFSM - ok
18:58:44.0968 11412 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
18:58:44.0968 11412 DLABOIOM - ok
18:58:44.0984 11412 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:58:44.0984 11412 DLACDBHM - ok
18:58:45.0000 11412 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
18:58:45.0000 11412 DLADResM - ok
18:58:45.0015 11412 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
18:58:45.0015 11412 DLAIFS_M - ok
18:58:45.0015 11412 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
18:58:45.0031 11412 DLAOPIOM - ok
18:58:45.0031 11412 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
18:58:45.0031 11412 DLAPoolM - ok
18:58:45.0046 11412 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
18:58:45.0046 11412 DLARTL_M - ok
18:58:45.0062 11412 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
18:58:45.0062 11412 DLAUDFAM - ok
18:58:45.0078 11412 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
18:58:45.0078 11412 DLAUDF_M - ok
18:58:45.0078 11412 dmadmin - ok
18:58:45.0171 11412 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:58:45.0187 11412 dmboot - ok
18:58:45.0203 11412 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:58:45.0203 11412 dmio - ok
18:58:45.0218 11412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:58:45.0218 11412 dmload - ok
18:58:45.0250 11412 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:58:45.0281 11412 dmserver - ok
18:58:45.0328 11412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:58:45.0328 11412 DMusic - ok
18:58:45.0390 11412 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:58:45.0390 11412 Dnscache - ok
18:58:45.0421 11412 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:58:45.0437 11412 Dot3svc - ok
18:58:45.0453 11412 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:58:45.0453 11412 dpti2o - ok
18:58:45.0468 11412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:58:45.0468 11412 drmkaud - ok
18:58:45.0531 11412 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:58:45.0531 11412 DRVMCDB - ok
18:58:45.0546 11412 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:58:45.0546 11412 DRVNDDM - ok
18:58:45.0578 11412 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:58:45.0609 11412 EapHost - ok
18:58:45.0765 11412 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:58:45.0765 11412 eeCtrl - ok
18:58:45.0828 11412 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:58:45.0828 11412 EraserUtilRebootDrv - ok
18:58:45.0875 11412 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:58:45.0875 11412 ERSvc - ok
18:58:45.0937 11412 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:58:45.0937 11412 Eventlog - ok
18:58:46.0015 11412 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:58:46.0015 11412 EventSystem - ok
18:58:46.0078 11412 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:58:46.0078 11412 Fastfat - ok
18:58:46.0156 11412 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:58:46.0156 11412 FastUserSwitchingCompatibility - ok
18:58:46.0234 11412 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
18:58:46.0265 11412 Fax - ok
18:58:46.0296 11412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:58:46.0296 11412 Fdc - ok
18:58:46.0343 11412 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:58:46.0359 11412 Fips - ok
18:58:46.0406 11412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:58:46.0406 11412 Flpydisk - ok
18:58:46.0468 11412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:58:46.0468 11412 FltMgr - ok
18:58:46.0578 11412 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:58:46.0609 11412 FontCache3.0.0.0 - ok
18:58:46.0625 11412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:58:46.0625 11412 Fs_Rec - ok
18:58:46.0703 11412 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:58:46.0703 11412 Ftdisk - ok
18:58:46.0734 11412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:58:46.0734 11412 GEARAspiWDM - ok
18:58:46.0828 11412 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
18:58:46.0859 11412 GoToAssist - ok
18:58:46.0906 11412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:58:46.0921 11412 Gpc - ok
18:58:47.0046 11412 gupdate1c9e55cd789d57a (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:58:47.0046 11412 gupdate1c9e55cd789d57a - ok
18:58:47.0062 11412 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
18:58:47.0062 11412 gupdatem - ok
18:58:47.0156 11412 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:58:47.0156 11412 gusvc - ok
18:58:47.0218 11412 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:58:47.0218 11412 HDAudBus - ok
18:58:47.0328 11412 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:58:47.0343 11412 helpsvc - ok
18:58:47.0390 11412 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:58:47.0390 11412 HidServ - ok
18:58:47.0437 11412 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:58:47.0437 11412 hidusb - ok
18:58:47.0468 11412 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:58:47.0515 11412 hkmsvc - ok
18:58:47.0546 11412 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:58:47.0562 11412 hpn - ok
18:58:47.0640 11412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:58:47.0640 11412 HTTP - ok
18:58:47.0687 11412 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:58:47.0718 11412 HTTPFilter - ok
18:58:47.0734 11412 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:58:47.0734 11412 i2omgmt - ok
18:58:47.0765 11412 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:58:47.0781 11412 i2omp - ok
18:58:47.0812 11412 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:58:47.0828 11412 i8042prt - ok
18:58:48.0593 11412 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:58:48.0796 11412 ialm - ok
18:58:49.0031 11412 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\drivers\iaStor.sys
18:58:49.0031 11412 iaStor - ok
18:58:49.0234 11412 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:58:49.0296 11412 idsvc - ok
18:58:49.0562 11412 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120727.001\IDSxpx86.sys
18:58:49.0562 11412 IDSxpx86 - ok
18:58:49.0687 11412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:58:49.0687 11412 Imapi - ok
18:58:49.0765 11412 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:58:49.0765 11412 ImapiService - ok
18:58:49.0796 11412 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:58:49.0796 11412 ini910u - ok
18:58:50.0406 11412 IntcAzAudAddService (613a2b00da1d4a80de1ec8cfb52c0d89) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:58:50.0734 11412 IntcAzAudAddService - ok
18:58:50.0937 11412 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:58:51.0031 11412 IntelIde - ok
18:58:51.0093 11412 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:58:51.0093 11412 intelppm - ok
18:58:51.0140 11412 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:58:51.0140 11412 Ip6Fw - ok
18:58:51.0171 11412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:58:51.0171 11412 IpFilterDriver - ok
18:58:51.0218 11412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:58:51.0218 11412 IpInIp - ok
18:58:51.0328 11412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:58:51.0328 11412 IpNat - ok
18:58:51.0531 11412 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:58:51.0562 11412 iPod Service - ok
18:58:51.0593 11412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:58:51.0593 11412 IPSec - ok
18:58:51.0640 11412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:58:51.0671 11412 IRENUM - ok
18:58:51.0734 11412 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:58:51.0734 11412 isapnp - ok
18:58:51.0859 11412 JavaQuickStarterService (39133291cb607bdd87cfc565a4a1e7a5) C:\Program Files\Java\jre6\bin\jqs.exe
18:58:51.0859 11412 JavaQuickStarterService - ok
18:58:51.0906 11412 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:58:51.0906 11412 Kbdclass - ok
18:58:51.0921 11412 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:58:51.0921 11412 kbdhid - ok
18:58:51.0953 11412 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:58:51.0953 11412 kmixer - ok
18:58:52.0015 11412 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:58:52.0015 11412 KSecDD - ok
18:58:52.0093 11412 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:58:52.0093 11412 LanmanServer - ok
18:58:52.0171 11412 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:58:52.0171 11412 lanmanworkstation - ok
18:58:52.0171 11412 lbrtfdc - ok
18:58:52.0234 11412 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:58:52.0234 11412 LmHosts - ok
18:58:52.0281 11412 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
18:58:52.0281 11412 MBAMProtector - ok
18:58:52.0421 11412 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:58:52.0437 11412 MBAMService - ok
18:58:52.0515 11412 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:58:52.0531 11412 McComponentHostService - ok
18:58:52.0578 11412 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:58:52.0609 11412 Messenger - ok
18:58:52.0656 11412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:58:52.0656 11412 mnmdd - ok
18:58:52.0687 11412 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:58:52.0703 11412 mnmsrvc - ok
18:58:52.0734 11412 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:58:52.0734 11412 Modem - ok
18:58:52.0750 11412 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:58:52.0765 11412 Mouclass - ok
18:58:52.0765 11412 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:58:52.0781 11412 mouhid - ok
18:58:52.0812 11412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:58:52.0812 11412 MountMgr - ok
18:58:52.0859 11412 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:58:52.0875 11412 mraid35x - ok
18:58:52.0921 11412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:58:52.0937 11412 MRxDAV - ok
18:58:53.0015 11412 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:58:53.0015 11412 MRxSmb - ok
18:58:53.0078 11412 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:58:53.0078 11412 MSDTC - ok
18:58:53.0093 11412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:58:53.0093 11412 Msfs - ok
18:58:53.0109 11412 MSIServer - ok
18:58:53.0156 11412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:58:53.0187 11412 MSKSSRV - ok
18:58:53.0218 11412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:58:53.0218 11412 MSPCLOCK - ok
18:58:53.0234 11412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:58:53.0234 11412 MSPQM - ok
18:58:53.0265 11412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:58:53.0265 11412 mssmbios - ok
18:58:53.0296 11412 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:58:53.0296 11412 MSTEE - ok
18:58:53.0343 11412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:58:53.0359 11412 Mup - ok
18:58:53.0531 11412 N360 (64c89db40949fd0e7c8ff303676a91f1) C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
18:58:53.0531 11412 N360 - ok
18:58:53.0578 11412 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:58:53.0593 11412 NABTSFEC - ok
18:58:53.0656 11412 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:58:53.0671 11412 napagent - ok
18:58:53.0875 11412 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120728.009\NAVENG.SYS
18:58:53.0890 11412 NAVENG - ok
18:58:54.0062 11412 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120728.009\NAVEX15.SYS
18:58:54.0093 11412 NAVEX15 - ok
18:58:54.0312 11412 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:58:54.0312 11412 NDIS - ok
18:58:54.0359 11412 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:58:54.0375 11412 NdisIP - ok
18:58:54.0406 11412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:58:54.0406 11412 NdisTapi - ok
18:58:54.0421 11412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:58:54.0421 11412 Ndisuio - ok
18:58:54.0453 11412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:58:54.0468 11412 NdisWan - ok
18:58:54.0515 11412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:58:54.0515 11412 NDProxy - ok
18:58:54.0531 11412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:58:54.0531 11412 NetBIOS - ok
18:58:54.0562 11412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:58:54.0578 11412 NetBT - ok
18:58:54.0609 11412 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:58:54.0640 11412 NetDDE - ok
18:58:54.0656 11412 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:58:54.0656 11412 NetDDEdsdm - ok
18:58:54.0687 11412 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:58:54.0687 11412 Netlogon - ok
18:58:54.0734 11412 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:58:54.0734 11412 Netman - ok
18:58:54.0859 11412 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:58:54.0906 11412 NetTcpPortSharing - ok
18:58:54.0953 11412 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:58:54.0968 11412 NIC1394 - ok
18:58:55.0015 11412 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:58:55.0031 11412 Nla - ok
18:58:55.0062 11412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:58:55.0062 11412 Npfs - ok
18:58:55.0187 11412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:58:55.0203 11412 Ntfs - ok
18:58:55.0203 11412 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:58:55.0203 11412 NtLmSsp - ok
 
Part 2 of 2:
18:58:55.0296 11412 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:58:55.0343 11412 NtmsSvc - ok
18:58:55.0406 11412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:58:55.0406 11412 Null - ok
18:58:55.0437 11412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:58:55.0453 11412 NwlnkFlt - ok
18:58:55.0500 11412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:58:55.0500 11412 NwlnkFwd - ok
18:58:55.0531 11412 O2FLASH (bbd5503999f331278db39046888d559c) C:\WINDOWS\system32\DRIVERS\o2flash.exe
18:58:55.0546 11412 O2FLASH - ok
18:58:55.0562 11412 O2MDRDR (948aefc4db1e6cc5a8d9fc5740aee392) C:\WINDOWS\system32\DRIVERS\o2media.sys
18:58:55.0562 11412 O2MDRDR - ok
18:58:55.0593 11412 O2SDRDR (5472c48f44b49f07b16b421899e550f8) C:\WINDOWS\system32\DRIVERS\o2sd.sys
18:58:55.0593 11412 O2SDRDR - ok
18:58:55.0656 11412 OEM13Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM13Afx.sys
18:58:55.0656 11412 OEM13Afx - ok
18:58:55.0718 11412 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
18:58:55.0718 11412 OEM13Vfx - ok
18:58:55.0796 11412 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
18:58:55.0796 11412 OEM13Vid - ok
18:58:55.0859 11412 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:58:55.0859 11412 ohci1394 - ok
18:58:55.0921 11412 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:58:55.0921 11412 Parport - ok
18:58:55.0921 11412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:58:55.0937 11412 PartMgr - ok
18:58:55.0953 11412 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:58:55.0953 11412 ParVdm - ok
18:58:55.0984 11412 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:58:55.0984 11412 PCI - ok
18:58:55.0984 11412 PCIDump - ok
18:58:56.0015 11412 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:58:56.0031 11412 PCIIde - ok
18:58:56.0078 11412 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:58:56.0078 11412 Pcmcia - ok
18:58:56.0078 11412 PDCOMP - ok
18:58:56.0093 11412 PDFRAME - ok
18:58:56.0093 11412 PDRELI - ok
18:58:56.0109 11412 PDRFRAME - ok
18:58:56.0140 11412 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:58:56.0140 11412 perc2 - ok
18:58:56.0156 11412 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:58:56.0156 11412 perc2hib - ok
18:58:56.0218 11412 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:58:56.0218 11412 PlugPlay - ok
18:58:56.0468 11412 PMBDeviceInfoProvider (80e85394d8cd7f84340b1c6f4b9d698f) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
18:58:56.0468 11412 PMBDeviceInfoProvider - ok
18:58:56.0515 11412 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:58:56.0531 11412 PolicyAgent - ok
18:58:56.0578 11412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:58:56.0578 11412 PptpMiniport - ok
18:58:56.0593 11412 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:58:56.0593 11412 ProtectedStorage - ok
18:58:56.0609 11412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:58:56.0609 11412 PSched - ok
18:58:56.0625 11412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:58:56.0625 11412 Ptilink - ok
18:58:56.0687 11412 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:58:56.0687 11412 PxHelp20 - ok
18:58:56.0718 11412 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:58:56.0718 11412 ql1080 - ok
18:58:56.0734 11412 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:58:56.0750 11412 Ql10wnt - ok
18:58:56.0765 11412 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:58:56.0765 11412 ql12160 - ok
18:58:56.0781 11412 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:58:56.0781 11412 ql1240 - ok
18:58:56.0812 11412 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:58:56.0812 11412 ql1280 - ok
18:58:56.0843 11412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:58:56.0843 11412 RasAcd - ok
18:58:56.0890 11412 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:58:56.0921 11412 RasAuto - ok
18:58:56.0937 11412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:58:56.0937 11412 Rasl2tp - ok
18:58:56.0984 11412 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:58:56.0984 11412 RasMan - ok
18:58:57.0000 11412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:58:57.0000 11412 RasPppoe - ok
18:58:57.0015 11412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:58:57.0015 11412 Raspti - ok
18:58:57.0093 11412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:58:57.0093 11412 Rdbss - ok
18:58:57.0109 11412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:58:57.0109 11412 RDPCDD - ok
18:58:57.0140 11412 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:58:57.0156 11412 rdpdr - ok
18:58:57.0218 11412 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:58:57.0250 11412 RDPWD - ok
18:58:57.0312 11412 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:58:57.0515 11412 RDSessMgr - ok
18:58:57.0578 11412 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:58:57.0578 11412 redbook - ok
18:58:57.0640 11412 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:58:57.0640 11412 RemoteAccess - ok
18:58:57.0703 11412 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:58:57.0718 11412 RemoteRegistry - ok
18:58:57.0750 11412 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:58:57.0781 11412 RpcLocator - ok
18:58:57.0859 11412 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:58:57.0859 11412 RpcSs - ok
18:58:57.0906 11412 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:58:57.0921 11412 RSVP - ok
18:58:57.0968 11412 RTLE8023xp (a1ad65718870dbf2bcb81e3c1406469e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
18:58:58.0015 11412 RTLE8023xp - ok
18:58:58.0062 11412 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:58:58.0062 11412 SamSs - ok
18:58:58.0093 11412 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:58:58.0093 11412 SCardSvr - ok
18:58:58.0140 11412 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:58:58.0140 11412 Schedule - ok
18:58:58.0171 11412 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
18:58:58.0203 11412 sdbus - ok
18:58:58.0234 11412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:58:58.0234 11412 Secdrv - ok
18:58:58.0281 11412 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:58:58.0296 11412 seclogon - ok
18:58:58.0343 11412 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:58:58.0343 11412 SENS - ok
18:58:58.0390 11412 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:58:58.0406 11412 Serial - ok
18:58:58.0468 11412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:58:58.0500 11412 Sfloppy - ok
18:58:58.0578 11412 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:58:58.0593 11412 SharedAccess - ok
18:58:58.0640 11412 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:58:58.0640 11412 ShellHWDetection - ok
18:58:58.0656 11412 Simbad - ok
18:58:58.0687 11412 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:58:58.0687 11412 sisagp - ok
18:58:59.0234 11412 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:58:59.0312 11412 Skype C2C Service - ok
18:58:59.0421 11412 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
18:58:59.0421 11412 SkypeUpdate - ok
18:58:59.0640 11412 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:58:59.0640 11412 SLIP - ok
18:58:59.0656 11412 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:58:59.0671 11412 Sparrow - ok
18:58:59.0703 11412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:58:59.0718 11412 splitter - ok
18:58:59.0781 11412 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:58:59.0781 11412 Spooler - ok
18:58:59.0828 11412 sprtsvc_dellsupportcenter - ok
18:58:59.0890 11412 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:58:59.0890 11412 sr - ok
18:58:59.0953 11412 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:58:59.0968 11412 srservice - ok
18:59:00.0125 11412 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS
18:59:00.0125 11412 SRTSP - ok
18:59:00.0171 11412 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS
18:59:00.0171 11412 SRTSPX - ok
18:59:00.0265 11412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:59:00.0265 11412 Srv - ok
18:59:00.0312 11412 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:59:00.0312 11412 SSDPSRV - ok
18:59:00.0359 11412 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:59:00.0359 11412 StillCam - ok
18:59:00.0406 11412 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:59:00.0421 11412 stisvc - ok
18:59:00.0562 11412 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:59:00.0593 11412 stllssvr - ok
18:59:00.0640 11412 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:59:00.0640 11412 streamip - ok
18:59:00.0734 11412 SupportSoft RemoteAssist (2e5586392cdfbd1d73badb20e9ed6386) C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
18:59:00.0859 11412 SupportSoft RemoteAssist - ok
18:59:00.0906 11412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:59:00.0906 11412 swenum - ok
18:59:00.0953 11412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:59:01.0031 11412 swmidi - ok
18:59:01.0031 11412 SwPrv - ok
18:59:01.0078 11412 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:59:01.0109 11412 symc810 - ok
18:59:01.0140 11412 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:59:01.0171 11412 symc8xx - ok
18:59:01.0250 11412 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS
18:59:01.0265 11412 SymEFA - ok
18:59:01.0296 11412 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:59:01.0312 11412 SymEvent - ok
18:59:01.0343 11412 SYMFW (a8c45c36309ee066f9191e511f88ed76) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS
18:59:01.0343 11412 SYMFW - ok
18:59:01.0375 11412 SYMIDS (f4db00bc0c25be3e05d4bbb8637cc3a3) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS
18:59:01.0375 11412 SYMIDS - ok
18:59:01.0437 11412 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
18:59:01.0437 11412 SymIM - ok
18:59:01.0453 11412 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
18:59:01.0453 11412 SymIMMP - ok
18:59:01.0468 11412 SYMNDIS (06a8ecfc68d61a26a67f0e96ff1ca9cc) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS
18:59:01.0468 11412 SYMNDIS - ok
18:59:01.0562 11412 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS
18:59:01.0578 11412 SYMTDI - ok
18:59:01.0609 11412 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:59:01.0609 11412 sym_hi - ok
18:59:01.0656 11412 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:59:01.0671 11412 sym_u3 - ok
18:59:01.0765 11412 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:59:01.0765 11412 SynTP - ok
18:59:01.0828 11412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:59:01.0828 11412 sysaudio - ok
18:59:01.0875 11412 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:59:01.0937 11412 SysmonLog - ok
18:59:02.0015 11412 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:59:02.0015 11412 TapiSrv - ok
18:59:02.0093 11412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:59:02.0109 11412 Tcpip - ok
18:59:02.0140 11412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:59:02.0140 11412 TDPIPE - ok
18:59:02.0156 11412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:59:02.0156 11412 TDTCP - ok
18:59:02.0187 11412 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:59:02.0187 11412 TermDD - ok
18:59:02.0281 11412 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:59:02.0281 11412 TermService - ok
18:59:02.0328 11412 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:59:02.0328 11412 Themes - ok
18:59:02.0375 11412 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:59:02.0515 11412 TlntSvr - ok
18:59:02.0546 11412 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:59:02.0562 11412 TosIde - ok
18:59:02.0609 11412 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:59:02.0609 11412 TrkWks - ok
18:59:02.0656 11412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:59:02.0656 11412 Udfs - ok
18:59:02.0687 11412 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:59:02.0687 11412 ultra - ok
18:59:02.0750 11412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:59:02.0765 11412 Update - ok
18:59:02.0828 11412 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:59:02.0859 11412 upnphost - ok
18:59:02.0890 11412 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:59:02.0921 11412 UPS - ok
18:59:02.0953 11412 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:59:02.0984 11412 USBAAPL - ok
18:59:03.0046 11412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:59:03.0046 11412 usbccgp - ok
18:59:03.0078 11412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:59:03.0078 11412 usbehci - ok
18:59:03.0140 11412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:59:03.0140 11412 usbhub - ok
18:59:03.0187 11412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:59:03.0218 11412 usbscan - ok
18:59:03.0265 11412 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:59:03.0296 11412 USBSTOR - ok
18:59:03.0312 11412 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:59:03.0328 11412 usbuhci - ok
18:59:03.0375 11412 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:59:03.0375 11412 usbvideo - ok
18:59:03.0406 11412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:59:03.0421 11412 VgaSave - ok
18:59:03.0468 11412 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:59:03.0468 11412 viaagp - ok
18:59:03.0484 11412 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:59:03.0500 11412 ViaIde - ok
18:59:03.0531 11412 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:59:03.0531 11412 VolSnap - ok
18:59:03.0625 11412 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:59:03.0640 11412 VSS - ok
18:59:03.0671 11412 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:59:03.0671 11412 w32time - ok
18:59:03.0687 11412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:59:03.0703 11412 Wanarp - ok
18:59:03.0781 11412 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:59:03.0796 11412 Wdf01000 - ok
18:59:03.0796 11412 WDICA - ok
18:59:03.0875 11412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:59:03.0875 11412 wdmaud - ok
18:59:03.0937 11412 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:59:03.0937 11412 WebClient - ok
18:59:04.0062 11412 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:59:04.0062 11412 winmgmt - ok
18:59:04.0078 11412 wltrysvc - ok
18:59:04.0125 11412 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:59:04.0156 11412 WmdmPmSN - ok
18:59:04.0281 11412 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:59:04.0296 11412 Wmi - ok
18:59:04.0343 11412 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:59:04.0343 11412 WmiAcpi - ok
18:59:04.0406 11412 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:59:04.0437 11412 WmiApSrv - ok
18:59:04.0671 11412 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:59:04.0718 11412 WMPNetworkSvc - ok
18:59:04.0937 11412 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:59:05.0000 11412 WPFFontCache_v0400 - ok
18:59:05.0156 11412 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:59:05.0156 11412 wscsvc - ok
18:59:05.0250 11412 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:59:05.0250 11412 WSTCODEC - ok
18:59:05.0281 11412 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:59:05.0281 11412 wuauserv - ok
18:59:05.0328 11412 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:59:05.0375 11412 WudfPf - ok
18:59:05.0406 11412 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:59:05.0406 11412 WudfSvc - ok
18:59:05.0500 11412 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:59:05.0515 11412 WZCSVC - ok
18:59:05.0562 11412 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:59:05.0609 11412 xmlprov - ok
18:59:05.0640 11412 MBR (0x1B8) (7b53936afa31aa818ddee1f13c3004e3) \Device\Harddisk0\DR0
18:59:05.0671 11412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
18:59:05.0671 11412 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
18:59:05.0703 11412 Boot (0x1200) (4c123176ffede24bc41a519ebea754b5) \Device\Harddisk0\DR0\Partition0
18:59:05.0703 11412 \Device\Harddisk0\DR0\Partition0 - ok
18:59:05.0703 11412 ============================================================
18:59:05.0703 11412 Scan finished
18:59:05.0703 11412 ============================================================
18:59:05.0718 9396 Detected object count: 1
18:59:05.0718 9396 Actual detected object count: 1
18:59:34.0375 9396 \Device\Harddisk0\DR0\# - copied to quarantine
18:59:34.0375 9396 \Device\Harddisk0\DR0 - copied to quarantine
18:59:34.0421 9396 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
18:59:34.0468 9396 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
18:59:34.0578 9396 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
18:59:34.0640 9396 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:59:35.0421 9396 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:59:35.0500 9396 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
18:59:35.0562 9396 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
18:59:35.0609 9396 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
18:59:35.0640 9396 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:59:35.0671 9396 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:59:35.0796 9396 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
18:59:35.0796 9396 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
18:59:35.0953 9396 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:59:36.0140 9396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
18:59:36.0187 9396 \Device\Harddisk0\DR0 - ok
18:59:36.0640 9396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
18:59:54.0656 10648 Deinitialize success
 
Good :)

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller report:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Leslie Carey [Admin rights]
Mode: Scan -- Date: 07/29/2012 20:00:33

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4C0C -> HOOKED (Unknown @ 0x8A087260)
SSDT[13] : NtAlertThread @ 0x805D4BBC -> HOOKED (Unknown @ 0x8A098810)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AEE -> HOOKED (Unknown @ 0x8975E008)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66D0 -> HOOKED (Unknown @ 0x89EC1820)
SSDT[31] : NtConnectPort @ 0x805A4604 -> HOOKED (Unknown @ 0x8A194B20)
SSDT[43] : NtCreateMutant @ 0x806175BE -> HOOKED (Unknown @ 0x89D339F8)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A2E -> HOOKED (Unknown @ 0x8A049C08)
SSDT[53] : NtCreateThread @ 0x805D1068 -> HOOKED (Unknown @ 0x8A072580)
SSDT[57] : NtDebugActiveProcess @ 0x80643A4C -> HOOKED (Unknown @ 0x8A17D530)
SSDT[68] : NtDuplicateObject @ 0x805BE03C -> HOOKED (Unknown @ 0x89752128)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FE6 -> HOOKED (Unknown @ 0x895CA168)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9288 -> HOOKED (Unknown @ 0x8A093AD8)
SSDT[91] : NtImpersonateThread @ 0x805D7890 -> HOOKED (Unknown @ 0x8A0AC3C0)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89EE53B8)
SSDT[108] : NtMapViewOfSection @ 0x805B206E -> HOOKED (Unknown @ 0x896AE158)
SSDT[114] : NtOpenEvent @ 0x8060EF7C -> HOOKED (Unknown @ 0x8A17C1B8)
SSDT[122] : NtOpenProcess @ 0x805CB486 -> HOOKED (Unknown @ 0x89751008)
SSDT[123] : NtOpenProcessToken @ 0x805EDF56 -> HOOKED (Unknown @ 0x8A097658)
SSDT[125] : NtOpenSection @ 0x805AA420 -> HOOKED (Unknown @ 0x8A0781C0)
SSDT[128] : NtOpenThread @ 0x805CB712 -> HOOKED (Unknown @ 0x896E0168)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8452 -> HOOKED (Unknown @ 0x89C8AFC0)
SSDT[206] : NtResumeThread @ 0x805D4A48 -> HOOKED (Unknown @ 0x8A0C8388)
SSDT[213] : NtSetContextThread @ 0x805D2C4A -> HOOKED (Unknown @ 0x8A09AC10)
SSDT[228] : NtSetInformationProcess @ 0x805CDED0 -> HOOKED (Unknown @ 0x89608168)
SSDT[240] : NtSetSystemInformation @ 0x8060FC34 -> HOOKED (Unknown @ 0x8A043440)
SSDT[253] : NtSuspendProcess @ 0x805D4B10 -> HOOKED (Unknown @ 0x8A0802B0)
SSDT[254] : NtSuspendThread @ 0x805D4982 -> HOOKED (Unknown @ 0x8A08F6D8)
SSDT[257] : NtTerminateProcess @ 0x805D2308 -> HOOKED (Unknown @ 0x8A096800)
SSDT[258] : NtTerminateThread @ 0x805D2502 -> HOOKED (Unknown @ 0x8A0891F8)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E7C -> HOOKED (Unknown @ 0x8A094950)
SSDT[277] : NtWriteVirtualMemory @ 0x805B4400 -> HOOKED (Unknown @ 0x89510008)
S_SSDT[307] : Unknown -> HOOKED (Unknown @ 0x8A1A9AF8)
S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x89E780B0)
S_SSDT[414] : Unknown -> HOOKED (Unknown @ 0x89CCA0B0)
S_SSDT[416] : Unknown -> HOOKED (Unknown @ 0x89D160B0)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x8A1941B8)
S_SSDT[460] : Unknown -> HOOKED (Unknown @ 0x8A127208)
S_SSDT[475] : Unknown -> HOOKED (Unknown @ 0x8A103D48)
S_SSDT[476] : Unknown -> HOOKED (Unknown @ 0x8A0FE278)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0x8A274D68)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0x89C57E08)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543225L9A300 +++++
--- User ---
[MBR] 14010e887fb29d9af515bd724f1240de
[BSP] 3b83ad77660a0b1dca762ed603421109 : MBR Code unknown
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 228434 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 467925255 | Size: 9993 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


aswMRG Report:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 20:06:18
-----------------------------
20:06:18.250 OS Version: Windows 5.1.2600 Service Pack 3
20:06:18.250 Number of processors: 2 586 0xF0D
20:06:18.250 ComputerName: LESLIELAPTOP UserName: Leslie Carey
20:06:20.781 Initialize success
20:15:42.546 AVAST engine defs: 12072901
20:16:11.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:16:11.625 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
20:16:11.640 Disk 0 MBR read successfully
20:16:11.640 Disk 0 MBR scan
20:16:11.703 Disk 0 unknown MBR code
20:16:11.703 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:16:11.734 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 228434 MB offset 81920
20:16:11.781 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 467925255
20:16:11.781 Disk 0 scanning sectors +488392065
20:16:11.890 Disk 0 scanning C:\WINDOWS\system32\drivers
20:16:33.906 Service scanning
20:17:15.078 Modules scanning
20:17:26.281 Disk 0 trace - called modules:
20:17:26.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
20:17:26.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aced030]
20:17:26.671 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007d[0x8acf4a18]
20:17:26.687 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a79d030]
20:17:28.265 AVAST engine scan C:\WINDOWS
20:17:48.578 AVAST engine scan C:\WINDOWS\system32
20:22:22.421 AVAST engine scan C:\WINDOWS\system32\drivers
20:22:51.265 AVAST engine scan C:\Documents and Settings\Leslie Carey
20:23:39.484 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Leslie Carey\Desktop\MBR.dat"
20:23:39.484 The log file has been saved successfully to "C:\Documents and Settings\Leslie Carey\Desktop\aswMBR.txt"

After running RogueKiller scan, can I close the application? Delete? Fix?
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-07-29.02 - Leslie Carey 07/29/2012 21:02:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.1661 [GMT -5:00]
Running from: c:\documents and settings\Leslie Carey\My Documents\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Leslie Carey\GoToAssistDownloadHelper.exe
c:\documents and settings\Leslie Carey\My Documents\~WRL0001.tmp
c:\documents and settings\Leslie Carey\WINDOWS
c:\program files\SelectRebates
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 00:57 . 2012-07-30 00:57 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-07-30 00:08 . 2012-07-30 00:08 -------- d-----w- c:\windows\LastGood
2012-07-29 23:59 . 2012-07-29 23:59 -------- dc----w- C:\TDSSKiller_Quarantine
2012-07-19 12:33 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-05 23:45 . 2012-07-05 23:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 18:55 . 2012-04-03 22:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 18:55 . 2011-05-21 10:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2012-06-24 21:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-04 22:35 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2011-03-21 10:49 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19 . 2008-10-16 20:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2008-10-16 20:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2012-06-29 17:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2008-10-16 20:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-03-21 10:49 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2011-03-21 10:49 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-02-27 19:30 . 2011-09-20 22:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 39408]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-21 166424]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\documents and settings\Leslie Carey\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - c:\windows\system32\RunDll32.exe [2008-4-25 33280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-06 19:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Leslie Carey\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/11/2011 5:54 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/11/2011 5:54 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/11/2011 5:54 AM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120727.001\IDSXpx86.sys [7/27/2012 5:15 PM 369632]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [10/11/2011 5:54 AM 117648]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [6/1/2010 3:01 AM 367456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2012 11:15 PM 106656]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/18/2009 1:35 AM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2/18/2009 1:35 AM 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2/18/2009 1:35 AM 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2/18/2009 1:35 AM 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2/18/2009 1:35 AM 235840]
S2 gupdate1c9e55cd789d57a;Google Update Service (gupdate1c9e55cd789d57a);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 4:38 PM 133104]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 PM 250056]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 4:38 PM 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/24/2012 4:27 PM 22344]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/24/2012 4:27 PM 655944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:55]
.
2012-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-07-29 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 18:57]
.
2012-07-30 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 18:57]
.
2012-07-29 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 18:57]
.
2012-07-29 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Photosmart 5510d series\Bin\HPCustPartic.exe [2011-08-16 18:57]
.
2012-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 23:35]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 21:38]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 21:38]
.
2012-07-30 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?from=reguserpg
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
FF - ProfilePath - c:\documents and settings\Leslie Carey\Application Data\Mozilla\Firefox\Profiles\te9kee0f.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DownloadManagerService - c:\program files\Verizon Wireless\dist\servicerunner.exe
HKLM-Run-SelectRebates - c:\program files\SelectRebates\SelectRebates.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1028)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-07-29 21:21:20
ComboFix-quarantined-files.txt 2012-07-30 02:21
.
Pre-Run: 49,450,274,816 bytes free
Post-Run: 50,366,988,288 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FF56B24ACD3A6CEC12100F697AC2F8EB
 
Uninstall McAfee Security Scan Plus, typical foistware.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
AtJob::

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-07-29.02 - Leslie Carey 07/29/2012 21:50:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2404 [GMT -5:00]
Running from: c:\documents and settings\Leslie Carey\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Leslie Carey\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 00:57 . 2012-07-30 00:57 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-07-30 00:08 . 2012-07-30 00:08 -------- d-----w- c:\windows\LastGood
2012-07-29 23:59 . 2012-07-29 23:59 -------- dc----w- C:\TDSSKiller_Quarantine
2012-07-19 12:33 . 2012-06-02 20:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-05 23:45 . 2012-07-05 23:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 18:55 . 2012-04-03 22:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 18:55 . 2011-05-21 10:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2012-06-24 21:27 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-04 22:35 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2011-03-21 10:49 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19 . 2008-10-16 20:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2008-10-16 20:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2012-06-29 17:46 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2008-10-16 20:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 20:18 . 2011-03-21 10:49 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 20:18 . 2011-03-21 10:49 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-02-27 19:30 . 2011-09-20 22:53 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-04 39408]
"HP Photosmart 5510d series (NET)"="c:\program files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" [2011-08-16 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-21 16855552]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-21 166424]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\documents and settings\Leslie Carey\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk - c:\windows\system32\RunDll32.exe [2008-4-25 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-06 19:35 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Leslie Carey\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/11/2011 5:54 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/11/2011 5:54 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/11/2011 5:54 AM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120727.001\IDSXpx86.sys [7/27/2012 5:15 PM 369632]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe [10/11/2011 5:54 AM 117648]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [6/1/2010 3:01 AM 367456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/15/2012 11:15 PM 106656]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2/18/2009 1:35 AM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2/18/2009 1:35 AM 43608]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2/18/2009 1:35 AM 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2/18/2009 1:35 AM 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2/18/2009 1:35 AM 235840]
S2 gupdate1c9e55cd789d57a;Google Update Service (gupdate1c9e55cd789d57a);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 4:38 PM 133104]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 5:13 PM 250056]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2009 4:38 PM 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/24/2012 4:27 PM 22344]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/24/2012 4:27 PM 655944]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - TRUESIGHT
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:55]
.
2012-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-04 23:35]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 21:38]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-04 21:38]
.
2012-07-30 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weather.com/weather/my?from=reguserpg
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
FF - ProfilePath - c:\documents and settings\Leslie Carey\Application Data\Mozilla\Firefox\Profiles\te9kee0f.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 21:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1028)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-07-29 22:01:45
ComboFix-quarantined-files.txt 2012-07-30 03:01
ComboFix2.txt 2012-07-30 02:21
.
Pre-Run: 50,385,776,640 bytes free
Post-Run: 50,429,038,592 bytes free
.
- - End Of File - - A94A7BA1BB6C45C8095DD9D14F48C3E6
 
How is computer doing?

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.30.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Leslie Carey :: LESLIELAPTOP [administrator]

7/29/2012 10:10:02 PM
mbam-log-2012-07-29 (22-10-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210925
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


OTL logfile created on: 7/29/2012 10:26:38 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Leslie Carey\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 74.04% Memory free
4.83 Gb Paging File | 4.23 Gb Available in Paging File | 87.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 47.08 Gb Free Space | 21.11% Space Free | Partition Type: NTFS

Computer Name: LESLIELAPTOP | User Name: Leslie Carey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/29 22:25:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leslie Carey\My Documents\Downloads\OTL.exe
PRC - [2012/02/27 14:30:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/21 19:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe
PRC - [2011/08/16 13:47:04 | 001,804,648 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
PRC - [2011/08/16 13:35:08 | 000,643,944 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 07:20:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 07:20:16 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 07:20:05 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/02/27 14:30:38 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/17 22:21:00 | 003,883,424 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008/11/26 12:39:24 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/11/26 12:39:16 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/14 07:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 07:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/07/31 03:26:02 | 000,207,344 | ---- | M] () -- C:\Program Files\Common Files\Sonic Shared\SonicHDDemuxer.dll
MOD - [2007/07/23 16:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/27 13:55:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/05 18:41:46 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/21 19:40:11 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.3.6\ccSvcHst.exe -- (N360)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/03/06 14:35:52 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/04 22:04:06 | 000,071,512 | ---- | M] (O2Micro International) [Auto | Stopped] -- C:\WINDOWS\system32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/07/15 18:38:32 | 000,394,608 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\LESLIE~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\LESLIE~1\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/07/29 19:57:55 | 000,014,080 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2012/07/27 11:51:28 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120728.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/07/27 11:51:28 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120728.009\NAVENG.SYS -- (NAVENG)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/14 13:39:26 | 000,369,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120727.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/05/15 23:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/15 23:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/21 19:40:13 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\cchpx86.sys -- (ccHP)
DRV - [2011/09/21 19:40:13 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symtdi.sys -- (SYMTDI)
DRV - [2011/09/21 19:40:13 | 000,089,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symfw.sys -- (SYMFW)
DRV - [2011/09/21 19:40:13 | 000,036,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symndis.sys -- (SYMNDIS)
DRV - [2011/09/21 19:40:13 | 000,033,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\symids.sys -- (SYMIDS)
DRV - [2010/03/08 10:41:48 | 000,220,112 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/01/13 09:26:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/13 09:26:55 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\SymEFA.sys -- (SymEFA)
DRV - [2010/01/13 09:26:55 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\srtsp.sys -- (SRTSP)
DRV - [2010/01/13 09:26:55 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\srtspx.sys -- (SRTSPX)
DRV - [2010/01/13 09:26:55 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/01/13 09:26:55 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/01/13 09:26:54 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0308030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2008/11/26 12:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 22:04:10 | 000,043,608 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008/11/04 22:04:08 | 000,051,288 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/07/16 16:32:12 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008/07/16 16:32:10 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008/07/16 16:32:00 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Afx.sys -- (OEM13Afx)
DRV - [2008/02/21 16:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/21 16:21:58 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/my?from=reguserpg
IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\SearchScopes,DefaultScope = {ACD9B7E2-C5AF-40C3-AE86-037A2DB2C1E2}
IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\SearchScopes\{ACD9B7E2-C5AF-40C3-AE86-037A2DB2C1E2}: "URL" = http://www.google.com/search?q={sea...icrosoft:en-US&ie=utf8&oe=utf8&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/12 08:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/04 16:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/09/20 17:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leslie Carey\Application Data\Mozilla\Extensions
[2012/03/20 14:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leslie Carey\Application Data\Mozilla\Firefox\Profiles\te9kee0f.default\extensions
[2012/03/20 14:04:32 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Leslie Carey\Application Data\Mozilla\Firefox\Profiles\te9kee0f.default\extensions\toolbar@shopathome.com
[2012/07/29 19:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/19 07:38:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/27 14:30:40 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/27 14:30:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/27 14:30:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2012/07/29 21:56:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Leslie Carey\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab (SyncXfer Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1340991948875 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1340991937859 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF167377-8820-4CC9-B380-51D6AD87926A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 22:21:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/29 20:59:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/29 20:56:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/29 20:56:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/29 20:56:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/29 20:56:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/29 20:56:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/29 20:56:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/29 19:08:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/07/29 18:59:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/29 17:01:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leslie Carey\Desktop\Virus Fix
[2012/07/29 16:06:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Leslie Carey\Start Menu\Programs\Administrative Tools
[2012/07/02 20:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leslie Carey\Desktop\Car Accident
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/29 21:56:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/29 21:47:16 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Leslie Carey\Desktop\Shortcut to ComboFix.lnk
[2012/07/29 21:39:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/29 20:59:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/07/29 20:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/29 20:39:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 20:01:00 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job
[2012/07/29 19:57:55 | 000,014,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/07/29 19:02:26 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Leslie Carey\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510d series (Network).lnk
[2012/07/29 19:02:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/29 19:01:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/29 19:01:31 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 15:59:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/29 12:17:29 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 14:32:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/07/24 08:31:26 | 000,248,320 | ---- | M] () -- C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/23 16:48:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/19 15:15:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 21:47:16 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Leslie Carey\Desktop\Shortcut to ComboFix.lnk
[2012/07/29 20:59:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/07/29 20:59:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/29 20:56:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/29 20:56:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/29 20:56:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/29 20:56:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/29 20:56:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/29 19:57:55 | 000,014,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2012/02/15 14:07:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/04 10:48:20 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/05/12 14:03:48 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/12 13:58:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/22 18:29:47 | 001,148,780 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3453092672-3945045200-3811205533-1006-0.dat
[2011/03/22 18:29:45 | 000,147,686 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2009/03/01 18:35:20 | 000,248,320 | ---- | C] () -- C:\Documents and Settings\Leslie Carey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/03/04 14:37:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/03/05 14:06:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/04/19 14:42:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/03/06 14:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/01/22 13:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/03/23 15:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/02/17 23:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/09/19 18:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Walgreens
[2009/03/18 18:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/02 13:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 18:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/15 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/02 17:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Canon
[2009/09/10 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/14 08:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1
[2011/11/26 19:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\ElevatedDiagnostics
[2011/11/11 11:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\FlixsterCollections
[2012/06/15 11:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\GARMIN
[2010/01/22 16:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\OpenOffice.org
[2009/05/22 19:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Snapfish
[2009/03/05 17:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Southwest Airlines
[2012/04/10 17:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Spotify
[2010/09/19 18:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\W Photo Studio
[2010/09/19 18:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\W Photo Studio Viewer
[2010/09/19 18:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Leslie Carey\Application Data\Walgreens

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 7/29/2012 10:26:38 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Leslie Carey\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 74.04% Memory free
4.83 Gb Paging File | 4.23 Gb Available in Paging File | 87.66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 47.08 Gb Free Space | 21.11% Space Free | Partition Type: NTFS

Computer Name: LESLIELAPTOP | User Name: Leslie Carey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Photosmart 5510d series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Photosmart 5510d series) -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Leslie Carey\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\Leslie Carey\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{162F8A0F-3EBF-4E2A-A37C-E8E29C261C25}" = Garmin City Navigator North America NT 2009.11 Update
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2B21DAC6-647F-497F-918F-9A389EE24C1D}" = Quicken WillMaker Plus 2012
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{85D29B91-2BD3-7B95-C4FE-13E226D34090}" = Flixster Collections
"{8704D51E-25B7-4F23-81E7-AA4F54790230}" = Microsoft MapPoint North America 2004
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F20A857-26D3-B5E4-0D26-5C64C089F716}" = MP3 Download Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B04FB606-75EA-4174-B750-35E2DEC20AF4}" = HP Photosmart 5510d series Product Improvement Study
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE2E1909-12C2-4249-8003-7978BEA3A14F}" = Garmin City Navigator North America NT 2013.10 Update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Help
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68DF3B3-7E42-4504-9696-82EDA2C669C2}" = HP Photosmart 5510d series Basic Device Software
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8722041-B63A-47FB-82A8-5F0977E1CF45}" = TWC Customer Controls
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"4249-7808-9389-3199" = Verizon Wireless Download Manager 2.2.3-SNAPSHOT-r10103
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazing Slow Downer PA" = Amazing Slow Downer (remove only)
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MP620 series User Registration" = Canon MP620 series User Registration
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.verizon.mediastore.vzwdownloadmanager.BEEF85639ECFAE88C004EA3A5F976EE5386C7526.1" = MP3 Download Manager
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"CSCLIB" = Canon Camera Support Core Library
"DD Poker 3 " = DD Poker 3
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"FlixsterCollections" = Flixster Collections
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Photo Creations" = HP Photo Creations
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3453092672-3945045200-3811205533-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2012 2:10:43 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19688

Error - 7/23/2012 2:10:43 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19688

Error - 7/23/2012 2:10:45 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2012 2:10:45 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21656

Error - 7/23/2012 2:10:45 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21656

Error - 7/23/2012 4:13:53 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/23/2012 4:13:53 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7409703

Error - 7/23/2012 4:13:53 PM | Computer Name = LESLIELAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7409703

Error - 7/24/2012 7:25:43 AM | Computer Name = LESLIELAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/25/2012 3:31:31 AM | Computer Name = LESLIELAPTOP | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Standard -- Error 1706. No valid
source could be found for product Microsoft Office 2000 SR-1 Standard. The Windows
installer cannot continue.

[ System Events ]
Error - 7/28/2012 10:24:35 AM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 7/28/2012 10:24:35 AM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 7/28/2012 1:56:26 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7034
Description = The PMBDeviceInfoProvider service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/28/2012 1:58:42 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 7/28/2012 1:58:42 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 7/28/2012 4:24:29 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 7/28/2012 4:24:30 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 7/29/2012 8:57:53 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7034
Description = The Skype C2C Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/29/2012 9:57:59 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7034
Description = The O2FLASH service terminated unexpectedly. It has done this 1 time(s).

Error - 7/29/2012 10:02:05 PM | Computer Name = LESLIELAPTOP | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
 
You didn't say:
How is computer doing?
Click to expand...

p4494882.gif


===============================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O3 - HKU\S-1-5-21-3453092672-3945045200-3811205533-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==========================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3453092672-3945045200-3811205533-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {32505657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32505657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32505657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 321 bytes

Security Check results:
Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 17
Java(TM) 6 Update 16
Java(TM) 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (9.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

FSS log:
Farbar Service Scanner Version: 26-07-2012
Ran by Leslie Carey (administrator) on 30-07-2012 at 06:14:08
Running from "C:\Documents and Settings\Leslie Carey\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(11) Tcpip(3)
0x0B000000040000000100000002000000030000000B0000000A0000000900000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

ESET Scan:
C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.07.2012_18.58.21\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
 
Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

======================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Broni

The computer was working very well until I tried to update adobe flash player. The free download manager seems to be messing with everything both in IE and Firefox. I also got the error "cannot find the Registry key specified HKEY_LOCAL_MACHINE\software\Java Runtime Environment 11.7.0_05"

The OTL log is as follows:
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Dan

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Leslie Carey
->Temp folder emptied: 53949057 bytes
->Temporary Internet Files folder emptied: 33428092 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61241769 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2791 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 949104 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 306945524 bytes

Total Files Cleaned = 435.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Dan

User: Default User
->Flash cache emptied: 0 bytes

User: Leslie Carey
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Dan

User: Default User

User: Leslie Carey
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_193419

Files\Folders moved on Reboot...
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\ads[10].htm moved successfully.
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\infected-I-think[1].txt moved successfully.
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\net[2].htm moved successfully.
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\partner[2].htm moved successfully.
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\PXEOK8NC\aclk[1].htm moved successfully.
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\PXEOK8NC\component[1].html moved successfully.
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\J1Y5OKPS\adsCAR01CZH.htm moved successfully.
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\J1Y5OKPS\partner[1].htm moved successfully.
C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\IIJ10IOD\tad[2].htm moved successfully.
File\Folder C:\WINDOWS\temp\JETCC73.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_318.dat not found!

PendingFileRenameOperations files...
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\ads[10].htm not found!
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\infected-I-think[1].txt not found!
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\net[2].htm not found!
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\TOGPZXAG\partner[2].htm not found!
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\PXEOK8NC\aclk[1].htm not found!
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\PXEOK8NC\component[1].html not found!
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\J1Y5OKPS\adsCAR01CZH.htm not found!
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\J1Y5OKPS\partner[1].htm not found!
File C:\Documents and Settings\Leslie Carey\Local Settings\Temporary Internet Files\Content.IE5\IIJ10IOD\tad[2].htm not found!
File C:\WINDOWS\temp\JETCC73.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_318.dat not found!

Registry entries deleted on Reboot...


Thanks for the help I just want to get rid of that download manager and make sure that Java is working okay.
 
The free download manager seems to be messing with everything both in IE and Firefox
Click to expand...
What free download manager are we talking about?
Something you installed?

I also got the error "cannot find the Registry key specified HKEY_LOCAL_MACHINE\software\Java Runtime Environment 11.7.0_05"
Click to expand...
When doing what?
 
The free download manager was at the top of your last post with the adobe flash player update.

The error came when the control panel > Java was accessed. When I clicked on Java to try to uncheck the Quick Starter.
 
If you used my link there is no download manager present.

As for Java, run JavaRa first then try to update Java.
When done you can post new Security Check so we can see what you have there.
 
Ja Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 17
Java(TM) 6 Update 16
Java(TM) 7 Update 5
Java(TM) 6 Update 7
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon!
````````````````````End of Log``````````````````````
va Ra run, Java update, Security check below.
 
Uninstall:
JavaFX 2.1.1
Java(TM) 6 Update 17
Java(TM) 6 Update 16
Java(TM) 6 Update 7

What about Flash?
If you used my link there is no download manager is present.
Click to expand...
 
Java FX 2.1.1 uninstalled
Flash updated after I read the instructions.
Java 6 Update 7 does not show up in add remove programs
Java 6 Update 16 and 17 both give me "fatal error during installation" when I attempt to remove
 
Java 6 Update 7 does not show up in add remove programs
Java 6 Update 16 and 17 both give me "fatal error during installation" when I attempt to remove
Click to expand...
Some registry leftovers. Nothing to worry about.

You should be good to go :)
 
You must log in or register to reply here.

Similar threads

D
Microsoft reveals how much Windows 10 Extended Security Updates will cost
Replies
16
Views
252
Gezzer
G
E
Windows 11's latest feature will eliminate reboots for OS updates
Replies
17
Views
343
netman
netman
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
397
trparky
T

Latest posts

Back