Solved Virus infestation

P

poohgc

Posts: 67   +0
MBAM Log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
khermanson :: ADELEP [administrator]

11/15/2012 9:40:45 AM
mbam-log-2012-11-15 (09-40-45).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 715901
Time elapsed: 1 hour(s), 48 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{55356021-C966-4E4B-A715-75105CF0B9C7}\RP822\A0048509.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

(end)

GMER.LOG
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-11-15 11:58:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380011A rev.8.16
Running: krnkffun.exe; Driver: C:\DOCUME~1\ADMIN~1.LSN\LOCALS~1\Temp\uxtdrpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

DDS logs:
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by admin at 13:01:18 on 2012-11-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.519 [GMT -6:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINNT\System32\alg.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINNT\system32\hphmon05.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\igfxsrvc.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\WINNT\system32\svchost.exe -k DcomLaunch
C:\WINNT\system32\svchost.exe -k rpcss
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k NetworkService
C:\WINNT\system32\svchost.exe -k LocalService
C:\WINNT\system32\svchost.exe -k LocalService
C:\WINNT\system32\svchost.exe -k netsvcs
C:\WINNT\System32\svchost.exe -k HPZ12
C:\WINNT\System32\svchost.exe -k HPZ12
C:\WINNT\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.legalassist.org/
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: <No Name>: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [SC_DAEMON] "c:\program files\mailshell spamcatcher universal desktop client\sc_daemon.exe"
mRun: [OE_Plugin_Startup] "c:\program files\mailshell spamcatcher universal desktop client\Launcher.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HPDJ Taskbar Utility] c:\winnt\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HPHmon05] c:\winnt\system32\hphmon05.exe
mRun: [igfxtray] c:\winnt\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\winnt\system32\hkcmd.exe
mRun: [igfxpers] c:\winnt\system32\igfxpers.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x4\programs\QFSCHD140.EXE"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
dRunOnce: [tscuninstall] c:\winnt\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\winnt\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Windows\System: CompatibleRUPSecurity = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} - hxxp://webiq005.webiqonline.com/WebIQ/DataServer/Pub/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9}
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/157d37c333621a912406/netzip/RdxIE601.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132007159500
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132065967140
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
TCP: Interfaces\{730475C2-769E-4930-BEDB-799399D41193} : NameServer = 192.168.2.4,192.168.2.5,192.168.2.6
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
Notify: PCANotify - PCANotify.dll
Notify: wzcnotif - wzcdlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\admin.lsnd\application data\mozilla\firefox\profiles\6x6or03l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.legalassist.org/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\winnt\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\winnt\system32\npDeployJava1.dll
FF - plugin: c:\winnt\system32\npptools.dll
FF - ExtSQL: 2012-10-10 17:08; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 Achernar;Achernar - SCSI Command Filters;c:\winnt\system32\drivers\Achernar.sys [2006-4-24 16855]
R1 AW_HOST;AW_HOST;c:\winnt\system32\drivers\AW_HOST5.sys [2003-10-23 16984]
R2 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2005-5-20 106496]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-2 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2011-6-2 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-6-2 1839776]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\winnt\system32\drivers\Aldebaran.sys [2006-4-24 21808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-9-27 106656]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20121114.008\NAVENG.SYS [2012-11-15 92704]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20121114.008\NAVEX15.SYS [2012-11-15 1601184]
S3 COH_Mon;COH_Mon;c:\winnt\system32\drivers\COH_Mon.sys [2011-6-2 23888]
S3 NPF;WinPcap Packet Driver (NPF);c:\winnt\system32\drivers\npf.sys [2012-11-14 50704]
S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2005-11-14 49776]
S3 VPREMOTE;VPRemote Install Bootstrap Service;c:\temp\clt-inst\vpremote.exe --> c:\temp\clt-inst\vpremote.exe [?]
S4 SpamCatcherUniversal;SpamCatcherUniversal;"c:\program files\mailshell spamcatcher universal desktop client\spamcatcher.exe" -d "c:\program files\mailshell spamcatcher universal desktop client\conf\\" --> c:\program files\mailshell spamcatcher universal desktop client\spamcatcher.exe [?]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\program files\corel\wordperfect lightning\programs\LightningNavigator.exe" "-ViewDocument" "%1"
ShellExec: wordpad.exe: print="c:\program files\windows nt\accessories\WORDPAD.EXE"/p "%1"
ShellExec: wordpad.exe: printto="c:\program files\windows nt\accessories\WORDPAD.EXE"/pt "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2012-11-15 13:28:33 -------- d-sha-r- C:\cmdcons
2012-11-15 13:22:28 98816 ----a-w- c:\winnt\sed.exe
2012-11-15 13:22:28 256000 ----a-w- c:\winnt\PEV.exe
2012-11-15 13:22:28 208896 ----a-w- c:\winnt\MBR.exe
2012-11-15 13:22:14 -------- d-s---w- C:\ComboFix
2012-11-14 20:33:07 -------- d-----w- c:\documents and settings\admin.lsnd\application data\Malwarebytes
2012-11-14 20:32:39 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-14 20:32:26 22856 ----a-w- c:\winnt\system32\drivers\mbam.sys
2012-11-14 20:32:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-14 18:50:36 -------- d-----w- c:\documents and settings\all users\application data\AC62295460A1D4A80000AC617CFDDFA4
2012-11-14 18:49:47 50704 ----a-w- c:\winnt\system32\drivers\npf.sys
2012-11-14 18:49:46 281104 ----a-w- c:\winnt\system32\wpcap.dll
2012-11-14 18:49:45 100880 ----a-w- c:\winnt\system32\Packet.dll
.
==================== Find3M ====================
.
2012-11-14 19:44:20 60808 -c--a-w- c:\winnt\system32\S32EVNT1.DLL
2012-11-14 19:44:20 125488 -c--a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
2012-11-13 19:46:49 1682 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2012-10-10 22:02:57 93672 ----a-w- c:\winnt\system32\WindowsAccessBridge.dll
2012-10-10 22:02:52 821736 ----a-w- c:\winnt\system32\npDeployJava1.dll
2012-10-10 22:02:52 746984 ----a-w- c:\winnt\system32\deployJava1.dll
2012-10-10 22:02:52 143872 ----a-w- c:\winnt\system32\javacpl.cpl
2012-10-10 21:57:59 73656 ----a-w- c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-10-10 21:57:59 696760 ----a-w- c:\winnt\system32\FlashPlayerApp.exe
2012-08-30 20:29:36 81920 ------w- c:\winnt\system32\ieencode.dll
2012-08-28 15:14:53 916992 ----a-w- c:\winnt\system32\wininet.dll
2012-08-28 15:14:53 43520 ------w- c:\winnt\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\winnt\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\winnt\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\winnt\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\winnt\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\winnt\system32\ntkrnlpa.exe
.
============= FINISH: 13:02:33.36 ===============


attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/21/2009 4:07:29 PM
System Uptime: 11/15/2012 11:46:16 AM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0C7018
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 41.493 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP762: 9/13/2012 12:35:12 PM - System Checkpoint
RP763: 9/14/2012 1:30:19 PM - System Checkpoint
RP764: 9/15/2012 2:30:26 PM - System Checkpoint
RP765: 9/16/2012 3:30:21 PM - System Checkpoint
RP766: 9/17/2012 4:30:26 PM - System Checkpoint
RP767: 9/18/2012 5:30:21 PM - System Checkpoint
RP768: 9/19/2012 6:30:21 PM - System Checkpoint
RP769: 9/20/2012 7:30:26 PM - System Checkpoint
RP770: 9/21/2012 8:30:38 PM - System Checkpoint
RP771: 9/22/2012 9:30:32 PM - System Checkpoint
RP772: 9/23/2012 10:30:22 PM - System Checkpoint
RP773: 9/24/2012 11:30:23 PM - System Checkpoint
RP774: 9/26/2012 12:30:21 AM - System Checkpoint
RP775: 9/27/2012 1:30:22 AM - System Checkpoint
RP776: 9/28/2012 1:34:24 AM - System Checkpoint
RP777: 9/29/2012 2:34:24 AM - System Checkpoint
RP778: 9/30/2012 3:34:26 AM - System Checkpoint
RP779: 10/1/2012 4:34:30 AM - System Checkpoint
RP780: 10/2/2012 5:34:34 AM - System Checkpoint
RP781: 10/3/2012 6:34:28 AM - System Checkpoint
RP782: 10/4/2012 5:05:42 PM - System Checkpoint
RP783: 10/5/2012 5:16:16 PM - System Checkpoint
RP784: 10/6/2012 6:16:21 PM - System Checkpoint
RP785: 10/7/2012 7:16:19 PM - System Checkpoint
RP786: 10/8/2012 7:58:44 PM - System Checkpoint
RP787: 10/9/2012 8:58:44 PM - System Checkpoint
RP788: 10/10/2012 1:53:56 PM - Software Distribution Service 3.0
RP789: 10/10/2012 4:05:41 PM - Software Distribution Service 3.0
RP790: 10/10/2012 5:02:42 PM - Installed Java 7 Update 7
RP791: 10/11/2012 6:02:42 PM - System Checkpoint
RP792: 10/12/2012 7:02:42 PM - System Checkpoint
RP793: 10/13/2012 8:02:42 PM - System Checkpoint
RP794: 10/14/2012 9:02:49 PM - System Checkpoint
RP795: 10/15/2012 10:02:43 PM - System Checkpoint
RP796: 10/16/2012 11:02:44 PM - System Checkpoint
RP797: 10/18/2012 12:02:45 AM - System Checkpoint
RP798: 10/19/2012 12:33:09 AM - System Checkpoint
RP799: 10/20/2012 1:33:05 AM - System Checkpoint
RP800: 10/21/2012 2:33:03 AM - System Checkpoint
RP801: 10/22/2012 3:33:00 AM - System Checkpoint
RP802: 10/23/2012 4:30:27 AM - System Checkpoint
RP803: 10/24/2012 5:30:26 AM - System Checkpoint
RP804: 10/26/2012 1:17:25 PM - System Checkpoint
RP805: 10/27/2012 1:23:03 PM - System Checkpoint
RP806: 10/28/2012 2:22:30 PM - System Checkpoint
RP807: 10/29/2012 5:22:59 PM - System Checkpoint
RP808: 10/30/2012 5:25:42 PM - System Checkpoint
RP809: 10/31/2012 6:22:32 PM - System Checkpoint
RP810: 11/1/2012 7:22:29 PM - System Checkpoint
RP811: 11/2/2012 8:22:40 PM - System Checkpoint
RP812: 11/3/2012 8:22:31 PM - System Checkpoint
RP813: 11/4/2012 9:22:43 PM - System Checkpoint
RP814: 11/5/2012 10:22:29 PM - System Checkpoint
RP815: 11/6/2012 11:22:29 PM - System Checkpoint
RP816: 11/8/2012 12:22:26 AM - System Checkpoint
RP817: 11/9/2012 1:22:27 AM - System Checkpoint
RP818: 11/10/2012 2:22:30 AM - System Checkpoint
RP819: 11/11/2012 3:22:31 AM - System Checkpoint
RP820: 11/12/2012 4:22:24 AM - System Checkpoint
RP821: 11/13/2012 5:22:32 AM - System Checkpoint
RP822: 11/14/2012 6:22:19 AM - System Checkpoint
RP823: 11/15/2012 6:29:47 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
Acrobat.com
Ad-Aware SE Personal
Adobe Acrobat 7.0 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AnswerWorks Runtime
Compatibility Pack for the 2007 Office system
Corel WordPerfect Office - iFilter
Critical Update for Windows Media Player 11 (KB959772)
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Commercial Scanjet 5590 TWAIN Driver
HP Memories Disc
HP Photo and Imaging 2.5 - Scanjet 5590 Series
HP Software Update
HPScanjet5590Corporate11
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Java 7 Update 7
Java Auto Updater
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Shockwave Player
Mailshell Anti-Spam Universal
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB947742)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer 2003
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook 2003
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Photosmart 140,240,7200,7600,7700,7900 Series
Presto! PageManager 7.11
PS7200
PSShortcutsP
PSUsage
QFolder
Readiris Pro 8
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealPopup
RealUpgrade 1.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
ShareIns
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spybot - Search & Destroy 1.3
Symantec Endpoint Protection
Symantec pcAnywhere
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebFldrs
WebFldrs XP
WebIQ Technology Engine
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Service Pack 3
WinZip
WordPerfect Lightning
WordPerfect Lightning - EN
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office 2000 Hot Fix
WordPerfect Office X4
WordPerfect Office X4 - Common
WordPerfect Office X4 - Content
WordPerfect Office X4 - EN
WordPerfect Office X4 - Filters
WordPerfect Office X4 - Graphics
WordPerfect Office X4 - ICA
WordPerfect Office X4 - IPM
WordPerfect Office X4 - IPM EN
WordPerfect Office X4 - Migration Manager
WordPerfect Office X4 - PerfectExperts
WordPerfect Office X4 - PR
WordPerfect Office X4 - QP
WordPerfect Office X4 - Skins
WordPerfect Office X4 - System
WordPerfect Office X4 - WP
.
==== Event Viewer Messages From Past Week ========
.
11/14/2012 4:14:58 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
11/14/2012 2:52:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/14/2012 2:51:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AW_HOST eeCtrl Fips intelppm SPBBCDrv SRTSP SRTSPX SYMTDI
11/14/2012 2:15:01 PM, error: Srv [2020] - The server was unable to allocate from the system paged pool because the pool was empty.
11/14/2012 12:53:39 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Management Client service to connect.
11/14/2012 12:53:39 PM, error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2012 12:53:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Settings Manager service to connect.
11/14/2012 12:53:37 PM, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/14/2012 12:53:36 PM, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/14/2012 12:53:36 PM, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
11/14/2012 12:53:36 PM, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/14/2012 12:53:36 PM, error: Service Control Manager [7000] - The pcAnywhere Host Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/14/2012 12:53:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the pcAnywhere Host Service service to connect.
11/14/2012 12:53:31 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
11/14/2012 12:53:31 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/14/2012 12:53:31 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/14/2012 12:53:31 PM, error: Service Control Manager [7031] - The pcAnywhere Host Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/14/2012 1:55:20 PM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\authmgr.dll. Reference error message: Error Message is unavailable .
11/13/2012 11:28:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
11/13/2012 11:28:23 PM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/13/2012 11:28:23 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
11/12/2012 2:35:32 PM, error: NETLOGON [5719] - No Domain Controller is available for domain LSND due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================
 
Oops, forgot an explanation. Yesterday this machine was extremely slow. A box popped up and the use clicked on it to "clean the viruses off" as the message told her the computer was full of viruses. I run the three files and it seems to be working properly. We have Symantec Endpoint Protection.

Thank you.

Gale
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

===============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Thank you Broni for your help. After I run the previous two scans and turned my virus scan back on it stated I was infected with Trojan.Gen.2. Following are the scans for RogueKiller and aswMBR

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Scan -- Date : 11/16/2012 07:10:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x8062FF2C -> HOOKED (Unknown @ 0x8627BDA8)
SSDT[13] : NtAlertThread @ 0x80577278 -> HOOKED (Unknown @ 0x862DDAC0)
SSDT[17] : NtAllocateVirtualMemory @ 0x8056926A -> HOOKED (Unknown @ 0x862DDAF8)
SSDT[31] : NtConnectPort @ 0x8058CA79 -> HOOKED (Unknown @ 0x8626AA88)
SSDT[43] : NtCreateMutant @ 0x80577648 -> HOOKED (Unknown @ 0x8627EAF8)
SSDT[53] : NtCreateThread @ 0x8057888D -> HOOKED (Unknown @ 0x8623D308)
SSDT[83] : NtFreeVirtualMemory @ 0x80569B95 -> HOOKED (Unknown @ 0x862A1548)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC17E -> HOOKED (Unknown @ 0x862BF5B0)
SSDT[91] : NtImpersonateThread @ 0x80581729 -> HOOKED (Unknown @ 0x86252858)
SSDT[108] : NtMapViewOfSection @ 0x8057CA99 -> HOOKED (Unknown @ 0x8623D360)
SSDT[114] : NtOpenEvent @ 0x80581A98 -> HOOKED (Unknown @ 0x862A1510)
SSDT[123] : NtOpenProcessToken @ 0x80571089 -> HOOKED (Unknown @ 0x862B6BC0)
SSDT[129] : NtOpenThreadToken @ 0x80570B26 -> HOOKED (Unknown @ 0x86297BF8)
SSDT[206] : NtResumeThread @ 0x80578F00 -> HOOKED (Unknown @ 0x862E7068)
SSDT[213] : NtSetContextThread @ 0x8062E75B -> HOOKED (Unknown @ 0x8626DBF0)
SSDT[228] : NtSetInformationProcess @ 0x80570D95 -> HOOKED (Unknown @ 0x8628F890)
SSDT[229] : NtSetInformationThread @ 0x8056C596 -> HOOKED (Unknown @ 0x86260628)
SSDT[253] : NtSuspendProcess @ 0x8062FE71 -> HOOKED (Unknown @ 0x8629ADA8)
SSDT[254] : NtSuspendThread @ 0x805E0535 -> HOOKED (Unknown @ 0x862A8AA8)
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (Unknown @ 0x862E91A8)
SSDT[258] : NtTerminateThread @ 0x80577F9F -> HOOKED (Unknown @ 0x862A7DA8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C61E -> HOOKED (Unknown @ 0x8626EDA8)
SSDT[277] : NtWriteVirtualMemory @ 0x80581512 -> HOOKED (Unknown @ 0x86252890)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x85D03FD0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINNT\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380011A +++++
--- User ---
[MBR] 977fea8615f54927445233f59fbb9d7e
[BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11162012_02d0710.txt >>
RKreport[1]_S_11162012_02d0710.txt

*********************************************************************************************************
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : admin [Admin rights]
Mode : Remove -- Date : 11/16/2012 07:12:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x8062FF2C -> HOOKED (Unknown @ 0x8627BDA8)
SSDT[13] : NtAlertThread @ 0x80577278 -> HOOKED (Unknown @ 0x862DDAC0)
SSDT[17] : NtAllocateVirtualMemory @ 0x8056926A -> HOOKED (Unknown @ 0x862DDAF8)
SSDT[31] : NtConnectPort @ 0x8058CA79 -> HOOKED (Unknown @ 0x8626AA88)
SSDT[43] : NtCreateMutant @ 0x80577648 -> HOOKED (Unknown @ 0x8627EAF8)
SSDT[53] : NtCreateThread @ 0x8057888D -> HOOKED (Unknown @ 0x8623D308)
SSDT[83] : NtFreeVirtualMemory @ 0x80569B95 -> HOOKED (Unknown @ 0x862A1548)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805DC17E -> HOOKED (Unknown @ 0x862BF5B0)
SSDT[91] : NtImpersonateThread @ 0x80581729 -> HOOKED (Unknown @ 0x86252858)
SSDT[108] : NtMapViewOfSection @ 0x8057CA99 -> HOOKED (Unknown @ 0x8623D360)
SSDT[114] : NtOpenEvent @ 0x80581A98 -> HOOKED (Unknown @ 0x862A1510)
SSDT[123] : NtOpenProcessToken @ 0x80571089 -> HOOKED (Unknown @ 0x862B6BC0)
SSDT[129] : NtOpenThreadToken @ 0x80570B26 -> HOOKED (Unknown @ 0x86297BF8)
SSDT[206] : NtResumeThread @ 0x80578F00 -> HOOKED (Unknown @ 0x862E7068)
SSDT[213] : NtSetContextThread @ 0x8062E75B -> HOOKED (Unknown @ 0x8626DBF0)
SSDT[228] : NtSetInformationProcess @ 0x80570D95 -> HOOKED (Unknown @ 0x8628F890)
SSDT[229] : NtSetInformationThread @ 0x8056C596 -> HOOKED (Unknown @ 0x86260628)
SSDT[253] : NtSuspendProcess @ 0x8062FE71 -> HOOKED (Unknown @ 0x8629ADA8)
SSDT[254] : NtSuspendThread @ 0x805E0535 -> HOOKED (Unknown @ 0x862A8AA8)
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (Unknown @ 0x862E91A8)
SSDT[258] : NtTerminateThread @ 0x80577F9F -> HOOKED (Unknown @ 0x862A7DA8)
SSDT[267] : NtUnmapViewOfSection @ 0x8057C61E -> HOOKED (Unknown @ 0x8626EDA8)
SSDT[277] : NtWriteVirtualMemory @ 0x80581512 -> HOOKED (Unknown @ 0x86252890)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x85D03FD0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINNT\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380011A +++++
--- User ---
[MBR] 977fea8615f54927445233f59fbb9d7e
[BSP] 924c3ccc7cf16975da73c299d9d5d6d2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11162012_02d0712.txt >>
RKreport[1]_S_11162012_02d0710.txt ; RKreport[2]_D_11162012_02d0712.txt

**************************************************************************************************************************
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 07:19:06
-----------------------------
07:19:06.085 OS Version: Windows 5.1.2600 Service Pack 3
07:19:06.085 Number of processors: 1 586 0x401
07:19:06.101 ComputerName: ADELEP UserName: admin
07:19:06.913 Initialize success
07:20:45.552 AVAST engine defs: 12111600
07:21:55.441 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:21:55.441 Disk 0 Vendor: ST380011A 8.16 Size: 76293MB BusType: 3
07:21:55.472 Disk 0 MBR read successfully
07:21:55.472 Disk 0 MBR scan
07:21:55.582 Disk 0 Windows XP default MBR code
07:21:55.597 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
07:21:55.613 Disk 0 scanning sectors +156232125
07:21:55.722 Disk 0 scanning C:\WINNT\system32\drivers
07:22:25.956 Service scanning
07:22:57.455 Modules scanning
07:23:18.439 Disk 0 trace - called modules:
07:23:18.455 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
07:23:18.455 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863d5ab8]
07:23:18.955 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x863d6b00]
07:23:19.596 AVAST engine scan C:\WINNT
07:24:25.360 AVAST engine scan C:\WINNT\system32
07:33:57.537 AVAST engine scan C:\WINNT\system32\drivers
07:34:38.864 AVAST engine scan C:\Documents and Settings\admin.LSND
07:36:50.799 AVAST engine scan C:\Documents and Settings\All Users
07:39:32.811 Scan finished successfully
07:42:10.590 Disk 0 MBR has been saved successfully to "\\Xpfsfrg\work - frg\Docs\Virus Info Adele\MBR.dat"
07:42:10.590 The log file has been saved successfully to "\\Xpfsfrg\work - frg\Docs\Virus Info Adele\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

===================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Broni, I have left the machine for the day. Would it be possible to take this up on Monday morning?
 
Broni,

I tried to run combofix, it just sat there (3 1/2 hours) at a screen that says "scanning for infected files".

I then downloaded rkill.exe, booted into safe mode, stopped the virus scan and tried to run it from the desktop. A black box popped up really quick, but before the notepad log file could come up I got a BSOD, something looking like this: http://i1307.photobucket.com/albums/s595/finaltactics/IMAG0091_zps8062c76a.jpg.

I then downloaded iexplore.exe from the site above and booted into safe mode and tried to run that scan from the desktop. I got the same type of BSOD.

I then tried to run combofix which had been downloaded onto the desktop with a different name. That one is stuck at "scanning for infected files" also. The computer clock is still running also. It was also still running when it sat there for 3 1/2 hours also.
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

********************************************

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
OK, I had to do this scan twice. The same threat keeps showing up. The first scan was as follows:

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.20.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: ADELEP [administrator]

11/20/2012 8:37:41 AM
mbar-log-2012-11-20 (08-37-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 30727
Time elapsed: 1 hour(s), 18 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [0a77fabf3627a393d4811311d62e7c84]

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

*******************************************************************
The second scan was as follows:

Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.20.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: ADELEP [administrator]

11/20/2012 9:55:53 AM
mbar-log-2012-11-20 (09-55-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 30727
Time elapsed: 1 hour(s), 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. [473a2099b0adbf77035234f02dd7bd43]

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
****************************************************************

System_log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1071628288, free: 423309312

DDA Driver installation error.
Driver installed on boot. Reboot required.
System shutdown occured
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1071628288, free: 612425728

Downloaded database version: v2012.11.20.02
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\WINNT\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 156232062
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1071628288, free: 627650560

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1071628288, free: 580050944

DDA Driver installation error.
Driver installed on boot. Reboot required.
System shutdown occured
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1071628288, free: 618340352

Initializing...
Done!
Scanning directory: C:\WINNT\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 156232062
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156230000-156250000)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 1071628288, free: 636456960
 
OK, tried to run combofix again from the first link above. It asked me to update to the newest version which I agreed to. I let it sit there for about 20 minutes. It never knocked me off the internet. I looked at the instructions again and they didn't mention that it would need to be updated, so I stopped it, deleted it off the desktop, cleaned the recycle bin and I downloaded a new version, saved it to the desktop and started it again. It has been close to 20 minutes or so again, and it is still sitting there saying it typically only takes 10 minutes but badly infected machines could more than double. Should I continue to let it run?
 
OK, tried :
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

When trying to run Rkill or Iexplore, I get the blue screen of death and I downloaded a new copy of combofix and gave it a different name, that will not run either.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKILLER Log file:

10:27:24.0868 3160 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:27:25.0367 3160 ============================================================
10:27:25.0367 3160 Current date / time: 2012/11/21 10:27:25.0367
10:27:25.0367 3160 SystemInfo:
10:27:25.0367 3160
10:27:25.0367 3160 OS Version: 5.1.2600 ServicePack: 3.0
10:27:25.0367 3160 Product type: Workstation
10:27:25.0367 3160 ComputerName: ADELEP
10:27:25.0367 3160 UserName: admin
10:27:25.0367 3160 Windows directory: C:\WINNT
10:27:25.0367 3160 System windows directory: C:\WINNT
10:27:25.0367 3160 Processor architecture: Intel x86
10:27:25.0367 3160 Number of processors: 1
10:27:25.0367 3160 Page size: 0x1000
10:27:25.0367 3160 Boot type: Normal boot
10:27:25.0367 3160 ============================================================
10:27:28.0159 3160 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:27:28.0159 3160 ============================================================
10:27:28.0159 3160 \Device\Harddisk0\DR0:
10:27:28.0159 3160 MBR partitions:
10:27:28.0159 3160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
10:27:28.0159 3160 ============================================================
10:27:28.0253 3160 C: <-> \Device\Harddisk0\DR0\Partition1
10:27:28.0253 3160 ============================================================
10:27:28.0253 3160 Initialize success
10:27:28.0253 3160 ============================================================
10:27:38.0811 3540 ============================================================
10:27:38.0811 3540 Scan started
10:27:38.0811 3540 Mode: Manual;
10:27:38.0811 3540 ============================================================
10:27:42.0523 3540 ================ Scan system memory ========================
10:27:46.0297 3540 System memory - ok
10:27:46.0297 3540 ================ Scan services =============================
10:27:46.0422 3540 Abiosdsk - ok
10:27:46.0438 3540 abp480n5 - ok
10:27:46.0500 3540 [ 4848ABF6D2F38C8A1F2138D4FE8F9455 ] Achernar C:\WINNT\system32\Drivers\Achernar.sys
10:27:46.0500 3540 Achernar - ok
10:27:46.0531 3540 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINNT\system32\DRIVERS\ACPI.sys
10:27:46.0531 3540 ACPI - ok
10:27:46.0578 3540 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINNT\system32\drivers\ACPIEC.sys
10:27:46.0578 3540 ACPIEC - ok
10:27:46.0656 3540 [ 6D182C31ACF16213407F2768F1107FE3 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:27:46.0687 3540 Adobe LM Service - ok
10:27:46.0797 3540 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:27:46.0859 3540 AdobeFlashPlayerUpdateSvc - ok
10:27:46.0875 3540 adpu160m - ok
10:27:46.0921 3540 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\WINNT\system32\drivers\aeaudio.sys
10:27:46.0921 3540 aeaudio - ok
10:27:46.0984 3540 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINNT\system32\drivers\aec.sys
10:27:46.0984 3540 aec - ok
10:27:47.0046 3540 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINNT\System32\drivers\afd.sys
10:27:47.0046 3540 AFD - ok
10:27:47.0108 3540 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINNT\system32\drivers\AFS2K.sys
10:27:47.0108 3540 AFS2K - ok
10:27:47.0108 3540 Aha154x - ok
10:27:47.0124 3540 aic116x - ok
10:27:47.0155 3540 aic78u2 - ok
10:27:47.0155 3540 aic78xx - ok
10:27:47.0218 3540 [ 03A26904786D78552B93BB4D64F0B72F ] Aldebaran C:\WINNT\System32\Drivers\Aldebaran.sys
10:27:47.0218 3540 Aldebaran - ok
10:27:47.0280 3540 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINNT\system32\alrsvc.dll
10:27:47.0280 3540 Alerter - ok
10:27:47.0327 3540 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINNT\System32\alg.exe
10:27:47.0327 3540 ALG - ok
10:27:47.0342 3540 AliIde - ok
10:27:47.0342 3540 ami0nt - ok
10:27:47.0358 3540 amsint - ok
10:27:47.0420 3540 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINNT\System32\appmgmts.dll
10:27:47.0483 3540 AppMgmt - ok
10:27:47.0498 3540 asc - ok
10:27:47.0514 3540 asc3350p - ok
10:27:47.0530 3540 asc3550 - ok
10:27:47.0608 3540 [ ED8CEE58C1E4C5893F5B2FD686A272BF ] Aspi32 C:\WINNT\system32\drivers\Aspi32.sys
10:27:47.0608 3540 Aspi32 - ok
10:27:47.0748 3540 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:27:47.0842 3540 aspnet_state - ok
10:27:47.0873 3540 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINNT\system32\DRIVERS\asyncmac.sys
10:27:47.0873 3540 AsyncMac - ok
10:27:47.0951 3540 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINNT\system32\DRIVERS\atapi.sys
10:27:47.0951 3540 atapi - ok
10:27:47.0966 3540 Atdisk - ok
10:27:48.0013 3540 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINNT\system32\DRIVERS\atmarpc.sys
10:27:48.0013 3540 Atmarpc - ok
10:27:48.0060 3540 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINNT\System32\audiosrv.dll
10:27:48.0075 3540 AudioSrv - ok
10:27:48.0122 3540 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINNT\system32\DRIVERS\audstub.sys
10:27:48.0122 3540 audstub - ok
10:27:48.0200 3540 [ 7305E36433AE7CE4A878CCC900BCF2A8 ] awecho C:\WINNT\system32\drivers\awechomd.sys
10:27:48.0200 3540 awecho - ok
10:27:48.0372 3540 [ 66847905242D7C66CD628643EB3413FE ] awhost32 C:\Program Files\Symantec\pcAnywhere\awhost32.exe
10:27:48.0372 3540 awhost32 - ok
10:27:48.0387 3540 [ 71C32536B50136E9E439306A2E9296E2 ] AW_HOST C:\WINNT\system32\drivers\aw_host5.sys
10:27:48.0387 3540 AW_HOST - ok
10:27:48.0450 3540 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINNT\system32\drivers\Beep.sys
10:27:48.0450 3540 Beep - ok
10:27:48.0528 3540 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINNT\system32\qmgr.dll
10:27:48.0606 3540 BITS - ok
10:27:48.0668 3540 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINNT\System32\browser.dll
10:27:48.0668 3540 Browser - ok
10:27:48.0684 3540 BusLogic - ok
10:27:48.0715 3540 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINNT\system32\drivers\cbidf2k.sys
10:27:48.0715 3540 cbidf2k - ok
10:27:48.0824 3540 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
10:27:48.0824 3540 ccEvtMgr - ok
10:27:48.0840 3540 [ F3E5C6CEEC35C3F65221100B00AFB5F9 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
10:27:48.0855 3540 ccSetMgr - ok
10:27:48.0871 3540 cd20xrnt - ok
10:27:48.0918 3540 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINNT\system32\drivers\Cdaudio.sys
10:27:48.0918 3540 Cdaudio - ok
10:27:48.0964 3540 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINNT\system32\drivers\Cdfs.sys
10:27:48.0980 3540 Cdfs - ok
10:27:49.0027 3540 [ 9880F86F4261699273F818AE50216B8C ] Cdr4_2K C:\WINNT\system32\drivers\Cdr4_2K.sys
10:27:49.0027 3540 Cdr4_2K - ok
10:27:49.0042 3540 [ 300500FB3EF21374F7194F9F42B130BC ] Cdralw2k C:\WINNT\system32\drivers\Cdralw2k.sys
10:27:49.0058 3540 Cdralw2k - ok
10:27:49.0074 3540 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINNT\system32\DRIVERS\cdrom.sys
10:27:49.0074 3540 Cdrom - ok
10:27:49.0074 3540 Changer - ok
10:27:49.0136 3540 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc C:\WINNT\system32\cisvc.exe
10:27:49.0136 3540 cisvc - ok
10:27:49.0198 3540 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINNT\system32\clipsrv.exe
10:27:49.0230 3540 ClipSrv - ok
10:27:49.0276 3540 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:27:49.0479 3540 clr_optimization_v2.0.50727_32 - ok
10:27:49.0495 3540 CmdIde - ok
10:27:49.0526 3540 [ 4F2DEDEED7C091FAFC4DADA5534F3D37 ] COH_Mon C:\WINNT\system32\Drivers\COH_Mon.sys
10:27:49.0526 3540 COH_Mon - ok
10:27:49.0542 3540 COMSysApp - ok
10:27:49.0573 3540 Cpqarray - ok
10:27:49.0573 3540 cpqarry2 - ok
10:27:49.0588 3540 cpqfcalm - ok
10:27:49.0619 3540 cpqfws2e - ok
10:27:49.0682 3540 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINNT\System32\cryptsvc.dll
10:27:49.0682 3540 CryptSvc - ok
10:27:49.0697 3540 dac2w2k - ok
10:27:49.0713 3540 dac960nt - ok
10:27:49.0775 3540 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINNT\system32\rpcss.dll
10:27:49.0791 3540 DcomLaunch - ok
10:27:49.0807 3540 deckzpsx - ok
10:27:49.0900 3540 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINNT\System32\dhcpcsvc.dll
10:27:49.0900 3540 Dhcp - ok
10:27:49.0931 3540 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINNT\system32\DRIVERS\disk.sys
10:27:49.0947 3540 Disk - ok
10:27:49.0963 3540 dmadmin - ok
10:27:50.0056 3540 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINNT\system32\drivers\dmboot.sys
10:27:50.0119 3540 dmboot - ok
10:27:50.0165 3540 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINNT\system32\DRIVERS\dmio.sys
10:27:50.0181 3540 dmio - ok
10:27:50.0212 3540 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINNT\system32\drivers\dmload.sys
10:27:50.0212 3540 dmload - ok
10:27:50.0243 3540 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINNT\System32\dmserver.dll
10:27:50.0243 3540 dmserver - ok
10:27:50.0290 3540 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINNT\system32\drivers\DMusic.sys
10:27:50.0290 3540 DMusic - ok
10:27:50.0353 3540 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINNT\System32\dnsrslvr.dll
10:27:50.0368 3540 Dnscache - ok
10:27:50.0446 3540 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINNT\System32\dot3svc.dll
10:27:50.0462 3540 Dot3svc - ok
10:27:50.0477 3540 dpti2o - ok
10:27:50.0493 3540 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINNT\system32\drivers\drmkaud.sys
10:27:50.0493 3540 drmkaud - ok
10:27:50.0555 3540 [ 8179A01475F75417011E27E322C7E0E3 ] E1000 C:\WINNT\system32\DRIVERS\e1000325.sys
10:27:50.0555 3540 E1000 - ok
10:27:50.0618 3540 [ D57A8FC800B501AC05B10D00F66D127A ] E100B C:\WINNT\system32\DRIVERS\e100b325.sys
10:27:50.0633 3540 E100B - ok
10:27:50.0711 3540 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINNT\System32\eapsvc.dll
10:27:50.0727 3540 EapHost - ok
10:27:50.0789 3540 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:27:50.0805 3540 eeCtrl - ok
10:27:50.0820 3540 EFS - ok
10:27:50.0867 3540 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:27:50.0867 3540 EraserUtilRebootDrv - ok
10:27:50.0898 3540 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINNT\System32\ersvc.dll
10:27:50.0898 3540 ERSvc - ok
10:27:50.0945 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINNT\system32\services.exe
10:27:50.0945 3540 Eventlog - ok
10:27:51.0023 3540 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINNT\system32\es.dll
10:27:51.0023 3540 EventSystem - ok
10:27:51.0086 3540 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINNT\system32\drivers\Fastfat.sys
10:27:51.0101 3540 Fastfat - ok
10:27:51.0164 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINNT\System32\shsvcs.dll
10:27:51.0164 3540 FastUserSwitchingCompatibility - ok
10:27:51.0226 3540 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINNT\system32\fxssvc.exe
10:27:51.0241 3540 Fax - ok
10:27:51.0241 3540 Fd16_700 - ok
10:27:51.0273 3540 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINNT\system32\drivers\Fdc.sys
10:27:51.0273 3540 Fdc - ok
10:27:51.0288 3540 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINNT\system32\drivers\Fips.sys
10:27:51.0304 3540 Fips - ok
10:27:51.0304 3540 fireport - ok
10:27:51.0319 3540 flashpnt - ok
10:27:51.0335 3540 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINNT\system32\drivers\Flpydisk.sys
10:27:51.0335 3540 Flpydisk - ok
10:27:51.0413 3540 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINNT\system32\drivers\fltmgr.sys
10:27:51.0429 3540 FltMgr - ok
10:27:51.0522 3540 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINNT\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:27:51.0569 3540 FontCache3.0.0.0 - ok
10:27:51.0631 3540 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINNT\system32\drivers\Fs_Rec.sys
10:27:51.0631 3540 Fs_Rec - ok
10:27:51.0678 3540 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINNT\system32\DRIVERS\ftdisk.sys
10:27:51.0678 3540 Ftdisk - ok
10:27:51.0725 3540 [ FD25177CED6751C14DE170D8282CED90 ] Gernuwa C:\WINNT\system32\drivers\Gernuwa.sys
10:27:51.0725 3540 Gernuwa - ok
10:27:51.0787 3540 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINNT\system32\DRIVERS\msgpc.sys
10:27:51.0787 3540 Gpc - ok
10:27:51.0912 3540 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:27:51.0912 3540 helpsvc - ok
10:27:51.0928 3540 HidServ - ok
10:27:51.0959 3540 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINNT\system32\DRIVERS\hidusb.sys
10:27:51.0975 3540 hidusb - ok
10:27:52.0037 3540 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINNT\System32\kmsvc.dll
10:27:52.0037 3540 hkmsvc - ok
10:27:52.0052 3540 hpn - ok
10:27:52.0099 3540 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINNT\system32\DRIVERS\HPZid412.sys
10:27:52.0099 3540 HPZid412 - ok
10:27:52.0130 3540 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINNT\system32\DRIVERS\HPZipr12.sys
10:27:52.0130 3540 HPZipr12 - ok
10:27:52.0177 3540 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINNT\system32\DRIVERS\HPZius12.sys
10:27:52.0177 3540 HPZius12 - ok
10:27:52.0255 3540 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINNT\system32\Drivers\HTTP.sys
10:27:52.0255 3540 HTTP - ok
10:27:52.0318 3540 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINNT\System32\w3ssl.dll
10:27:52.0364 3540 HTTPFilter - ok
10:27:52.0380 3540 i2omgmt - ok
10:27:52.0396 3540 i2omp - ok
10:27:52.0427 3540 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINNT\system32\DRIVERS\i8042prt.sys
10:27:52.0427 3540 i8042prt - ok
10:27:52.0536 3540 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINNT\system32\DRIVERS\ialmnt5.sys
10:27:52.0583 3540 ialm - ok
10:27:52.0723 3540 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:27:52.0863 3540 idsvc - ok
10:27:52.0910 3540 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINNT\system32\DRIVERS\imapi.sys
10:27:52.0910 3540 Imapi - ok
10:27:52.0973 3540 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINNT\system32\imapi.exe
10:27:53.0035 3540 ImapiService - ok
10:27:53.0051 3540 ini910u - ok
10:27:53.0097 3540 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINNT\system32\DRIVERS\intelide.sys
10:27:53.0113 3540 IntelIde - ok
10:27:53.0175 3540 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINNT\system32\DRIVERS\intelppm.sys
10:27:53.0175 3540 intelppm - ok
10:27:53.0207 3540 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINNT\system32\drivers\ip6fw.sys
10:27:53.0207 3540 Ip6Fw - ok
10:27:53.0253 3540 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINNT\system32\DRIVERS\ipfltdrv.sys
10:27:53.0253 3540 IpFilterDriver - ok
10:27:53.0285 3540 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINNT\system32\DRIVERS\ipinip.sys
10:27:53.0285 3540 IpInIp - ok
10:27:53.0331 3540 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINNT\system32\DRIVERS\ipnat.sys
10:27:53.0347 3540 IpNat - ok
10:27:53.0409 3540 [ 23C74D75E36E7158768DD63D92789A91 ] IPSEC C:\WINNT\system32\DRIVERS\ipsec.sys
10:27:53.0409 3540 IPSEC - ok
10:27:53.0409 3540 ipsraidn - ok
10:27:53.0441 3540 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINNT\system32\DRIVERS\irenum.sys
10:27:53.0441 3540 IRENUM - ok
10:27:53.0503 3540 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINNT\system32\DRIVERS\isapnp.sys
10:27:53.0503 3540 isapnp - ok
10:27:53.0612 3540 [ A12175F063302CD68F8FC6D572D7E5FD ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:27:53.0612 3540 JavaQuickStarterService - ok
10:27:53.0628 3540 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINNT\system32\DRIVERS\kbdclass.sys
10:27:53.0628 3540 Kbdclass - ok
10:27:53.0690 3540 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINNT\system32\DRIVERS\kbdhid.sys
10:27:53.0690 3540 kbdhid - ok
10:27:53.0752 3540 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINNT\system32\drivers\kmixer.sys
10:27:53.0752 3540 kmixer - ok
10:27:53.0815 3540 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINNT\system32\drivers\KSecDD.sys
10:27:53.0815 3540 KSecDD - ok
10:27:53.0877 3540 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINNT\System32\srvsvc.dll
10:27:53.0877 3540 lanmanserver - ok
10:27:53.0924 3540 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINNT\System32\wkssvc.dll
10:27:53.0924 3540 lanmanworkstation - ok
10:27:53.0940 3540 lbrtfdc - ok
10:27:54.0189 3540 [ 6ABE9ECAAB7DD0CC6F46EC830E0FE8FC ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:27:54.0236 3540 LiveUpdate - ok
10:27:54.0298 3540 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINNT\System32\lmhsvc.dll
10:27:54.0298 3540 LmHosts - ok
10:27:54.0314 3540 lp6nds35 - ok
10:27:54.0392 3540 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINNT\system32\drivers\mbamchameleon.sys
10:27:54.0392 3540 mbamchameleon - ok
10:27:54.0501 3540 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
10:27:54.0517 3540 MDM - ok
10:27:54.0563 3540 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINNT\System32\msgsvc.dll
10:27:54.0641 3540 Messenger - ok
10:27:54.0719 3540 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINNT\system32\drivers\mnmdd.sys
10:27:54.0719 3540 mnmdd - ok
10:27:54.0782 3540 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINNT\system32\mnmsrvc.exe
10:27:54.0797 3540 mnmsrvc - ok
10:27:54.0860 3540 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINNT\system32\drivers\Modem.sys
10:27:54.0860 3540 Modem - ok
10:27:54.0891 3540 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINNT\system32\DRIVERS\mouclass.sys
10:27:54.0891 3540 Mouclass - ok
10:27:54.0938 3540 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINNT\system32\DRIVERS\mouhid.sys
10:27:54.0938 3540 mouhid - ok
10:27:54.0985 3540 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINNT\system32\drivers\MountMgr.sys
10:27:54.0985 3540 MountMgr - ok
10:27:55.0047 3540 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:27:55.0078 3540 MozillaMaintenance - ok
10:27:55.0094 3540 mraid35x - ok
10:27:55.0125 3540 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINNT\system32\DRIVERS\mrxdav.sys
10:27:55.0125 3540 MRxDAV - ok
10:27:55.0187 3540 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINNT\system32\DRIVERS\mrxsmb.sys
10:27:55.0203 3540 MRxSmb - ok
10:27:55.0250 3540 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINNT\system32\msdtc.exe
10:27:55.0265 3540 MSDTC - ok
10:27:55.0312 3540 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINNT\system32\drivers\Msfs.sys
10:27:55.0312 3540 Msfs - ok
10:27:55.0328 3540 MSIServer - ok
10:27:55.0390 3540 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINNT\system32\drivers\MSKSSRV.sys
10:27:55.0390 3540 MSKSSRV - ok
10:27:55.0406 3540 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINNT\system32\drivers\MSPCLOCK.sys
10:27:55.0406 3540 MSPCLOCK - ok
10:27:55.0437 3540 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINNT\system32\drivers\MSPQM.sys
10:27:55.0437 3540 MSPQM - ok
10:27:55.0468 3540 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINNT\system32\DRIVERS\mssmbios.sys
10:27:55.0468 3540 mssmbios - ok
10:27:55.0515 3540 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINNT\system32\drivers\Mup.sys
10:27:55.0515 3540 Mup - ok
10:27:55.0608 3540 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINNT\System32\qagentrt.dll
10:27:55.0671 3540 napagent - ok
10:27:55.0811 3540 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121120.017\NAVENG.SYS
10:27:55.0811 3540 NAVENG - ok
10:27:55.0889 3540 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20121120.017\NAVEX15.SYS
10:27:55.0905 3540 NAVEX15 - ok
10:27:55.0905 3540 Nbf - ok
10:27:55.0920 3540 Ncrc710 - ok
10:27:55.0998 3540 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINNT\system32\drivers\NDIS.sys
10:27:55.0998 3540 NDIS - ok
10:27:56.0045 3540 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINNT\system32\DRIVERS\ndistapi.sys
10:27:56.0045 3540 NdisTapi - ok
10:27:56.0076 3540 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINNT\system32\DRIVERS\ndisuio.sys
10:27:56.0076 3540 Ndisuio - ok
10:27:56.0139 3540 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINNT\system32\DRIVERS\ndiswan.sys
10:27:56.0154 3540 NdisWan - ok
10:27:56.0201 3540 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINNT\system32\drivers\NDProxy.sys
10:27:56.0201 3540 NDProxy - ok
10:27:56.0263 3540 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\WINNT\system32\HPZinw12.dll
10:27:56.0263 3540 Net Driver HPZ12 - ok
10:27:56.0279 3540 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINNT\system32\DRIVERS\netbios.sys
10:27:56.0279 3540 NetBIOS - ok
10:27:56.0310 3540 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINNT\system32\DRIVERS\netbt.sys
10:27:56.0310 3540 NetBT - ok
10:27:56.0357 3540 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINNT\system32\netdde.exe
10:27:56.0388 3540 NetDDE - ok
10:27:56.0404 3540 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINNT\system32\netdde.exe
10:27:56.0404 3540 NetDDEdsdm - ok
10:27:56.0466 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINNT\system32\lsass.exe
10:27:56.0466 3540 Netlogon - ok
10:27:56.0497 3540 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINNT\System32\netman.dll
10:27:56.0497 3540 Netman - ok
10:27:56.0560 3540 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:27:56.0591 3540 NetTcpPortSharing - ok
10:27:56.0653 3540 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINNT\System32\mswsock.dll
10:27:56.0700 3540 Nla - ok
10:27:56.0763 3540 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINNT\system32\drivers\NPF.sys
10:27:56.0763 3540 NPF - ok
10:27:56.0809 3540 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINNT\system32\drivers\Npfs.sys
10:27:56.0809 3540 Npfs - ok
10:27:56.0841 3540 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINNT\system32\drivers\Ntfs.sys
10:27:56.0872 3540 Ntfs - ok
10:27:56.0887 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINNT\system32\lsass.exe
10:27:56.0887 3540 NtLmSsp - ok
10:27:56.0934 3540 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINNT\system32\ntmssvc.dll
10:27:56.0981 3540 NtmsSvc - ok
10:27:57.0012 3540 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINNT\system32\drivers\Null.sys
10:27:57.0028 3540 Null - ok
10:27:57.0074 3540 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINNT\system32\DRIVERS\nwlnkflt.sys
10:27:57.0074 3540 NwlnkFlt - ok
10:27:57.0106 3540 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
10:27:57.0106 3540 NwlnkFwd - ok
10:27:57.0215 3540 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:27:57.0262 3540 odserv - ok
10:27:57.0324 3540 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:27:57.0418 3540 ose - ok
10:27:57.0433 3540 Parallel - ok
10:27:57.0496 3540 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINNT\system32\DRIVERS\parport.sys
10:27:57.0496 3540 Parport - ok
10:27:57.0527 3540 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINNT\system32\drivers\PartMgr.sys
10:27:57.0527 3540 PartMgr - ok
10:27:57.0574 3540 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINNT\system32\drivers\ParVdm.sys
10:27:57.0589 3540 ParVdm - ok
10:27:57.0636 3540 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINNT\system32\DRIVERS\pci.sys
10:27:57.0636 3540 PCI - ok
10:27:57.0652 3540 PCIDump - ok
10:27:57.0683 3540 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINNT\system32\DRIVERS\pciide.sys
10:27:57.0683 3540 PCIIde - ok
10:27:57.0761 3540 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINNT\system32\drivers\Pcmcia.sys
10:27:57.0776 3540 Pcmcia - ok
10:27:57.0776 3540 PDCOMP - ok
10:27:57.0807 3540 PDFRAME - ok
10:27:57.0807 3540 PDRELI - ok
10:27:57.0823 3540 PDRFRAME - ok
10:27:57.0839 3540 perc2 - ok
10:27:57.0870 3540 perc2hib - ok
10:27:57.0932 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINNT\system32\services.exe
10:27:57.0948 3540 PlugPlay - ok
10:27:57.0963 3540 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\WINNT\system32\HPZipm12.dll
10:27:57.0963 3540 Pml Driver HPZ12 - ok
10:27:57.0979 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINNT\system32\lsass.exe
10:27:57.0979 3540 PolicyAgent - ok
10:27:58.0041 3540 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINNT\system32\DRIVERS\raspptp.sys
10:27:58.0057 3540 PptpMiniport - ok
10:27:58.0057 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINNT\system32\lsass.exe
10:27:58.0073 3540 ProtectedStorage - ok
10:27:58.0119 3540 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
10:27:58.0135 3540 PSI_SVC_2 - ok
10:27:58.0182 3540 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINNT\system32\DRIVERS\ptilink.sys
10:27:58.0182 3540 Ptilink - ok
10:27:58.0197 3540 ql1080 - ok
10:27:58.0213 3540 Ql10wnt - ok
10:27:58.0229 3540 ql12160 - ok
10:27:58.0244 3540 ql1240 - ok
10:27:58.0260 3540 ql1280 - ok
10:27:58.0260 3540 ql2100 - ok
10:27:58.0322 3540 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINNT\system32\DRIVERS\rasacd.sys
10:27:58.0322 3540 RasAcd - ok
10:27:58.0369 3540 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINNT\System32\rasauto.dll
10:27:58.0385 3540 RasAuto - ok
10:27:58.0431 3540 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINNT\system32\DRIVERS\rasl2tp.sys
10:27:58.0431 3540 Rasl2tp - ok
10:27:58.0494 3540 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINNT\System32\rasmans.dll
10:27:58.0509 3540 RasMan - ok
10:27:58.0525 3540 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINNT\system32\DRIVERS\raspppoe.sys
10:27:58.0541 3540 RasPppoe - ok
10:27:58.0556 3540 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINNT\system32\DRIVERS\raspti.sys
10:27:58.0556 3540 Raspti - ok
10:27:58.0587 3540 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINNT\system32\DRIVERS\rdbss.sys
10:27:58.0587 3540 Rdbss - ok
10:27:58.0650 3540 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINNT\system32\DRIVERS\RDPCDD.sys
10:27:58.0650 3540 RDPCDD - ok
10:27:58.0712 3540 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINNT\system32\DRIVERS\rdpdr.sys
10:27:58.0728 3540 rdpdr - ok
10:27:58.0790 3540 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINNT\system32\drivers\RDPWD.sys
10:27:58.0790 3540 RDPWD - ok
10:27:58.0837 3540 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINNT\system32\sessmgr.exe
10:27:58.0884 3540 RDSessMgr - ok
10:27:58.0946 3540 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINNT\system32\DRIVERS\redbook.sys
10:27:58.0946 3540 redbook - ok
10:27:58.0993 3540 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINNT\System32\mprdim.dll
10:27:59.0024 3540 RemoteAccess - ok
10:27:59.0071 3540 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINNT\system32\regsvc.dll
10:27:59.0071 3540 RemoteRegistry - ok
10:27:59.0102 3540 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINNT\system32\locator.exe
10:27:59.0133 3540 RpcLocator - ok
10:27:59.0180 3540 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINNT\system32\rpcss.dll
10:27:59.0196 3540 RpcSs - ok
10:27:59.0258 3540 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINNT\system32\rsvp.exe
10:27:59.0320 3540 RSVP - ok
10:27:59.0352 3540 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINNT\system32\lsass.exe
10:27:59.0352 3540 SamSs - ok
10:27:59.0367 3540 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINNT\System32\SCardSvr.exe
10:27:59.0445 3540 SCardSvr - ok
10:27:59.0507 3540 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINNT\system32\schedsvc.dll
10:27:59.0507 3540 Schedule - ok
10:27:59.0585 3540 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINNT\system32\DRIVERS\secdrv.sys
10:27:59.0585 3540 Secdrv - ok
10:27:59.0617 3540 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINNT\System32\seclogon.dll
10:27:59.0617 3540 seclogon - ok
10:27:59.0663 3540 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINNT\system32\sens.dll
10:27:59.0663 3540 SENS - ok
10:27:59.0695 3540 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINNT\system32\DRIVERS\serenum.sys
10:27:59.0695 3540 serenum - ok
10:27:59.0710 3540 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINNT\system32\DRIVERS\serial.sys
10:27:59.0710 3540 Serial - ok
10:27:59.0741 3540 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINNT\system32\drivers\Sfloppy.sys
10:27:59.0741 3540 Sfloppy - ok
10:27:59.0804 3540 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINNT\System32\ipnathlp.dll
10:27:59.0819 3540 SharedAccess - ok
10:27:59.0866 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINNT\System32\shsvcs.dll
10:27:59.0866 3540 ShellHWDetection - ok
10:27:59.0882 3540 Simbad - ok
10:28:00.0069 3540 [ 8317AD0C7E640411C746D5664EB7957A ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
10:28:00.0178 3540 SmcService - ok
10:28:00.0272 3540 [ 5018A9DB5EB62E3EDB3110F82F556285 ] smwdm C:\WINNT\system32\drivers\smwdm.sys
10:28:00.0287 3540 smwdm - ok
10:28:00.0334 3540 [ 95293A76341B1DB125EE125474657728 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
10:28:00.0490 3540 SNAC - ok
10:28:00.0537 3540 SpamCatcherUniversal - ok
10:28:00.0552 3540 Sparrow - ok
10:28:00.0677 3540 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
10:28:00.0708 3540 SPBBCDrv - ok
10:28:00.0755 3540 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINNT\system32\drivers\splitter.sys
10:28:00.0755 3540 splitter - ok
10:28:00.0833 3540 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINNT\system32\spoolsv.exe
10:28:00.0849 3540 Spooler - ok
10:28:00.0896 3540 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINNT\system32\DRIVERS\sr.sys
10:28:00.0896 3540 sr - ok
10:28:00.0958 3540 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINNT\system32\srsvc.dll
10:28:00.0974 3540 srservice - ok
10:28:01.0036 3540 [ B36F8D6A02FF2B3A53E250A629782F29 ] SRTSP C:\WINNT\system32\Drivers\SRTSP.SYS
10:28:01.0036 3540 SRTSP - ok
10:28:01.0129 3540 [ E99BD98AC171A29FC1BA9376BE87AE73 ] SRTSPL C:\WINNT\system32\Drivers\SRTSPL.SYS
10:28:01.0129 3540 SRTSPL - ok
10:28:01.0176 3540 [ 1AF34729898063E9B7DF8D149D767E07 ] SRTSPX C:\WINNT\system32\Drivers\SRTSPX.SYS
10:28:01.0176 3540 SRTSPX - ok
10:28:01.0239 3540 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINNT\system32\DRIVERS\srv.sys
10:28:01.0254 3540 Srv - ok
10:28:01.0301 3540 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINNT\System32\ssdpsrv.dll
10:28:01.0301 3540 SSDPSRV - ok
10:28:01.0363 3540 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] StiSvc C:\WINNT\system32\wiaservc.dll
10:28:01.0379 3540 StiSvc - ok
10:28:01.0441 3540 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINNT\system32\DRIVERS\swenum.sys
10:28:01.0441 3540 swenum - ok
10:28:01.0473 3540 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINNT\system32\drivers\swmidi.sys
10:28:01.0473 3540 swmidi - ok
10:28:01.0473 3540 SwPrv - ok
10:28:01.0613 3540 [ 4402CF4959A30CB6A008099ABA8F22A9 ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
10:28:01.0629 3540 Symantec AntiVirus - ok
10:28:01.0644 3540 symc810 - ok
10:28:01.0675 3540 symc8xx - ok
10:28:01.0722 3540 [ E42A34E6F5CA71A84D4C2DE620AAD13D ] SymEvent C:\WINNT\system32\Drivers\SYMEVENT.SYS
10:28:01.0753 3540 SymEvent - ok
10:28:01.0800 3540 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\WINNT\System32\Drivers\SYMREDRV.SYS
10:28:01.0800 3540 SYMREDRV - ok
10:28:01.0831 3540 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\WINNT\System32\Drivers\SYMTDI.SYS
10:28:01.0831 3540 SYMTDI - ok
10:28:01.0847 3540 sym_hi - ok
10:28:01.0863 3540 sym_u3 - ok
10:28:01.0894 3540 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINNT\system32\drivers\sysaudio.sys
10:28:01.0894 3540 sysaudio - ok
10:28:01.0940 3540 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINNT\system32\smlogsvc.exe
10:28:02.0003 3540 SysmonLog - ok
10:28:02.0065 3540 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINNT\System32\tapisrv.dll
10:28:02.0065 3540 TapiSrv - ok
10:28:02.0143 3540 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINNT\system32\DRIVERS\tcpip.sys
10:28:02.0159 3540 Tcpip - ok
10:28:02.0206 3540 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINNT\system32\drivers\TDPIPE.sys
10:28:02.0206 3540 TDPIPE - ok
10:28:02.0237 3540 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINNT\system32\drivers\TDTCP.sys
10:28:02.0237 3540 TDTCP - ok
10:28:02.0268 3540 [ 88155247177638048422893737429D9E ] TermDD C:\WINNT\system32\DRIVERS\termdd.sys
10:28:02.0268 3540 TermDD - ok
10:28:02.0330 3540 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINNT\System32\termsrv.dll
10:28:02.0346 3540 TermService - ok
10:28:02.0346 3540 tga - ok
10:28:02.0393 3540 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINNT\System32\shsvcs.dll
10:28:02.0393 3540 Themes - ok
10:28:02.0455 3540 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINNT\system32\tlntsvr.exe
10:28:02.0486 3540 TlntSvr - ok
10:28:02.0502 3540 TosIde - ok
10:28:02.0549 3540 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINNT\system32\trkwks.dll
10:28:02.0549 3540 TrkWks - ok
10:28:02.0596 3540 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINNT\system32\drivers\Udfs.sys
10:28:02.0596 3540 Udfs - ok
10:28:02.0611 3540 ultra - ok
10:28:02.0627 3540 ultra66 - ok
10:28:02.0689 3540 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINNT\system32\DRIVERS\update.sys
10:28:02.0736 3540 Update - ok
10:28:02.0798 3540 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINNT\System32\upnphost.dll
10:28:02.0829 3540 upnphost - ok
10:28:02.0861 3540 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINNT\System32\ups.exe
10:28:02.0907 3540 UPS - ok
10:28:02.0939 3540 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINNT\system32\DRIVERS\usbehci.sys
10:28:02.0939 3540 usbehci - ok
10:28:03.0017 3540 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINNT\system32\DRIVERS\usbhub.sys
10:28:03.0017 3540 usbhub - ok
10:28:03.0079 3540 [ B0205D19BA25CA654810D0AED04496A8 ] usbhub20 C:\WINNT\system32\DRIVERS\usbhub20.sys
10:28:03.0079 3540 usbhub20 - ok
10:28:03.0126 3540 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINNT\system32\DRIVERS\usbprint.sys
10:28:03.0126 3540 usbprint - ok
10:28:03.0157 3540 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINNT\system32\DRIVERS\usbscan.sys
10:28:03.0157 3540 usbscan - ok
10:28:03.0188 3540 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINNT\system32\DRIVERS\USBSTOR.SYS
10:28:03.0188 3540 USBSTOR - ok
10:28:03.0251 3540 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINNT\system32\DRIVERS\usbuhci.sys
10:28:03.0251 3540 usbuhci - ok
10:28:03.0297 3540 [ 0845E936C85AD45B452CBC86A316CF2A ] UtilMan C:\WINNT\System32\UtilMan.exe
10:28:03.0329 3540 UtilMan - ok
10:28:03.0360 3540 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINNT\System32\drivers\vga.sys
10:28:03.0360 3540 VgaSave - ok
10:28:03.0375 3540 ViaIde - ok
10:28:03.0438 3540 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINNT\system32\drivers\VolSnap.sys
10:28:03.0438 3540 VolSnap - ok
10:28:03.0485 3540 VPREMOTE - ok
10:28:03.0547 3540 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINNT\System32\vssvc.exe
10:28:03.0594 3540 VSS - ok
10:28:03.0734 3540 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINNT\system32\w32time.dll
10:28:03.0750 3540 W32Time - ok
10:28:03.0781 3540 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINNT\system32\DRIVERS\wanarp.sys
10:28:03.0781 3540 Wanarp - ok
10:28:03.0796 3540 WDICA - ok
10:28:03.0828 3540 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINNT\system32\drivers\wdmaud.sys
10:28:03.0843 3540 wdmaud - ok
10:28:03.0890 3540 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINNT\System32\webclnt.dll
10:28:03.0906 3540 WebClient - ok
10:28:03.0999 3540 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINNT\system32\wbem\WMIsvc.dll
10:28:03.0999 3540 winmgmt - ok
10:28:04.0062 3540 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINNT\system32\MsPMSNSv.dll
10:28:04.0077 3540 WmdmPmSN - ok
10:28:04.0140 3540 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINNT\System32\advapi32.dll
10:28:04.0202 3540 Wmi - ok
10:28:04.0249 3540 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINNT\system32\wbem\wmiapsrv.exe
10:28:04.0327 3540 WmiApSrv - ok
10:28:04.0436 3540 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:28:04.0545 3540 WMPNetworkSvc - ok
10:28:04.0592 3540 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINNT\System32\drivers\ws2ifsl.sys
10:28:04.0592 3540 WS2IFSL - ok
10:28:04.0623 3540 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINNT\system32\wscsvc.dll
10:28:04.0639 3540 wscsvc - ok
10:28:04.0670 3540 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINNT\system32\wuauserv.dll
10:28:04.0685 3540 wuauserv - ok
10:28:04.0717 3540 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINNT\system32\DRIVERS\WudfPf.sys
10:28:04.0717 3540 WudfPf - ok
10:28:04.0748 3540 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINNT\system32\DRIVERS\wudfrd.sys
10:28:04.0748 3540 WudfRd - ok
10:28:04.0763 3540 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINNT\System32\WUDFSvc.dll
10:28:04.0795 3540 WudfSvc - ok
10:28:04.0873 3540 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINNT\System32\wzcsvc.dll
10:28:04.0951 3540 WZCSVC - ok
10:28:05.0029 3540 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINNT\System32\xmlprov.dll
10:28:05.0075 3540 xmlprov - ok
10:28:05.0091 3540 ================ Scan global ===============================
10:28:05.0122 3540 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINNT\system32\basesrv.dll
10:28:05.0184 3540 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
10:28:05.0231 3540 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINNT\system32\winsrv.dll
10:28:05.0262 3540 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINNT\system32\services.exe
10:28:05.0262 3540 [Global] - ok
10:28:05.0262 3540 ================ Scan MBR ==================================
10:28:05.0294 3540 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:28:05.0481 3540 \Device\Harddisk0\DR0 - ok
10:28:05.0481 3540 ================ Scan VBR ==================================
10:28:05.0481 3540 [ 18D4824943B7174594F7258FA1DD1A81 ] \Device\Harddisk0\DR0\Partition1
10:28:05.0481 3540 \Device\Harddisk0\DR0\Partition1 - ok
10:28:05.0496 3540 ============================================================
10:28:05.0496 3540 Scan finished
10:28:05.0496 3540 ============================================================
10:28:05.0512 3532 Detected object count: 0
10:28:05.0512 3532 Actual detected object count: 0
 
How is computer doing at the moment?

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

=============================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The computer seems to be doing ok, just a little slow.

# AdwCleaner v2.008 - Logfile created 11/21/2012 at 10:58:11
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : admin - ADELEP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\admin\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\admin.LSND\Application Data\Mozilla\Firefox\Profiles\6x6or03l.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\kmacintosh-ellig\Application Data\Mozilla\Firefox\Profiles\u8z3wdi1.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\khart\Application Data\Mozilla\Firefox\Profiles\d08sw6ay.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\flotemp\Application Data\Mozilla\Firefox\Profiles\4u8pj0x8.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\wdavenport\Application Data\Mozilla\Firefox\Profiles\kxvc8ln2.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\apage\Application Data\Mozilla\Firefox\Profiles\znzmvrvn.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\g9psrhjj.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\khart\Application Data\Mozilla\Firefox\Profiles\d08sw6ay.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1934 octets] - [21/11/2012 10:58:11]

########## EOF - C:\AdwCleaner[S1].txt - [1994 octets] ##########

***********************************************************************************************************************************
 
OTL.txt

OTL logfile created on: 11/21/2012 11:12:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 593.04 Mb Available Physical Memory | 58.03% Memory free
2.41 Gb Paging File | 2.14 Gb Available in Paging File | 88.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.79 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive F: | 147.00 Gb Total Space | 122.07 Gb Free Space | 83.04% Space Free | Partition Type: NTFS

Computer Name: ADELEP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/21 10:46:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2012/10/10 16:02:54 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/06/02 12:01:34 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/06/02 12:01:34 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/06/02 12:01:34 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/06/02 12:01:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/06/02 12:01:32 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2005/07/07 22:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINNT\system32\hphmon05.exe
PRC - [2005/07/07 22:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2005/05/20 10:51:00 | 000,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2003/12/05 15:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
PRC - [2002/04/17 09:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe


========== Modules (No Company Name) ==========

MOD - [2002/04/17 09:49:22 | 000,024,576 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnfps.dll
MOD - [2002/04/17 09:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\TEMP\Clt-Inst\vpremote.exe -- (VPREMOTE)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Mailshell SpamCatcher Universal Desktop Client\spamcatcher.exe -- (SpamCatcherUniversal)
SRV - File not found [Unavailable | Unknown] -- -- (IAS)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/10/29 09:16:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 16:02:54 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/10/10 15:57:59 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/02 12:01:34 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/06/02 12:01:34 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/06/02 12:01:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/06/02 12:01:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/06/02 12:01:32 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/09/07 15:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/04/14 04:42:40 | 000,050,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2005/05/20 10:51:00 | 000,106,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (tga)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\parallel.sys -- (Parallel)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nbf.sys -- (Nbf)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/11/20 07:13:12 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/11/14 13:44:20 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/11/14 12:49:48 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\npf.sys -- (NPF)
DRV - [2012/09/13 02:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121120.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/13 02:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121120.017\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/15 13:26:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 13:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/06/02 12:01:36 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/06/02 12:01:36 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINNT\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/06/02 12:01:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/06/02 12:01:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/06/02 12:01:30 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011/06/02 12:01:30 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011/06/02 12:01:30 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2005/11/15 09:02:12 | 000,058,000 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2005/11/15 09:02:12 | 000,023,420 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINNT\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/04/22 13:22:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/03/05 11:52:22 | 000,008,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\awechomd.sys -- (awecho)
DRV - [2004/02/11 14:34:50 | 000,021,808 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Aldebaran.sys -- (Aldebaran)
DRV - [2004/02/11 14:34:46 | 000,016,855 | ---- | M] (An Chen Computer Co., Ltd.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\Achernar.sys -- (Achernar)
DRV - [2003/10/23 09:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2003/06/19 06:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2003/04/21 12:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\GERNUWA.sys -- (Gernuwa)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\S-1-5-21-854245398-492894223-839522115-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-854245398-492894223-839522115-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-854245398-492894223-839522115-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINNT\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2009/06/17 13:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/10 16:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/29 09:16:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/20 07:06:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2012/10/29 09:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/29 09:16:35 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 19:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/23 15:41:47 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2003/07/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINNT\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [OE_Plugin_Startup] "C:\Program Files\Mailshell SpamCatcher Universal Desktop Client\Launcher.exe" File not found
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime File not found
O4 - HKLM..\Run: [SC_DAEMON] "C:\Program Files\Mailshell SpamCatcher Universal Desktop Client\sc_daemon.exe" File not found
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [PixelInstall] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnce: [Reboot] Reg Error: Invalid data type. File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINNT\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINNT\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/Web...n&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/157d37c333621a912406/netzip/RdxIE601.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132007159500 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132065967140 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www1.gotomeeting.com/default/applets/g2mdlax.cab (GoToMeeting/GoToWebinar Web Starter)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lsnd.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{730475C2-769E-4930-BEDB-799399D41193}: Domain = lsnd.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{730475C2-769E-4930-BEDB-799399D41193}: NameServer = 192.168.2.4,192.168.2.5,192.168.2.6
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINNT\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - (wzcdlg.dll) - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/21 15:03:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 11:09:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2012/11/21 09:07:38 | 000,000,000 | --SD | C] -- C:\****
[2012/11/21 08:46:40 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/11/20 22:07:28 | 005,004,421 | R--- | C] (Swearware) -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2012/11/20 21:20:31 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\admin\Desktop\aswMBR.exe
[2012/11/20 21:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Desktop\RK_Quarantine
[2012/11/20 20:59:18 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\admin\Desktop\iExplore.exe
[2012/11/20 20:32:59 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\admin\Desktop\rkill.exe
[2012/11/20 20:32:25 | 005,004,421 | R--- | C] (Swearware) -- C:\Documents and Settings\admin\Desktop\ouch.exe
[2012/11/20 19:25:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\My Documents\My Videos
[2012/11/20 19:25:50 | 000,000,000 | R--D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Administrative Tools
[2012/11/20 07:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Downloads
[2012/11/20 07:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Mozilla
[2012/11/20 07:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Mozilla
[2012/11/19 15:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Sun
[2012/11/19 15:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Sun
[2012/11/19 10:11:03 | 000,000,000 | --SD | C] -- C:\adeleMachine
[2012/11/19 09:57:22 | 000,000,000 | ---D | C] -- C:\WINNT\Minidump
[2012/11/19 09:44:04 | 005,002,404 | ---- | C] (Swearware) -- C:\adeleMachine.exe
[2012/11/19 09:44:01 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\rkill.exe
[2012/11/15 07:28:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/11/15 07:22:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2012/11/15 07:22:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2012/11/15 07:22:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2012/11/15 07:22:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2012/11/15 07:18:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/15 07:18:29 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
[2012/11/14 16:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Symantec
[2012/11/14 14:53:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Malwarebytes
[2012/11/14 14:53:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IETldCache
[2012/11/14 14:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/14 14:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/14 14:32:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2012/11/14 14:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/14 12:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AC62295460A1D4A80000AC617CFDDFA4
[2012/11/14 12:49:47 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\drivers\npf.sys
[2012/11/14 12:49:46 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\wpcap.dll
[2012/11/14 12:49:45 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINNT\System32\Packet.dll
[2012/10/31 21:49:22 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\TDSSKiller.exe
[2012/10/29 09:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/22 13:55:47 | 000,000,000 | ---D | C] -- C:\WINNT\Sun
[8 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/21 11:09:00 | 000,000,342 | ---- | M] () -- C:\WINNT\tasks\HP Usg Daily.job
[2012/11/21 11:04:26 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/11/21 11:04:02 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012/11/21 11:03:38 | 000,000,278 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-1280154943-3072627930-680104954-1113.job
[2012/11/21 11:03:37 | 000,000,278 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-1280154943-3072627930-680104954-1327.job
[2012/11/21 11:01:10 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2012/11/21 11:01:01 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/21 10:46:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2012/11/21 10:35:00 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2012/11/21 10:18:20 | 002,195,061 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\tdsskiller.zip
[2012/11/21 09:03:34 | 1071,726,592 | ---- | M] () -- C:\WINNT\MEMORY.DMP
[2012/11/20 21:18:29 | 000,000,489 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Shortcut to Virus Info Adele.lnk
[2012/11/20 21:15:20 | 000,001,324 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2012/11/20 20:29:32 | 005,004,421 | R--- | M] (Swearware) -- C:\Documents and Settings\admin\Desktop\ouch.exe
[2012/11/20 20:06:58 | 005,004,421 | R--- | M] (Swearware) -- C:\Documents and Settings\admin\Desktop\ComboFix.exe
[2012/11/20 07:13:12 | 000,035,144 | ---- | M] () -- C:\WINNT\System32\drivers\mbamchameleon.sys
[2012/11/19 09:57:34 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\admin\Desktop\iExplore.exe
[2012/11/19 09:42:38 | 000,000,286 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-1280154943-3072627930-680104954-1113.job
[2012/11/19 09:28:56 | 005,002,404 | ---- | M] (Swearware) -- C:\adeleMachine.exe
[2012/11/19 09:25:27 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\rkill.exe
[2012/11/19 09:25:27 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\admin\Desktop\rkill.exe
[2012/11/16 12:26:13 | 000,335,464 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2012/11/16 12:09:14 | 000,001,393 | ---- | M] () -- C:\WINNT\imsins.BAK
[2012/11/16 12:04:47 | 000,464,914 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012/11/16 12:04:47 | 000,080,450 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012/11/16 07:15:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\admin\Desktop\aswMBR.exe
[2012/11/16 07:14:56 | 000,673,280 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\RogueKiller(1).exe
[2012/11/15 07:28:41 | 000,000,323 | RHS- | M] () -- C:\boot.ini
[2012/11/14 16:14:44 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/11/14 14:32:46 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/14 13:44:20 | 000,125,488 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\drivers\SYMEVENT.SYS
[2012/11/14 13:44:20 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINNT\System32\S32EVNT1.DLL
[2012/11/14 13:44:20 | 000,007,456 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.CAT
[2012/11/14 13:44:20 | 000,000,806 | ---- | M] () -- C:\WINNT\System32\drivers\SYMEVENT.INF
[2012/11/14 12:49:48 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\drivers\npf.sys
[2012/11/14 12:49:47 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\wpcap.dll
[2012/11/14 12:49:46 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINNT\System32\Packet.dll
[2012/11/14 09:21:08 | 000,000,286 | ---- | M] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-1280154943-3072627930-680104954-1327.job
[2012/11/13 13:46:49 | 000,001,682 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\admin\Desktop\TDSSKiller.exe
[8 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/21 10:26:50 | 002,195,061 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\tdsskiller.zip
[2012/11/21 10:22:12 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/20 21:40:21 | 000,673,280 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\RogueKiller(1).exe
[2012/11/20 21:18:32 | 000,000,489 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Shortcut to Virus Info Adele.lnk
[2012/11/20 07:13:12 | 000,035,144 | ---- | C] () -- C:\WINNT\System32\drivers\mbamchameleon.sys
[2012/11/19 16:13:02 | 000,001,324 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2012/11/15 07:28:41 | 000,000,207 | ---- | C] () -- C:\Boot.bak
[2012/11/15 07:28:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/11/15 07:22:28 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2012/11/15 07:22:28 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2012/11/15 07:22:28 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2012/11/15 07:22:28 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2012/11/15 07:22:28 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2012/11/14 16:14:44 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\admin\Start Menu\Programs\Internet Explorer.lnk
[2012/11/14 14:32:46 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/07 09:20:43 | 000,000,278 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeLogonTaskS-1-5-21-1280154943-3072627930-680104954-1327.job
[2012/11/07 09:20:41 | 000,000,286 | ---- | C] () -- C:\WINNT\tasks\RealUpgradeScheduledTaskS-1-5-21-1280154943-3072627930-680104954-1327.job
[2012/10/10 12:41:46 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
[2011/08/09 10:20:01 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2009/11/23 15:41:27 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\74663C8418.sys
[2009/06/18 08:39:36 | 000,001,682 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2005/11/15 08:52:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\dm.ini
[2005/11/14 15:00:38 | 000,004,928 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/11/14 14:56:51 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt

========== ZeroAccess Check ==========

[2005/11/15 13:22:44 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 14:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/14 12:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AC62295460A1D4A80000AC617CFDDFA4
[2009/06/18 09:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2009/01/09 12:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/07/09 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\khart\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/22 13:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmacintosh-ellig\Application Data\webex
[2012/10/18 12:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kmacintosh-ellig\Application Data\Windows Desktop Search
[2007/12/05 12:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sweisz\Application Data\OfficeUpdate12

========== Purity Check ==========



< End of report >
 
Extra.txt

OTL Extras logfile created on: 11/21/2012 11:12:33 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 593.04 Mb Available Physical Memory | 58.03% Memory free
2.41 Gb Paging File | 2.14 Gb Available in Paging File | 88.86% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 38.79 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive F: | 147.00 Gb Total Space | 122.07 Gb Free Space | 83.04% Space Free | Partition Type: NTFS

Computer Name: ADELEP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-854245398-492894223-839522115-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{11518183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27D99B78-1CA5-43DA-9D57-B50D1039FA4F}" = Mailshell Anti-Spam Universal
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{69A83D99-D41B-4396-BCC4-3DCB77DFFED0}" = WebIQ Technology Engine
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{84B70C16-7032-41EE-965C-3C8D9D566CBB}" = Symantec Endpoint Protection
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8EAC1D0C-80BA-4077-932A-7E9E2F680845}" = HPScanjet5590Corporate11
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{9B93C2B3-D9E8-11D6-AB3E-000102B0F79A}" = Readiris Pro 8
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-0000-BA7E-000000000002}" = Adobe Acrobat 7.0 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAE4A43D-6DDE-4E19-A2A5-BBD89A3ED48C}" = PS7200
"{BC5FDFC6-D617-11D6-86D3-00055DF3561E}" = Presto! PageManager 7.11
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC12B3AC-0A75-4F85-8BC9-89D440BE3846}" = HP Photo and Imaging 2.5 - Scanjet 5590 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529041}" = WordPerfect Office X4 - IPM EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{DE2EBD6F-81B6-4E9A-B137-C11FD6790CFF}" = PSShortcutsP
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 7.0 Standard" = Adobe Acrobat 7.0 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnswerWorks" = AnswerWorks Runtime
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HP Commercial Scanjet 5590 TWAIN Driver" = HP Commercial Scanjet 5590 TWAIN Driver
"ie8" = Windows Internet Explorer 8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"RealPopup_is1" = RealPopup
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WordPerfect Office 2000 Hot Fix" = WordPerfect Office 2000 Hot Fix
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/19/2012 4:12:14 PM | Computer Name = ADELEP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 11/20/2012 10:06:33 PM | Computer Name = ADELEP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 11/20/2012 10:33:14 PM | Computer Name = ADELEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 11/20/2012 10:33:14 PM | Computer Name = ADELEP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2012 10:51:48 PM | Computer Name = ADELEP | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2012 11:54:18 PM | Computer Name = ADELEP | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Gen.2 in File: C:\Documents and Settings\admin\Local
Settings\Temp\_avast4_\unp268028799.tmp by: Auto-Protect scan. Action: Quarantine
succeeded : Access denied. Action Description: The file was quarantined successfully.



Error - 11/21/2012 12:08:42 AM | Computer Name = ADELEP | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 11/21/2012 12:09:02 AM | Computer Name = ADELEP | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
Event
Info: Terminate Process Action Taken: Logged Actor Process: C:\32788R22FWJFW\License\iexplore.exe
(PID 3848) Time: Tuesday, November 20, 2012 10:09:01 PM

Error - 11/21/2012 12:58:11 PM | Computer Name = ADELEP | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\SmcGui.exe Event Info: Terminate Process Action Taken: Logged
Actor
Process: C:\Documents and Settings\admin\Desktop\adwcleaner.exe (PID 1064) Time:
Wednesday, November 21, 2012 10:58:11 AM

Error - 11/21/2012 12:58:11 PM | Computer Name = ADELEP | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Terminate Process Action Taken: Logged Actor Process:
C:\Documents and Settings\admin\Desktop\adwcleaner.exe (PID 1064) Time: Wednesday,
November 21, 2012 10:58:11 AM

[ System Events ]
Error - 11/21/2012 10:30:21 AM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AW_HOST eeCtrl Fips IntelIde intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

Error - 11/21/2012 10:42:26 AM | Computer Name = ADELEP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/21/2012 10:43:19 AM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AW_HOST eeCtrl Fips IntelIde intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

Error - 11/21/2012 10:49:12 AM | Computer Name = ADELEP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain LSND due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 11/21/2012 11:04:35 AM | Computer Name = ADELEP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/21/2012 11:05:26 AM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AW_HOST eeCtrl Fips IntelIde intelppm SPBBCDrv SRTSP SRTSPX SYMTDI

Error - 11/21/2012 12:20:21 PM | Computer Name = ADELEP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/21/2012 12:24:14 PM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 11/21/2012 12:25:31 PM | Computer Name = ADELEP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for DeleteFlag with the following
error: %%5

Error - 11/21/2012 12:27:32 PM | Computer Name = ADELEP | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 860b2020, parameter3
860b2194, parameter4 805fafec.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: [PixelInstall] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnce: [Reboot] Reg Error: Invalid data type. File not found
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.real.com/157d37c333621a912406/netzip/RdxIE601.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

===============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Fix Scan:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\PixelInstall deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Reboot deleted successfully.
Starting removal of ActiveX control {56336BCB-3D8A-11D6-A00B-0050DA18DE71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56336BCB-3D8A-11D6-A00B-0050DA18DE71}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 137793726 bytes
->Temporary Internet Files folder emptied: 546407 bytes
->FireFox cache emptied: 18041595 bytes
->Flash cache emptied: 492 bytes

User: admin.LAND-DOMAIN
->Temp folder emptied: 12347595 bytes
->Temporary Internet Files folder emptied: 141856 bytes

User: admin.LSND
->Temp folder emptied: 228207949 bytes
->Temporary Internet Files folder emptied: 114914 bytes
->FireFox cache emptied: 44808611 bytes
->Flash cache emptied: 492 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: apage
->Temp folder emptied: 12822837 bytes
->Temporary Internet Files folder emptied: 131072 bytes
->FireFox cache emptied: 78608471 bytes
->Flash cache emptied: 3863 bytes

User: astenson
->Temp folder emptied: 4736038 bytes
->Temporary Internet Files folder emptied: 227363263 bytes
->Flash cache emptied: 3289 bytes

User: cramanathan
->Temp folder emptied: 16417 bytes
->Temporary Internet Files folder emptied: 1698408 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: flotemp
->Temp folder emptied: 105758 bytes
->Temporary Internet Files folder emptied: 58778065 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59997641 bytes
->Flash cache emptied: 74273 bytes

User: jfitzsimmons
->Temp folder emptied: 928 bytes
->Temporary Internet Files folder emptied: 7462610 bytes

User: khart
->Temp folder emptied: 4036780 bytes
->Temporary Internet Files folder emptied: 3794452 bytes
->Java cache emptied: 670389 bytes
->Flash cache emptied: 118274 bytes

User: kmacintosh-ellig
->Temp folder emptied: 2971464 bytes
->Temporary Internet Files folder emptied: 29962294 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 119244464 bytes
->Flash cache emptied: 20089 bytes

User: lcatalano
->Temp folder emptied: 1513624 bytes
->Temporary Internet Files folder emptied: 34177566 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: miwen
->Temp folder emptied: 1352 bytes
->Temporary Internet Files folder emptied: 1976503 bytes
->Flash cache emptied: 1095 bytes

User: MWService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: OLD

User: snocho
->Temp folder emptied: 275 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: sschaar
->Temp folder emptied: 2373934 bytes
->Temporary Internet Files folder emptied: 363021649 bytes
->Flash cache emptied: 5962 bytes

User: sweisz
->Temp folder emptied: 16115141 bytes
->Temporary Internet Files folder emptied: 255030 bytes
->Flash cache emptied: 46982 bytes

User: vkirkhorn
->Temp folder emptied: 5115 bytes
->Temporary Internet Files folder emptied: 19751938 bytes
->Flash cache emptied: 968 bytes

User: wdavenport
->Temp folder emptied: 7705653 bytes
->Temporary Internet Files folder emptied: 211087806 bytes
->FireFox cache emptied: 6533182 bytes
->Flash cache emptied: 1060 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3408164 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 108556852 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 158468046 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,898.00 mb


[EMPTYJAVA]

User: admin

User: admin.LAND-DOMAIN

User: admin.LSND

User: Administrator

User: All Users

User: apage

User: astenson

User: cramanathan

User: Default User

User: flotemp
->Java cache emptied: 0 bytes

User: jfitzsimmons

User: khart
->Java cache emptied: 0 bytes

User: kmacintosh-ellig
->Java cache emptied: 0 bytes

User: lcatalano

User: LocalService

User: miwen

User: MWService

User: NetworkService

User: OLD

User: snocho

User: sschaar

User: sweisz

User: vkirkhorn

User: wdavenport

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: admin
->Flash cache emptied: 0 bytes

User: admin.LAND-DOMAIN

User: admin.LSND
->Flash cache emptied: 0 bytes

User: Administrator

User: All Users

User: apage
->Flash cache emptied: 0 bytes

User: astenson
->Flash cache emptied: 0 bytes

User: cramanathan

User: Default User

User: flotemp
->Flash cache emptied: 0 bytes

User: jfitzsimmons

User: khart
->Flash cache emptied: 0 bytes

User: kmacintosh-ellig
->Flash cache emptied: 0 bytes

User: lcatalano

User: LocalService

User: miwen
->Flash cache emptied: 0 bytes

User: MWService

User: NetworkService

User: OLD

User: snocho

User: sschaar
->Flash cache emptied: 0 bytes

User: sweisz
->Flash cache emptied: 0 bytes

User: vkirkhorn
->Flash cache emptied: 0 bytes

User: wdavenport
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11212012_150850

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Security Check :

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC compiles updated MOF files.d
I
s
p
l
a
y
N
a
m
e
ECHO is off.
S
y
m
a
n
t
e
c
ECHO is off.
E
n
d
p
o
I
n
t
ECHO is off.
P
r
o
t
e
c
t
I
o
n
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date Spybot installed!
Ad-Aware
Spybot - Search & Destroy 1.3
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 29% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Farbar Service Scanner:

Farbar Service Scanner Version: 09-11-2012
Ran by admin (administrator) on 21-11-2012 at 15:35:50
Running from "C:\Documents and Settings\admin\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINNT\system32\dhcpcsvc.dll => MD5 is legit
C:\WINNT\system32\Drivers\afd.sys => MD5 is legit
C:\WINNT\system32\Drivers\netbt.sys => MD5 is legit
C:\WINNT\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINNT\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINNT\system32\dnsrslvr.dll => MD5 is legit
C:\WINNT\system32\ipnathlp.dll => MD5 is legit
C:\WINNT\system32\netman.dll => MD5 is legit
C:\WINNT\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINNT\system32\srsvc.dll => MD5 is legit
C:\WINNT\system32\Drivers\sr.sys => MD5 is legit
C:\WINNT\system32\wscsvc.dll => MD5 is legit
C:\WINNT\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINNT\system32\wuauserv.dll => MD5 is legit
C:\WINNT\system32\qmgr.dll => MD5 is legit
C:\WINNT\system32\es.dll => MD5 is legit
C:\WINNT\system32\cryptsvc.dll => MD5 is legit
C:\WINNT\system32\svchost.exe => MD5 is legit
C:\WINNT\system32\rpcss.dll => MD5 is legit
C:\WINNT\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSEC(7) Nbf(6) NetBT(5) SYMTDI(8) Tcpip(4)
0x080000000700000001000000020000000300000004000000080000000500000006000000


**** End of log ****
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
785
uber_beetle
uber_beetle
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
380
trparky
T
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back