Articles

svchost.exe maxing out CPU

July 25, 2013 at 13:20:22
Specs: Windows XP Home, Intel P4 2.2GHz/512

svchost.exe maxing out CPU - on May 18/13 I had my ISP install a hardware upgrade to speed up download/upload of files. It was strictly a plug & play procedure and my ISP assures me no system (software) changes were done. Immediately after the installation was done I noticed CPU usage was maxing out frequently and for 2 to 3 minutes at a time as indicated in Task Manager. This obviously causes a great slowdown in the running of everything. I checked several sources regarding svchost.exe maing out the CPU and found it's a fairly common problem - however, the solutions are not very dependable/appropriate. I installed "Process Explorer" and determined that my particular problem svchost is running the DNS Cache service. Since DNS services are provided by my ISP I suspected it may be the cause but they assured me it is not the culprit (no one else has reported this problem to them). I ran a virus scan on all the svchost.exe's on my system and none are infected. One suggested fix that I tried was to run ipconfig/flushdns but that did not help. I also checked the Event Viewer Logs and found nothing out of the ordinary there. It seems like such an obvious coincidence that as soon as the new hardware (satllite dish and modem) was installed DNS service started overworking that this was the culprit that caused it to overwork but I can't find anyone who can actually pinpoint the root cause and offer a fix. I'd appreciate any help anyone can offer.Thanks.

See More: svchost.exe maxing out CPU

Report •


#1
July 25, 2013 at 15:28:27

Run Tweaking.com - Windows Repair
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...

Check/tick these boxes.

Remove Policies Set By Infections
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Restore Important Windows Services
Set Windows Services To Default Startup


Report •

#2
July 26, 2013 at 15:33:15

Thanks John. I'll give this a try in the next couple of days and let you know how it goes.

Report •

#3
July 29, 2013 at 09:09:10

To JohnW - I ran the procedure per your instructions but nothing has changed. Do you have any more suggestions? I really appreciate your help. Thanks.

Report •

Related Solutions

#4
July 30, 2013 at 01:52:02

Process of elimination now Canuck3073, got to start somewhere, here goes.

Run ESET Online Scanner, Copy and Paste the contents of the log please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
You may have to download ESET from a good computer, put it on a flash/thumb/pen drive & run it from there, if your comp is unbootable, or won't let you download.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
http://www.eset.com/home/products/o...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#5
August 2, 2013 at 09:09:07

John - I ran ESET Online Scanner last night per your instructions. It ran overnight - tokk 6 hours and 14 mins. but would've taken much less I'm sure if svchost.exe was not taking all the cpu most of the time. ESET scanned 226,208 files and found 1 infected file and cleaned it and quarantined it so I will have ESET remove it and uninstall itself as soon as you review the log (copied below). The file it found I recognize as being part of the "BCOOL" add-on that I gave me problems a few months ago with I.E. - I thought I had gotten rid of it! So what would you recommend I try now? (Thaks for your continued help.)
LOG FOLLOWS:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b4e50fc2d119524997a2e2a56cc486c6
# engine=14617
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-02 09:47:12
# local_time=2013-08-02 04:47:12 (-0600, Central Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 12580464 23891149 0 0
# scanned=226208
# found=1
# cleaned=1
# scan_time=22440
sh=338901240FEDCEF4E3892FD4C723C89154F4DE05 ft=1 fh=020823327ce5bc47 vn="Win32/Adware.MultiPlug.A application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\All Users\Application Data\Bcool\bhoclass.dll"
(End.)

Report •

#6
August 2, 2013 at 16:22:07

Thanks Canuck3073
I'm here & will be available for a few hours.
http://www.timeanddate.com/worldclo...

1: Download & run Unhide
http://www.bleepingcomputer.com/for...
http://download.bleepingcomputer.co...
To run Unhide, simply download it to your desktop and then double-click on the Unhide icon. The program will open a black box and start making the files on your fixed disks visible again. Please note, that this program will not unhide removable drives like flash cards and usb drives as the FakeHDD rogues do not target these types of drives. Once it has finished, the program will display a Windows alert stating that your files have been restored. You should then reboot your computer for all of the settings to go into effect.
Copy & Paste the contents of the log. Let me know if it doesn't produce a log please.

2: Reboot

3: Run RogueKiller
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
Official tutorial
http://tigzyrk.blogspot.fr/2012/11/...
Download & SAVE to your Desktop.
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller.

message edited by Johnw


Report •

#7
August 5, 2013 at 10:19:29

To JohnW - I ran UNHIDE and ROGUEKILLER this morning. Log files follow:
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 08/05/2013 09:56:58 AM
Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the A:\ drive
Finished processing the A:\ drive. 3 files processed.

Processing the C:\ drive
Finished processing the C:\ drive. 133722 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 120597 files processed.

The C:\DOCUME~1\GARRY&~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/for...

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!

Program finished at: 08/05/2013 10:25:20 AM
Execution time: 0 hours(s), 28 minute(s), and 22 seconds(s)
--------------------------------------------------------------------------------------------------------------
RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Garry&Louise [Admin rights]
Mode : Scan -- Date : 08/05/2013 11:54:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Garry&Louise\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Infection : ¤¤¤
END of LOGS,


Report •

#8
August 5, 2013 at 15:25:47

Thanks Canuck3073, we are on the right track, you are infected, shall continue dismantling the infections bit by bit, until I see you are clean.

Please download Farbar Recovery Scan Tool and save it to your desktop.
http://www.bleepingcomputer.com/dow...
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste the contents into to your reply. ( You will have to break it up into 2 parts )
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste the contents into to your reply.


Report •

#9
August 5, 2013 at 18:12:53

John - the first part of FRST.TXT log follows: (then the second part will be in the next reply, followed by the ADDITION.TXT in the 3rd reply).
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-08-2013
Ran by Garry&Louise (administrator) on 05-08-2013 19:41:50
Running from C:\My Download Files
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ali) C:\windows\UMStor\Res.EXE
(CyberLink Corp.) C:\Program Files\Dell\Media Experience\PCMService.exe
(Intel Corporation) C:\windows\system32\hkcmd.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(ACD Systems, Ltd.) C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
(Broadcom Corporation) C:\windows\BCMSMMSG.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic Shared\CineTray.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(Prolific Technology Inc.) C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\windows\System32\ups.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Sysinternals - www.sysinternals.com) C:\Documents and Settings\Garry&Louise\Local Settings\Temporary Internet Files\Content.IE5\2BBCD51N\ProcessExplorer[1]\procexp.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\System32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [USB Storage Toolbox] - C:\windows\UMStor\Res.EXE [65536 2005-09-14] (ali)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\Media Experience\PCMService.exe [204800 2003-08-26] (CyberLink Corp.)
HKLM\...\Run: [dscactivate] - "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [x]
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [114741 2003-08-06] (Sonic Solutions)
HKLM\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-17] (CANON INC.)
HKLM\...\Run: [Camera Detector] - C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE [208896 2003-06-17] (ACD Systems, Ltd.)
HKLM\...\Run: [BCMSMMSG] - C:\Windows\BCMSMMSG.exe [122880 2003-08-29] (Broadcom Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [x]
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [57344 2005-06-07] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\runonceex: [] - [x]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [X]
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2007-07-16] (Google Inc.)
HKCU\...\Run: [Sonic RecordNow!] - [x]
HKCU\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [460784 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [Sonic RecordNow!] - [x]
HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
ShortcutTarget: Sonic CinePlayer Quick Launch.lnk -> C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={sea...
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx...
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?c...
SearchScopes: HKCU - {5D6BAC8B-33F4-4BDA-A4CF-169EDEDA7FFF} URL = http://ca.search.yahoo.com/search?f...
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?f...
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Toolbar: HKCU -Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/p...
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/A...
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/...
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/A...
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downl...
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeu...
DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} https://webresponse.one.microsoft.c...
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eo...
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji...
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/ge...
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared...
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeu...
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin...
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/ji...
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji...
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji...
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji...
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji...
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/...
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/get...
Handler: ipp - No CLSID Value -
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Garry&Louise\Application Data\Mozilla\Firefox\Profiles\ca7skwqc.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\Garry&Louise\Application Data\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

========================== Services (Whitelisted) =================

R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [176241 2004-07-21] (American Power Conversion Corporation)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R2 MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [7544916 2003-05-31] (Microsoft Corporation)
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 PLFlash DeviceIoControl Service; C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [81920 2008-09-24] (Prolific Technology Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation)
S4 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" [x]
S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]


Report •

#10
August 5, 2013 at 18:14:55

FRST.TXT continued:
==================== Drivers (Whitelisted) ====================

R3 BCMModem; C:\Windows\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40448 2003-06-20] (Sonic Solutions)
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
S3 i81x; C:\Windows\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation)
S3 iAimFP0; C:\Windows\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation)
S3 iAimFP1; C:\Windows\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation)
S3 iAimFP2; C:\Windows\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation)
S3 iAimFP3; C:\Windows\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation)
S3 iAimFP4; C:\Windows\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation)
S3 iAimTV0; C:\Windows\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation)
S3 iAimTV1; C:\Windows\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation)
S3 iAimTV3; C:\Windows\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation)
S3 iAimTV4; C:\Windows\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [807998 2005-06-22] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
R1 MpKsl25d6a390; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{82F22D74-B0FF-4B7A-A18E-070FC8EBB0FD}\MpKsl25d6a390.sys [29904 2013-08-05] (Microsoft Corporation)
S1 P3; C:\Windows\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5621 2003-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23219 2003-07-14] (Sonic Solutions)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25685 2003-08-06] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34837 2003-08-06] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4117 2003-08-06] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2233 2003-08-06] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [83284 2003-08-06] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14229 2003-08-06] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6357 2003-08-06] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98068 2003-08-06] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100373 2003-08-06] (Sonic Solutions)
S3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation)
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation)
S3 bvrp_pci; No ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [x]
S3 PcdrNdisuio; system32\DRIVERS\pcdrndisuio.sys [x]
S3 wanatw; System32\DRIVERS\wanatw4.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-05 19:41 - 2013-08-05 19:41 - 00000000 ____D C:\FRST
2013-08-05 11:55 - 2013-08-05 11:55 - 00003829 _____ C:\Documents and Settings\Garry&Louise\Desktop\RKreport[0]_D_08052013_115537.txt
2013-08-05 11:54 - 2013-08-05 11:54 - 00003773 _____ C:\Documents and Settings\Garry&Louise\Desktop\RKreport[0]_S_08052013_115459.txt
2013-08-05 11:48 - 2013-08-05 12:07 - 00000000 ____D C:\Documents and Settings\Garry&Louise\Desktop\RK_Quarantine
2013-08-05 09:56 - 2013-08-05 10:25 - 00003016 _____ C:\Documents and Settings\Garry&Louise\Desktop\unhide.txt
2013-07-30 16:56 - 2013-07-30 16:56 - 00001384 _____ C:\Documents and Settings\Garry&Louise\Desktop\Shortcut to procexp.exe.lnk
2013-07-29 14:26 - 2013-07-29 14:26 - 00001925 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-07-28 15:15 - 2013-07-28 15:15 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-07-28 14:59 - 2013-07-28 14:59 - 00001822 _____ C:\Documents and Settings\Garry&Louise\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-07-28 14:58 - 2013-07-28 14:58 - 00000000 ____D C:\Program Files\Tweaking.com
2013-07-28 14:12 - 2013-07-28 14:12 - 00074703 _____ C:\windows\system32\mfc45.dat
2013-07-28 14:11 - 2013-07-28 15:21 - 00065536 _____ C:\windows\system32\config\iolo App.evt
2013-07-28 14:11 - 2013-07-28 14:11 - 00000838 _____ C:\Documents and Settings\Garry&Louise\Desktop\System Checkup.lnk
2013-07-28 14:11 - 2013-07-28 14:11 - 00000000 ____D C:\Program Files\iolo
2013-07-28 14:11 - 2013-07-28 14:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iolo
2013-07-25 11:30 - 2013-07-25 11:33 - 00000000 ____D C:\Documents and Settings\Garry&Louise\My Documents\cpdn_backupfile
2013-07-19 13:02 - 2013-08-05 13:02 - 00054370 _____ C:\windows\setupapi.log
2013-07-18 17:58 - 2013-05-20 13:52 - 00447711 ____R C:\windows\system32\Drivers\etc\hosts.20130718-175845.backup
2013-07-16 23:45 - 2013-08-04 23:17 - 00003552 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-07-16 23:35 - 2013-07-16 23:35 - 00001614 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2013-07-15 10:55 - 2013-07-15 10:56 - 00012324 _____ C:\windows\KB2834904.log
2013-07-15 10:55 - 2013-07-15 10:55 - 00000000 ___DC C:\windows\$NtUninstallKB2834904_WM11$
2013-07-15 10:47 - 2013-07-15 10:47 - 00000000 ___DC C:\windows\$NtUninstallKB2834886$
2013-07-15 10:46 - 2013-07-15 10:48 - 00012548 _____ C:\windows\KB2834886.log
2013-07-15 10:41 - 2013-07-15 10:41 - 00000000 ___DC C:\windows\$NtUninstallKB2850851$
2013-07-15 10:37 - 2013-07-15 10:37 - 00000000 ___DC C:\windows\$NtUninstallKB2845187$
2013-07-15 10:33 - 2013-07-15 10:34 - 00011565 _____ C:\windows\KB2845142.log
2013-07-15 10:33 - 2013-07-15 10:34 - 00000000 ___DC C:\windows\$NtUninstallKB2845142_WM64$
2013-07-15 09:55 - 2013-07-15 10:01 - 00014082 _____ C:\windows\KB2846071-IE8.log
2013-07-14 16:59 - 2013-07-15 10:41 - 00017809 _____ C:\windows\KB2850851.log
2013-07-14 16:57 - 2013-07-15 10:37 - 00016580 _____ C:\windows\KB2845187.log

==================== One Month Modified Files and Folders =======

2013-08-05 19:41 - 2013-08-05 19:41 - 00000000 ____D C:\FRST
2013-08-05 19:39 - 2004-08-16 09:51 - 01699449 _____ C:\windows\WindowsUpdate.log
2013-08-05 19:35 - 2005-01-28 10:34 - 00000000 ____D C:\My Download Files
2013-08-05 19:13 - 2013-04-27 07:57 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-05 19:01 - 2012-12-05 00:37 - 00000248 _____ C:\windows\Tasks\Scheduled Update for Ask Toolbar.job
2013-08-05 18:57 - 2010-09-28 18:25 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-05 17:54 - 2004-04-19 12:51 - 00000330 _____ C:\windows\WIADEBUG.LOG
2013-08-05 13:57 - 2010-09-28 18:25 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-05 13:02 - 2013-07-19 13:02 - 00054370 _____ C:\windows\setupapi.log
2013-08-05 13:00 - 2013-05-21 17:17 - 00000408 _____ C:\windows\Tasks\SystemToolsDailyTest.job
2013-08-05 12:07 - 2013-08-05 11:48 - 00000000 ____D C:\Documents and Settings\Garry&Louise\Desktop\RK_Quarantine
2013-08-05 11:57 - 2003-11-27 12:01 - 00002521 _____ C:\Documents and Settings\Garry&Louise\Desktop\Microsoft Outlook.lnk
2013-08-05 11:55 - 2013-08-05 11:55 - 00003829 _____ C:\Documents and Settings\Garry&Louise\Desktop\RKreport[0]_D_08052013_115537.txt
2013-08-05 11:54 - 2013-08-05 11:54 - 00003773 _____ C:\Documents and Settings\Garry&Louise\Desktop\RKreport[0]_S_08052013_115459.txt
2013-08-05 10:44 - 2004-04-19 12:51 - 00000048 _____ C:\windows\WIASERVC.LOG
2013-08-05 10:42 - 2011-11-13 02:14 - 00000292 _____ C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2483687876-427709516-3391105199-1009.job
2013-08-05 10:41 - 2003-11-14 17:50 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-05 10:40 - 2012-11-27 21:46 - 00524288 _____ C:\windows\system32\config\SpybotSD.evt
2013-08-05 10:40 - 2004-04-19 12:42 - 00032398 _____ C:\windows\SchedLgU.Txt
2013-08-05 10:40 - 2003-11-26 12:19 - 00000278 ___SH C:\Documents and Settings\Garry&Louise\NTUSER.INI
2013-08-05 10:25 - 2013-08-05 09:56 - 00003016 _____ C:\Documents and Settings\Garry&Louise\Desktop\unhide.txt
2013-08-04 23:17 - 2013-07-16 23:45 - 00003552 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-08-04 23:17 - 2012-11-18 01:23 - 00278266 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-08-04 18:41 - 2012-11-19 17:28 - 00000000 ____D C:\PFS8.1 PE_TMP
2013-08-04 16:20 - 2003-11-27 12:02 - 00002497 _____ C:\Documents and Settings\Garry&Louise\Desktop\MS WORD.lnk
2013-08-02 23:29 - 2006-12-21 09:29 - 00524288 _____ C:\windows\system32\config\Internet.evt
2013-08-02 04:44 - 2012-06-11 21:35 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Bcool
2013-08-01 20:44 - 2013-03-11 17:46 - 00000000 ____D C:\Program Files\BOINC
2013-07-31 08:26 - 2010-10-18 22:15 - 00000300 _____ C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2483687876-427709516-3391105199-1009.job
2013-07-30 23:29 - 2012-11-18 01:24 - 03457008 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2483687876-427709516-3391105199-1009-0.dat
2013-07-30 19:49 - 2011-10-13 14:55 - 00000284 _____ C:\windows\Tasks\AppleSoftwareUpdate.job
2013-07-30 16:56 - 2013-07-30 16:56 - 00001384 _____ C:\Documents and Settings\Garry&Louise\Desktop\Shortcut to procexp.exe.lnk
2013-07-29 14:49 - 2010-04-06 19:20 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2013-07-29 14:26 - 2013-07-29 14:26 - 00001925 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-07-29 14:23 - 2004-10-13 09:13 - 00000000 ____D C:\Program Files\Google
2013-07-28 15:21 - 2013-07-28 14:11 - 00065536 _____ C:\windows\system32\config\iolo App.evt
2013-07-28 15:15 - 2013-07-28 15:15 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-07-28 14:59 - 2013-07-28 14:59 - 00001822 _____ C:\Documents and Settings\Garry&Louise\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-07-28 14:58 - 2013-07-28 14:58 - 00000000 ____D C:\Program Files\Tweaking.com
2013-07-28 14:12 - 2013-07-28 14:12 - 00074703 _____ C:\windows\system32\mfc45.dat
2013-07-28 14:11 - 2013-07-28 14:11 - 00000838 _____ C:\Documents and Settings\Garry&Louise\Desktop\System Checkup.lnk
2013-07-28 14:11 - 2013-07-28 14:11 - 00000000 ____D C:\Program Files\iolo
2013-07-28 14:11 - 2013-07-28 14:11 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iolo
2013-07-25 11:33 - 2013-07-25 11:30 - 00000000 ____D C:\Documents and Settings\Garry&Louise\My Documents\cpdn_backupfile
2013-07-22 17:54 - 2013-05-21 17:16 - 00000000 ____D C:\Program Files\My Dell
2013-07-22 17:54 - 2010-11-21 19:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PCDr
2013-07-19 08:02 - 2004-04-19 11:18 - 00000000 ____D C:\Documents and Settings\Garry&Louise\Local Settings\Application Data\Adobe
2013-07-19 08:01 - 2012-04-03 08:08 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-07-19 08:01 - 2011-05-17 08:03 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-18 17:42 - 2003-11-14 18:08 - 00000502 _____ C:\windows\WININIT.INI
2013-07-16 23:35 - 2013-07-16 23:35 - 00001614 _____ C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2013-07-16 23:35 - 2004-04-19 12:04 - 00000000 ____D C:\Program Files\QuickTime
2013-07-16 07:38 - 2002-09-03 10:05 - 00288496 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-15 12:14 - 2004-04-19 12:40 - 00000000 ____D C:\windows\Microsoft.NET
2013-07-15 11:59 - 2003-11-14 17:47 - 00001170 _____ C:\windows\system32\WPA.DBL
2013-07-15 11:03 - 2003-11-14 17:49 - 00629838 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-15 10:56 - 2013-07-15 10:55 - 00012324 _____ C:\windows\KB2834904.log
2013-07-15 10:56 - 2002-09-03 10:04 - 00657888 _____ C:\windows\ntdtcsetup.log
2013-07-15 10:56 - 2002-09-03 09:56 - 03231519 _____ C:\windows\FaxSetup.log
2013-07-15 10:56 - 2002-09-03 09:56 - 00174197 _____ C:\windows\OCMSN.LOG
2013-07-15 10:56 - 2002-09-03 09:56 - 00161884 _____ C:\windows\MSGSOCM.LOG
2013-07-15 10:56 - 2002-09-03 03:17 - 01239909 _____ C:\windows\TSOC.LOG
2013-07-15 10:56 - 2002-09-03 03:17 - 00515050 _____ C:\windows\IIS6.LOG
2013-07-15 10:55 - 2013-07-15 10:55 - 00000000 ___DC C:\windows\$NtUninstallKB2834904_WM11$
2013-07-15 10:48 - 2013-07-15 10:46 - 00012548 _____ C:\windows\KB2834886.log
2013-07-15 10:48 - 2002-09-03 10:04 - 00001374 _____ C:\windows\imsins.BAK
2013-07-15 10:47 - 2013-07-15 10:47 - 00000000 ___DC C:\windows\$NtUninstallKB2834886$
2013-07-15 10:41 - 2013-07-15 10:41 - 00000000 ___DC C:\windows\$NtUninstallKB2850851$
2013-07-15 10:41 - 2013-07-14 16:59 - 00017809 _____ C:\windows\KB2850851.log
2013-07-15 10:37 - 2013-07-15 10:37 - 00000000 ___DC C:\windows\$NtUninstallKB2845187$
2013-07-15 10:37 - 2013-07-14 16:57 - 00016580 _____ C:\windows\KB2845187.log
2013-07-15 10:34 - 2013-07-15 10:33 - 00011565 _____ C:\windows\KB2845142.log
2013-07-15 10:34 - 2013-07-15 10:33 - 00000000 ___DC C:\windows\$NtUninstallKB2845142_WM64$
2013-07-15 10:05 - 2005-05-11 22:36 - 75699896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-15 10:01 - 2013-07-15 09:55 - 00014082 _____ C:\windows\KB2846071-IE8.log
2013-07-15 10:00 - 2009-06-20 14:50 - 00000000 ____D C:\windows\ie8updates
2013-07-15 10:00 - 2005-04-14 21:54 - 00412046 _____ C:\windows\updspapi.log
2013-07-15 09:03 - 2008-11-20 01:28 - 00000000 ____D C:\windows\system32\XPSViewer

Files to move or delete:
====================
C:\Documents and Settings\Garry&Louise\GoToAssistDownloadHelper.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


Report •

#11
August 5, 2013 at 18:19:17

ADDITION.TXT follows:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-08-2013
Ran by Garry&Louise at 2013-08-05 19:44:03
Running from C:\My Download Files
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

"Nero SoundTrax Help (Version: 4.0.15.0)
µTorrent (Version: 3.1.3)
ACDSee for PENTAX (Version: 5.1.0)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
Adobe AIR (Version: 3.8.0.870)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Adobe® Photoshop® Album Starter Edition 3.0 (Version: 3.0.1)
Adobe® Photoshop® Album Starter Edition 3.0.1 (Version: 3.0.1)
Advanced Photo Editor
Advertising Center (Version: 0.0.0.1)
APC PowerChute Personal Edition (Version: 1.5)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.6.9.0)
Audacity 1.2.6
Banctec Service Agreement (Version: 1.00.00)
BCM V.92 56K Modem
BOINC (Version: 5.2.13)
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 4.01.0000)
Business Contact Manager for Outlook 2003 (Version: 1.0.2002.1)
Canon MP Navigator EX 2.1
Canon MX320 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Casper 5.0 (Version: 5.0.1792)
CCHelp (Version: 4.00.0000.0001)
CCScore (Version: 4.00.0000.0001)
CDRoller version 7.61 (Version: 7.61)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
DAO (Version: 3.50)
Data Doctor Recovery FAT+NTFS(Evaluation) 3.0.1.5
Dell Digital Jukebox Driver
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Media Experience
Dell Networking Guide (Version: 1.00.0001)
Dell Picture Studio - Dell Image Expert (Version: 3.4.1)
Dell ResourceCD
Dell Solution Center (Version: 1.00.0000)
Dell Support (Version: 2.0.1.205)
DellSupport (Version: 6.0.3062)
DolbyFiles (Version: 2.0)
DS21Patch (Version: 1.00.0000)
ESSAdpt (Version: 4.00.0000.0001)
ESSANUP (Version: 4.00.0000.0001)
ESSCAM (Version: 4.00.0000.0001)
ESSCDBK (Version: 4.00.0000.0001)
ESScore (Version: 4.00.0000.0102)
ESSgui (Version: 4.00.0000.0004)
ESShelp (Version: 4.00.0000.0003)
ESSini (Version: 4.00.0000.0007)
ESSPCD (Version: 4.00.0000.0001)
ESSSONIC (Version: 4.00.0000.0003)
ESSvpaht (Version: 4.00.0000.0003)
ESSvpot (Version: 4.00.0000.0001)
Family Tree Maker
Finding Nemo Screen Saver
Get the Picture! (Version: 2.2.1)
Google Earth (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Google Video Player
GoToAssist Corporate (Version: 9.1.0.615)
Help and Support Customization (Version: 1.00.0000)
HLPIndex (Version: 4.00.0000.0003)
HLPRFO (Version: 4.00.0000.0004)
ImagXpress (Version: 7.0.74.0)
Intel(R) Extreme Graphics Driver
iTunes (Version: 11.0.2.26)
J2SE Runtime Environment 5.0 Update 8 (Version: 1.5.0.80)
Java 2 Runtime Environment, SE v1.4.2 (Version: 1.4.2)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 3 (Version: 1.6.0.30)
Java(TM) 6 Update 37 (Version: 6.0.370)
Java(TM) SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Kodak EasyShare software
KSU (Version: 632.62.0002.0001)
Macromedia Shockwave Player (Version: 10.1.0.11)
MaxBlast 3
Menu Templates - Starter Kit (Version: 9.0.4.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004 (Version: 12.0.50)
Microsoft Money 2004 System Pack (Version: 12.0.80)
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Sounds (Version: 1.0.0.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Modem Helper
Movie Templates - Starter Kit (Version: 9.0.4.0)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (KB925673) (Version: 6.00.3888.0)
Musicmatch® Jukebox (Version: 9.00.5100)
My Dell (Version: 3.3.6280.92)
Nero 9
Nero BackItUp (Version: 4.0.0.0)
Nero BackItUp (Version: 4.0.1.102)
Nero BackItUp 4
Nero BurningROM (Version: 9.0.0.0)
Nero BurnRights (Version: 2.99.6.100)
Nero ControlCenter (Version: 0.0.0.1)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.0.5.100)
Nero CoverDesigner Help (Version: 4.0.0.0)
Nero Disc Copy Gadget (Version: 1.53.0.0)
Nero Disc Copy Gadget Help (Version: 2.0.0.0)
Nero DiscSpeed (Version: 4.99.5.105)
Nero DriveSpeed (Version: 3.99.5.105)
Nero Express (Version: 9.0.0.0)
Nero InfoTool (Version: 5.99.5.105)
Nero Installer (Version: 2.0.0.1)
Nero Live (Version: 1.0.164.0)
Nero Live Help (Version: 1.0.162.0)
Nero PhotoSnap (Version: 1.53.2.0)
Nero PhotoSnap Help (Version: 1.53.2.0)
Nero Recode (Version: 3.53.0.0)
Nero Recode Help (Version: 3.53.0.0)
Nero Rescue Agent (Version: 1.99.0.1)
Nero RescueAgent Help (Version: 1.99.0.1)
Nero ShowTime (Version: 4.99.0.0)
Nero StartSmart (Version: 9.0.10.100)
Nero StartSmart Help (Version: 9.0.0.0)
Nero Vision (Version: 0.0.0.1)
Nero Vision (Version: 6.0.6.100)
Nero WaveEditor (Version: 5.0.18.0)
Nero WaveEditor Help (Version: 5.0.15.0)
NeroBurningROM (Version: 9.0.9.100)
NeroExpress (Version: 9.0.9.100)
neroxml (Version: 1.0.0)
Notifier (Version: 4.00.0000.0001)
OLYMPUS CAMEDIA Master 4.2
OTtBP (Version: 4.00.0000.0003)
OTtBPSDK (Version: 4.00.0000.0000)
Paint Shop Pro 7 (Version: 7.05.0000)
Pandora Service
PCDADDIN (Version: 4.00.0000.0001)
PCDHELP (Version: 4.0000.0000.0002)
PCDLNCH (Version: 4.00.0000.0101)
Philips Intelligent Agent (Version: 2.2)
PHOTOfunSTUDIO 8.1 PE (Version: 8.01.710)
QuickTime
QuickTime (Version: 7.74.80.86)
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.6)
RealUpgrade 1.1 (Version: 1.1.0)
RootsMagic 4.1.2.1
R-Undelete 3.0 (Version: 3.0.123507)
SA23xx Device Manager (Version: 1.0)
Segoe UI (Version: 14.0.4327.805)
Serif PagePlus Starter Edition (Version: 2.0.2.009)
SFR (Version: 3.03.0000.0001)
SFR2 (Version: 3.03.0000.0002)
Shrek 2 Activity Center (Version: 1.0)
SizeExplorer Free 4.1 (Version: 4.1)
Sonic CinePlayer DVD Pack (Version: 2.3.1)
Sonic DLA (Version: 4.50)
Sonic RecordNow! (Version: 6.5.0)
Sonic Update Manager (Version: 2.9)
Sony USB Driver
SoundTrax (Version: 4.0.18.0)
Spybot - Search & Destroy (Version: 2.0.12)
swMSM (Version: 12.0.0.1)
System Checkup 3.4 (Version: 3.4.0.47)
The KMPlayer (remove only) (Version: 3.5.0.77)
Tweaking.com - Windows Repair (All in One) (Version: 1.9.15)
Uninstall Startup Inspector
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Disk Win98 Driver
VPRINTOL (Version: 4.00.0000.0001)
WebFldrs XP (Version: 9.50.6513)
Weight Watchers Light and Tasty Deluxe
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0036.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.6)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows PowerShell(TM) 1.0 (Version: 2)
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Creativity Fun Packs - Windows Movie Maker 2 (Version: 1.00.0000)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinUndelete
XML Paper Specification Shared Components Pack 1.0
Yahoo! Music Jukebox (Version: 2.2.2.058)

==================== Restore Points =========================

19-06-2013 13:27:33 Software Distribution Service 3.0
19-06-2013 19:19:55 Installed Java 7 Update 25
20-06-2013 20:24:31 System Checkpoint
21-06-2013 13:14:30 Software Distribution Service 3.0
22-06-2013 13:45:16 System Checkpoint
23-06-2013 12:21:58 Software Distribution Service 3.0
24-06-2013 12:54:13 Software Distribution Service 3.0
25-06-2013 13:15:26 System Checkpoint
26-06-2013 13:37:49 Software Distribution Service 3.0
14-07-2013 21:48:28 Software Distribution Service 3.0
15-07-2013 14:02:19 Software Distribution Service 3.0
16-07-2013 12:58:13 Software Distribution Service 3.0
17-07-2013 14:07:03 System Checkpoint
18-07-2013 12:33:30 Software Distribution Service 3.0
19-07-2013 13:11:38 Software Distribution Service 3.0
20-07-2013 14:11:50 System Checkpoint
21-07-2013 13:12:02 Software Distribution Service 3.0
22-07-2013 17:11:12 System Checkpoint
23-07-2013 12:57:32 Software Distribution Service 3.0
24-07-2013 14:25:13 System Checkpoint
25-07-2013 14:37:42 Software Distribution Service 3.0
26-07-2013 14:13:24 Software Distribution Service 3.0
27-07-2013 16:23:21 System Checkpoint
28-07-2013 13:37:12 Software Distribution Service 3.0
28-07-2013 18:53:20 July 28,2013 before running "Tweak - Windows Repair" program.
29-07-2013 13:52:03 Software Distribution Service 3.0
30-07-2013 22:35:26 System Checkpoint
31-07-2013 13:23:47 Software Distribution Service 3.0
01-08-2013 13:34:20 System Checkpoint
02-08-2013 13:22:05 Software Distribution Service 3.0
03-08-2013 13:57:22 Software Distribution Service 3.0
04-08-2013 14:34:27 System Checkpoint
05-08-2013 12:22:09 Software Distribution Service 3.0

==================== Hosts content: ==========================

2002-08-29 06:00 - 2013-07-18 17:58 - 00447711 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 ie3.proxy.aol.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\My Dell\uaclauncher.exe
Task: C:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2483687876-427709516-3391105199-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2483687876-427709516-3391105199-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\windows\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
Task: C:\windows\Tasks\SystemToolsDailyTest.job => j‰3+–ß1Ež
ö¿ú§zFf<
s@ €!Ý
uaclauncher.exeR-silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilentlyC:\Program Files\My Dell
PC-Doctor0Ý


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2013 10:12:43 PM) (Source: Application Hang) (User: )
Description: Hanging application boinc.scr, version 5.2.13.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/04/2013 06:25:34 PM) (Source: Application Hang) (User: )
Description: Hanging application boinc.scr, version 5.2.13.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/01/2013 10:05:33 PM) (Source: MPSampleSubmission) (User: )
Description: EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (07/31/2013 11:28:58 PM) (Source: Application Error) (User: )
Description: Fault bucket -554289484.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (07/31/2013 11:28:40 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module unknown, version 0.0.0.0, fault address 0x0a32f98b.
Processing media-specific event for [iexplore.exe!ws!]

Error: (07/30/2013 04:05:42 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Error: (07/30/2013 04:04:16 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/29/2013 03:36:57 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/29/2013 03:36:33 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/29/2013 03:35:30 PM) (Source: Application Hang) (User: )
Description: Fault bucket 734037209.


System errors:
=============
Error: (08/05/2013 11:59:24 AM) (Source: DCOM) (User: 8JFWS31)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/05/2013 10:44:29 AM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (08/05/2013 10:44:29 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053

Error: (08/05/2013 10:44:29 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.

Error: (08/05/2013 10:35:08 AM) (Source: DCOM) (User: 8JFWS31)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/05/2013 09:31:25 AM) (Source: DCOM) (User: 8JFWS31)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/05/2013 09:12:29 AM) (Source: DCOM) (User: 8JFWS31)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/05/2013 08:50:56 AM) (Source: DCOM) (User: 8JFWS31)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/05/2013 08:49:43 AM) (Source: DCOM) (User: 8JFWS31)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (08/05/2013 08:28:59 AM) (Source: DCOM) (User: 8JFWS31)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (08/04/2013 10:12:43 PM) (Source: Application Hang)(User: )
Description: boinc.scr5.2.13.0hungapp0.0.0.000000000

Error: (08/04/2013 06:25:34 PM) (Source: Application Hang)(User: )
Description: boinc.scr5.2.13.0hungapp0.0.0.000000000

Error: (08/01/2013 10:05:33 PM) (Source: MPSampleSubmission)(User: )
Description: mptelemetryunspecifiedhardeningtelemetryhardeningtelemetrydisablertp4.2.223.0unspecifiedunspecifiedunspecifiedNILNILNIL

Error: (07/31/2013 11:28:58 PM) (Source: Application Error)(User: )
Description: -554289484

Error: (07/31/2013 11:28:40 PM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702unknown0.0.0.00a32f98b

Error: (07/30/2013 04:05:42 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.c... specified server cannot perform the requested operation.

Error: (07/30/2013 04:04:16 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.c... operation returned because the timeout period expired.

Error: (07/29/2013 03:36:57 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (07/29/2013 03:36:33 PM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (07/29/2013 03:35:30 PM) (Source: Application Hang)(User: )
Description: 734037209


==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 1022 MB
Available physical RAM: 289.63 MB
Total Pagefile: 1693.16 MB
Available Pagefile: 852.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.17 MB

==================== Drives ================================

Drive c: (DISK2_VOL1) (Fixed) (Total:38.29 GB) (Free:3.65 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (DISK2_VOL1) (Fixed) (Total:38.29 GB) (Free:9.47 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 38 GB) (Disk ID: 05332B3D)
Partition 1: (Active) - (Size=38 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 38 GB) (Disk ID: 9DC96E9E)
Partition 1: (Active) - (Size=38 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Report •

#12
August 5, 2013 at 18:22:25

"the first part of FRST.TXT log follows: (then the second part will be in the next reply, followed by the ADDITION.TXT in the 3rd reply)"
Thank you.

Run ComboFix. Copy & Paste the contents of the log please. ComboFix's log should be located at C:\COMBOFIX.TXT.
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
"There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
Run Defogger
http://majorgeeks.com/Defogger_d708...
http://www.bleepingcomputer.com/dow...
This program can enable and disable CD emulation, often required in removing difficult malware. Some CD Emulation programs use a hidden driver that may be seen as a rootkit or that will interfere with the proper operation of the anti-rootkit scanner.
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#13
August 7, 2013 at 17:19:55

Hello JohnW. Sorry I couldn't get back to you sooner - I was away from home all day yesterday.
Today - I ran Defogger. Then tried to install Recovery Console. Unable to complete due to my O.S. being much updated compared to when the original install CD was made and the update for those files did not work. Continued with downloading and running ComboFix. It installed Recovery Console successfully with updated settings. That's a plus for having to run all these fix utilities! ComboFix ran successfully - log file follows. I rebooted after it completed - and so far so good ... no sign of svchost maxing out the CPU!!!!!!! Sure hope this is the final solution.
ComboFix log:
ComboFix 13-08-07.01 - Garry&Louise 07/08/2013 17:20:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.347 [GMT -5:00]
Running from: c:\documents and settings\Garry&Louise\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Bcool
c:\documents and settings\All Users\Application Data\Bcool\background.html
c:\documents and settings\All Users\Application Data\Bcool\content.js
c:\documents and settings\All Users\Application Data\Bcool\data\content.js
c:\documents and settings\All Users\Application Data\Bcool\data\epoch
c:\documents and settings\All Users\Application Data\Bcool\data\jsondb.js
c:\documents and settings\All Users\Application Data\Bcool\geeflobgejmkgcbdmfdifalhngkpbebf.crx
c:\documents and settings\All Users\Application Data\Bcool\settings.ini
c:\documents and settings\All Users\Application Data\PCDr\6280\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\documents and settings\All Users\Application Data\PCDr\6280\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
c:\documents and settings\Garry&Louise\GoToAssistDownloadHelper.exe
c:\documents and settings\Garry&Louise\My Documents\~WRL1141.tmp
c:\documents and settings\Garry&Louise\My Documents\SCGR.TMP
c:\windows\dasetup.log
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\inf\cc_43.inf
c:\windows\inf\dm.inf
c:\windows\inf\dm.PNF
c:\windows\Mplayer.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\SET19D.tmp
c:\windows\system32\SET1A9.tmp
c:\windows\system32\SET1F0.tmp
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-07-07 to 2013-08-07 )))))))))))))))))))))))))))))))
.
.
2013-08-07 14:06 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AD6ACAE-B646-4ED3-9DFA-C34069CF9027}\mpengine.dll
2013-08-06 13:10 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-06 00:41 . 2013-08-06 00:41 -------- d-----w- C:\FRST
2013-07-28 20:15 . 2013-07-28 20:15 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-07-28 19:58 . 2013-07-28 19:58 -------- d-----w- c:\program files\Tweaking.com
2013-07-28 19:12 . 2013-07-28 19:12 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-07-28 19:11 . 2013-07-28 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2013-07-28 19:11 . 2013-07-28 19:11 -------- d-----w- c:\program files\iolo
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 13:01 . 2012-04-03 13:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-19 13:01 . 2011-05-17 13:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 02:48 . 2012-06-17 02:54 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-13 02:48 . 2010-04-21 04:16 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 02:48 . 2013-06-19 19:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-13 02:35 . 2007-06-14 16:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-08 04:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-24 01:32 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2002-12-12 06:14 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2002-08-29 11:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-10 17:43 . 2003-06-23 08:44 1696256 ----a-w- c:\windows\system32\wmv9vcm.dll
2012-11-29 08:27 . 2012-12-05 04:36 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-10-28 221295]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-14 14:55 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2010 6:24 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2010 6:24 PM 136176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:02]
.
2013-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:24]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:24]
.
2013-06-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\My Dell\uaclauncher.exe [2013-05-21 17:10]
.
2013-08-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2483687876-427709516-3391105199-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2483687876-427709516-3391105199-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-08-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-21 18:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
Trusted Zone: digitalriver.com\store
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Garry&Louise\Application Data\Mozilla\Firefox\Profiles\ca7skwqc.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Sonic RecordNow! - (no file)
HKLM-Run-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Advanced Photo Editor - c:\program files\Cosmi\Advanced Photo Editor\DeIsL1.isu
AddRemove-Data Doctor Recovery FAT+NTFS(Evaluation) 3.0.1.5 - c:\program files\Data Doctor Recovery FAT+NTFS(Evaluation)\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-07 17:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6E040L0 rev.NAR61590 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2483687876-427709516-3391105199-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
Completion time: 2013-08-07 17:52:05
ComboFix-quarantined-files.txt 2013-08-07 22:52
.
Pre-Run: 3,681,112,064 bytes free
Post-Run: 4,350,164,992 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - 665E42C872EFF1DF75FD57E377A6619D
35C6B2FCDE68FACBEFE0A4A7200BAE58

Report •

#14
August 7, 2013 at 22:31:02

"no sign of svchost maxing out the CPU!!!!!!! Sure hope this is the final solution"
We're getting there Canuck3073.

Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://general-changelog-team.fr/en...
http://www.raymond.cc/blog/adwclean...
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool to your desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#15
August 8, 2013 at 13:03:39

John, I ran AdwCleaner succesfully. Log below. However, JRT only partially ran and then died - tried it 3 times - always got same result. No log file created. I took a screen shot of it - will try to add it to my report here. Nope - couldn't make that work - will try to copy its contents and add it to my post following the Adw log.Is it necessary to get it to run or can we bypass this one?
AdwCleaner.txt follows:
# AdwCleaner v2.306 - Logfile created 08/08/2013 at 13:16:45
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Garry&Louise - 8JFWS31
# Boot Mode : Normal
# Running from : C:\My Download Files\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\windows\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{20E7BC40-33F6-4A81-9D52-B58349326206}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Garry&Louise\Application Data\Mozilla\Firefox\Profiles\ca7skwqc.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9010 octets] - [08/08/2013 13:16:45]

########## EOF - C:\AdwCleaner[S1].txt - [9070 octets] ##########

Contents of screen capture re: Junkware Removal Tool failure follows:
NO - that didn't work either. Is there an e-mail address I can send it to for your perusal? The gist of it was there were a lot of "The system cannot find the path specified." messages with 7 messages about "Checking Startup", ~ Modules, ~ Processes, ~ Sevices, ~ Files, ~ Folders, ~ Registry". I opened Task Manager on the 3rd attempt and saw JRT.exe present but with no activity and after about a minute it just disappeared.


Report •

#16
August 8, 2013 at 14:13:34

"The gist of it was there were a lot of "The system cannot find the path specified."

"Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. http://www.bleepingcomputer.com/for...

Did you?

"Download Junkware Removal Tool to your desktop."
Did you put it on your desktop & run it from there?
If so, try Safe mode.


Report •

#17
August 8, 2013 at 14:19:12

"NO - that didn't work either. Is there an e-mail address I can send it to for your perusal?"

Screenshots ( SS ) or files, use this uploader & give us the link/s.
I use Imgur.com for images ( SS ) & load.to for files.
Image Uploader
http://www.softpedia.com/get/Intern...
http://www.softpedia.com/progScreen...
http://zenden.ws/imageuploader_ru
How to use for images.
http://i.imgur.com/mWxzNlv.gif
http://i.imgur.com/ODCCcPf.gif
http://i.imgur.com/zalhLtW.gif
For other files.
http://i.imgur.com/FhtnM6c.gif
http://i.imgur.com/vf3B7ee.gif
http://i.imgur.com/txFkgpT.gif


Report •

#18
August 8, 2013 at 14:25:27

If it still fails, download again, in case your copy is corrupt. Junkware Removal Tool 5.3.9 is the latest version.

message edited by Johnw


Report •

#19
August 9, 2013 at 11:29:46

John, I downloaded JRT.EXE again - got the same version as yesterday - 5.3.9 - saved it to my Desktop, turned off firewalls and av programs and ran it. It did exactly the same - showed it was checking "Startup, Modules, Processes, etc. and also displayed the same repeated message "The system cannot find the path specified.", a Windows Explorer window opened, I minimized it, saw the DOS Window still open with the last message still there and about 15 seconds later the DOS window closed. I left the PC alone for about an hour and 45 minutes - when I returned, there was no log file displayed nor one visible on the desktop. Since I've never seen how this program is supposed to behave I have no way of knowing if what I saw is normal or not. I haven't had any problem running any of the previous tools you recommended so I really don't know what's wrong with this one - if anything - or maybe I have to wait longer for a result?

Report •

#20
August 9, 2013 at 15:15:25

My post #16
"If so, try Safe mode"

Did you?

message edited by Johnw


Report •

#21
August 9, 2013 at 16:21:07

No. Sorry - I forgot about that. Will try it and let you know.

Report •

#22
August 10, 2013 at 08:03:30

John, I ran JRT.exe in Safe Mode (no networking) twice - same result, both times - the program disappeared after about 3 minutes with exactly the same messages in the DOS window as before.

Report •

#23
August 10, 2013 at 14:50:17

Canuck3073, read my info again in post #7
Don't think you clicked on Delete in RogueKiller.

If you didn't, download the latest version & run again.


Report •

#24
August 12, 2013 at 11:18:28

John, I reviewed my notes from when I ran RogueKiller before and I did click on Delete. However, I downloaded it again (V.8.6.5) a few minutes ago and re-ran it. After the prescan finished, I clicked on "Scan" - it ran about 3 minutes and reported "Scan Finished". I saw 5 entries in the Registry tab, 1 in Hosts and 1 in MBR (0 in the rest). I clicked on "Delete" - it ran about 3 or 4 seconds and status box said "Deleting finished". In the lower box it showed 3 of the Registry entries were deleted and 2 were replaced. There are 2 Report files (same as last time). I'll paste them below. It also produced a "Quarantine" report (same as last time) which I'll also paste below.

Report C:

RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Garry&Louise [Admin rights]
Mode : Scan -- Date : 08/12/2013 12:35:34
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Garry&Louise\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6E040L0 +++++
--- User ---
[MBR] 359f42d673dc3f2b279f34f800973f79
[BSP] 2a6a7a1feb913c573bf10fc8d1757102 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39205 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 6E040L0 +++++
--- User ---
[MBR] 60abeb81587db48d414b38b0ef598701
[BSP] f4a1f9fd6340afeaaadfe4a5b65e06e8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39205 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08122013_123534.txt >>

-------------------------------------------------------------------------------------------------------------------
Report D:
RogueKiller V8.6.5 [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/rog...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Garry&Louise [Admin rights]
Mode : Remove -- Date : 08/12/2013 12:39:19
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> F:\windows\system32\config\SYSTEM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SOFTWARE | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SECURITY | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\SAM | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\windows\system32\config\DEFAULT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Administrator\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\All Users\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> F:\Documents and Settings\Default User\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\Garry&Louise\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\LocalService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]
-> F:\Documents and Settings\NetworkService\NTUSER.DAT | DRVINFO [Drv - F:] | SYSTEMINFO [Sys - C:] [Sys32 - FOUND] | USERINFO [Startup - FOUND]

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6E040L0 +++++
--- User ---
[MBR] 359f42d673dc3f2b279f34f800973f79
[BSP] 2a6a7a1feb913c573bf10fc8d1757102 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39205 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 6E040L0 +++++
--- User ---
[MBR] 60abeb81587db48d414b38b0ef598701
[BSP] f4a1f9fd6340afeaaadfe4a5b65e06e8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 39205 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08122013_123919.txt >>
RKreport[0]_S_08122013_123534.txt
------------------------------------------------------------------------------------------------------------------
Quarntine Report: - it won't copy & paste because it's a list of 8 files (1 kb each).
Let me know if you need to know anything about them. Thanks.


Report •

#25
August 12, 2013 at 16:27:55

"Quarntine Report: - it won't copy & paste because it's a list of 8 files (1 kb each)"

It won't hurt for me to look at them.

Refer my post #17


Report •

#26
August 12, 2013 at 16:31:49

JRT has been updated with new definitions etc, please download & try running again.

Report •

#27
August 12, 2013 at 16:49:31

If JRT still will not finish, uninstall Combofix, download the latest version & run again.

After running Combofix, try JRT.

Uninstall ComboFix. The reason we remove Combofix, is that a new version comes out nearly every day.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please Copy and Paste the following into the box > ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.
Qoobox is a folder created by Combofix to quarantine any infected files.
http://www.bleepingcomputer.com/com...


Report •

#28
August 14, 2013 at 20:00:24

John, I downloaded JRT ver.5.4.5 and ran it - still got same result as every time before. Uninstalled ComboFix, downloaded new ComboFix, V.13.8.13,2, and it ran ok. Re-ran JRT - still same result as before. Log Report from ComboFix will follow below. I looked in the "Qoobox" and saw about 15 sub-folders with various ".vir" files. Re: RogueKiller's Quarantine files - I played around with imgur.com for a while but wasn't able to find a way to get to the screen that is shown in vf3B7ee.gif. The files that were displayed in that folder were 4 HKEY_Current_User... .reg files and 1 HKEY_Local_Machine... .reg file plus a PhysicalDrive(0)_User.dat and a PhysicalDrive(1)_User.dat file and RogueKiller.ini.

Latest ComboFix.txt log file follows:

ComboFix 13-08-13.02 - Garry&Louise 13/08/2013 19:21:28.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.468 [GMT -5:00]
Running from: c:\documents and settings\Garry&Louise\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\PCDr\6280\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\documents and settings\All Users\Application Data\PCDr\6280\AddOnDownloaded\97b26c73-ba78-4c33-81e8-2f3210990c0e.dll
c:\documents and settings\All Users\Application Data\PCDr\6280\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-07-14 to 2013-08-14 )))))))))))))))))))))))))))))))
.
.
2013-08-13 14:31 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{23D4C66D-1DFF-4BDB-ABA9-251EF6ACD0FC}\mpengine.dll
2013-08-12 13:20 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-08 18:41 . 2013-08-08 18:41 -------- d-----w- c:\windows\ERUNT
2013-08-06 00:41 . 2013-08-06 00:41 -------- d-----w- C:\FRST
2013-07-28 20:15 . 2013-07-28 20:15 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-07-28 19:58 . 2013-07-28 19:58 -------- d-----w- c:\program files\Tweaking.com
2013-07-28 19:12 . 2013-07-28 19:12 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-07-28 19:11 . 2013-07-28 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2013-07-28 19:11 . 2013-07-28 19:11 -------- d-----w- c:\program files\iolo
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2013-07-17 04:35 . 2013-07-17 04:35 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 13:01 . 2012-04-03 13:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-19 13:01 . 2011-05-17 13:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-13 02:48 . 2012-06-17 02:54 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-13 02:48 . 2010-04-21 04:16 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-13 02:48 . 2013-06-19 19:21 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-13 02:35 . 2007-06-14 16:44 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-08 04:55 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-24 01:32 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2002-12-12 06:14 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2002-08-29 11:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2012-11-29 08:27 . 2012-12-05 04:36 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="c:\windows\UMStor\Res.EXE" [2005-09-15 65536]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-10-28 221295]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-06-14 14:55 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PanProcess.exe"=
"c:\\Program Files\\PANDORA.TV\\PanService\\PandoraService.exe"=
.
R1 MpKsl4338e282;MpKsl4338e282;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75BDE529-2889-4847-B641-1C1165CB65A8}\MpKsl4338e282.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75BDE529-2889-4847-B641-1C1165CB65A8}\MpKsl4338e282.sys [?]
R2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [12/02/2013 10:16 AM 625304]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [27/11/2012 9:46 PM 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [27/11/2012 9:46 PM 1369624]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2010 6:24 PM 136176]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [27/11/2012 9:46 PM 168384]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28/09/2010 6:24 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:02]
.
2013-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:24]
.
2013-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:24]
.
2013-08-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\My Dell\uaclauncher.exe [2013-05-21 17:10]
.
2013-08-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2483687876-427709516-3391105199-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-07-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2483687876-427709516-3391105199-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
Trusted Zone: digitalriver.com\store
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Garry&Louise\Application Data\Mozilla\Firefox\Profiles\ca7skwqc.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-13 19:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6E040L0 rev.NAR61590 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2483687876-427709516-3391105199-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
Completion time: 2013-08-13 19:46:05
ComboFix-quarantined-files.txt 2013-08-14 00:45
.
Pre-Run: 4,320,456,704 bytes free
Post-Run: 4,299,784,192 bytes free
.
- - End Of File - - 1CF08A2999E53AB96483854FD1B06A9C
35C6B2FCDE68FACBEFE0A4A7200BAE58


Report •

#29
August 14, 2013 at 20:26:03

"I played around with imgur.com for a while but wasn't able to find a way to get to the screen that is shown in vf3B7ee.gif"

http://i.imgur.com/AT6bjjD.gif


Report •

#30
August 14, 2013 at 20:33:50

Combofix has done some work.

Run TDSSKiller. Copy & Paste the contents of the log in your reply.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...


Report •

#31
August 16, 2013 at 08:34:00

John, I just finished running TDSSKILLER. LOG follows in 2 parts as it's too big for one post. I'll look into the imgur thing later on when I have more time. Thanks for the tip.
10:05:50.0796 0268 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
10:05:52.0796 0268 ============================================================
10:05:52.0796 0268 Current date / time: 2013/08/16 10:05:52.0796
10:05:52.0796 0268 SystemInfo:
10:05:52.0796 0268
10:05:52.0796 0268 OS Version: 5.1.2600 ServicePack: 3.0
10:05:52.0796 0268 Product type: Workstation
10:05:52.0828 0268 ComputerName: 8JFWS31
10:05:52.0828 0268 UserName: Garry&Louise
10:05:52.0828 0268 Windows directory: C:\windows
10:05:52.0828 0268 System windows directory: C:\windows
10:05:52.0828 0268 Processor architecture: Intel x86
10:05:52.0828 0268 Number of processors: 1
10:05:52.0828 0268 Page size: 0x1000
10:05:52.0828 0268 Boot type: Normal boot
10:05:52.0859 0268 ============================================================
10:06:00.0906 0268 Drive \Device\Harddisk0\DR0 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:06:00.0953 0268 Drive \Device\Harddisk1\DR1 - Size: 0x9925B0000 (38.29 Gb), SectorSize: 0x200, Cylinders: 0x1386, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:06:01.0687 0268 ============================================================
10:06:01.0687 0268 \Device\Harddisk0\DR0:
10:06:01.0703 0268 MBR partitions:
10:06:01.0703 0268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C92BC7
10:06:01.0703 0268 \Device\Harddisk1\DR1:
10:06:01.0703 0268 MBR partitions:
10:06:01.0703 0268 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C92BC7
10:06:01.0703 0268 ============================================================
10:06:01.0734 0268 C: <-> \Device\Harddisk0\DR0\Partition1
10:06:01.0812 0268 F: <-> \Device\Harddisk1\DR1\Partition1
10:06:01.0812 0268 ============================================================
10:06:01.0812 0268 Initialize success
10:06:01.0812 0268 ============================================================
10:08:33.0875 0548 ============================================================
10:08:33.0875 0548 Scan started
10:08:33.0875 0548 Mode: Manual;
10:08:33.0875 0548 ============================================================
10:08:34.0281 0548 ================ Scan system memory ========================
10:08:34.0281 0548 System memory - ok
10:08:34.0281 0548 ================ Scan services =============================
10:08:34.0515 0548 Abiosdsk - ok
10:08:34.0546 0548 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\windows\System32\DRIVERS\ABP480N5.SYS
10:08:34.0656 0548 abp480n5 - ok
10:08:34.0703 0548 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
10:08:34.0718 0548 ACPI - ok
10:08:34.0750 0548 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\drivers\ACPIEC.sys
10:08:34.0796 0548 ACPIEC - ok
10:08:34.0890 0548 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:08:34.0906 0548 AdobeFlashPlayerUpdateSvc - ok
10:08:34.0937 0548 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\windows\System32\DRIVERS\adpu160m.sys
10:08:35.0062 0548 adpu160m - ok
10:08:35.0093 0548 [ 11C04B17ED2ABBB4833694BCD644AC90 ] aeaudio C:\windows\system32\drivers\aeaudio.sys
10:08:35.0140 0548 aeaudio - ok
10:08:35.0218 0548 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
10:08:35.0312 0548 aec - ok
10:08:35.0359 0548 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
10:08:35.0375 0548 AFD - ok
10:08:35.0421 0548 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\windows\System32\DRIVERS\agp440.sys
10:08:35.0500 0548 agp440 - ok
10:08:35.0562 0548 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\windows\System32\DRIVERS\agpCPQ.sys
10:08:35.0640 0548 agpCPQ - ok
10:08:35.0687 0548 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\windows\System32\DRIVERS\aha154x.sys
10:08:35.0734 0548 Aha154x - ok
10:08:35.0765 0548 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\windows\System32\DRIVERS\aic78u2.sys
10:08:35.0812 0548 aic78u2 - ok
10:08:35.0843 0548 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\windows\System32\DRIVERS\aic78xx.sys
10:08:35.0906 0548 aic78xx - ok
10:08:35.0968 0548 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll
10:08:36.0015 0548 Alerter - ok
10:08:36.0062 0548 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe
10:08:36.0125 0548 ALG - ok
10:08:36.0156 0548 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\windows\System32\DRIVERS\aliide.sys
10:08:36.0203 0548 AliIde - ok
10:08:36.0234 0548 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\windows\System32\DRIVERS\alim1541.sys
10:08:36.0296 0548 alim1541 - ok
10:08:36.0359 0548 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\windows\System32\DRIVERS\amdagp.sys
10:08:36.0468 0548 amdagp - ok
10:08:36.0515 0548 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\windows\System32\DRIVERS\amsint.sys
10:08:36.0546 0548 amsint - ok
10:08:36.0703 0548 [ 29DEB59DE57EA97553B1566F04B39D11 ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
10:08:36.0937 0548 APC UPS Service - ok
10:08:37.0062 0548 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:08:37.0078 0548 Apple Mobile Device - ok
10:08:37.0093 0548 AppMgmt - ok
10:08:37.0156 0548 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\windows\System32\DRIVERS\asc.sys
10:08:37.0218 0548 asc - ok
10:08:37.0250 0548 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\windows\System32\DRIVERS\asc3350p.sys
10:08:37.0296 0548 asc3350p - ok
10:08:37.0328 0548 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\windows\System32\DRIVERS\asc3550.sys
10:08:37.0359 0548 asc3550 - ok
10:08:37.0500 0548 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:08:37.0546 0548 aspnet_state - ok
10:08:37.0609 0548 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
10:08:37.0609 0548 AsyncMac - ok
10:08:37.0640 0548 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
10:08:37.0656 0548 atapi - ok
10:08:37.0671 0548 Atdisk - ok
10:08:37.0703 0548 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
10:08:37.0796 0548 Atmarpc - ok
10:08:37.0859 0548 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll
10:08:37.0906 0548 AudioSrv - ok
10:08:37.0968 0548 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
10:08:38.0000 0548 audstub - ok
10:08:38.0046 0548 [ 068523D2CD260069B19AD68ADEA0D739 ] bcm4sbxp C:\windows\system32\DRIVERS\bcm4sbxp.sys
10:08:38.0093 0548 bcm4sbxp - ok
10:08:38.0203 0548 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\windows\system32\DRIVERS\BCMSM.sys
10:08:38.0406 0548 BCMModem - ok
10:08:38.0453 0548 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
10:08:38.0515 0548 Beep - ok
10:08:38.0593 0548 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\windows\system32\qmgr.dll
10:08:38.0781 0548 BITS - ok
10:08:38.0890 0548 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:08:38.0906 0548 Bonjour Service - ok
10:08:38.0953 0548 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll
10:08:38.0953 0548 Browser - ok
10:08:38.0984 0548 bvrp_pci - ok
10:08:39.0140 0548 catchme - ok
10:08:39.0171 0548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\windows\System32\DRIVERS\cbidf2k.sys
10:08:39.0218 0548 cbidf - ok
10:08:39.0250 0548 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
10:08:39.0250 0548 cbidf2k - ok
10:08:39.0296 0548 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\windows\System32\DRIVERS\cd20xrnt.sys
10:08:39.0343 0548 cd20xrnt - ok
10:08:39.0375 0548 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
10:08:39.0437 0548 Cdaudio - ok
10:08:39.0484 0548 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
10:08:39.0484 0548 Cdfs - ok
10:08:39.0515 0548 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
10:08:39.0609 0548 Cdrom - ok
10:08:39.0625 0548 Changer - ok
10:08:39.0687 0548 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe
10:08:39.0734 0548 CiSvc - ok
10:08:39.0781 0548 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe
10:08:39.0859 0548 ClipSrv - ok
10:08:39.0906 0548 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:08:39.0984 0548 clr_optimization_v2.0.50727_32 - ok
10:08:40.0078 0548 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:08:40.0093 0548 clr_optimization_v4.0.30319_32 - ok
10:08:40.0140 0548 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\windows\System32\DRIVERS\cmdide.sys
10:08:40.0171 0548 CmdIde - ok
10:08:40.0234 0548 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
10:08:40.0234 0548 Compbatt - ok
10:08:40.0250 0548 COMSysApp - ok
10:08:40.0312 0548 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\windows\System32\DRIVERS\cpqarray.sys
10:08:40.0359 0548 Cpqarray - ok
10:08:40.0421 0548 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll
10:08:40.0468 0548 CryptSvc - ok
10:08:40.0515 0548 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\windows\System32\DRIVERS\dac2w2k.sys
10:08:40.0609 0548 dac2w2k - ok
10:08:40.0640 0548 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\windows\System32\DRIVERS\dac960nt.sys
10:08:40.0671 0548 dac960nt - ok
10:08:40.0750 0548 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll
10:08:40.0781 0548 DcomLaunch - ok
10:08:40.0843 0548 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll
10:08:40.0843 0548 Dhcp - ok
10:08:40.0890 0548 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
10:08:40.0906 0548 Disk - ok
10:08:40.0906 0548 dmadmin - ok
10:08:40.0984 0548 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys
10:08:41.0125 0548 dmboot - ok
10:08:41.0171 0548 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys
10:08:41.0218 0548 dmio - ok
10:08:41.0265 0548 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
10:08:41.0296 0548 dmload - ok
10:08:41.0375 0548 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll
10:08:41.0421 0548 dmserver - ok
10:08:41.0484 0548 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
10:08:41.0546 0548 DMusic - ok
10:08:41.0625 0548 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll
10:08:41.0625 0548 Dnscache - ok
10:08:41.0687 0548 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll
10:08:41.0765 0548 Dot3svc - ok
10:08:41.0796 0548 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\windows\System32\DRIVERS\dpti2o.sys
10:08:41.0843 0548 dpti2o - ok
10:08:41.0890 0548 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
10:08:41.0906 0548 drmkaud - ok
10:08:41.0968 0548 [ 7F056A52BCBA3102D2D37A4A2646C807 ] drvmcdb C:\windows\system32\drivers\drvmcdb.sys
10:08:41.0968 0548 drvmcdb - ok
10:08:42.0000 0548 [ D3C1E501ED42E77574B3095309DD4075 ] drvnddm C:\windows\system32\drivers\drvnddm.sys
10:08:42.0000 0548 drvnddm - ok
10:08:42.0093 0548 [ FE80901578E7E3DA70299A5AEB2B7FBD ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
10:08:42.0093 0548 DSBrokerService - ok
10:08:42.0171 0548 [ 413F2D5F9D802688242C23B38F767ECB ] DSproct C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
10:08:42.0218 0548 DSproct - ok
10:08:42.0265 0548 [ DFEABB7CFFFADEA4A912AB95BDC3177A ] dsunidrv C:\windows\system32\DRIVERS\dsunidrv.sys
10:08:42.0328 0548 dsunidrv - ok
10:08:42.0375 0548 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll
10:08:42.0453 0548 EapHost - ok
10:08:42.0500 0548 [ 6E883BF518296A40959131C2304AF714 ] EL90XBC C:\windows\system32\DRIVERS\el90xbc5.sys
10:08:42.0578 0548 EL90XBC - ok
10:08:42.0640 0548 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll
10:08:42.0687 0548 ERSvc - ok
10:08:42.0734 0548 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe
10:08:42.0750 0548 Eventlog - ok
10:08:42.0812 0548 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
10:08:42.0828 0548 EventSystem - ok
10:08:42.0890 0548 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
10:08:42.0890 0548 Fastfat - ok
10:08:42.0937 0548 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
10:08:42.0953 0548 FastUserSwitchingCompatibility - ok
10:08:43.0015 0548 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\DRIVERS\fdc.sys
10:08:43.0078 0548 Fdc - ok
10:08:43.0109 0548 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys
10:08:43.0171 0548 Fips - ok
10:08:43.0187 0548 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
10:08:43.0234 0548 Flpydisk - ok
10:08:43.0296 0548 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
10:08:43.0296 0548 FltMgr - ok
10:08:43.0437 0548 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:08:43.0437 0548 FontCache3.0.0.0 - ok
10:08:43.0500 0548 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
10:08:43.0531 0548 Fs_Rec - ok
10:08:43.0593 0548 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
10:08:43.0593 0548 Ftdisk - ok
10:08:43.0640 0548 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\windows\system32\Drivers\GEARAspiWDM.sys
10:08:43.0640 0548 GEARAspiWDM - ok
10:08:43.0718 0548 [ 8F6AE606EB0CC884EE12C41948424422 ] GoToAssist C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
10:08:43.0718 0548 GoToAssist - ok
10:08:43.0765 0548 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
10:08:43.0843 0548 Gpc - ok
10:08:43.0984 0548 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:08:43.0984 0548 gupdate - ok
10:08:44.0000 0548 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:08:44.0000 0548 gupdatem - ok
10:08:44.0078 0548 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:08:44.0078 0548 gusvc - ok
10:08:44.0156 0548 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:08:44.0203 0548 helpsvc - ok
10:08:44.0265 0548 [ 748031FF4FE45CCC47546294905FEAB8 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
10:08:44.0312 0548 HidBatt - ok
10:08:44.0328 0548 HidServ - ok
10:08:44.0359 0548 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
10:08:44.0406 0548 HidUsb - ok
10:08:44.0468 0548 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll
10:08:44.0578 0548 hkmsvc - ok
10:08:44.0625 0548 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\windows\System32\DRIVERS\hpn.sys
10:08:44.0687 0548 hpn - ok
10:08:44.0750 0548 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
10:08:44.0765 0548 HTTP - ok
10:08:44.0828 0548 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll
10:08:44.0875 0548 HTTPFilter - ok
10:08:44.0906 0548 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\windows\system32\drivers\i2omgmt.sys
10:08:44.0953 0548 i2omgmt - ok
10:08:44.0984 0548 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\windows\System32\DRIVERS\i2omp.sys
10:08:45.0031 0548 i2omp - ok
10:08:45.0078 0548 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
10:08:45.0140 0548 i8042prt - ok
10:08:45.0203 0548 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\windows\system32\DRIVERS\i81xnt5.sys
10:08:45.0265 0548 i81x - ok
10:08:45.0312 0548 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\windows\system32\DRIVERS\wADV01nt.sys
10:08:45.0343 0548 iAimFP0 - ok
10:08:45.0359 0548 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\windows\system32\DRIVERS\wADV02NT.sys
10:08:45.0406 0548 iAimFP1 - ok
10:08:45.0437 0548 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\windows\system32\DRIVERS\wADV05NT.sys
10:08:45.0484 0548 iAimFP2 - ok
10:08:45.0515 0548 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\windows\system32\DRIVERS\wSiINTxx.sys
10:08:45.0562 0548 iAimFP3 - ok
10:08:45.0593 0548 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\windows\system32\DRIVERS\wVchNTxx.sys
10:08:45.0640 0548 iAimFP4 - ok
10:08:45.0671 0548 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\windows\system32\DRIVERS\wATV01nt.sys
10:08:45.0718 0548 iAimTV0 - ok
10:08:45.0734 0548 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\windows\system32\DRIVERS\wATV02NT.sys
10:08:45.0781 0548 iAimTV1 - ok
10:08:45.0796 0548 iAimTV2 - ok
10:08:45.0828 0548 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\windows\system32\DRIVERS\wATV04nt.sys
10:08:45.0906 0548 iAimTV3 - ok
10:08:45.0953 0548 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\windows\system32\DRIVERS\wCh7xxNT.sys
10:08:46.0000 0548 iAimTV4 - ok
10:08:46.0078 0548 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\windows\system32\DRIVERS\ialmnt5.sys
10:08:46.0218 0548 ialm - ok
10:08:46.0328 0548 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:08:46.0375 0548 idsvc - ok
10:08:46.0421 0548 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
10:08:46.0500 0548 Imapi - ok
10:08:46.0562 0548 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\windows\system32\imapi.exe
10:08:46.0687 0548 ImapiService - ok
10:08:46.0734 0548 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\windows\System32\DRIVERS\ini910u.sys
10:08:46.0781 0548 ini910u - ok
10:08:46.0812 0548 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\windows\System32\DRIVERS\intelide.sys
10:08:46.0843 0548 IntelIde - ok
10:08:46.0890 0548 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
10:08:46.0953 0548 intelppm - ok
10:08:47.0000 0548 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\windows\system32\drivers\ip6fw.sys
10:08:47.0156 0548 ip6fw - ok
10:08:47.0203 0548 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
10:08:47.0265 0548 IpFilterDriver - ok
10:08:47.0312 0548 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
10:08:47.0437 0548 IpInIp - ok
10:08:47.0468 0548 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
10:08:47.0546 0548 IpNat - ok
10:08:47.0640 0548 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:08:47.0671 0548 iPod Service - ok
10:08:47.0703 0548 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
10:08:47.0812 0548 IPSec - ok
10:08:47.0843 0548 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
10:08:47.0890 0548 IRENUM - ok
10:08:47.0953 0548 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
10:08:47.0953 0548 isapnp - ok
10:08:48.0140 0548 [ 4F4D4AA1E0849FECC0CF5AACD59030B5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:08:48.0359 0548 JavaQuickStarterService - ok
10:08:48.0390 0548 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
10:08:48.0437 0548 Kbdclass - ok
10:08:48.0468 0548 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
10:08:48.0468 0548 kmixer - ok
10:08:48.0546 0548 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
10:08:48.0546 0548 KSecDD - ok
10:08:48.0656 0548 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\windows\System32\srvsvc.dll
10:08:48.0656 0548 lanmanserver - ok
10:08:48.0734 0548 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll
10:08:48.0734 0548 lanmanworkstation - ok
10:08:48.0765 0548 lbrtfdc - ok
10:08:48.0828 0548 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll
10:08:48.0890 0548 LmHosts - ok
10:08:49.0000 0548 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:08:49.0015 0548 MDM - ok
10:08:49.0078 0548 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll
10:08:49.0109 0548 Messenger - ok
10:08:49.0171 0548 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
10:08:49.0203 0548 mnmdd - ok
10:08:49.0281 0548 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
10:08:49.0437 0548 mnmsrvc - ok
10:08:49.0484 0548 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys
10:08:49.0578 0548 Modem - ok
10:08:49.0609 0548 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\windows\system32\drivers\MODEMCSA.sys
10:08:49.0671 0548 MODEMCSA - ok
10:08:49.0718 0548 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
10:08:49.0781 0548 Mouclass - ok
10:08:49.0828 0548 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
10:08:49.0875 0548 mouhid - ok
10:08:49.0906 0548 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
10:08:49.0906 0548 MountMgr - ok
10:08:49.0968 0548 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:08:49.0984 0548 MozillaMaintenance - ok
10:08:50.0031 0548 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
10:08:50.0046 0548 MpFilter - ok
10:08:50.0187 0548 [ A69630D039C38018689190234F866D77 ] MpKsl59cb20aa C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{78B7B8A4-F7F2-4ABF-BEA0-BFBB30DD3E7D}\MpKsl59cb20aa.sys
10:08:50.0187 0548 MpKsl59cb20aa - ok
10:08:50.0218 0548 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\windows\System32\DRIVERS\mraid35x.sys
10:08:50.0265 0548 mraid35x - ok
10:08:50.0328 0548 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
10:08:50.0328 0548 MRxDAV - ok
10:08:50.0390 0548 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
10:08:50.0421 0548 MRxSmb - ok
10:08:50.0468 0548 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
10:08:50.0515 0548 MSDTC - ok

Report •

#32
August 16, 2013 at 08:42:59

Part deux:
----------------------------

10:08:50.0593 0548 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
10:08:50.0593 0548 Msfs - ok
10:08:50.0609 0548 MSIServer - ok
10:08:50.0640 0548 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
10:08:50.0671 0548 MSKSSRV - ok
10:08:50.0750 0548 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:08:50.0750 0548 MsMpSvc - ok
10:08:50.0796 0548 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
10:08:50.0843 0548 MSPCLOCK - ok
10:08:50.0906 0548 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
10:08:50.0937 0548 MSPQM - ok
10:08:50.0984 0548 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
10:08:51.0031 0548 mssmbios - ok
10:08:51.0093 0548 MSSQL$MICROSOFTBCM - ok
10:08:51.0140 0548 [ CB7524C21727404BD3140DCA32DEB7DE ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
10:08:51.0218 0548 MSSQLServerADHelper - ok
10:08:51.0281 0548 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
10:08:51.0281 0548 Mup - ok
10:08:51.0328 0548 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll
10:08:51.0468 0548 napagent - ok
10:08:51.0531 0548 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
10:08:51.0546 0548 NDIS - ok
10:08:51.0593 0548 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
10:08:51.0593 0548 NdisTapi - ok
10:08:51.0640 0548 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
10:08:51.0687 0548 Ndisuio - ok
10:08:51.0734 0548 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
10:08:51.0859 0548 NdisWan - ok
10:08:51.0921 0548 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
10:08:51.0921 0548 NDProxy - ok
10:08:52.0062 0548 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:08:52.0093 0548 Nero BackItUp Scheduler 4.0 - ok
10:08:52.0156 0548 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
10:08:52.0156 0548 NetBIOS - ok
10:08:52.0187 0548 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
10:08:52.0578 0548 NetBT - ok
10:08:52.0750 0548 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe
10:08:52.0937 0548 NetDDE - ok
10:08:52.0953 0548 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe
10:08:52.0953 0548 NetDDEdsdm - ok
10:08:53.0000 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe
10:08:53.0000 0548 Netlogon - ok
10:08:53.0031 0548 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll
10:08:53.0046 0548 Netman - ok
10:08:53.0109 0548 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:08:53.0109 0548 NetTcpPortSharing - ok
10:08:53.0187 0548 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll
10:08:53.0187 0548 Nla - ok
10:08:53.0234 0548 NMIndexingService - ok
10:08:53.0281 0548 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
10:08:53.0281 0548 Npfs - ok
10:08:53.0343 0548 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
10:08:53.0359 0548 Ntfs - ok
10:08:53.0390 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\System32\lsass.exe
10:08:53.0390 0548 NtLmSsp - ok
10:08:53.0468 0548 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
10:08:53.0562 0548 NtmsSvc - ok
10:08:53.0625 0548 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
10:08:53.0656 0548 Null - ok
10:08:53.0765 0548 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\windows\system32\DRIVERS\nv4_mini.sys
10:08:53.0906 0548 nv - ok
10:08:53.0953 0548 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
10:08:53.0984 0548 NwlnkFlt - ok
10:08:54.0015 0548 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
10:08:54.0078 0548 NwlnkFwd - ok
10:08:54.0140 0548 [ 53D5F1278D9EDB21689BBBCECC09108D ] omci C:\windows\system32\DRIVERS\omci.sys
10:08:54.0187 0548 omci - ok
10:08:54.0234 0548 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:08:54.0250 0548 ose - ok
10:08:54.0312 0548 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\windows\system32\DRIVERS\p3.sys
10:08:54.0359 0548 P3 - ok
10:08:54.0437 0548 [ 1011C779C9FCD01AFA96490C86A50421 ] PanService C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
10:08:56.0218 0548 PanService - ok
10:08:56.0250 0548 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\DRIVERS\parport.sys
10:08:56.0343 0548 Parport - ok
10:08:56.0390 0548 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
10:08:56.0390 0548 PartMgr - ok
10:08:56.0453 0548 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys
10:08:56.0484 0548 ParVdm - ok
10:08:56.0500 0548 PcdrNdisuio - ok
10:08:56.0531 0548 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys
10:08:56.0546 0548 PCI - ok
10:08:56.0562 0548 PCIDump - ok
10:08:56.0609 0548 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\DRIVERS\pciide.sys
10:08:56.0609 0548 PCIIde - ok
10:08:56.0671 0548 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
10:08:56.0734 0548 Pcmcia - ok
10:08:56.0750 0548 PDCOMP - ok
10:08:56.0781 0548 PDFRAME - ok
10:08:56.0796 0548 PDRELI - ok
10:08:56.0812 0548 PDRFRAME - ok
10:08:56.0859 0548 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\windows\System32\DRIVERS\perc2.sys
10:08:56.0906 0548 perc2 - ok
10:08:56.0937 0548 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\windows\System32\DRIVERS\perc2hib.sys
10:08:56.0968 0548 perc2hib - ok
10:08:57.0125 0548 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
10:08:57.0250 0548 PLFlash DeviceIoControl Service - ok
10:08:57.0281 0548 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe
10:08:57.0281 0548 PlugPlay - ok
10:08:57.0312 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe
10:08:57.0312 0548 PolicyAgent - ok
10:08:57.0359 0548 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
10:08:57.0437 0548 PptpMiniport - ok
10:08:57.0453 0548 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\windows\system32\DRIVERS\processr.sys
10:08:57.0546 0548 Processor - ok
10:08:57.0578 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe
10:08:57.0578 0548 ProtectedStorage - ok
10:08:57.0625 0548 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
10:08:57.0718 0548 PSched - ok
10:08:57.0781 0548 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
10:08:57.0828 0548 Ptilink - ok
10:08:57.0859 0548 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\windows\system32\DRIVERS\PxHelp20.sys
10:08:57.0859 0548 PxHelp20 - ok
10:08:57.0937 0548 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\windows\System32\DRIVERS\ql1080.sys
10:08:57.0968 0548 ql1080 - ok
10:08:58.0000 0548 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\windows\System32\DRIVERS\ql10wnt.sys
10:08:58.0046 0548 Ql10wnt - ok
10:08:58.0078 0548 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\windows\System32\DRIVERS\ql12160.sys
10:08:58.0109 0548 ql12160 - ok
10:08:58.0156 0548 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\windows\System32\DRIVERS\ql1240.sys
10:08:58.0187 0548 ql1240 - ok
10:08:58.0234 0548 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\windows\System32\DRIVERS\ql1280.sys
10:08:58.0312 0548 ql1280 - ok
10:08:58.0343 0548 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
10:08:58.0343 0548 RasAcd - ok
10:08:58.0375 0548 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll
10:08:58.0437 0548 RasAuto - ok
10:08:58.0468 0548 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
10:08:58.0531 0548 Rasl2tp - ok
10:08:58.0593 0548 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll
10:08:58.0687 0548 RasMan - ok
10:08:58.0734 0548 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
10:08:58.0812 0548 RasPppoe - ok
10:08:58.0875 0548 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
10:08:58.0906 0548 Raspti - ok
10:08:58.0953 0548 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
10:08:58.0953 0548 Rdbss - ok
10:08:58.0984 0548 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
10:08:59.0015 0548 RDPCDD - ok
10:08:59.0062 0548 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
10:08:59.0078 0548 rdpdr - ok
10:08:59.0140 0548 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
10:08:59.0156 0548 RDPWD - ok
10:08:59.0218 0548 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:08:59.0343 0548 RDSessMgr - ok
10:08:59.0406 0548 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
10:08:59.0484 0548 redbook - ok
10:08:59.0531 0548 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll
10:08:59.0609 0548 RemoteAccess - ok
10:08:59.0656 0548 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\System32\locator.exe
10:08:59.0750 0548 RpcLocator - ok
10:08:59.0796 0548 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\System32\rpcss.dll
10:08:59.0812 0548 RpcSs - ok
10:08:59.0875 0548 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\System32\rsvp.exe
10:08:59.0968 0548 RSVP - ok
10:09:00.0000 0548 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe
10:09:00.0000 0548 SamSs - ok
10:09:00.0062 0548 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe
10:09:00.0171 0548 SCardSvr - ok
10:09:00.0218 0548 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll
10:09:00.0281 0548 Schedule - ok
10:09:00.0421 0548 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
10:09:00.0468 0548 SDScannerService - ok
10:09:00.0625 0548 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:09:00.0687 0548 SDUpdateService - ok
10:09:00.0750 0548 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:09:00.0765 0548 SDWSCService - ok
10:09:00.0812 0548 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
10:09:00.0875 0548 Secdrv - ok
10:09:00.0937 0548 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll
10:09:00.0984 0548 seclogon - ok
10:09:01.0015 0548 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll
10:09:01.0031 0548 SENS - ok
10:09:01.0078 0548 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\windows\system32\DRIVERS\serenum.sys
10:09:01.0125 0548 serenum - ok
10:09:01.0156 0548 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\DRIVERS\serial.sys
10:09:01.0296 0548 Serial - ok
10:09:01.0406 0548 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
10:09:01.0437 0548 Sfloppy - ok
10:09:01.0500 0548 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll
10:09:01.0609 0548 SharedAccess - ok
10:09:01.0656 0548 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll
10:09:01.0671 0548 ShellHWDetection - ok
10:09:01.0687 0548 Simbad - ok
10:09:01.0750 0548 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\windows\System32\DRIVERS\sisagp.sys
10:09:01.0812 0548 sisagp - ok
10:09:01.0906 0548 [ 31FD0707C7DBE715234F2823B27214FE ] smwdm C:\windows\system32\drivers\smwdm.sys
10:09:02.0000 0548 smwdm - ok
10:09:02.0062 0548 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\windows\system32\DRIVERS\SONYPVU1.SYS
10:09:02.0109 0548 SONYPVU1 - ok
10:09:02.0140 0548 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\windows\System32\DRIVERS\sparrow.sys
10:09:02.0187 0548 Sparrow - ok
10:09:02.0250 0548 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
10:09:02.0281 0548 splitter - ok
10:09:02.0343 0548 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
10:09:02.0343 0548 Spooler - ok
10:09:02.0421 0548 sprtsvc_dellsupportcenter - ok
10:09:02.0437 0548 SQLAgent$MICROSOFTBCM - ok
10:09:02.0484 0548 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys
10:09:02.0484 0548 sr - ok
10:09:02.0546 0548 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\windows\system32\srsvc.dll
10:09:02.0609 0548 srservice - ok
10:09:02.0671 0548 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
10:09:02.0687 0548 Srv - ok
10:09:02.0750 0548 [ 328E8BB94EC58480F60458FB4B8437A7 ] sscdbhk5 C:\windows\system32\drivers\sscdbhk5.sys
10:09:02.0750 0548 sscdbhk5 - ok
10:09:02.0796 0548 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
10:09:02.0859 0548 SSDPSRV - ok
10:09:02.0890 0548 [ 7EC8B427CEE5C0CDAC066320B93F1355 ] ssrtln C:\windows\system32\drivers\ssrtln.sys
10:09:02.0890 0548 ssrtln - ok
10:09:02.0968 0548 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll
10:09:02.0984 0548 stisvc - ok
10:09:03.0031 0548 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
10:09:03.0062 0548 swenum - ok
10:09:03.0093 0548 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
10:09:03.0156 0548 swmidi - ok
10:09:03.0171 0548 SwPrv - ok
10:09:03.0234 0548 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\windows\System32\DRIVERS\symc810.sys
10:09:03.0265 0548 symc810 - ok
10:09:03.0296 0548 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\windows\System32\DRIVERS\symc8xx.sys
10:09:03.0343 0548 symc8xx - ok
10:09:03.0375 0548 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\windows\System32\DRIVERS\sym_hi.sys
10:09:03.0421 0548 sym_hi - ok
10:09:03.0453 0548 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\windows\System32\DRIVERS\sym_u3.sys
10:09:03.0500 0548 sym_u3 - ok
10:09:03.0562 0548 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
10:09:03.0640 0548 sysaudio - ok
10:09:03.0703 0548 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe
10:09:03.0812 0548 SysmonLog - ok
10:09:03.0859 0548 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll
10:09:03.0937 0548 TapiSrv - ok
10:09:04.0015 0548 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
10:09:04.0031 0548 Tcpip - ok
10:09:04.0093 0548 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
10:09:04.0093 0548 TDPIPE - ok
10:09:04.0125 0548 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
10:09:04.0125 0548 TDTCP - ok
10:09:04.0171 0548 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
10:09:04.0171 0548 TermDD - ok
10:09:04.0234 0548 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll
10:09:04.0312 0548 TermService - ok
10:09:04.0375 0548 [ C229BF90443BE8D3BD2B65D7F3AC0F35 ] tfsnboio C:\windows\system32\dla\tfsnboio.sys
10:09:04.0406 0548 tfsnboio - ok
10:09:04.0437 0548 [ 79EE9FCD7728E54AB8FBC30962F0416F ] tfsncofs C:\windows\system32\dla\tfsncofs.sys
10:09:04.0500 0548 tfsncofs - ok
10:09:04.0515 0548 [ 9EFB37E7DE17D783A059B653F7E8AFAD ] tfsndrct C:\windows\system32\dla\tfsndrct.sys
10:09:04.0546 0548 tfsndrct - ok
10:09:04.0609 0548 [ 130254995EBEDCB34D62E8D78EC9DBD0 ] tfsndres C:\windows\system32\dla\tfsndres.sys
10:09:04.0640 0548 tfsndres - ok
10:09:04.0671 0548 [ 9B40E1E4AEED849812A2E43A388A7E77 ] tfsnifs C:\windows\system32\dla\tfsnifs.sys
10:09:04.0781 0548 tfsnifs - ok
10:09:04.0796 0548 [ 818047AD850B312705AA17CA96B9427D ] tfsnopio C:\windows\system32\dla\tfsnopio.sys
10:09:04.0843 0548 tfsnopio - ok
10:09:04.0906 0548 [ 4603E813BCC6DD465CD8D2AFD37FA90D ] tfsnpool C:\windows\system32\dla\tfsnpool.sys
10:09:04.0937 0548 tfsnpool - ok
10:09:04.0968 0548 [ 6FC2CD904A9A55ACFDFC780A611A75ED ] tfsnudf C:\windows\system32\dla\tfsnudf.sys
10:09:05.0078 0548 tfsnudf - ok
10:09:05.0109 0548 [ D4AFA4D00F8DB3FD1C15B3FE49C3A96C ] tfsnudfa C:\windows\system32\dla\tfsnudfa.sys
10:09:05.0218 0548 tfsnudfa - ok
10:09:05.0265 0548 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll
10:09:05.0265 0548 Themes - ok
10:09:05.0328 0548 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\windows\System32\DRIVERS\toside.sys
10:09:05.0359 0548 TosIde - ok
10:09:05.0421 0548 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll
10:09:05.0484 0548 TrkWks - ok
10:09:05.0531 0548 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
10:09:05.0625 0548 Udfs - ok
10:09:05.0687 0548 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\windows\System32\DRIVERS\ultra.sys
10:09:05.0750 0548 ultra - ok
10:09:05.0812 0548 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
10:09:05.0890 0548 Update - ok
10:09:05.0937 0548 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll
10:09:06.0031 0548 upnphost - ok
10:09:06.0062 0548 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe
10:09:06.0203 0548 UPS - ok
10:09:06.0265 0548 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
10:09:06.0312 0548 usbccgp - ok
10:09:06.0390 0548 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
10:09:06.0453 0548 usbehci - ok
10:09:06.0500 0548 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
10:09:06.0593 0548 usbhub - ok
10:09:06.0640 0548 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
10:09:06.0687 0548 usbprint - ok
10:09:06.0718 0548 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
10:09:06.0765 0548 usbscan - ok
10:09:06.0796 0548 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
10:09:06.0859 0548 USBSTOR - ok
10:09:06.0875 0548 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
10:09:06.0921 0548 usbuhci - ok
10:09:06.0953 0548 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
10:09:07.0000 0548 VgaSave - ok
10:09:07.0078 0548 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\windows\System32\DRIVERS\viaagp.sys
10:09:07.0140 0548 viaagp - ok
10:09:07.0203 0548 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\windows\System32\DRIVERS\viaide.sys
10:09:07.0234 0548 ViaIde - ok
10:09:07.0281 0548 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
10:09:07.0281 0548 VolSnap - ok
10:09:07.0343 0548 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe
10:09:07.0453 0548 VSS - ok
10:09:07.0500 0548 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\windows\system32\w32time.dll
10:09:07.0578 0548 w32time - ok
10:09:07.0625 0548 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
10:09:07.0718 0548 Wanarp - ok
10:09:07.0750 0548 wanatw - ok
10:09:07.0765 0548 WDICA - ok
10:09:07.0828 0548 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
10:09:07.0921 0548 wdmaud - ok
10:09:07.0968 0548 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll
10:09:08.0015 0548 WebClient - ok
10:09:08.0109 0548 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
10:09:08.0234 0548 winmgmt - ok
10:09:08.0312 0548 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\windows\system32\MsPMSNSv.dll
10:09:08.0375 0548 WmdmPmSN - ok
10:09:08.0437 0548 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
10:09:08.0546 0548 WmiApSrv - ok
10:09:08.0687 0548 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:09:09.0843 0548 WMPNetworkSvc - ok
10:09:10.0156 0548 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:09:10.0312 0548 WPFFontCache_v0400 - ok
10:09:10.0359 0548 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
10:09:10.0421 0548 WS2IFSL - ok
10:09:10.0484 0548 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll
10:09:10.0609 0548 wscsvc - ok
10:09:10.0625 0548 WSearch - ok
10:09:10.0703 0548 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\windows\system32\wuauserv.dll
10:09:10.0765 0548 wuauserv - ok
10:09:10.0796 0548 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
10:09:10.0906 0548 WudfPf - ok
10:09:10.0937 0548 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
10:09:11.0125 0548 WudfRd - ok
10:09:11.0171 0548 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll
10:09:11.0250 0548 WudfSvc - ok
10:09:11.0390 0548 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll
10:09:11.0453 0548 WZCSVC - ok
10:09:11.0640 0548 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll
10:09:11.0718 0548 xmlprov - ok
10:09:11.0796 0548 [ FD1F4E9CF06C71C8D73A24ACF18D8296 ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\windows\system32\drivers\ialmsbw.sys
10:09:11.0953 0548 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
10:09:12.0015 0548 [ D4D7331D33D1FA73E588E5CE0D90A4C1 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\windows\system32\drivers\ialmkchw.sys
10:09:12.0140 0548 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
10:09:12.0156 0548 ================ Scan global ===============================
10:09:12.0203 0548 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll
10:09:12.0343 0548 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\windows\system32\winsrv.dll
10:09:12.0421 0548 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\windows\system32\winsrv.dll
10:09:12.0468 0548 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe
10:09:12.0468 0548 [Global] - ok
10:09:12.0484 0548 ================ Scan MBR ==================================
10:09:12.0500 0548 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk0\DR0
10:09:12.0843 0548 \Device\Harddisk0\DR0 - ok
10:09:12.0859 0548 [ 35C6B2FCDE68FACBEFE0A4A7200BAE58 ] \Device\Harddisk1\DR1
10:09:13.0156 0548 \Device\Harddisk1\DR1 - ok
10:09:13.0171 0548 ================ Scan VBR ==================================
10:09:13.0203 0548 [ 22B1FD613A6BF76146D1C52E989E424E ] \Device\Harddisk0\DR0\Partition1
10:09:13.0203 0548 \Device\Harddisk0\DR0\Partition1 - ok
10:09:13.0218 0548 [ 36B3408EE80EA1C8D117FDF6454E5E34 ] \Device\Harddisk1\DR1\Partition1
10:09:13.0218 0548 \Device\Harddisk1\DR1\Partition1 - ok
10:09:13.0218 0548 ============================================================
10:09:13.0218 0548 Scan finished
10:09:13.0218 0548 ============================================================
10:09:13.0250 3876 Detected object count: 0
10:09:13.0250 3876 Actual detected object count: 0
10:11:55.0125 3588 Deinitialize success


Report •

#33
August 16, 2013 at 14:47:20

"TDSSKILLER. LOG follows in 2 parts"
Thanks Canuck3073, yep that's normal.

"I'll look into the imgur thing later on when I have more time"
Ok, refer my post #25

I run these tools multi times daily on every comp I work on.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/download...

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.wisecleaner.com/wiseregi...


Report •

#34
August 19, 2013 at 18:29:15

John - I ran the 2 "cleaning" tools this evening. No log files were created by them so I'll just give you a quick update on their results. The downloader gave me version 7.91.561 of Wise Disk Cleaner. I ran just the first 3 options and used the default setttings. It took about 11 minutes to complete. Re-booted. The version of Wise Registry Cleaner I got was 7.83. I only ran option #1 - Registry Cleaner. Step 1, the scan, took about 4 minutes and showed 16 categories of registry settings scanned and 2294 issues found, of which 50 were "unsafe". The cleaning step took about 20 seconds or less. It reported 2136 issues solved and 108 issues failed to be removed. Re-booted. So far no problems have appeared with my basic programs so the cleanings apparently haven't done any "damage".
Just another update on "imgur.com". When I open the site and click on "Computer" the selection list that appears shows the folder containing RogueKiller's Quarantine files but I'm unable to open that folder to select any of the files in it because their file-type is not in the list of compatible files and I can't find any way to modify it. So I'm stuck at step 1. I can't advance to the next screen to work with "Image Uploader". I thought maybe if I were a registered user I might see more menus so I created an account and logged in. Immediately on logging in I saw a warning in red letters advising that my browser is very old and therefore incompatible with imgur and I need to upgrade to IE 8 or 9 before I can use this site. But I AM using IE 8!!! I've seen this warning/notice on other sites from time to time and don't understand why my version of IE isn't always recognized. Do you have any idea why this happens?

Report •

#35
August 19, 2013 at 19:34:06

"When I open the site and click on "Computer""
Refer my post #6, you should have run RogueKiller from the desktop.
Download & SAVE to your Desktop.

" because their file-type is not in the list of compatible files"
You are probably trying to upload the dat file.

Once again refer my post #6, this is the correct file to upload.
The log should be found in RKreport[1].txt

"don't understand why my version of IE isn't always recognized. Do you have any idea why this happens?"
Shall deal with that later.


Report •

#36
August 20, 2013 at 10:10:05

Hi John. I think we have a bit of miscommunication here. I already copied and pasted the RogueKiller log file, twice I think. It's RogueKiller's "Quarantine" folder that I'm trying to make available for you - you said a while back that it wouldn't hurt for you to take a look at it and you suggested I use imgur.com to do that. In this folder (which is saved on my desktop) are 8 files. 1 is "RogueKiller.ini", 2 are "dat" files (which are associated with the video player "KMP") and 5 are "reg" files. 2 of the reg files relate to HKEY_CURRENT_USER ... ms windows explorer... HideDesktopIcons_ClassicStartMenu_{20D04FE0-0.reg and NewStartPanel.
2 refer to PoliciesSystemDisableReg0 and ...DisableTas0. 1 refers to HKEY_LOCAL_MACHINE ... PoliciesSystemDisableReg0.reg. The registry cleanup tool likely has deleted these files by now I'm guessing. If you really want to examine these files it'd be much simpler if you could give me an e-mail address that I can copy the files to because imgur.com willl not accept them. Anyway, I think I answered all your last points. Please advise my next course of action. Thanks.

Report •

#37
August 20, 2013 at 13:23:57

Hi Canuck3073, just put my email address in a PM ( Private message ) for you.

Zip up the Quarantine folder & then email.


Report •

#38
August 21, 2013 at 13:41:54

John - I just sent it.

Report •

#39
August 21, 2013 at 15:13:50

Got it Canuck3073, nothing new in there.

Next steps.

1: Run TFC
http://www.geekstogo.com/forum/file...
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7/8, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

2: Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://i.imgur.com/3DtG68Y.gif
http://www.malwarebytes.org/mbam.php
http://www.spywareinfoforum.com/ind...
http://www.bleepingcomputer.com/vir...
Make sure you uncheck > Enable free trial < during install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken." That's usually a result of NOT clicking the Remove Selected button after the scan.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#40
August 22, 2013 at 19:11:29

Hi John - just completed running TFC & MBAM. TFC took about 30 to 45 sec's to run. It reported "Total Files Cleaned = 100.00 mb" It re-booted as expected. Downloaded MBAM V. 1.75.0.1300. During the download it updated itself from V2013.04.04.07 to V2013.08.22.10. I chose "Quick Scan" and did not allow it to enable the free trial version. The scan took 13 & 1/2 minutes to run and NO malicious items were found. That must be why there was no "Remove Selected Items" button appeared after the scan finished - there were no items to remove - right? (The log did not say "No action taken.") Log copy follows:
------------------------------------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.22.10

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Garry&Louise :: 8JFWS31 [administrator]

22/08/2013 8:33:26 PM
mbam-log-2013-08-22 (20-33-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248859
Time elapsed: 13 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#41
August 22, 2013 at 19:51:16

What issues do you have?

Is svchost.exe still Ok?

System Restore will have infected files in it, turning System Restore OFF & then ON will remove them. When you turn Restore back on, make sure it is set to Min.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310...


Report •

#42
August 23, 2013 at 08:47:03

John, no issues now. svchost.exe is still behaving itself. I just finished doing the system restore procedure (turned it off, then back on with minimum disk space usage) as per your recommendation. Thank you very, very much for all your help!
I only have 3 questions for you now:
(a) why do some sites not recognize that my I.E. is version 8?
(b) what's your opinion of SpyBot Search & Destroy? Is it effective in preventing malware infections? If not, what would you recommend instead?
(c) which program or combination of programs do you recommend for best overall protection from viruses and malware? (I'm using IE's firewall and MS Security Essentials plus Spybot S&D. I used to use Symantic (Norton) but it got too cumbersome so switched to McAfee but it's overhead was slowing everything down too much so switched ot MS' S.E. )

Report •

#43
August 23, 2013 at 16:28:53

"I only have 3 questions for you now:'
A few things to do, before I fully answer those questions.

1: Uninstall ComboFix. The reason we remove Combofix, is that a new version comes out nearly every day.
Turn off all active protection software.
Push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
Please Copy and Paste the following into the box > ComboFix /Uninstall and click OK.
Or,
Start > Run, Copy and Paste > ComboFix /uninstall and click OK.
Or,
Start > All Programs > Accessories > Command Prompt, Copy and Paste > ComboFix /uninstall and hit > Enter.
Qoobox is a folder created by Combofix to quarantine any infected files.
http://www.bleepingcomputer.com/com...

2: Download Security Check by screen317 from one of the following links and save it to your desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Save it to your Desktop.
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#44
August 26, 2013 at 21:28:07

John - I uninstalled ComboFix successfully. When I downloaded SecurityCheck from screen317 there was no zip file found - just the exe file. Ran SecurityCheck.exe and the DOS windows showed many "file not found" messages and the log was empty. It looked like to me that the download only gave me the exe file without the zip so the other files that exe needed were not present. I sent you a couple of screen shots via e-mail of 2 of the DOS windows I captured. I used the link "screen317/spywareinfoforum.org" and there was only 1 screen that offered a download - it contained 871 kb and I got them all. I even deleted the first one and downloaded it a second time but got the same results.
FYI: I'm leaving Wednesday for a few days - won't be back til Sat. (the 31st) - don't know if I'll have a chance to do anything tomorrow that you suggest from tonight's fiasco - just want to let you know in case I can't respond tomorrow and then likely won't get back to you til Sunday or Monday.

Report •

#45
August 27, 2013 at 03:46:02

Canuck3073, lets see if we can fix up the file errors by running Chkdsk.

http://forums.whatthetech.com/index...

http://i.imgur.com/JG2tN1g.gif

Obtaining CHKDSK Results ( log file ) Copy & Paste the conternts of the log please.
http://www.cpucare.net/OS/XP/Viewin...
How to get to Event Viewer.
In Windows XP there are four ways to get to event viewer.
Start > Control Panel > Administrative Tools > Event Viewer.
Right click > My Computer > Manage > Event Viewer.
Start > Run > Eventvwr.
Start > All Programs > Accessories > Command Prompt, paste > Eventvwr & hit Enter.
Obtaining CHKDSK Results
Once Event Viewer is open, select Application.
The 4th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
Scroll through the Source column to find the most recent entry titled Winlogon.
Double-click Winlogon to open the CHKDSK results.

message edited by Johnw


Report •

#46
September 1, 2013 at 16:04:44

John - I just completed chkdsk /f and the log follows. Good news for me - no bad sectors so my hard drive is healthy but that doesn't explain why "Security Check" won't run.
---------------------------------------------------------------------------------------------------------------------
Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 01/09/2013
Time: 5:43:33 PM
User: N/A
Computer: 8JFWS31
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is DISK2_VOL1.

Cleaning up minor inconsistencies on the drive.
Cleaning up 2740 unused index entries from index $SII of file 0x9.
Cleaning up 2740 unused index entries from index $SDH of file 0x9.
Cleaning up 2740 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.

40146403 KB total disk space.
30884172 KB in 113037 files.
47440 KB in 12399 indexes.
0 KB in bad sectors.
484723 KB in use by the system.
65536 KB occupied by the log file.
8730068 KB available on disk.

4096 bytes in each allocation unit.
10036600 total allocation units on disk.
2182517 allocation units available on disk.

Internal Info:
d0 16 04 00 08 ea 01 00 3d c7 02 00 00 00 00 00 ........=.......
05 08 00 00 03 00 00 00 36 10 00 00 00 00 00 00 ........6.......
3c 18 f4 07 00 00 00 00 a8 73 f6 92 00 00 00 00 <........s......
d2 93 9c d4 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 ce b3 a9 73 01 00 00 00 ...........s....
99 9e 36 00 00 00 00 00 a8 39 07 00 8d b9 01 00 ..6......9......
00 00 00 00 00 30 05 5d 07 00 00 00 6f 30 00 00 .....0.]....o0..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/even...


Report •

#47
September 1, 2013 at 16:11:49

Yep, good result Canuck3073

"(a) why do some sites not recognize that my I.E. is version 8?"
After running chkdsk, is that still the case?

Please download Rkill from any one of these links and save it to your desktop. Copy & Paste the contents of the log in your reply.
http://www.technibble.com/rkill-rep...
Rkill.com
http://download.bleepingcomputer.co...
Rkill.scr
http://download.bleepingcomputer.co...
Rkill.pif
http://download.bleepingcomputer.co...
Now double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: If your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

Now we have done Chkdsk, Download the latest JRT & try again.


Report •

#48
September 2, 2013 at 14:14:32

John - in answer to "(a)" - yes I still have some sites not recognizing my version 8 of I.E.
RE: Rkill - I downloaded Rkill.com v.2.6.1.0 and ran it - successfully I believe - will paste it's log below. I was a bit confused with your instructions in case it didn't run though.Rkill.scr is a screensaver and Rkill.pif is just a program information file - these aren't executables, are they? I believe Rkill didn't find anything serious - I hope that's the result you are looking for. Then I deleted the old JRT.exe and downloaded a new one (V.5.6.7 I think it was). I stopped the antivirus/malware scan programs and then ran JRT. Same results as all the other times I've run it. I'll send you a screen shot of it via e-mail. I just realized something though - in Task Manager I saw "SDFSSvc.exe" runnniing which I believe is SpyBot Search & Destroy so I killed it as I've done before when suspending anti-virus programs but a few minutes later when JRT died I noticed "SDFSSvc.exe" was running again - it seems to be one of the programs that self-start if stopped manually. If this is indeed SpyBot, could this possibly be conflicting JRT and causing it to abort? (I can't find any other way of stopping/suspending SpyBot. - the guideline on how to stop anti-virus programs does not work with my version of SSD.
----------------------------------------------------------------------------------------------------------------
Rkill log:
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 09/02/2013 02:06:19 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\windows\UMStor\Res.EXE (PID: 1304) [WD-HEUR]
* C:\WINDOWS\system32\dla\tfswctrl.exe (PID: 1592) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:
127.0.0.1 localhost

Program finished at: 09/02/2013 02:09:03 PM
Execution time: 0 hours(s), 2 minute(s), and 44 seconds(s)


Report •

#49
September 2, 2013 at 14:49:07

"I'll send you a screen shot of it via e-mail"
Thanks, now I know exactly what is going on. What is causing the problem is another matter.

"could this possibly be conflicting JRT and causing it to abort? (I can't find any other way of stopping/suspending SpyBot"
I just googled & here is how to disable, well worth a try, no harm can be done.
http://www.windowsvc.com/bbs/board....

Now try JRT again.

Also, download OTL from any of the following links and save to your desktop.
http://itxassociates.com/OT-Tools/O...
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Too...
Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)
When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop. Copy & Paste the contents of both logs please.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized


Report •

#50
September 3, 2013 at 16:55:21

JohnW - I stopped SpyBot using the instructions in your recommended site - seemed to work ok - then I re-ran JRT. It still failed exactly as before.
I downloaded OTL (Ver.3.2.69.0) and ran it with your prescribed settings. Logs follow but it'll take 2 or 3 replies to get them all in as they're quite large, esp. OTL.txt:
------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 03/09/2013 5:41:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Garry&Louise\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.00 Mb Total Physical Memory | 464.91 Mb Available Physical Memory | 45.49% Memory free
1.65 Gb Paging File | 1.21 Gb Available in Paging File | 73.25% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 8.13 Gb Free Space | 21.24% Space Free | Partition Type: NTFS
Drive F: | 38.29 Gb Total Space | 10.23 Gb Free Space | 26.73% Space Free | Partition Type: NTFS

Computer Name: 8JFWS31 | User Name: Garry&Louise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/09/03 17:36:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Garry&Louise\Desktop\OTL.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/13 15:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 15:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/09/28 10:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
PRC - [2012/09/28 10:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2008/09/30 13:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/09/24 14:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/17 11:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2005/09/14 21:44:14 | 000,065,536 | ---- | M] (ali) -- C:\WINDOWS\UMStor\Res.exe
PRC - [2004/07/21 16:28:02 | 000,413,807 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/06/17 15:43:42 | 000,208,896 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\ACD Systems\DevDetect\DevDetect.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/11/13 15:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 15:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 15:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 15:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 15:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/10/22 12:21:42 | 001,277,952 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
MOD - [2012/07/09 18:57:30 | 002,090,496 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
MOD - [2012/03/23 11:07:34 | 000,224,768 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\libupnp.dll
MOD - [2011/12/06 17:19:48 | 000,133,632 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/20 17:13:57 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/12 21:45:17 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/29 03:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/28 10:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011/06/14 09:55:46 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/30 13:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/09/24 14:57:14 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/07/21 16:26:36 | 000,176,241 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)


[color=#E56717]========== Driver Services (All) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Simbad)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Atdisk)
DRV - File not found [Kernel | Disabled | Stopped] -- -- (Abiosdsk)
DRV - [2013/06/18 21:50:08 | 000,211,560 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2012/08/21 14:01:22 | 000,026,840 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/07/04 09:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/08/17 08:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afd.sys -- (AFD)
DRV - [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/08 09:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 08:37:43 | 000,105,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 08:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\srv.sys -- (Srv)
DRV - [2010/11/02 10:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2009/10/20 11:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\http.sys -- (HTTP)
DRV - [2009/06/24 06:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys -- (Tcpip)
DRV - [2008/04/13 19:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/13 19:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys -- (TermDD)
DRV - [2008/04/13 19:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/13 14:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdbss.sys -- (Rdbss)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbt.sys -- (NetBT)
DRV - [2008/04/13 14:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndiswan.sys -- (NdisWan)
DRV - [2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/13 14:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspptp.sys -- (PptpMiniport)
DRV - [2008/04/13 14:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/04/13 14:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipsec.sys -- (IPSec)
DRV - [2008/04/13 14:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\i8042prt.sys -- (i8042prt)
DRV - [2008/04/13 14:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys -- (wdmaud)
DRV - [2008/04/13 14:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys -- (sysaudio)
DRV - [2008/04/13 14:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/13 14:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/04/13 14:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\windows\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/13 14:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\windows\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/13 14:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/13 13:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/13 13:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/13 13:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanarp.sys -- (Wanarp)
DRV - [2008/04/13 13:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipnat.sys -- (IpNat)
DRV - [2008/04/13 13:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2008/04/13 13:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\psched.sys -- (PSched)
DRV - [2008/04/13 13:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\msgpc.sys -- (Gpc)
DRV - [2008/04/13 13:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\netbios.sys -- (NetBIOS)
DRV - [2008/04/13 13:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/13 13:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys -- (IRENUM)
DRV - [2008/04/13 13:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ip6fw.sys -- (ip6fw)
DRV - [2008/04/13 13:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/13 13:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys -- (usbprint)
DRV - [2008/04/13 13:45:40 | 000,032,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys -- (usbccgp)
DRV - [2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbstor.sys -- (USBSTOR)
DRV - [2008/04/13 13:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbhub.sys -- (usbhub)
DRV - [2008/04/13 13:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbehci.sys -- (usbehci)
DRV - [2008/04/13 13:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbuhci.sys -- (usbuhci)
DRV - [2008/04/13 13:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys -- (usbscan)
DRV - [2008/04/13 13:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys -- (HidUsb)
DRV - [2008/04/13 13:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys -- (drmkaud)
DRV - [2008/04/13 13:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys -- (kmixer)
DRV - [2008/04/13 13:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys -- (swmidi)
DRV - [2008/04/13 13:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys -- (splitter)
DRV - [2008/04/13 13:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys -- (DMusic)
DRV - [2008/04/13 13:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmboot.sys -- (dmboot)
DRV - [2008/04/13 13:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\dmio.sys -- (dmio)
DRV - [2008/04/13 13:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vga.sys -- (VgaSave)
DRV - [2008/04/13 13:41:22 | 000,018,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i2omp.sys -- (i2omp)
DRV - [2008/04/13 13:41:22 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/13 13:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\imapi.sys -- (Imapi)
DRV - [2008/04/13 13:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/13 13:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\disk.sys -- (Disk)
DRV - [2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - [2008/04/13 13:40:31 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\viaide.sys -- (ViaIde)
DRV - [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys -- (atapi)
DRV - [2008/04/13 13:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelide.sys -- (IntelIde)
DRV - [2008/04/13 13:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys -- (redbook)
DRV - [2008/04/13 13:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fdc.sys -- (Fdc)
DRV - [2008/04/13 13:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/13 13:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\serenum.sys -- (serenum)
DRV - [2008/04/13 13:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\parport.sys -- (Parport)
DRV - [2008/04/13 13:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\swenum.sys -- (swenum)
DRV - [2008/04/13 13:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mskssrv.sys -- (MSKSSRV)
DRV - [2008/04/13 13:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspqm.sys -- (MSPQM)
DRV - [2008/04/13 13:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mspclock.sys -- (MSPCLOCK)
DRV - [2008/04/13 13:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\

Report •

#51
September 3, 2013 at 17:03:54

"but it'll take 2 or 3 replies to get them all in as they're quite large"
Yep, that's normal.

Report •

#52
September 3, 2013 at 17:05:56

OTL.txt continued:
DRV - [2008/04/13 13:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouclass.sys -- (Mouclass)
DRV - [2008/04/13 13:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\update.sys -- (Update)
DRV - [2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/13 13:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sr.sys -- (sr)
DRV - [2008/04/13 13:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mssmbios.sys -- (mssmbios)
DRV - [2008/04/13 13:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pci.sys -- (PCI)
DRV - [2008/04/13 13:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/13 13:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\isapnp.sys -- (isapnp)
DRV - [2008/04/13 13:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\viaagp.sys -- (viaagp)
DRV - [2008/04/13 13:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\agpcpq.sys -- (agpCPQ)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 13:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\alim1541.sys -- (alim1541)
DRV - [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys -- (agp440)
DRV - [2008/04/13 13:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hidbatt.sys -- (HidBatt)
DRV - [2008/04/13 13:36:37 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\compbatt.sys -- (Compbatt)
DRV - [2008/04/13 13:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\acpi.sys -- (ACPI)
DRV - [2008/04/13 13:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/13 13:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys -- (FltMgr)
DRV - [2008/04/13 13:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys -- (rdpdr)
DRV - [2008/04/13 13:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/13 13:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/13 13:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/13 13:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\windows\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/13 13:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\intelppm.sys -- (intelppm)
DRV - [2008/04/13 13:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\p3.sys -- (P3)
DRV - [2008/04/13 13:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\processr.sys -- (Processor)
DRV - [2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys -- (aec)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/18 03:00:00 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys -- (WudfPf)
DRV - [2005/06/22 01:12:34 | 000,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - [2004/08/04 00:29:54 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 02:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 02:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 02:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 04:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 12:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 12:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 03:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2003/05/23 13:58:30 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/04/15 11:40:54 | 000,113,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E})
DRV - [2003/04/15 11:40:46 | 000,078,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91})
DRV - [2003/02/28 10:17:18 | 000,545,024 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/08/29 06:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS -- (IpFilterDriver)
DRV - [2002/08/29 06:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS -- (NwlnkFwd)
DRV - [2002/08/29 06:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\windows\System32\drivers\CDAUDIO.SYS -- (Cdaudio)
DRV - [2002/08/29 06:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink)
DRV - [2002/08/29 06:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS -- (Raspti)
DRV - [2002/08/29 06:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS -- (NwlnkFlt)
DRV - [2002/08/29 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL)
DRV - [2002/08/29 06:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\drivers\ACPIEC.SYS -- (ACPIEC)
DRV - [2002/08/29 06:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS -- (RasAcd)
DRV - [2002/08/29 06:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\windows\System32\drivers\FS_REC.SYS -- (Fs_Rec)
DRV - [2002/08/29 06:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\windows\System32\drivers\PARVDM.SYS -- (ParVdm)
DRV - [2002/08/29 06:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS -- (dmload)
DRV - [2002/08/29 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS -- (RDPCDD)
DRV - [2002/08/29 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\MNMDD.SYS -- (mnmdd)
DRV - [2002/08/29 06:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\BEEP.SYS -- (Beep)
DRV - [2002/08/29 06:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\NULL.SYS -- (Null)
DRV - [2002/08/29 06:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2002/04/01 14:15:00 | 000,004,816 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio)
DRV - [2001/08/17 15:07:44 | 000,025,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\HPN.SYS -- (hpn)
DRV - [2001/08/17 15:07:44 | 000,020,192 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DPTI2O.SYS -- (dpti2o)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3)
DRV - [2001/08/17 15:07:42 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2HIB.SYS -- (perc2hib)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi)
DRV - [2001/08/17 15:07:40 | 000,027,296 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\PERC2.SYS -- (perc2)
DRV - [2001/08/17 15:07:38 | 000,056,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78XX.SYS -- (aic78xx)
DRV - [2001/08/17 15:07:36 | 000,055,168 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AIC78U2.SYS -- (aic78u2)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810)
DRV - [2001/08/17 15:07:32 | 000,101,888 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ADPU160M.SYS -- (adpu160m)
DRV - [2001/08/17 14:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS -- (audstub)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:50 | 000,125,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS -- (Ftdisk)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k)
DRV - [2001/08/17 14:52:16 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1240.SYS -- (ql1240)
DRV - [2001/08/17 14:52:16 | 000,033,152 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\QL10WNT.SYS -- (Ql10wnt)
DRV - [2001/08/17 14:52:16 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC960NT.SYS -- (dac960nt)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x)
DRV - [2001/08/17 14:52:08 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\INI910U.SYS -- (ini910u)
DRV - [2001/08/17 14:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\windows\System32\drivers\CBIDF2K.SYS -- (cbidf2k)
DRV - [2001/08/17 14:52:08 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CBIDF2K.SYS -- (cbidf)
DRV - [2001/08/17 14:52:06 | 000,014,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CPQARRAY.SYS -- (Cpqarray)
DRV - [2001/08/17 14:52:06 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CD20XRNT.SYS -- (cd20xrnt)
DRV - [2001/08/17 14:52:04 | 000,022,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3350P.SYS -- (asc3350p)
DRV - [2001/08/17 14:52:04 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AMSINT.SYS -- (amsint)
DRV - [2001/08/17 14:52:02 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\AHA154X.SYS -- (Aha154x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc)
DRV - [2001/08/17 14:52:00 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde)
DRV - [2001/08/17 14:51:56 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\TOSIDE.SYS -- (TosIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde)
DRV - [2001/08/17 14:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS -- (PCIIde)
DRV - [2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys -- (mouhid)
DRV - [2001/08/17 13:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)


Report •

#53
September 3, 2013 at 17:12:19

OTL.txt cont'd:
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx...
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={sea...
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..\SearchScopes,DefaultScope = {32DAD108-A17B-4069-9AA6-4C75A921B97B}
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searc...
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..\SearchScopes\{32DAD108-A17B-4069-9AA6-4C75A921B97B}: "URL" = http://www.google.com/search?q={sea...
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..\SearchScopes\{5D6BAC8B-33F4-4BDA-A4CF-169EDEDA7FFF}: "URL" = http://ca.search.yahoo.com/search?f...
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searc...
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yahoo.com/search?f...
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/28 16:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/28 16:22:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/04 23:36:27 | 000,000,000 | ---D | M]

[2009/10/27 21:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garry&Louise\Application Data\Mozilla\Extensions
[2009/10/27 21:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Garry&Louise\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/12/04 23:36:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/08/13 19:38:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Detector] C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.exe (ali)
O4 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..Trusted Domains: digitalriver.com ([store] https in Trusted sites)
O15 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2483687876-427709516-3391105199-1009\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/p... (Microsoft Office Template and Media Control)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/A... (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/... (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl... (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/A... (Microsoft PID Sniffer)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downl... (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeu... (Office Update Installation Engine)
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} https://webresponse.one.microsoft.c... (Microsoft.WinRep)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic... (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eo... (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 10.25.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/ge... (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared... (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeu... (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/... (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/get... (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2C6BD3B-71B8-499E-8C33-122F5AC6E8A2}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\windows\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Garry&Louise\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Garry&Louise\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/09/03 17:36:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Garry&Louise\Desktop\OTL.exe
[2013/09/02 15:30:12 | 001,028,757 | ---- | C] (Thisisu) -- C:\Documents and Settings\Garry&Louise\Desktop\JRT.exe
[2013/09/02 14:05:35 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Garry&Louise\Desktop\rkill.com
[2013/08/26 23:07:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/26 22:46:05 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/22 20:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garry&Louise\Application Data\Malwarebytes
[2013/08/22 20:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/22 20:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/08/22 20:29:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2013/08/22 20:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/22 20:23:49 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Garry&Louise\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/22 19:57:58 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Garry&Louise\Desktop\TFC.exe
[2013/08/19 19:11:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garry&Louise\Application Data\Wise Registry Cleaner
[2013/08/19 18:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garry&Louise\Application Data\Wise Disk Cleaner
[2013/08/19 18:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Registry Cleaner
[2013/08/19 18:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise Disk Cleaner
[2013/08/19 18:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2013/08/16 10:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garry&Louise\Desktop\tdsskiller
[2013/08/15 09:28:33 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2013/08/12 12:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garry&Louise\Desktop\RK_Quarantine(B)
[2013/08/08 13:41:52 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/08/07 17:14:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/08/07 17:09:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/08/05 19:41:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/05 11:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Garry&Louise\Desktop\RK_Quarantine(A)


Report •

#54
September 3, 2013 at 17:15:11

OTL.txt cont'd:
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/09/03 17:36:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Garry&Louise\Desktop\OTL.exe
[2013/09/03 17:30:28 | 000,001,170 | ---- | M] () -- C:\windows\System32\WPA.DBL
[2013/09/03 17:28:27 | 000,000,292 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-2483687876-427709516-3391105199-1009.job
[2013/09/03 17:28:10 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/03 17:27:53 | 000,002,048 | --S- | M] () -- C:\windows\BOOTSTAT.DAT
[2013/09/03 17:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/03 16:57:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/02 23:45:57 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\Desktop\Microsoft Outlook.lnk
[2013/09/02 15:31:12 | 001,028,757 | ---- | M] (Thisisu) -- C:\Documents and Settings\Garry&Louise\Desktop\JRT.exe
[2013/09/02 15:14:14 | 000,000,361 | RHS- | M] () -- C:\BOOT.INI
[2013/09/02 14:06:18 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Garry&Louise\Desktop\rkill.com
[2013/08/27 19:49:04 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2013/08/26 23:08:47 | 000,891,144 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\Desktop\SecurityCheck.exe
[2013/08/23 13:03:04 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\Desktop\MS WORD.lnk
[2013/08/22 20:29:28 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/22 20:25:05 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Garry&Louise\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/22 19:58:22 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Garry&Louise\Desktop\TFC.exe
[2013/08/21 15:33:54 | 000,003,954 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\Desktop\RK_Quarantine(B).zip
[2013/08/21 08:26:01 | 000,000,300 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-2483687876-427709516-3391105199-1009.job
[2013/08/20 17:13:53 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2013/08/20 17:13:52 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2013/08/19 19:27:39 | 000,284,520 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/08/19 18:48:24 | 000,000,890 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2013/08/19 18:42:12 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Disk Cleaner.lnk
[2013/08/17 08:49:41 | 002,017,280 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\My Documents\WATSFLEM.rmgc
[2013/08/16 23:25:06 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/08/16 10:07:53 | 002,733,958 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\Desktop\tdsskiller.zip
[2013/08/15 17:18:30 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/08/15 09:19:49 | 000,523,478 | ---- | M] () -- C:\windows\System32\PERFH009.DAT
[2013/08/15 09:19:49 | 000,095,322 | ---- | M] () -- C:\windows\System32\PERFC009.DAT
[2013/08/15 09:16:06 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2013/08/13 19:38:58 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\ETC\hosts
[2013/08/12 12:29:14 | 000,920,576 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\Desktop\RogueKiller.exe
[2013/08/09 16:49:02 | 000,000,520 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/08/07 17:52:06 | 000,014,903 | ---- | M] () -- C:\ComboFix.old
[2013/08/07 17:01:59 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Garry&Louise\defogger_reenable

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/08/26 23:08:47 | 000,891,144 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Desktop\SecurityCheck.exe
[2013/08/22 20:29:28 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/21 15:33:54 | 000,003,954 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Desktop\RK_Quarantine(B).zip
[2013/08/19 19:04:49 | 000,284,520 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2013/08/19 18:48:24 | 000,000,890 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2013/08/19 18:42:12 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Disk Cleaner.lnk
[2013/08/16 10:02:51 | 002,733,958 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Desktop\tdsskiller.zip
[2013/08/12 12:28:17 | 000,920,576 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Desktop\RogueKiller.exe
[2013/08/07 17:52:06 | 000,014,903 | ---- | C] () -- C:\ComboFix.old
[2013/08/07 17:14:11 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2013/08/07 17:14:06 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/08/07 17:01:59 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\defogger_reenable
[2013/07/28 14:12:28 | 000,074,703 | ---- | C] () -- C:\windows\System32\mfc45.dat
[2013/07/16 23:45:25 | 000,003,872 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/11/18 01:24:01 | 003,457,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2483687876-427709516-3391105199-1009-0.dat
[2012/11/18 01:23:57 | 000,278,266 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/16 18:53:32 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2012/11/16 18:53:31 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2012/11/16 18:53:31 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2012/11/16 18:53:31 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2012/11/16 18:53:31 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2012/11/16 18:53:31 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2012/11/16 18:53:31 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2012/11/16 18:53:31 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2012/11/16 18:53:31 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2012/11/16 18:53:31 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2012/11/16 18:53:31 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2012/11/16 18:53:31 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2012/11/16 18:53:31 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2012/11/16 18:53:31 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2012/11/16 18:53:31 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2012/11/16 18:53:31 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2012/11/16 18:53:31 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2012/11/16 18:53:31 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2012/11/16 18:53:31 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2012/02/15 09:08:22 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2008/11/20 12:04:53 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Application Data\default.rss
[2008/11/20 12:04:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Application Data\downloads.m3u
[2008/01/31 00:04:55 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\default.pls
[2006/12/06 15:16:06 | 000,038,489 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Application Data\Comma Separated Values (Windows).ADR
[2004/05/05 12:53:22 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/26 21:07:42 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Garry&Louise\Local Settings\Application Data\fusioncache.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2003/11/14 18:03:44 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/03/05 21:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2005/01/15 11:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2004/04/19 11:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/06/22 22:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/15 22:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2009/06/22 22:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2009/06/22 22:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2009/06/22 22:30:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2009/06/29 21:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/06/22 22:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2007/10/09 11:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2011/11/10 10:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2010/10/20 17:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2008/07/11 14:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
[2012/06/11 21:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/07/28 14:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2005/02/13 16:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2012/11/17 10:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2013/07/22 17:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/11/03 09:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Philips
[2011/02/08 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RootsMagic
[2010/11/21 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2008/01/15 17:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/09/27 21:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/16 20:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/29 13:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/24 10:03:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\ACD Systems
[2009/06/29 21:54:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Canon
[2008/07/16 13:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\CDRoller
[2008/09/30 12:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/22 23:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\com.image.getthepicture
[2012/05/29 13:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\CompuClever
[2012/12/04 20:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\ElevatedDiagnostics
[2008/07/11 14:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Future Systems Solutions
[2004/04/19 11:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Leadertech
[2006/10/10 09:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Musicmatch
[2009/07/29 19:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\My Data
[2007/01/12 12:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\OfficeUpdate12
[2011/07/11 10:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\PCDr
[2009/07/14 14:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\RootsMagic
[2012/05/04 20:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Serif
[2013/08/08 13:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Uniblue
[2012/12/13 09:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\uTorrent
[2009/02/13 09:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Windows Desktop Search
[2009/02/13 17:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Windows Search
[2013/08/19 19:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Wise Disk Cleaner
[2013/08/19 19:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\Wise Registry Cleaner
[2012/12/13 11:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Garry&Louise\Application Data\wsInspector
[2009/11/02 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 488 bytes -> C:\Documents and Settings\Garry&Louise\My Documents\invitvowdraft.ppp:SummaryInformation

< End of report >


Report •

#55
September 3, 2013 at 17:22:02

EXTRAS.txt begins here:
OTL Extras logfile created on: 03/09/2013 5:41:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Garry&Louise\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.00 Mb Total Physical Memory | 464.91 Mb Available Physical Memory | 45.49% Memory free
1.65 Gb Paging File | 1.21 Gb Available in Paging File | 73.25% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 38.29 Gb Total Space | 8.13 Gb Free Space | 21.24% Space Free | Partition Type: NTFS
Drive F: | 38.29 Gb Total Space | 10.23 Gb Free Space | 26.73% Space Free | Partition Type: NTFS

Computer Name: 8JFWS31 | User Name: Garry&Louise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" = C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe:*:Enabled:Philips Intelligent Agent -- (Philips Consumer Electronics)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\PANDORA.TV\PanService\PanProcess.exe" = C:\Program Files\PANDORA.TV\PanService\PanProcess.exe:*:Enabled:PanProcess -- (PandoraTV)
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService -- (Pandora.TV)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{049D96D7-E082-4FB5-BF64-CD3460E6877C}_is1" = RootsMagic 4.1.2.1
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{144B4BF4-16CA-4FD3-A547-8A8107EF40D7}" = SA23xx Device Manager
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{3666ABBE-F749-4747-BAAE-0B0712B130E4}" = Yahoo! Music Jukebox
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{409c671d-374f-4702-bb86-03a614998e47}" = Nero BackItUp 4
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4571CC76-42C4-7D67-E024-0AEB166E1C6F}" = Acrobat.com
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.4
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5CC76B0B-6A4E-4A9F-91C2-1FE4D2C7D41B}" = Family Tree Maker
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5F58EF0F-3E92-49B9-A315-872C65F30F05}" = PHOTOfunSTUDIO 8.1 PE
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{639858DD-4966-40F3-A706-7C838BCF3A2B}" = MaxBlast 3
"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO
"{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{6744FF41-012F-4CC9-8B01-242D9CF83ED8}" = BOINC
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6C9AD0EB-59D4-CC29-2A32-866BE79D4AA6}" = Get the Picture!
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CE3ACE5-9993-4B3E-AECD-2E8081060B19}" = Casper 5.0
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth

Report •

#56
September 3, 2013 at 17:25:02

2nd half of EXTRAS.txt:
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BF5EE349-90CD-4422-A43B-661778180173}" = USB Disk Win98 Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe® Photoshop® Album Starter Edition 3.0.1
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d00807d7-bad9-4662-86be-f042352536c3}" = Nero 9
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D2353A80-C650-4B5E-BA05-E5828730E623}" = Shrek 2 Activity Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EED5156C-4BA8-4105-A506-DB9D00F8B68D}" = ACDSee for PENTAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity_is1" = Audacity 1.2.6
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CDRoller_is1" = CDRoller version 7.61
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.image.getthepicture" = Get the Picture!
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Finding Nemo" = Finding Nemo Screen Saver
"GoogleVideoPlayer" = Google Video Player
"GoToAssist" = GoToAssist Corporate
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor for Windows" = My Dell
"Philips Intelligent Agent_is1" = Philips Intelligent Agent
"QuickTime" = QuickTime
"RealArcade 1.2" = RealArcade
"RealPlayer 15.0" = RealPlayer
"R-Undelete 3.0NSIS" = R-Undelete 3.0
"SEF4_is1" = SizeExplorer Free 4.1
"Shockwave" = Shockwave
"The KMPlayer" = The KMPlayer (remove only)
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"uTorrent" = µTorrent
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinUndelete" = WinUndelete
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 7.91
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.83
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2483687876-427709516-3391105199-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Weight Watchers Light and Tasty Deluxe" = Weight Watchers Light and Tasty Deluxe

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 07/08/2013 5:47:56 PM | Computer Name = 8JFWS31 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 08/08/2013 2:39:12 PM | Computer Name = 8JFWS31 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 09/08/2013 11:52:03 AM | Computer Name = 8JFWS31 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 13/08/2013 6:49:13 PM | Computer Name = 8JFWS31 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 22/08/2013 9:25:55 PM | Computer Name = 8JFWS31 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 24/08/2013 8:13:28 AM | Computer Name = 8JFWS31 | Source = SDFSSvc.exe | ID = 0
Description =

Error - 26/08/2013 11:43:51 PM | Computer Name = 8JFWS31 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

Error - 01/09/2013 4:45:13 PM | Computer Name = 8JFWS31 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 4.3.215.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 02/09/2013 3:54:26 PM | Computer Name = 8JFWS31 | Source = Application Hang | ID = 1002
Description = Hanging application SDTools.exe, version 2.0.12.150, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03/09/2013 6:12:04 PM | Computer Name = 8JFWS31 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

[ Internet Explorer Events ]
Error - 31/08/2013 8:57:26 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1021
Description =

Error - 31/08/2013 8:57:27 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1021
Description =

Error - 31/08/2013 8:57:34 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1026
Description =

Error - 31/08/2013 8:57:34 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1026
Description =

Error - 31/08/2013 8:57:47 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1040
Description =

Error - 31/08/2013 8:57:47 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1040
Description =

Error - 31/08/2013 8:57:47 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1040
Description =

Error - 31/08/2013 8:57:48 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1021
Description =

Error - 31/08/2013 8:57:51 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1021
Description =

Error - 31/08/2013 8:57:59 PM | Computer Name = 8JFWS31 | Source = Internet Explorer | ID = 1040
Description =

[ System Events ]
Error - 02/09/2013 4:19:20 PM | Computer Name = 8JFWS31 | Source = Service Control Manager | ID = 7031
Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
It has done this 2 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 02/09/2013 4:20:20 PM | Computer Name = 8JFWS31 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Spybot-S&D 2 Scanner Service
service, but this action failed with the following error: %%1056

Error - 02/09/2013 4:26:25 PM | Computer Name = 8JFWS31 | Source = Service Control Manager | ID = 7031
Description = The Spybot-S&D 2 Scanner Service service terminated unexpectedly.
It has done this 3 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 02/09/2013 4:27:25 PM | Computer Name = 8JFWS31 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Spybot-S&D 2 Scanner Service
service, but this action failed with the following error: %%1056

Error - 03/09/2013 12:46:08 AM | Computer Name = 8JFWS31 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03/09/2013 9:41:14 AM | Computer Name = 8JFWS31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 03/09/2013 9:41:14 AM | Computer Name = 8JFWS31 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053

Error - 03/09/2013 9:43:08 AM | Computer Name = 8JFWS31 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 03/09/2013 6:29:18 PM | Computer Name = 8JFWS31 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security
Center Service service to connect.

Error - 03/09/2013 6:29:18 PM | Computer Name = 8JFWS31 | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Security Center Service service failed to start due
to the following error: %%1053


< End of report >

Report •

#57
September 3, 2013 at 17:27:31

I can see things that need fixing, need an easy way to fix. lets see if HJT finds them as well.

HijackThis ( HJT )
http://sourceforge.net/projects/hjt/


Report •

#58
September 4, 2013 at 12:11:38

John - done. Log follows:
------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:07:17 PM, on 04/09/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 17.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\UMStor\Res.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\windows\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\windows\BCMSMMSG.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Common Files\Sonic Shared\CineTray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Garry&Louise\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\windows\UMStor\Res.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/A...
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/A...
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.c...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eo...
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared...
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/get...
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

--
End of file - 10905 bytes


Report •

#59
September 4, 2013 at 16:03:46

Launch the HijackThis and click "Do a system scan only" button. Select entry as shown below in blue color and click once on the "Fix checked" button. Close HijackThis tool.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Run SpyBHORemover
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
http://securityxploded.com/bhoremov...

message edited by Johnw


Report •

#60
September 7, 2013 at 19:04:54

JohnW - I ran Hijack This per your instructions and it removed the file indicated. Then I ran SpyBHORemover Ver.4.6 and it said "No threats found" for each of the 8 BHO's listed on my PC. Since you did not specify what selections I should make in this tool I just created a report of the results - unfortunately the report is in html format so I can't copy and paste it here - I made a screen capture of it instead and will e-mail same to you as soon as I submit this update.

Report •

#61
September 7, 2013 at 19:49:08

"will e-mail same to you"
Thanks, got it.

"No threats found"
That's it, nothing to remove.

Just to recap, everything I am doing is to try & get the following working. After each step, let me know if they are.
Junkware Removal Tool ( always download it again ) & Security Check by screen317
"(a) why do some sites not recognize that my I.E. is version 8?"

What is this program?
What does it do?
c:\program files\iolo


Report •

#62
September 9, 2013 at 13:15:48

John - I downloaded JRT again - got ver.5.5.9 today. Ran it and got the same result as before. I also downloaded Security Check by Screen317 and ran it again - same result as before. Note - your original instructions for 317 were to download Security Check's zip file, unzip it and then run the executable, however, whenever I search for Screen317's site all I ever get is one window that says "download Security Check by Screen 317" and the only file that downloads is the executable - no zip file. Is this normal?
Re: program file: "IOLO". It's a "System Checkup" prgram from IOLO Technologies. I don't remember when I downloaded it or why. I'll uninstall it now as I don't have much free space on the HDD and therefore don't want to waste any.

Report •

#63
September 12, 2013 at 01:46:44

""download Security Check by Screen 317" and the only file that downloads is the executable - no zip file. Is this normal?"
If the author decides to stop zipping a file, that is it.

"Re: program file: "IOLO". It's a "System Checkup" prgram from IOLO Technologies"
Something is stopping your programs running, if it isn't IOLO, I have no idea what is.

If after uninstalling IOLO & then running ALL the tools I suggested, I am out of ideas.


Report •

#64
September 12, 2013 at 18:43:22

John - I got rid of IOLO and re-ran JRT and Screen317 again. Still got same results for both of them as before! I checked back in my notes and see that I tried JRT in Safe Mode as well but it still failed. What's next?

Report •

#65
September 12, 2013 at 18:54:36

" running ALL the tools I suggested, I am out of ideas"
Sorry.

message edited by Johnw


Report •

#66
September 13, 2013 at 08:20:32

John - I really don't think re-running all of those tools will get a different result as nothing has really changed since I got rid of the last program you were suspicious about (IOLO System Checkup) - JRT & System317 still both bombed. Anyway, I'm not concerned that those 2 won't run right now - you got rid of the big problem - svchost maxing out the cpu. The life expectancy for this PC is very short now with support for XP endiing next April - I'm considering building my own new machine and running 2 o.s. - Windows 8 or 8.1 plus Linux but I was hoping to ensure I don't transfer anything ugly from this PC to the new one by making sure this one is clean. Well, it's a lot cleaner now than it was before we started this exercise! So my only remaining concern is how to keep it this way - as per my 3 questions a few posts back. If you would just give me your thoughts on those I'd be satisfied with closing this "ticket" now.

Report •

#67
September 13, 2013 at 12:21:16

"I'm not concerned that those 2 won't run right now"
I agree Canuck3073, it is needle in the haystack stuff & obviously only peculiar to your comp. In other words, it is something you have setup. If you ever track it down before you rebuild, email me, it is probably going to be something very basic.

"I'm considering building my own new machine"
"but I was hoping to ensure I don't transfer anything ugly from this PC"
Those 2 statements contradict each other.
New means, nothing is used from the old comp. What did you have in mind? Using the old HD's?

"Windows 8 or 8.1"
Wait for 8.1, the transition is too hard for most people. For those starting out for the first time, no problem.

I only have 3 questions for you now:
(a) why do some sites not recognize that my I.E. is version 8?
No idea.

"(b) what's your opinion of SpyBot Search & Destroy? Is it effective in preventing malware infections? If not, what would you recommend instead?"
That gets down to the basics of understanding of what it does & whether you are using the free or paid version.
I don't use it myself & if you do a google for the specialist malware sites that fix infected comps, you probably will find, it is not a tool used for the clean up process.
Now to summarize using only free tools, an AV's job is to warn you, if you choose or don't understand the warning & click, click, it is too late & your AV probably won't be able to help you.
You then need special tools to remove the infections, such as the ones I have had you use.

"(c) which program or combination of programs do you recommend for best overall protection from viruses and malware? (I'm using IE's firewall and MS Security Essentials"
Ditto.
With W8, the AV & firewall are included & are all that is needed. They give REALTIME protection. Never ignore their warnings, always GOOGLE the EXACT message.

Later down the track on the new comp, I can steer you to some other tools, depending on which browser you use.


Report •

#68
September 16, 2013 at 08:26:51

John - re: using old stuff on a new PC - no, I don't intend to use my old HD but I think there may be some small utilities that I will want to keep so long as they're compatible with W8.1 - I'll be sure to run them through a couple of the scanners you acquainted me with now that I'm aware of the potential danger from using them.

I'll let you know if I ever discover why those 2 tools won't run on my system.

I've been using the free version of SpyBot for a couple of years now and I do heed it's warnings, however I have to question it's accuracy sometimes as it has even given me warnings about using "Computing.net"!! Is there a great difference between the free version and the paid version especially if I just use it for preventing infection and not for cleaning up if I do get some malware?

Thanks for the info about W8's built-in protection - looks like I can forgo SpyBot altogether on the new machine.

Thanks for the offer on advising me about other tools to use on the new PC - I'm thinking of using "Duck Duck Go" esp. with Linux. Right now I'm using Firefox instead of IE8 on this PC - there's a huge difference in speed!

Once again, thank you very, very much for your assistance in getting rid of the bug that caused svchost to act up. I can actually be productive with my PC again.

I assume I can now delete all of the tools I've downloaded over the past 6 weeks or so in trying to clean up my PC? I have a log of what we did with each one for reference in case something similar pops up again before I build the new one.

It's been great working with you John.


Report •

#69
September 16, 2013 at 18:41:43

"small utilities that I will want to keep so long as they're compatible with W8.1"
Use GOOGLE to doublecheck, if they are safe to use as well. That applies to anything you want to install & are not sure of.

"Is there a great difference between the free version and the paid version especially if I just use it for preventing infection and not for cleaning up if I do get some malware?"
No idea, I stopped using it 10 yeasrs ago, once again, google it.

"looks like I can forgo SpyBot altogether on the new machine"
Yep.

Hadn't heard of DuckDuckGo, googling tells me what it does.
https://www.google.com.au/#q=DuckDu...

I also use Firefox, & Ghostery to kill tracking cookies.
Ghostery
http://www.ghostery.com/
http://www.ghostery.com/faq
http://www.ghostery.com/download

"I assume I can now delete all of the tools I've downloaded"
As I have had to remember everything we have done as we go along ( there no way I could reread the posts ) I'm not sure what is still installed.

All of everything we have used, I keep the latest copy on a thumb drive.

With ESET, that is a keeper, soon as you run it again, it will update itself first.

To make it easier for myself, list anything you are not sure of.

"I have a log of what we did with each one for reference in case something similar pops up again before I build the new one"
Best way.


Report •

#70
September 16, 2013 at 21:24:35

Thanks for the great advice John. Bye for now.

Report •


Ask Question