# Microsoft security essentials wont open



## mculls (Apr 30, 2007)

Hi,
I appreciate any help--when I click on MSE, I get this--c:\program files\microsoft security client\msseces.exe The file can not be accessed by the system

Thanks


----------



## lunarlander (Sep 22, 2007)

Something might be wrong with the drive. Right click on drive C, choose Properties, Tools tab, check now button. 

After then, if it still doesn't work, try re-installing MSE.


----------



## mculls (Apr 30, 2007)

lunarlander said:


> Something might be wrong with the drive. Right click on drive C, choose Properties, Tools tab, check now button.
> 
> After then, if it still doesn't work, try re-installing MSE.


first try did'nt work-tried re-installing-unable due to instillation error


----------



## captainron276 (Sep 11, 2010)

Did you complete the check disk that lunarlander asked for? If so, how did it come out?

To help us help you,please use the TSG System Info tool to let Tech's know the specs of your computer: http://static.techguy.org/download/SysInfo.exe Copy and paste the results here in your thread. *You can use the TSG Info to fill in your computer information in your user profile as well.*

Also, if its a brand name system like an Acer,Dell or HP, please post the exact model of the system.


----------



## mculls (Apr 30, 2007)

captainron276 said:


> Did you complete the check disk that lunarlander asked for? If so, how did it come out?
> 
> To help us help you,please use the TSG System Info tool to let Tech's know the specs of your computer: http://static.techguy.org/download/SysInfo.exe Copy and paste the results here in your thread. *You can use the TSG Info to fill in your computer information in your user profile as well.*
> 
> Also, if its a brand name system like an Acer,Dell or HP, please post the exact model of the system.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz, x86 Family 15 Model 2 Stepping 9
Processor Count: 1
RAM: 510 Mb
Graphics Card: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller, 64 Mb
Hard Drives: C: Total - 38138 MB, Free - 21306 MB;
Motherboard: Dell Computer Corp., 0F5949
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

nothing happened with check disc-do I need to do it in safe mode? thanks


----------



## flavallee (May 12, 2002)

You appear to have a Dell Dimension 2400 desktop - which is about 10 years old.

---------------------------------------------------------

Go here and click the green "Download latest version" link to download and save *HiJackThis 2.0.4*

After it's been downloaded and saved, close all open windows first, then double-click it to install it.

Allow it to install in its default location - C:\Program Files.

After it's been installed, start it and allow its main window to load.

Uncheck "Do not show this window when I start HiJackThis".

Click "Do a system scan and save a log file".

When the scan is finished in 30 - 60 seconds, a log file will appear.

Save that log file.

Return here to your thread, then copy-and-paste the ENTIRE log file here.

---------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

This sounds like a possible infection that creates junction points in MSE. You can still follow the previous instructions but please do this as well.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## mculls (Apr 30, 2007)

flavallee said:


> You appear to have a Dell Dimension 2400 desktop - which is about 10 years old.
> 
> ---------------------------------------------------------
> 
> ...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:09 PM, on 7/1/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Client\MsMpEng.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 4703 bytes


----------



## mculls (Apr 30, 2007)

Cookiegal said:


> This sounds like a possible infection that creates junction points in MSE. You can still follow the previous instructions but please do this as well.
> 
> Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.
> 
> ...


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-07-2013 02
Ran by thomas cozier (administrator) on 01-07-2013 13:02:40
Running from C:\Documents and Settings\thomas cozier\Local Settings\Temporary Internet Files\Content.IE5\TPLOKSFC
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
(Farbar) C:\Documents and Settings\thomas cozier\Local Settings\Temporary Internet Files\Content.IE5\TPLOKSFC\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VX3000] C:\WINDOWS\vVX3000.exe [709992 2007-04-10] (Microsoft Corporation)
HKLM\...\Run: [RegistryUpdate] [x]
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-14] (SUPERAntiSpyware.com)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32] %SystemRoot%\System32\shdocvw.dll ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\RECYCLER\S-1-5-21-796845957-1220945662-839522115-1011\$0aacb060dff957d6f57dbc27868e0aba\n. ATTENTION! ====> ZeroAccess?
HKU\Owner\...\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background [ 2008-04-13] (Microsoft Corporation)
HKU\Owner\...\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [x]
HKU\Owner\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime [x]
HKU\Owner\...\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [x]
Lsa: [Notification Packages] scecli scecli scecli scecli scecli
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk /r \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default
FF Homepage: hxxp://www.zerourl.com/en/index.php?rvs=hompag
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Extension: No Name - C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-10-04] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [177776 2005-10-04] (Symantec Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [214672 2005-10-19] (Symantec Corporation)
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97ich4.sys [107776 2002-04-15] (Intel Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-09-15] (Symantec Corporation)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\naveng.sys [86136 2011-09-15] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\navex15.sys [1576312 2011-09-15] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [24720 2005-10-19] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [195728 2005-10-19] (Symantec Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 senfilt; system32\drivers\senfilt.sys [x]
S3 smwdm; system32\drivers\smwdm.sys [x]
S3 SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [x]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-01 13:01 - 2013-07-01 13:01 - 00000000 ____D C:\FRST
2013-07-01 12:03 - 2013-07-01 12:54 - 00002463 ____A C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
2013-07-01 12:03 - 2013-07-01 12:03 - 00000000 ____D C:\Program Files\Trend Micro
2013-07-01 12:00 - 2013-07-01 12:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2013-06-29 17:32 - 2013-06-29 17:32 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-28 10:58 - 2013-07-01 08:00 - 00000120 ____A C:\Windows\setupact.log
2013-06-28 10:58 - 2013-06-28 10:58 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 12:06 - 2013-06-25 12:06 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-22 11:43 - 2013-06-22 11:43 - 00000000 __SHD C:\Windows\CSC
2013-06-18 09:56 - 2013-06-18 10:08 - 00000000 ____D C:\Documents and Settings\thomas cozier\My Documents\Elise_M
2013-06-12 12:04 - 2013-06-25 12:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$

==================== One Month Modified Files and Folders ========

2013-07-01 13:01 - 2013-07-01 13:01 - 00000000 ____D C:\FRST
2013-07-01 12:55 - 2013-01-10 19:18 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-01 12:54 - 2013-07-01 12:03 - 00002463 ____A C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
2013-07-01 12:31 - 2012-04-22 09:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-01 12:18 - 2013-03-31 10:51 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
2013-07-01 12:03 - 2013-07-01 12:03 - 00000000 ____D C:\Program Files\Trend Micro
2013-07-01 12:00 - 2013-07-01 12:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2013-07-01 11:55 - 2013-01-10 19:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-01 08:00 - 2013-06-28 10:58 - 00000120 ____A C:\Windows\setupact.log
2013-07-01 07:37 - 2006-01-11 11:52 - 01834232 ____A C:\Windows\WindowsUpdate.log
2013-07-01 07:34 - 2013-01-06 14:18 - 00000282 ____A C:\Windows\Tasks\Go for FilesUpdate.job
2013-07-01 07:34 - 2007-09-27 17:54 - 00000062 __ASH C:\Documents and Settings\thomas cozier\Local Settings\desktop.ini
2013-07-01 07:34 - 2003-07-16 16:53 - 00002444 ____A C:\Windows\System32\wpa.dbl
2013-06-30 23:38 - 2007-09-27 17:54 - 00000178 ___SH C:\Documents and Settings\thomas cozier\ntuser.ini
2013-06-30 16:54 - 2012-05-28 15:15 - 00001954 ____A C:\Windows\epplauncher.mif
2013-06-30 13:04 - 2006-01-10 10:47 - 00032490 ____A C:\Windows\SchedLgU.Txt
2013-06-30 09:11 - 2006-01-10 10:47 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-30 09:11 - 2006-01-10 10:47 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-30 09:11 - 2006-01-10 10:41 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-30 09:11 - 2006-01-10 05:36 - 00000159 ____A C:\Windows\wiadebug.log
2013-06-30 09:11 - 2006-01-10 05:36 - 00000049 ____A C:\Windows\wiaservc.log
2013-06-29 17:32 - 2013-06-29 17:32 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-29 16:38 - 2011-10-25 13:13 - 00000000 __HDC C:\Windows\$NtUninstallKB974112_0$
2013-06-28 10:58 - 2013-06-28 10:58 - 00000000 ____A C:\Windows\setuperr.log
2013-06-27 13:05 - 2006-01-10 05:24 - 00000000 ____D C:\Windows\Cursors
2013-06-26 12:41 - 2008-07-05 18:38 - 00000000 __SHD C:\Documents and Settings\thomas cozier\UserData
2013-06-25 12:22 - 2006-01-10 05:33 - 00201736 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-25 12:06 - 2013-06-25 12:06 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-06-25 12:06 - 2013-06-12 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-25 12:02 - 2013-05-14 21:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-25 12:01 - 2013-05-14 21:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-23 01:43 - 2013-03-27 12:49 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-22 12:31 - 2012-04-22 09:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-22 12:31 - 2011-10-04 12:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-22 11:48 - 2006-01-10 10:38 - 00000000 ____D C:\Windows\Registration
2013-06-22 11:43 - 2013-06-22 11:43 - 00000000 __SHD C:\Windows\CSC
2013-06-18 10:08 - 2013-06-18 09:56 - 00000000 ____D C:\Documents and Settings\thomas cozier\My Documents\Elise_M
2013-06-02 17:21 - 2006-01-11 12:45 - 73381792 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe

ZeroAccess:
C:\RECYCLER\S-1-5-21-796845957-1220945662-839522115-1011\$0aacb060dff957d6f57dbc27868e0aba

ZeroAccess:
C:\RECYCLER\S-1-5-18\$0aacb060dff957d6f57dbc27868e0aba

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== End Of Log ============================


----------



## mculls (Apr 30, 2007)

addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-07-2013 02
Ran by thomas cozier at 2013-07-01 13:03:16
Running from C:\Documents and Settings\thomas cozier\Local Settings\Temporary Internet Files\Content.IE5\TPLOKSFC
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player Plugin (Version: 9.0.47.0)
Adobe Reader 7.0.5 (Version: 7.0.5)
Adobe Shockwave Player (Version: 10.1.4.20)
CCleaner (Version: 3.11)
Conexant D850 56K V.9x DFVc Modem
Google Update Helper (Version: 1.3.21.145)
HiJackThis (Version: 1.0.0)
Intel(R) Extreme Graphics Driver
IrfanView (remove only) (Version: 4.30)
J2SE Runtime Environment 5.0 Update 3 (Version: 1.5.0.30)
Jasc Paint Shop Pro Studio, Dell Editon (Version: 1.00.0000)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Security Client (Version: 4.2.0223.1)
Mozilla Firefox (1.5) [BufferZone] (Version: 1.5 (en-US))
Remove United States Military Academy Admissions Screen Saver (2005)
Revo Uninstaller 1.93 (Version: 1.93)
Spotify (HKCU Version: 0.8.4.124.ga3559d86)
SUPERAntiSpyware (Version: 5.6.1020)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB900485) (Version: 2)
Update for Windows XP (KB916595) (Version: 1)
Update for Windows XP (KB920872) (Version: 1)
Update for Windows XP (KB922582) (Version: 1)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB887472 (Version: 20041014.162858)
Windows XP Hotfix - KB887742 (Version: 20041103.095002)
Windows XP Service Pack 3 (Version: 20080414.031525)

==================== Restore Points =========================

10-04-2013 16:00:28 Software Distribution Service 3.0
11-04-2013 16:28:59 System Checkpoint
12-04-2013 14:18:50 Software Distribution Service 3.0
13-04-2013 14:33:50 Software Distribution Service 3.0
14-04-2013 05:33:34 Software Distribution Service 3.0
14-04-2013 21:58:11 Software Distribution Service 3.0
15-04-2013 22:43:18 System Checkpoint
16-04-2013 13:29:30 Software Distribution Service 3.0
17-04-2013 13:29:27 Software Distribution Service 3.0
18-04-2013 13:29:47 Software Distribution Service 3.0
19-04-2013 13:29:48 Software Distribution Service 3.0
20-04-2013 13:29:52 Software Distribution Service 3.0
21-04-2013 06:18:34 Software Distribution Service 3.0
21-04-2013 16:34:42 Software Distribution Service 3.0
22-04-2013 16:35:11 Software Distribution Service 3.0
23-04-2013 16:35:59 Software Distribution Service 3.0
24-04-2013 16:35:35 Software Distribution Service 3.0
25-04-2013 16:35:14 Software Distribution Service 3.0
26-04-2013 16:35:36 Software Distribution Service 3.0
27-04-2013 16:52:01 System Checkpoint
27-04-2013 18:08:05 Software Distribution Service 3.0
28-04-2013 05:45:51 Software Distribution Service 3.0
28-04-2013 18:07:59 Software Distribution Service 3.0
29-04-2013 18:08:50 System Checkpoint
30-04-2013 14:16:12 Software Distribution Service 3.0
01-05-2013 14:18:09 Software Distribution Service 3.0
01-05-2013 22:29:26 Revo Uninstaller's restore point - Microsoft Security Essentials
02-05-2013 13:42:02 Restore Operation
03-05-2013 14:36:09 System Checkpoint
04-05-2013 15:29:56 System Checkpoint
05-05-2013 15:24:48 Installed Microsoft Fix it 50692
06-05-2013 16:10:45 System Checkpoint
07-05-2013 16:50:21 System Checkpoint
08-05-2013 17:06:00 System Checkpoint
09-05-2013 17:46:17 System Checkpoint
10-05-2013 18:28:22 System Checkpoint
11-05-2013 20:09:33 System Checkpoint
12-05-2013 20:57:23 System Checkpoint
13-05-2013 22:00:16 System Checkpoint
14-05-2013 23:06:21 System Checkpoint
15-05-2013 01:44:22 Software Distribution Service 3.0
16-05-2013 01:58:52 System Checkpoint
17-05-2013 02:35:10 System Checkpoint
18-05-2013 02:37:24 System Checkpoint
19-05-2013 03:37:25 System Checkpoint
20-05-2013 03:56:12 System Checkpoint
21-05-2013 04:23:32 System Checkpoint
22-05-2013 04:40:06 System Checkpoint
23-05-2013 05:23:34 System Checkpoint
24-05-2013 06:22:31 System Checkpoint
25-05-2013 07:22:29 System Checkpoint
26-05-2013 08:22:29 System Checkpoint
27-05-2013 09:22:29 System Checkpoint
28-05-2013 15:56:48 System Checkpoint
29-05-2013 16:15:34 System Checkpoint
30-05-2013 17:07:23 System Checkpoint
31-05-2013 17:49:02 System Checkpoint
01-06-2013 18:54:52 System Checkpoint
02-06-2013 20:23:09 System Checkpoint
03-06-2013 22:02:56 System Checkpoint
05-06-2013 00:13:05 System Checkpoint
06-06-2013 00:13:57 System Checkpoint
07-06-2013 00:52:02 System Checkpoint
08-06-2013 01:50:49 System Checkpoint
09-06-2013 01:51:55 System Checkpoint
10-06-2013 02:42:58 System Checkpoint
11-06-2013 02:43:15 System Checkpoint
12-06-2013 02:51:05 System Checkpoint
12-06-2013 16:00:21 Software Distribution Service 3.0
13-06-2013 16:25:57 System Checkpoint
14-06-2013 17:53:58 System Checkpoint
15-06-2013 18:58:58 System Checkpoint
16-06-2013 19:11:46 System Checkpoint
17-06-2013 19:19:58 System Checkpoint
18-06-2013 19:31:43 System Checkpoint
19-06-2013 21:50:16 System Checkpoint
20-06-2013 22:23:18 System Checkpoint
22-06-2013 00:05:42 System Checkpoint
22-06-2013 15:44:43 Restore Operation
23-06-2013 18:59:20 System Checkpoint
25-06-2013 16:00:19 Software Distribution Service 3.0
27-06-2013 04:31:48 System Checkpoint
28-06-2013 14:20:33 System Checkpoint
29-06-2013 16:53:57 System Checkpoint
30-06-2013 18:13:56 System Checkpoint
01-07-2013 16:03:07 Installed HiJackThis

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Go for FilesUpdate.job => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\MpIdleTask.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2013 04:54:45 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070643
Description:. 0x80070643. Fatal error during installation.

Error: (06/30/2013 04:54:44 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070643common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (06/30/2013 04:54:26 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070643morrobootstraper__cinstallflow__internalrun - geteppuninstallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (06/30/2013 04:54:25 PM) (Source: MsiInstaller) (User: KEVIN-2C3RRQUXO)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes,

Error: (06/30/2013 10:56:13 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/30/2013 10:44:31 AM) (Source: Application Hang) (User: )
Description: Fault bucket 1180947459.

Error: (06/30/2013 10:41:38 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/28/2013 04:41:19 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2013 07:54:28 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/27/2013 10:00:57 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

System errors:
=============
Error: (06/30/2013 10:39:06 AM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/30/2013 09:11:38 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
SYMTDI

Error: (06/30/2013 09:11:37 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1920

Error: (06/29/2013 04:39:03 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
IntelIde
SYMTDI

Error: (06/29/2013 04:39:02 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1920

Error: (06/29/2013 04:38:58 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (06/29/2013 04:38:04 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/29/2013 02:38:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
eeCtrl
Fips
intelppm
MpFilter
SYMTDI

Error: (06/29/2013 02:38:26 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error: 
%%1920

Error: (06/29/2013 02:37:23 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Microsoft Office Sessions:
=========================
Error: (06/30/2013 04:54:45 PM) (Source: Microsoft Security Client Setup)(User: )
Description: HRESULT:0x80070643
Description:. 0x80070643. Fatal error during installation.

Error: (06/30/2013 04:54:44 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070643common client setup outcomesetresultdatapoints0security essentialsNILNILNIL

Error: (06/30/2013 04:54:26 PM) (Source: Microsoft Security Client)(User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070643morrobootstraper__cinstallflow__internalrun - geteppuninstallactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL

Error: (06/30/2013 04:54:25 PM) (Source: MsiInstaller)(User: KEVIN-2C3RRQUXO)
Description: Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, (NULL)(NULL)(NULL)

Error: (06/30/2013 10:56:13 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/30/2013 10:44:31 AM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (06/30/2013 10:41:38 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/28/2013 04:41:19 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/27/2013 07:54:28 PM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/27/2013 10:00:57 AM) (Source: Application Hang)(User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

==================== Memory info ===========================

Percentage of memory in use: 65%
Total physical RAM: 510 MB
Available physical RAM: 173.92 MB
Total Pagefile: 1969.88 MB
Available Pagefile: 1517.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:37.24 GB) (Free:21.01 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: 9DC96E9E)
Partition 1: (Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

That's exactly what it is so I'll move this to the Virus & Other Malware Removal forum.


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## mculls (Apr 30, 2007)

Cookiegal said:


> Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.
> 
> The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.
> 
> ...


Thanks 
Combofix is giving me a warning to disable MSE and symantec before proceeding--How is it best to do that? I can't open MSE and can't find symantec


----------



## Cookiegal (Aug 27, 2003)

There's no need to quote my instructions.when replying. 

OK so Symantec is not showing up in Add or Remove Programs in the Control Panel?

Please run this before proceeding.

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## mculls (Apr 30, 2007)

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by thomas cozier at 14:06:55 on 2013-07-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.54 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\32788R22FWJFW\cmd.3XE
C:\32788R22FWJFW\NirCmd.3XE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [RegistryUpdate] <no file>
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1319477025562
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli scecli scecli scecli
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-10-4 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-10-4 177776]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110917.007\naveng.sys [2011-9-18 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110917.007\navex15.sys [2011-9-18 1576312]
.
=============== Created Last 30 ================
.
2013-07-01 17:01:57	--------	d-----w-	C:\FRST
2013-07-01 16:03:09	388096	----a-r-	c:\documents and settings\thomas cozier\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-01 16:03:09	--------	d-----w-	c:\program files\Trend Micro
2013-07-01 16:00:36	--------	d-----w-	c:\documents and settings\all users\application data\APN
2013-06-29 21:32:53	--------	d-----w-	c:\documents and settings\thomas cozier\application data\SUPERAntiSpyware.com
2013-06-29 21:32:32	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-06-29 21:32:32	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-06-22 15:48:15	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2013-06-22 15:48:15	--------	d-----w-	c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2013-06-22 16:31:36	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-22 16:31:35	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30:06	920064	----a-w-	c:\windows\system32\wininet.dll
2013-05-07 22:30:05	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29	385024	----a-w-	c:\windows\system32\html.iec
2013-05-03 01:26:26	2193536	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18	2070144	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-16 22:17:15	920064	----a-w-	c:\windows\system32\wininet(5).dll
2013-04-16 22:17:15	1215488	----a-w-	c:\windows\system32\urlmon(5).dll
2013-04-16 22:17:15	105984	----a-w-	c:\windows\system32\url(5).dll
2013-04-10 01:31:19	1876352	----a-w-	c:\windows\system32\win32k.sys
.
============= FINISH: 14:09:10.75 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2007 6:15:33 PM
System Uptime: 6/30/2013 9:10:59 AM (29 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2791/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 20.952 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP263: 4/10/2013 12:00:28 PM - Software Distribution Service 3.0
RP264: 4/11/2013 12:28:59 PM - System Checkpoint
RP265: 4/12/2013 10:18:50 AM - Software Distribution Service 3.0
RP266: 4/13/2013 10:33:50 AM - Software Distribution Service 3.0
RP267: 4/14/2013 1:33:34 AM - Software Distribution Service 3.0
RP268: 4/14/2013 5:58:11 PM - Software Distribution Service 3.0
RP269: 4/15/2013 6:43:18 PM - System Checkpoint
RP270: 4/16/2013 9:29:30 AM - Software Distribution Service 3.0
RP271: 4/17/2013 9:29:27 AM - Software Distribution Service 3.0
RP272: 4/18/2013 9:29:47 AM - Software Distribution Service 3.0
RP273: 4/19/2013 9:29:48 AM - Software Distribution Service 3.0
RP274: 4/20/2013 9:29:52 AM - Software Distribution Service 3.0
RP275: 4/21/2013 2:18:34 AM - Software Distribution Service 3.0
RP276: 4/21/2013 12:34:42 PM - Software Distribution Service 3.0
RP277: 4/22/2013 12:35:11 PM - Software Distribution Service 3.0
RP278: 4/23/2013 12:35:59 PM - Software Distribution Service 3.0
RP279: 4/24/2013 12:35:35 PM - Software Distribution Service 3.0
RP280: 4/25/2013 12:35:14 PM - Software Distribution Service 3.0
RP281: 4/26/2013 12:35:36 PM - Software Distribution Service 3.0
RP282: 4/27/2013 12:52:01 PM - System Checkpoint
RP283: 4/27/2013 2:08:05 PM - Software Distribution Service 3.0
RP284: 4/28/2013 1:45:51 AM - Software Distribution Service 3.0
RP285: 4/28/2013 2:07:59 PM - Software Distribution Service 3.0
RP286: 4/29/2013 2:08:50 PM - System Checkpoint
RP287: 4/30/2013 10:16:12 AM - Software Distribution Service 3.0
RP288: 5/1/2013 10:18:09 AM - Software Distribution Service 3.0
RP289: 5/1/2013 6:29:26 PM - Revo Uninstaller's restore point - Microsoft Security Essentials
RP290: 5/2/2013 9:42:02 AM - Restore Operation
RP291: 5/3/2013 10:36:09 AM - System Checkpoint
RP292: 5/4/2013 11:29:56 AM - System Checkpoint
RP293: 5/5/2013 11:24:48 AM - Installed Microsoft Fix it 50692
RP294: 5/6/2013 12:10:45 PM - System Checkpoint
RP295: 5/7/2013 12:50:21 PM - System Checkpoint
RP296: 5/8/2013 1:06:00 PM - System Checkpoint
RP297: 5/9/2013 1:46:17 PM - System Checkpoint
RP298: 5/10/2013 2:28:22 PM - System Checkpoint
RP299: 5/11/2013 4:09:33 PM - System Checkpoint
RP300: 5/12/2013 4:57:23 PM - System Checkpoint
RP301: 5/13/2013 6:00:16 PM - System Checkpoint
RP302: 5/14/2013 7:06:21 PM - System Checkpoint
RP303: 5/14/2013 9:44:22 PM - Software Distribution Service 3.0
RP304: 5/15/2013 9:58:52 PM - System Checkpoint
RP305: 5/16/2013 10:35:10 PM - System Checkpoint
RP306: 5/17/2013 10:37:24 PM - System Checkpoint
RP307: 5/18/2013 11:37:25 PM - System Checkpoint
RP308: 5/19/2013 11:56:12 PM - System Checkpoint
RP309: 5/21/2013 12:23:32 AM - System Checkpoint
RP310: 5/22/2013 12:40:06 AM - System Checkpoint
RP311: 5/23/2013 1:23:34 AM - System Checkpoint
RP312: 5/24/2013 2:22:31 AM - System Checkpoint
RP313: 5/25/2013 3:22:29 AM - System Checkpoint
RP314: 5/26/2013 4:22:29 AM - System Checkpoint
RP315: 5/27/2013 5:22:29 AM - System Checkpoint
RP316: 5/28/2013 11:56:48 AM - System Checkpoint
RP317: 5/29/2013 12:15:34 PM - System Checkpoint
RP318: 5/30/2013 1:07:23 PM - System Checkpoint
RP319: 5/31/2013 1:49:02 PM - System Checkpoint
RP320: 6/1/2013 2:54:52 PM - System Checkpoint
RP321: 6/2/2013 4:23:09 PM - System Checkpoint
RP322: 6/3/2013 6:02:56 PM - System Checkpoint
RP323: 6/4/2013 8:13:05 PM - System Checkpoint
RP324: 6/5/2013 8:13:57 PM - System Checkpoint
RP325: 6/6/2013 8:52:02 PM - System Checkpoint
RP326: 6/7/2013 9:50:49 PM - System Checkpoint
RP327: 6/8/2013 9:51:55 PM - System Checkpoint
RP328: 6/9/2013 10:42:58 PM - System Checkpoint
RP329: 6/10/2013 10:43:15 PM - System Checkpoint
RP330: 6/11/2013 10:51:05 PM - System Checkpoint
RP331: 6/12/2013 12:00:21 PM - Software Distribution Service 3.0
RP332: 6/13/2013 12:25:57 PM - System Checkpoint
RP333: 6/14/2013 1:53:58 PM - System Checkpoint
RP334: 6/15/2013 2:58:58 PM - System Checkpoint
RP335: 6/16/2013 3:11:46 PM - System Checkpoint
RP336: 6/17/2013 3:19:58 PM - System Checkpoint
RP337: 6/18/2013 3:31:43 PM - System Checkpoint
RP338: 6/19/2013 5:50:16 PM - System Checkpoint
RP339: 6/20/2013 6:23:18 PM - System Checkpoint
RP340: 6/21/2013 8:05:42 PM - System Checkpoint
RP341: 6/22/2013 11:44:43 AM - Restore Operation
RP342: 6/23/2013 2:59:20 PM - System Checkpoint
RP343: 6/25/2013 12:00:19 PM - Software Distribution Service 3.0
RP344: 6/27/2013 12:31:48 AM - System Checkpoint
RP345: 6/28/2013 10:20:33 AM - System Checkpoint
RP346: 6/29/2013 12:53:57 PM - System Checkpoint
RP347: 6/30/2013 2:13:56 PM - System Checkpoint
RP348: 7/1/2013 12:03:07 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.5
Adobe Shockwave Player
CCleaner
Conexant D850 56K V.9x DFVc Modem
Google Update Helper
HiJackThis
Hotfix for Windows XP (KB2756822)
Intel(R) Extreme Graphics Driver
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Pro Studio, Dell Editon
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Security Client
Mozilla Firefox (1.5) [BufferZone]
Remove United States Military Academy Admissions Screen Saver (2005)
Revo Uninstaller 1.93
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978037)
Spotify
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2736233)
Update for Windows XP (KB900485)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
6/30/2013 10:39:06 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/26/2013 12:38:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SYMTDI
6/26/2013 12:38:50 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The file can not be accessed by the system.
6/25/2013 9:20:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl Fips intelppm MpFilter SYMTDI
6/25/2013 9:17:43 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SYMTDI Tcpip
6/25/2013 9:17:43 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 9:17:43 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 9:17:43 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 9:17:43 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/25/2013 11:30:53 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/25/2013 10:54:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde SYMTDI
6/25/2013 10:53:14 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/25/2013 10:52:19 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

I suspect that you used the registry cleaner function of CCleaner. CCleaner is a good program but you shouldn't use the registry cleaner function or any other registry cleaners as they often do more harm than good. It looks like many program's uninstallers have been removed.

Please run the Symantec Removal Tool and when it completes reboot the computer.

https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us

Then run ComboFix. If it still flags Symantec please continue and if anything pops up from Symantec or MSE alerting to malware when running ComboFix be sure not to let them block the program (so allow everything).


----------



## mculls (Apr 30, 2007)

tried downloading norton removal tool -says it cannot display the webpage


----------



## flavallee (May 12, 2002)

mculls:

You have several very outdated programs and extras in that computer that need to be dealt with.

It can wait though until after Cookiegal finishes helping you and gaves me the "all clear" to jump back in.

------------------------------------------------------------

Cookiegal:

As this thread has been moved to the "Virus & Other Malware Removal", I'm going to unsubscribe to it so I don't keep getting reply alerts to it.

If you want me to jump back in later, just send me a PM.

------------------------------------------------------------


----------



## Cookiegal (Aug 27, 2003)

Can you access this one?

https://support.norton.com/sp/en/us/home/current/solutions/kb20080828154508EN_EndUserProfile_en_us


----------



## Cookiegal (Aug 27, 2003)

Thanks Frank.


----------



## flavallee (May 12, 2002)

Cookiegal said:


> Thanks Frank.


 :up:

---------------------------------------------------------------

Just in case you need it, this is the Norton removal tool link that I usually use.

http://www.majorgeeks.com/files/details/norton_removal_tool.html

---------------------------------------------------------------


----------



## mculls (Apr 30, 2007)

Frank, is it the reimage repair setup wizard? I made the mistake of going on online chat with a norton rep-and accidentally downloaded pc utility kit-he wasnt that helpful


----------



## mculls (Apr 30, 2007)

mculls said:


> Frank, is it the reimage repair setup wizard? I made the mistake of going on online chat with a norton rep-and accidentally downloaded pc utility kit-he wasnt that helpful


I found right download but still getting IE cannot display the webpage--pretty crazy


----------



## mculls (Apr 30, 2007)

its almost like something doesn't want me to remove norton antivirus


----------



## Cookiegal (Aug 27, 2003)

The one from Frank's link says it: "_uninstalls all Norton 2010/2009/2008/2007/2006/2005/2004/2003 products_" so it seems it's not an updated version unless they've just not updated the description.

But it's probably the same one so you can try it. It's not reimage repair, that must be an advertisement. It's the Norton Removal Tool.


----------



## Cookiegal (Aug 27, 2003)

Wait, try this one:

http://www.bleepingcomputer.com/download/norton-removal-tool/


----------



## mculls (Apr 30, 2007)

yeah, tried it-got same result IE cannot display the webpage


----------



## mculls (Apr 30, 2007)

Cookiegal said:


> Wait, try this one:
> 
> http://www.bleepingcomputer.com/download/norton-removal-tool/


same thing-wow--------by the way thank you very much for your help


----------



## Cookiegal (Aug 27, 2003)

No problem.

Can you grab the executable directly from the following link and save it to your desktop and run it from there?

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe


----------



## mculls (Apr 30, 2007)

same message--tried cnet, same thing--is there something that is purposely preventing the fix?


----------



## Cookiegal (Aug 27, 2003)

Then just go ahead and run ComboFix but be sure you have your important stuff backed up first. If any alerts pop up prompting you to block anything do NOT block it, choose allow so as not to interfere with ComboFix.


----------



## mculls (Apr 30, 2007)

Hi, ran Combofix-got thru stage 25-then blue screen said a problem has been detected and windows has been shut down to prevent damage--plug and play detected an error most likely caused by a faulty driver--restarted and it said the system has recovered from a serious error


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## mculls (Apr 30, 2007)

is it the kapersky virus removal tool 2011? I got it-scanning now


----------



## Cookiegal (Aug 27, 2003)

No. I'm sorry, they keep changing the download link.

It's here:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe


----------



## mculls (Apr 30, 2007)

20:22:29.0687 2456 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:22:30.0140 2456 ============================================================
20:22:30.0140 2456 Current date / time: 2013/07/01 20:22:30.0140
20:22:30.0140 2456 SystemInfo:
20:22:30.0140 2456 
20:22:30.0140 2456 OS Version: 5.1.2600 ServicePack: 3.0
20:22:30.0140 2456 Product type: Workstation
20:22:30.0140 2456 ComputerName: KEVIN-2C3RRQUXO
20:22:30.0140 2456 UserName: thomas cozier
20:22:30.0140 2456 Windows directory: C:\WINDOWS
20:22:30.0140 2456 System windows directory: C:\WINDOWS
20:22:30.0140 2456 Processor architecture: Intel x86
20:22:30.0140 2456 Number of processors: 1
20:22:30.0140 2456 Page size: 0x1000
20:22:30.0140 2456 Boot type: Normal boot
20:22:30.0140 2456 ============================================================
20:22:31.0750 2456 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:22:31.0750 2456 ============================================================
20:22:31.0750 2456 \Device\Harddisk0\DR0:
20:22:31.0750 2456 MBR partitions:
20:22:31.0750 2456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A7D53F
20:22:31.0750 2456 ============================================================
20:22:31.0765 2456 C: <-> \Device\Harddisk0\DR0\Partition1
20:22:31.0765 2456 ============================================================
20:22:31.0765 2456 Initialize success
20:22:31.0765 2456 ============================================================
20:22:45.0125 3140 ============================================================
20:22:45.0125 3140 Scan started
20:22:45.0125 3140 Mode: Manual; 
20:22:45.0125 3140 ============================================================
20:22:46.0750 3140 ================ Scan system memory ========================
20:22:46.0750 3140 System memory - ok
20:22:46.0765 3140 ================ Scan services =============================
20:22:46.0890 3140 [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:22:46.0890 3140 !SASCORE - ok
20:22:47.0000 3140 Abiosdsk - ok
20:22:47.0015 3140 abp480n5 - ok
20:22:47.0078 3140 [ B6920AE5566C42F09DF44E70388BE78A ] ac97intc C:\WINDOWS\system32\drivers\ac97ich4.sys
20:22:47.0078 3140 ac97intc - ok
20:22:47.0156 3140 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:22:47.0156 3140 ACPI - ok
20:22:47.0218 3140 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:22:47.0218 3140 ACPIEC - ok
20:22:47.0328 3140 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:22:47.0343 3140 AdobeFlashPlayerUpdateSvc - ok
20:22:47.0359 3140 adpu160m - ok
20:22:47.0406 3140 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:22:47.0421 3140 aec - ok
20:22:47.0484 3140 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:22:47.0484 3140 AFD - ok
20:22:47.0500 3140 Aha154x - ok
20:22:47.0515 3140 aic78u2 - ok
20:22:47.0531 3140 aic78xx - ok
20:22:47.0593 3140 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:22:47.0593 3140 Alerter - ok
20:22:47.0625 3140 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:22:47.0640 3140 ALG - ok
20:22:47.0640 3140 AliIde - ok
20:22:47.0656 3140 amsint - ok
20:22:47.0718 3140 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:22:47.0734 3140 AppMgmt - ok
20:22:47.0734 3140 asc - ok
20:22:47.0765 3140 asc3350p - ok
20:22:47.0781 3140 asc3550 - ok
20:22:47.0812 3140 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:22:47.0812 3140 AsyncMac - ok
20:22:47.0906 3140 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:22:47.0906 3140 atapi - ok
20:22:47.0953 3140 Atdisk - ok
20:22:47.0984 3140 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:22:47.0984 3140 Atmarpc - ok
20:22:48.0046 3140 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:22:48.0046 3140 AudioSrv - ok
20:22:48.0109 3140 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:22:48.0109 3140 audstub - ok
20:22:48.0171 3140 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:22:48.0171 3140 bcm4sbxp - ok
20:22:48.0218 3140 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:22:48.0234 3140 Beep - ok
20:22:48.0296 3140 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:22:48.0375 3140 BITS - ok
20:22:48.0437 3140 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:22:48.0437 3140 Browser - ok
20:22:48.0593 3140 catchme - ok
20:22:48.0640 3140 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:22:48.0640 3140 cbidf2k - ok
20:22:48.0671 3140 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:22:48.0671 3140 CCDECODE - ok
20:22:48.0812 3140 [ C8E9F9C289EEF55B97EE2C1D245B1AF3 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
20:22:48.0828 3140 ccEvtMgr - ok
20:22:48.0843 3140 [ C70B0215DE5CFC5681D536506EDB42DD ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
20:22:48.0859 3140 ccSetMgr - ok
20:22:48.0859 3140 cd20xrnt - ok
20:22:48.0921 3140 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:22:48.0937 3140 Cdaudio - ok
20:22:49.0000 3140 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:22:49.0062 3140 Cdfs - ok
20:22:49.0093 3140 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:22:49.0093 3140 Cdrom - ok
20:22:49.0109 3140 Changer - ok
20:22:49.0140 3140 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:22:49.0140 3140 CiSvc - ok
20:22:49.0187 3140 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:22:49.0187 3140 ClipSrv - ok
20:22:49.0203 3140 CmdIde - ok
20:22:49.0218 3140 COMSysApp - ok
20:22:49.0234 3140 Cpqarray - ok
20:22:49.0281 3140 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:22:49.0281 3140 CryptSvc - ok
20:22:49.0296 3140 dac2w2k - ok
20:22:49.0312 3140 dac960nt - ok
20:22:49.0375 3140 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:22:49.0390 3140 DcomLaunch - ok
20:22:49.0453 3140 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:22:49.0468 3140 Dhcp - ok
20:22:49.0531 3140 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:22:49.0531 3140 Disk - ok
20:22:49.0531 3140 dmadmin - ok
20:22:49.0593 3140 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:22:49.0609 3140 dmboot - ok
20:22:49.0656 3140 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
20:22:49.0656 3140 dmio - ok
20:22:49.0703 3140 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:22:49.0703 3140 dmload - ok
20:22:49.0765 3140 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:22:49.0765 3140 dmserver - ok
20:22:49.0828 3140 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:22:49.0828 3140 DMusic - ok
20:22:49.0875 3140 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:22:49.0875 3140 Dnscache - ok
20:22:49.0921 3140 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:22:49.0921 3140 Dot3svc - ok
20:22:49.0937 3140 dpti2o - ok
20:22:49.0968 3140 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:22:49.0968 3140 drmkaud - ok
20:22:50.0031 3140 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:22:50.0031 3140 EapHost - ok
20:22:50.0093 3140 [ 8F7DBC4BE48F5388A6FE1F285E7948EF ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:22:50.0109 3140 eeCtrl - ok
20:22:50.0125 3140 EraserUtilRebootDrv - ok
20:22:50.0171 3140 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:22:50.0187 3140 ERSvc - ok
20:22:50.0250 3140 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:22:50.0250 3140 Eventlog - ok
20:22:50.0328 3140 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:22:50.0343 3140 EventSystem - ok
20:22:50.0390 3140 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:22:50.0390 3140 Fastfat - ok
20:22:50.0437 3140 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:22:50.0453 3140 FastUserSwitchingCompatibility - ok
20:22:50.0500 3140 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:22:50.0500 3140 Fdc - ok
20:22:50.0531 3140 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:22:50.0531 3140 Fips - ok
20:22:50.0578 3140 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:22:50.0578 3140 Flpydisk - ok
20:22:50.0640 3140 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:22:50.0640 3140 FltMgr - ok
20:22:50.0703 3140 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:22:50.0703 3140 Fs_Rec - ok
20:22:50.0765 3140 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:22:50.0765 3140 Ftdisk - ok
20:22:50.0828 3140 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:22:50.0828 3140 Gpc - ok
20:22:50.0937 3140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:22:50.0937 3140 gupdate - ok
20:22:50.0953 3140 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:22:50.0953 3140 gupdatem - ok
20:22:51.0046 3140 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:22:51.0062 3140 helpsvc - ok
20:22:51.0078 3140 HidServ - ok
20:22:51.0125 3140 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:22:51.0125 3140 HidUsb - ok
20:22:51.0171 3140 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:22:51.0171 3140 hkmsvc - ok
20:22:51.0187 3140 hpn - ok
20:22:51.0234 3140 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:22:51.0234 3140 HSFHWBS2 - ok
20:22:51.0328 3140 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:22:51.0359 3140 HSF_DP - ok
20:22:51.0437 3140 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:22:51.0453 3140 HTTP - ok
20:22:51.0515 3140 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:22:51.0562 3140 HTTPFilter - ok
20:22:51.0562 3140 i2omgmt - ok
20:22:51.0578 3140 i2omp - ok
20:22:51.0640 3140 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:22:51.0640 3140 i8042prt - ok
20:22:51.0718 3140 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:22:51.0750 3140 ialm - ok
20:22:51.0875 3140 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:22:51.0875 3140 IDriverT - ok
20:22:51.0921 3140 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:22:51.0921 3140 Imapi - ok
20:22:51.0984 3140 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:22:51.0984 3140 ImapiService - ok
20:22:52.0000 3140 ini910u - ok
20:22:52.0015 3140 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:22:52.0015 3140 IntelIde - ok
20:22:52.0078 3140 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:22:52.0078 3140 intelppm - ok
20:22:52.0125 3140 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:22:52.0125 3140 ip6fw - ok
20:22:52.0171 3140 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:22:52.0171 3140 IpFilterDriver - ok
20:22:52.0187 3140 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:22:52.0187 3140 IpInIp - ok
20:22:52.0234 3140 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:22:52.0250 3140 IpNat - ok
20:22:52.0312 3140 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:22:52.0312 3140 IPSec - ok
20:22:52.0343 3140 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:22:52.0343 3140 IRENUM - ok
20:22:52.0406 3140 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:22:52.0406 3140 isapnp - ok
20:22:52.0421 3140 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:22:52.0421 3140 Kbdclass - ok
20:22:52.0500 3140 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:22:52.0500 3140 kmixer - ok
20:22:52.0546 3140 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:22:52.0546 3140 KSecDD - ok
20:22:52.0609 3140 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:22:52.0625 3140 lanmanserver - ok
20:22:52.0687 3140 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:22:52.0734 3140 lanmanworkstation - ok
20:22:52.0750 3140 lbrtfdc - ok
20:22:52.0812 3140 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:22:52.0812 3140 LmHosts - ok
20:22:52.0828 3140 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:22:52.0828 3140 mdmxsdk - ok
20:22:52.0875 3140 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:22:52.0875 3140 Messenger - ok
20:22:52.0921 3140 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:22:52.0921 3140 mnmdd - ok
20:22:52.0968 3140 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:22:52.0968 3140 mnmsrvc - ok
20:22:53.0015 3140 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:22:53.0031 3140 Modem - ok
20:22:53.0062 3140 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:22:53.0062 3140 MODEMCSA - ok
20:22:53.0109 3140 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:22:53.0109 3140 Mouclass - ok
20:22:53.0140 3140 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:22:53.0140 3140 MountMgr - ok
20:22:53.0203 3140 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:22:53.0203 3140 MpFilter - ok
20:22:53.0203 3140 mraid35x - ok
20:22:53.0265 3140 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:22:53.0265 3140 MRxDAV - ok
20:22:53.0328 3140 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:22:53.0375 3140 MRxSmb - ok
20:22:53.0406 3140 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:22:53.0421 3140 MSDTC - ok
20:22:53.0468 3140 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:22:53.0468 3140 Msfs - ok
20:22:53.0468 3140 MSIServer - ok
20:22:53.0500 3140 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:22:53.0500 3140 MSKSSRV - ok
20:22:53.0562 3140 MsMpSvc - ok
20:22:53.0609 3140 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:22:53.0609 3140 MSPCLOCK - ok
20:22:53.0640 3140 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:22:53.0640 3140 MSPQM - ok
20:22:53.0687 3140 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:22:53.0687 3140 mssmbios - ok
20:22:53.0718 3140 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:22:53.0718 3140 MSTEE - ok
20:22:53.0765 3140 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:22:53.0765 3140 Mup - ok
20:22:53.0796 3140 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:22:53.0796 3140 NABTSFEC - ok
20:22:53.0843 3140 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:22:53.0859 3140 napagent - ok
20:22:53.0953 3140 [ 862F55824AC81295837B0AB63F91071F ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\naveng.sys
20:22:53.0953 3140 NAVENG - ok
20:22:54.0015 3140 [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\navex15.sys
20:22:54.0078 3140 NAVEX15 - ok
20:22:54.0109 3140 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:22:54.0125 3140 NDIS - ok
20:22:54.0156 3140 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:22:54.0156 3140 NdisIP - ok
20:22:54.0218 3140 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:22:54.0218 3140 NdisTapi - ok
20:22:54.0265 3140 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:22:54.0265 3140 Ndisuio - ok
20:22:54.0296 3140 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:22:54.0296 3140 NdisWan - ok
20:22:54.0343 3140 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:22:54.0343 3140 NDProxy - ok
20:22:54.0359 3140 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:22:54.0359 3140 NetBIOS - ok
20:22:54.0437 3140 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:22:54.0453 3140 NetBT - ok
20:22:54.0500 3140 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:22:54.0500 3140 NetDDE - ok
20:22:54.0515 3140 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:22:54.0515 3140 NetDDEdsdm - ok
20:22:54.0578 3140 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
20:22:54.0578 3140 Netlogon - ok
20:22:54.0640 3140 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:22:54.0671 3140 Netman - ok
20:22:54.0687 3140 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:22:54.0703 3140 Nla - ok
20:22:54.0718 3140 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:22:54.0718 3140 Npfs - ok
20:22:54.0796 3140 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:22:54.0828 3140 Ntfs - ok
20:22:54.0843 3140 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:22:54.0843 3140 NtLmSsp - ok
20:22:54.0906 3140 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:22:54.0921 3140 NtmsSvc - ok
20:22:54.0921 3140 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:22:54.0921 3140 Null - ok
20:22:54.0968 3140 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:22:54.0968 3140 NwlnkFlt - ok
20:22:55.0000 3140 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:22:55.0000 3140 NwlnkFwd - ok
20:22:55.0046 3140 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:22:55.0062 3140 Parport - ok
20:22:55.0125 3140 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:22:55.0125 3140 PartMgr - ok
20:22:55.0187 3140 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:22:55.0187 3140 ParVdm - ok
20:22:55.0234 3140 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:22:55.0250 3140 PCI - ok
20:22:55.0250 3140 PCIDump - ok
20:22:55.0312 3140 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:22:55.0312 3140 PCIIde - ok
20:22:55.0359 3140 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:22:55.0359 3140 Pcmcia - ok
20:22:55.0375 3140 PDCOMP - ok
20:22:55.0375 3140 PDFRAME - ok
20:22:55.0390 3140 PDRELI - ok
20:22:55.0406 3140 PDRFRAME - ok
20:22:55.0421 3140 perc2 - ok
20:22:55.0421 3140 perc2hib - ok
20:22:55.0687 3140 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
20:22:55.0921 3140 PEVSystemStart - ok
20:22:55.0937 3140 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:22:55.0953 3140 PlugPlay - ok
20:22:55.0953 3140 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:22:55.0968 3140 PolicyAgent - ok
20:22:56.0015 3140 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:22:56.0015 3140 PptpMiniport - ok
20:22:56.0031 3140 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:22:56.0046 3140 Processor - ok
20:22:56.0046 3140 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:22:56.0046 3140 ProtectedStorage - ok
20:22:56.0109 3140 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:22:56.0109 3140 PSched - ok
20:22:56.0171 3140 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:22:56.0171 3140 Ptilink - ok
20:22:56.0187 3140 ql1080 - ok
20:22:56.0187 3140 Ql10wnt - ok
20:22:56.0203 3140 ql12160 - ok
20:22:56.0203 3140 ql1240 - ok
20:22:56.0218 3140 ql1280 - ok
20:22:56.0265 3140 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:22:56.0265 3140 RasAcd - ok
20:22:56.0296 3140 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:22:56.0312 3140 RasAuto - ok
20:22:56.0343 3140 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:22:56.0343 3140 Rasl2tp - ok
20:22:56.0406 3140 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:22:56.0421 3140 RasMan - ok
20:22:56.0437 3140 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:22:56.0453 3140 RasPppoe - ok
20:22:56.0468 3140 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:22:56.0484 3140 Raspti - ok
20:22:56.0515 3140 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:22:56.0531 3140 Rdbss - ok
20:22:56.0546 3140 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:22:56.0546 3140 RDPCDD - ok
20:22:56.0562 3140 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:22:56.0578 3140 rdpdr - ok
20:22:56.0640 3140 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:22:56.0640 3140 RDPWD - ok
20:22:56.0687 3140 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:22:56.0687 3140 RDSessMgr - ok
20:22:56.0734 3140 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:22:56.0734 3140 redbook - ok
20:22:56.0796 3140 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:22:56.0796 3140 RemoteAccess - ok
20:22:56.0843 3140 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:22:56.0859 3140 RemoteRegistry - ok
20:22:56.0890 3140 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:22:56.0906 3140 RpcLocator - ok
20:22:56.0953 3140 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:22:56.0953 3140 RpcSs - ok
20:22:57.0015 3140 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:22:57.0015 3140 RSVP - ok
20:22:57.0046 3140 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:22:57.0046 3140 SamSs - ok
20:22:57.0109 3140 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:22:57.0109 3140 SASDIFSV - ok
20:22:57.0125 3140 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:22:57.0125 3140 SASKUTIL - ok
20:22:57.0156 3140 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:22:57.0156 3140 SCardSvr - ok
20:22:57.0218 3140 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:22:57.0218 3140 Schedule - ok
20:22:57.0281 3140 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:22:57.0281 3140 Secdrv - ok
20:22:57.0328 3140 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:22:57.0328 3140 seclogon - ok
20:22:57.0343 3140 senfilt - ok
20:22:57.0406 3140 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:22:57.0406 3140 SENS - ok
20:22:57.0453 3140 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:22:57.0453 3140 serenum - ok
20:22:57.0515 3140 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:22:57.0531 3140 Serial - ok
20:22:57.0546 3140 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:22:57.0546 3140 Sfloppy - ok
20:22:57.0609 3140 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:22:57.0640 3140 SharedAccess - ok
20:22:57.0656 3140 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:22:57.0671 3140 ShellHWDetection - ok
20:22:57.0671 3140 Simbad - ok
20:22:57.0718 3140 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:22:57.0734 3140 SLIP - ok
20:22:57.0734 3140 smwdm - ok
20:22:57.0781 3140 [ 262C62AA7E74E7CDC0BD8926741B6A60 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
20:22:57.0796 3140 SNDSrvc - ok
20:22:57.0828 3140 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:22:57.0828 3140 SONYPVU1 - ok
20:22:57.0843 3140 Sparrow - ok
20:22:57.0890 3140 [ C30FA11923892A4DBD1C747DB8492E8F ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:22:57.0906 3140 SPBBCDrv - ok
20:22:57.0953 3140 [ EA07435C72A8534C3A8E02D87246E546 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
20:22:57.0984 3140 SPBBCSvc - ok
20:22:58.0031 3140 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:22:58.0031 3140 splitter - ok
20:22:58.0093 3140 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:22:58.0093 3140 Spooler - ok
20:22:58.0156 3140 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:22:58.0156 3140 sr - ok
20:22:58.0218 3140 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice  C:\WINDOWS\system32\srsvc.dll
20:22:58.0218 3140 srservice - ok
20:22:58.0296 3140 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:22:58.0312 3140 Srv - ok
20:22:58.0359 3140 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:22:58.0375 3140 SSDPSRV - ok
20:22:58.0406 3140 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:22:58.0421 3140 StillCam - ok
20:22:58.0484 3140 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:22:58.0500 3140 stisvc - ok
20:22:58.0546 3140 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:22:58.0546 3140 streamip - ok
20:22:58.0578 3140 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:22:58.0578 3140 swenum - ok
20:22:58.0656 3140 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:22:58.0656 3140 swmidi - ok
20:22:58.0656 3140 SwPrv - ok
20:22:58.0671 3140 symc810 - ok
20:22:58.0687 3140 symc8xx - ok
20:22:58.0703 3140 SymEvent - ok
20:22:58.0718 3140 [ C1BBD1D20ACC5ECADCA086228AD52BDD ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
20:22:58.0718 3140 SYMREDRV - ok
20:22:58.0781 3140 [ 9BF7FDDAB95F8AABC361774DC844F755 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
20:22:58.0781 3140 SYMTDI - ok
20:22:58.0796 3140 sym_hi - ok
20:22:58.0812 3140 sym_u3 - ok
20:22:58.0859 3140 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:22:58.0859 3140 sysaudio - ok
20:22:58.0906 3140 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:22:58.0921 3140 SysmonLog - ok
20:22:58.0968 3140 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:22:58.0984 3140 TapiSrv - ok
20:22:59.0046 3140 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:22:59.0062 3140 Tcpip - ok
20:22:59.0109 3140 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:22:59.0109 3140 TDPIPE - ok
20:22:59.0156 3140 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:22:59.0156 3140 TDTCP - ok
20:22:59.0187 3140 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:22:59.0187 3140 TermDD - ok
20:22:59.0250 3140 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:22:59.0265 3140 TermService - ok
20:22:59.0296 3140 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:22:59.0296 3140 Themes - ok
20:22:59.0343 3140 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
20:22:59.0375 3140 TlntSvr - ok
20:22:59.0390 3140 TosIde - ok
20:22:59.0437 3140 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:22:59.0453 3140 TrkWks - ok
20:22:59.0500 3140 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:22:59.0515 3140 Udfs - ok
20:22:59.0515 3140 ultra - ok
20:22:59.0546 3140 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
20:22:59.0546 3140 UMWdf - ok
20:22:59.0609 3140 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:22:59.0625 3140 Update - ok
20:22:59.0687 3140 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:22:59.0687 3140 upnphost - ok
20:22:59.0734 3140 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:22:59.0734 3140 UPS - ok
20:22:59.0765 3140 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:22:59.0781 3140 usbaudio - ok
20:22:59.0796 3140 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:22:59.0796 3140 usbccgp - ok
20:22:59.0843 3140 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:22:59.0843 3140 usbehci - ok
20:22:59.0906 3140 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:22:59.0906 3140 usbhub - ok
20:22:59.0953 3140 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:22:59.0953 3140 usbprint - ok
20:22:59.0968 3140 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:22:59.0968 3140 usbscan - ok
20:22:59.0984 3140 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:22:59.0984 3140 USBSTOR - ok
20:23:00.0015 3140 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:23:00.0015 3140 usbuhci - ok
20:23:00.0062 3140 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:23:00.0062 3140 VgaSave - ok
20:23:00.0078 3140 ViaIde - ok
20:23:00.0093 3140 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:23:00.0093 3140 VolSnap - ok
20:23:00.0140 3140 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:23:00.0156 3140 VSS - ok
20:23:00.0296 3140 [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
20:23:00.0359 3140 VX3000 - ok
20:23:00.0390 3140 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:23:00.0406 3140 W32Time - ok
20:23:00.0421 3140 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:23:00.0421 3140 Wanarp - ok
20:23:00.0468 3140 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:23:00.0468 3140 wanatw - ok
20:23:00.0484 3140 WDICA - ok
20:23:00.0562 3140 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:23:00.0562 3140 wdmaud - ok
20:23:00.0625 3140 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:23:00.0640 3140 WebClient - ok
20:23:00.0718 3140 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:23:00.0734 3140 winachsf - ok
20:23:00.0859 3140 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:23:00.0859 3140 winmgmt - ok
20:23:00.0968 3140 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
20:23:00.0968 3140 WmdmPmSN - ok
20:23:01.0031 3140 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:23:01.0062 3140 Wmi - ok
20:23:01.0109 3140 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:23:01.0109 3140 WmiApSrv - ok
20:23:01.0156 3140 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:23:01.0156 3140 WS2IFSL - ok
20:23:01.0203 3140 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:23:01.0234 3140 wscsvc - ok
20:23:01.0250 3140 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:23:01.0265 3140 WSTCODEC - ok
20:23:01.0296 3140 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:23:01.0296 3140 wuauserv - ok
20:23:01.0375 3140 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:23:01.0390 3140 WZCSVC - ok
20:23:01.0453 3140 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:23:01.0468 3140 xmlprov - ok
20:23:01.0468 3140 ================ Scan global ===============================
20:23:01.0546 3140 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:23:01.0609 3140 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:23:01.0656 3140 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:23:01.0671 3140 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:23:01.0671 3140 [Global] - ok
20:23:01.0671 3140 ================ Scan MBR ==================================
20:23:01.0703 3140 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:23:01.0921 3140 \Device\Harddisk0\DR0 - ok
20:23:01.0937 3140 ================ Scan VBR ==================================
20:23:01.0937 3140 [ 5CE384B6C00AFA013D4DAEC69DB7F63F ] \Device\Harddisk0\DR0\Partition1
20:23:01.0937 3140 \Device\Harddisk0\DR0\Partition1 - ok
20:23:01.0937 3140 ============================================================
20:23:01.0937 3140 Scan finished
20:23:01.0937 3140 ============================================================
20:23:01.0953 3132 Detected object count: 0
20:23:01.0953 3132 Actual detected object count: 0
20:24:34.0890 3220 ============================================================
20:24:34.0890 3220 Scan started
20:24:34.0890 3220 Mode: Manual; 
20:24:34.0890 3220 ============================================================
20:24:35.0203 3220 ================ Scan system memory ========================
20:24:35.0203 3220 System memory - ok
20:24:35.0203 3220 ================ Scan services =============================
20:24:35.0343 3220 [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:24:35.0343 3220 !SASCORE - ok
20:24:35.0453 3220 Abiosdsk - ok
20:24:35.0453 3220 abp480n5 - ok
20:24:35.0531 3220 [ B6920AE5566C42F09DF44E70388BE78A ] ac97intc C:\WINDOWS\system32\drivers\ac97ich4.sys
20:24:35.0531 3220 ac97intc - ok
20:24:35.0609 3220 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:24:35.0609 3220 ACPI - ok
20:24:35.0656 3220 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:24:35.0656 3220 ACPIEC - ok
20:24:35.0765 3220 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:24:35.0765 3220 AdobeFlashPlayerUpdateSvc - ok
20:24:35.0781 3220 adpu160m - ok
20:24:35.0812 3220 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:24:35.0812 3220 aec - ok
20:24:35.0890 3220 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:24:35.0890 3220 AFD - ok
20:24:35.0906 3220 Aha154x - ok
20:24:35.0921 3220 aic78u2 - ok
20:24:35.0921 3220 aic78xx - ok
20:24:35.0968 3220 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:24:35.0968 3220 Alerter - ok
20:24:36.0015 3220 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:24:36.0015 3220 ALG - ok
20:24:36.0031 3220 AliIde - ok
20:24:36.0046 3220 amsint - ok
20:24:36.0093 3220 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:24:36.0140 3220 AppMgmt - ok
20:24:36.0156 3220 asc - ok
20:24:36.0171 3220 asc3350p - ok
20:24:36.0187 3220 asc3550 - ok
20:24:36.0250 3220 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:24:36.0250 3220 AsyncMac - ok
20:24:36.0296 3220 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:24:36.0296 3220 atapi - ok
20:24:36.0312 3220 Atdisk - ok
20:24:36.0359 3220 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:24:36.0375 3220 Atmarpc - ok
20:24:36.0421 3220 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:24:36.0421 3220 AudioSrv - ok
20:24:36.0500 3220 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:24:36.0500 3220 audstub - ok
20:24:36.0562 3220 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:24:36.0562 3220 bcm4sbxp - ok
20:24:36.0625 3220 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:24:36.0625 3220 Beep - ok
20:24:36.0703 3220 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:24:36.0703 3220 BITS - ok
20:24:36.0781 3220 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:24:36.0781 3220 Browser - ok
20:24:36.0937 3220 catchme - ok
20:24:36.0968 3220 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:24:36.0968 3220 cbidf2k - ok
20:24:37.0015 3220 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:24:37.0015 3220 CCDECODE - ok
20:24:37.0156 3220 [ C8E9F9C289EEF55B97EE2C1D245B1AF3 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
20:24:37.0171 3220 ccEvtMgr - ok
20:24:37.0187 3220 [ C70B0215DE5CFC5681D536506EDB42DD ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
20:24:37.0187 3220 ccSetMgr - ok
20:24:37.0203 3220 cd20xrnt - ok
20:24:37.0265 3220 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:24:37.0281 3220 Cdaudio - ok
20:24:37.0328 3220 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:24:37.0328 3220 Cdfs - ok
20:24:37.0359 3220 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:24:37.0375 3220 Cdrom - ok
20:24:37.0375 3220 Changer - ok
20:24:37.0421 3220 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:24:37.0421 3220 CiSvc - ok
20:24:37.0468 3220 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:24:37.0468 3220 ClipSrv - ok
20:24:37.0484 3220 CmdIde - ok
20:24:37.0500 3220 COMSysApp - ok
20:24:37.0515 3220 Cpqarray - ok
20:24:37.0562 3220 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:24:37.0578 3220 CryptSvc - ok
20:24:37.0578 3220 dac2w2k - ok
20:24:37.0593 3220 dac960nt - ok
20:24:37.0671 3220 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:24:37.0671 3220 DcomLaunch - ok
20:24:37.0750 3220 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:24:37.0750 3220 Dhcp - ok
20:24:37.0796 3220 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:24:37.0796 3220 Disk - ok
20:24:37.0812 3220 dmadmin - ok
20:24:37.0890 3220 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:24:37.0890 3220 dmboot - ok
20:24:37.0937 3220 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
20:24:37.0937 3220 dmio - ok
20:24:37.0984 3220 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:24:37.0984 3220 dmload - ok
20:24:38.0031 3220 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:24:38.0031 3220 dmserver - ok
20:24:38.0093 3220 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:24:38.0093 3220 DMusic - ok
20:24:38.0171 3220 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:24:38.0171 3220 Dnscache - ok
20:24:38.0218 3220 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:24:38.0218 3220 Dot3svc - ok
20:24:38.0234 3220 dpti2o - ok
20:24:38.0265 3220 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:24:38.0265 3220 drmkaud - ok
20:24:38.0328 3220 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:24:38.0328 3220 EapHost - ok
20:24:38.0406 3220 [ 8F7DBC4BE48F5388A6FE1F285E7948EF ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:24:38.0406 3220 eeCtrl - ok
20:24:38.0421 3220 EraserUtilRebootDrv - ok
20:24:38.0484 3220 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:24:38.0484 3220 ERSvc - ok
20:24:38.0562 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:24:38.0562 3220 Eventlog - ok
20:24:38.0625 3220 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:24:38.0625 3220 EventSystem - ok
20:24:38.0671 3220 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:24:38.0687 3220 Fastfat - ok
20:24:38.0734 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:24:38.0734 3220 FastUserSwitchingCompatibility - ok
20:24:38.0796 3220 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:24:38.0796 3220 Fdc - ok
20:24:38.0812 3220 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:24:38.0812 3220 Fips - ok
20:24:38.0875 3220 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:24:38.0875 3220 Flpydisk - ok
20:24:38.0937 3220 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:24:38.0937 3220 FltMgr - ok
20:24:39.0000 3220 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:24:39.0015 3220 Fs_Rec - ok
20:24:39.0078 3220 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:24:39.0078 3220 Ftdisk - ok
20:24:39.0125 3220 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:24:39.0125 3220 Gpc - ok
20:24:39.0234 3220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:24:39.0234 3220 gupdate - ok
20:24:39.0265 3220 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:24:39.0265 3220 gupdatem - ok
20:24:39.0359 3220 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:24:39.0359 3220 helpsvc - ok
20:24:39.0375 3220 HidServ - ok
20:24:39.0421 3220 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:24:39.0437 3220 HidUsb - ok
20:24:39.0468 3220 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:24:39.0468 3220 hkmsvc - ok
20:24:39.0484 3220 hpn - ok
20:24:39.0546 3220 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:24:39.0546 3220 HSFHWBS2 - ok
20:24:39.0609 3220 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:24:39.0609 3220 HSF_DP - ok
20:24:39.0687 3220 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:24:39.0687 3220 HTTP - ok
20:24:39.0765 3220 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:24:39.0765 3220 HTTPFilter - ok
20:24:39.0781 3220 i2omgmt - ok
20:24:39.0796 3220 i2omp - ok
20:24:39.0828 3220 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:24:39.0828 3220 i8042prt - ok
20:24:39.0921 3220 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:24:39.0921 3220 ialm - ok
20:24:40.0046 3220 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:24:40.0062 3220 IDriverT - ok
20:24:40.0109 3220 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:24:40.0109 3220 Imapi - ok
20:24:40.0171 3220 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:24:40.0171 3220 ImapiService - ok
20:24:40.0203 3220 ini910u - ok
20:24:40.0234 3220 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:24:40.0234 3220 IntelIde - ok
20:24:40.0312 3220 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:24:40.0312 3220 intelppm - ok
20:24:40.0359 3220 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:24:40.0359 3220 ip6fw - ok
20:24:40.0406 3220 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:24:40.0406 3220 IpFilterDriver - ok
20:24:40.0421 3220 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:24:40.0437 3220 IpInIp - ok
20:24:40.0500 3220 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:24:40.0500 3220 IpNat - ok
20:24:40.0562 3220 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:24:40.0562 3220 IPSec - ok
20:24:40.0593 3220 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:24:40.0609 3220 IRENUM - ok
20:24:40.0656 3220 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:24:40.0656 3220 isapnp - ok
20:24:40.0687 3220 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:24:40.0687 3220 Kbdclass - ok
20:24:40.0750 3220 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:24:40.0750 3220 kmixer - ok
20:24:40.0812 3220 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:24:40.0812 3220 KSecDD - ok
20:24:40.0875 3220 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:24:40.0875 3220 lanmanserver - ok
20:24:40.0937 3220 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:24:40.0953 3220 lanmanworkstation - ok
20:24:40.0968 3220 lbrtfdc - ok
20:24:41.0046 3220 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:24:41.0046 3220 LmHosts - ok
20:24:41.0062 3220 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:24:41.0062 3220 mdmxsdk - ok
20:24:41.0125 3220 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:24:41.0125 3220 Messenger - ok
20:24:41.0171 3220 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:24:41.0171 3220 mnmdd - ok
20:24:41.0234 3220 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:24:41.0234 3220 mnmsrvc - ok
20:24:41.0281 3220 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:24:41.0281 3220 Modem - ok
20:24:41.0328 3220 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:24:41.0328 3220 MODEMCSA - ok
20:24:41.0375 3220 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:24:41.0375 3220 Mouclass - ok
20:24:41.0390 3220 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:24:41.0390 3220 MountMgr - ok
20:24:41.0468 3220 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:24:41.0468 3220 MpFilter - ok
20:24:41.0484 3220 mraid35x - ok
20:24:41.0500 3220 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV  C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:24:41.0500 3220 MRxDAV - ok
20:24:41.0578 3220 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:24:41.0593 3220 MRxSmb - ok
20:24:41.0640 3220 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:24:41.0640 3220 MSDTC - ok
20:24:41.0703 3220 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:24:41.0703 3220 Msfs - ok
20:24:41.0718 3220 MSIServer - ok
20:24:41.0765 3220 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:24:41.0765 3220 MSKSSRV - ok
20:24:41.0828 3220 MsMpSvc - ok
20:24:41.0859 3220 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:24:41.0859 3220 MSPCLOCK - ok
20:24:41.0890 3220 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:24:41.0890 3220 MSPQM - ok
20:24:41.0937 3220 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:24:41.0937 3220 mssmbios - ok
20:24:41.0984 3220 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:24:41.0984 3220 MSTEE - ok
20:24:42.0031 3220 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:24:42.0031 3220 Mup - ok
20:24:42.0078 3220 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:24:42.0078 3220 NABTSFEC - ok
20:24:42.0125 3220 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:24:42.0125 3220 napagent - ok
20:24:42.0218 3220 [ 862F55824AC81295837B0AB63F91071F ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\naveng.sys
20:24:42.0234 3220 NAVENG - ok
20:24:42.0296 3220 [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\navex15.sys
20:24:42.0312 3220 NAVEX15 - ok
20:24:42.0359 3220 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:24:42.0359 3220 NDIS - ok
20:24:42.0390 3220 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:24:42.0390 3220 NdisIP - ok
20:24:42.0453 3220 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:24:42.0453 3220 NdisTapi - ok
20:24:42.0531 3220 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:24:42.0531 3220 Ndisuio - ok
20:24:42.0546 3220 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:24:42.0546 3220 NdisWan - ok
20:24:42.0625 3220 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:24:42.0625 3220 NDProxy - ok
20:24:42.0640 3220 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:24:42.0640 3220 NetBIOS - ok
20:24:42.0703 3220 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:24:42.0718 3220 NetBT - ok
20:24:42.0765 3220 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:24:42.0765 3220 NetDDE - ok
20:24:42.0781 3220 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:24:42.0781 3220 NetDDEdsdm - ok
20:24:42.0843 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
20:24:42.0843 3220 Netlogon - ok
20:24:42.0906 3220 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:24:42.0906 3220 Netman - ok
20:24:42.0937 3220 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:24:42.0937 3220 Nla - ok
20:24:42.0953 3220 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:24:42.0953 3220 Npfs - ok
20:24:43.0046 3220 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:24:43.0046 3220 Ntfs - ok
20:24:43.0062 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:24:43.0062 3220 NtLmSsp - ok
20:24:43.0140 3220 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:24:43.0140 3220 NtmsSvc - ok
20:24:43.0171 3220 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:24:43.0187 3220 Null - ok
20:24:43.0234 3220 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:24:43.0234 3220 NwlnkFlt - ok
20:24:43.0312 3220 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:24:43.0312 3220 NwlnkFwd - ok
20:24:43.0375 3220 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:24:43.0375 3220 Parport - ok
20:24:43.0437 3220 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:24:43.0437 3220 PartMgr - ok
20:24:43.0500 3220 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:24:43.0500 3220 ParVdm - ok
20:24:43.0562 3220 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:24:43.0562 3220 PCI - ok
20:24:43.0578 3220 PCIDump - ok
20:24:43.0640 3220 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:24:43.0640 3220 PCIIde - ok
20:24:43.0687 3220 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:24:43.0687 3220 Pcmcia - ok
20:24:43.0703 3220 PDCOMP - ok
20:24:43.0718 3220 PDFRAME - ok
20:24:43.0734 3220 PDRELI - ok
20:24:43.0750 3220 PDRFRAME - ok
20:24:43.0765 3220 perc2 - ok
20:24:43.0781 3220 perc2hib - ok
20:24:44.0046 3220 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
20:24:44.0062 3220 PEVSystemStart - ok
20:24:44.0093 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:24:44.0093 3220 PlugPlay - ok
20:24:44.0109 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:24:44.0109 3220 PolicyAgent - ok
20:24:44.0171 3220 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:24:44.0171 3220 PptpMiniport - ok
20:24:44.0203 3220 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:24:44.0203 3220 Processor - ok
20:24:44.0218 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:24:44.0218 3220 ProtectedStorage - ok
20:24:44.0250 3220 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:24:44.0250 3220 PSched - ok
20:24:44.0312 3220 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:24:44.0312 3220 Ptilink - ok
20:24:44.0328 3220 ql1080 - ok
20:24:44.0328 3220 Ql10wnt - ok
20:24:44.0343 3220 ql12160 - ok
20:24:44.0359 3220 ql1240 - ok
20:24:44.0390 3220 ql1280 - ok
20:24:44.0406 3220 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:24:44.0406 3220 RasAcd - ok
20:24:44.0453 3220 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:24:44.0453 3220 RasAuto - ok
20:24:44.0500 3220 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:24:44.0500 3220 Rasl2tp - ok
20:24:44.0562 3220 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:24:44.0562 3220 RasMan - ok
20:24:44.0593 3220 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:24:44.0593 3220 RasPppoe - ok
20:24:44.0625 3220 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:24:44.0625 3220 Raspti - ok
20:24:44.0687 3220 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:24:44.0687 3220 Rdbss - ok
20:24:44.0703 3220 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:24:44.0718 3220 RDPCDD - ok
20:24:44.0781 3220 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:24:44.0781 3220 rdpdr - ok
20:24:44.0875 3220 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:24:44.0875 3220 RDPWD - ok
20:24:44.0921 3220 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:24:44.0921 3220 RDSessMgr - ok
20:24:44.0968 3220 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:24:44.0968 3220 redbook - ok
20:24:45.0031 3220 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:24:45.0031 3220 RemoteAccess - ok
20:24:45.0109 3220 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:24:45.0109 3220 RemoteRegistry - ok
20:24:45.0171 3220 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:24:45.0171 3220 RpcLocator - ok
20:24:45.0218 3220 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:24:45.0218 3220 RpcSs - ok
20:24:45.0281 3220 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:24:45.0281 3220 RSVP - ok
20:24:45.0312 3220 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:24:45.0328 3220 SamSs - ok
20:24:45.0375 3220 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:24:45.0375 3220 SASDIFSV - ok
20:24:45.0406 3220 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:24:45.0406 3220 SASKUTIL - ok
20:24:45.0453 3220 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:24:45.0453 3220 SCardSvr - ok
20:24:45.0546 3220 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:24:45.0562 3220 Schedule - ok
20:24:45.0609 3220 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:24:45.0609 3220 Secdrv - ok
20:24:45.0671 3220 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:24:45.0671 3220 seclogon - ok
20:24:45.0687 3220 senfilt - ok
20:24:45.0750 3220 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:24:45.0765 3220 SENS - ok
20:24:45.0828 3220 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:24:45.0828 3220 serenum - ok
20:24:45.0890 3220 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:24:45.0890 3220 Serial - ok
20:24:45.0906 3220 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:24:45.0906 3220 Sfloppy - ok
20:24:45.0984 3220 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:24:45.0984 3220 SharedAccess - ok
20:24:46.0015 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:24:46.0015 3220 ShellHWDetection - ok
20:24:46.0031 3220 Simbad - ok
20:24:46.0093 3220 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:24:46.0093 3220 SLIP - ok
20:24:46.0093 3220 smwdm - ok
20:24:46.0140 3220 [ 262C62AA7E74E7CDC0BD8926741B6A60 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
20:24:46.0140 3220 SNDSrvc - ok
20:24:46.0187 3220 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:24:46.0187 3220 SONYPVU1 - ok
20:24:46.0203 3220 Sparrow - ok
20:24:46.0296 3220 [ C30FA11923892A4DBD1C747DB8492E8F ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:24:46.0296 3220 SPBBCDrv - ok
20:24:46.0359 3220 [ EA07435C72A8534C3A8E02D87246E546 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
20:24:46.0375 3220 SPBBCSvc - ok
20:24:46.0421 3220 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:24:46.0437 3220 splitter - ok
20:24:46.0500 3220 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:24:46.0500 3220 Spooler - ok
20:24:46.0562 3220 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:24:46.0562 3220 sr - ok
20:24:46.0640 3220 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:24:46.0640 3220 srservice - ok
20:24:46.0718 3220 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:24:46.0718 3220 Srv - ok
20:24:46.0781 3220 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:24:46.0781 3220 SSDPSRV - ok
20:24:46.0828 3220 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:24:46.0828 3220 StillCam - ok
20:24:46.0906 3220 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:24:46.0906 3220 stisvc - ok
20:24:46.0968 3220 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:24:46.0968 3220 streamip - ok
20:24:47.0015 3220 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:24:47.0015 3220 swenum - ok
20:24:47.0078 3220 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:24:47.0078 3220 swmidi - ok
20:24:47.0093 3220 SwPrv - ok
20:24:47.0125 3220 symc810 - ok
20:24:47.0140 3220 symc8xx - ok
20:24:47.0140 3220 SymEvent - ok
20:24:47.0187 3220 [ C1BBD1D20ACC5ECADCA086228AD52BDD ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
20:24:47.0187 3220 SYMREDRV - ok
20:24:47.0250 3220 [ 9BF7FDDAB95F8AABC361774DC844F755 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
20:24:47.0250 3220 SYMTDI - ok
20:24:47.0265 3220 sym_hi - ok
20:24:47.0281 3220 sym_u3 - ok
20:24:47.0343 3220 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:24:47.0343 3220 sysaudio - ok
20:24:47.0390 3220 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:24:47.0390 3220 SysmonLog - ok
20:24:47.0453 3220 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:24:47.0453 3220 TapiSrv - ok
20:24:47.0531 3220 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:24:47.0531 3220 Tcpip - ok
20:24:47.0593 3220 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:24:47.0593 3220 TDPIPE - ok
20:24:47.0640 3220 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:24:47.0640 3220 TDTCP - ok
20:24:47.0671 3220 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:24:47.0671 3220 TermDD - ok
20:24:47.0750 3220 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:24:47.0750 3220 TermService - ok
20:24:47.0781 3220 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:24:47.0796 3220 Themes - ok
20:24:47.0843 3220 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
20:24:47.0843 3220 TlntSvr - ok
20:24:47.0859 3220 TosIde - ok
20:24:47.0921 3220 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:24:47.0921 3220 TrkWks - ok
20:24:47.0968 3220 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:24:47.0968 3220 Udfs - ok
20:24:47.0984 3220 ultra - ok
20:24:48.0031 3220 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
20:24:48.0031 3220 UMWdf - ok
20:24:48.0093 3220 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:24:48.0109 3220 Update - ok
20:24:48.0171 3220 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:24:48.0171 3220 upnphost - ok
20:24:48.0203 3220 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:24:48.0203 3220 UPS - ok
20:24:48.0265 3220 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:24:48.0265 3220 usbaudio - ok
20:24:48.0281 3220 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:24:48.0296 3220 usbccgp - ok
20:24:48.0343 3220 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:24:48.0343 3220 usbehci - ok
20:24:48.0375 3220 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:24:48.0375 3220 usbhub - ok
20:24:48.0421 3220 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:24:48.0421 3220 usbprint - ok
20:24:48.0453 3220 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:24:48.0453 3220 usbscan - ok
20:24:48.0484 3220 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:24:48.0484 3220 USBSTOR - ok
20:24:48.0515 3220 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:24:48.0515 3220 usbuhci - ok
20:24:48.0578 3220 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:24:48.0578 3220 VgaSave - ok
20:24:48.0593 3220 ViaIde - ok
20:24:48.0625 3220 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:24:48.0625 3220 VolSnap - ok
20:24:48.0687 3220 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:24:48.0687 3220 VSS - ok
20:24:48.0796 3220 [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
20:24:48.0812 3220 VX3000 - ok
20:24:48.0859 3220 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:24:48.0859 3220 W32Time - ok
20:24:48.0890 3220 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:24:48.0890 3220 Wanarp - ok
20:24:48.0937 3220 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:24:48.0937 3220 wanatw - ok
20:24:48.0953 3220 WDICA - ok
20:24:49.0015 3220 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:24:49.0015 3220 wdmaud - ok
20:24:49.0093 3220 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:24:49.0109 3220 WebClient - ok
20:24:49.0187 3220 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:24:49.0203 3220 winachsf - ok
20:24:49.0328 3220 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:24:49.0328 3220 winmgmt - ok
20:24:49.0437 3220 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
20:24:49.0437 3220 WmdmPmSN - ok
20:24:49.0515 3220 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:24:49.0515 3220 Wmi - ok
20:24:49.0578 3220 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:24:49.0578 3220 WmiApSrv - ok
20:24:49.0609 3220 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:24:49.0609 3220 WS2IFSL - ok
20:24:49.0656 3220 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:24:49.0656 3220 wscsvc - ok
20:24:49.0718 3220 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:24:49.0718 3220 WSTCODEC - ok
20:24:49.0781 3220 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:24:49.0781 3220 wuauserv - ok
20:24:49.0859 3220 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:24:49.0875 3220 WZCSVC - ok
20:24:49.0906 3220 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:24:49.0921 3220 xmlprov - ok
20:24:49.0937 3220 ================ Scan global ===============================
20:24:49.0984 3220 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:24:50.0046 3220 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:24:50.0078 3220 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:24:50.0109 3220 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:24:50.0109 3220 [Global] - ok
20:24:50.0109 3220 ================ Scan MBR ==================================
20:24:50.0140 3220 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:24:50.0390 3220 \Device\Harddisk0\DR0 - ok
20:24:50.0406 3220 ================ Scan VBR ==================================
20:24:50.0406 3220 [ 5CE384B6C00AFA013D4DAEC69DB7F63F ] \Device\Harddisk0\DR0\Partition1
20:24:50.0406 3220 \Device\Harddisk0\DR0\Partition1 - ok
20:24:50.0421 3220 ============================================================
20:24:50.0421 3220 Scan finished
20:24:50.0421 3220 ============================================================
20:24:50.0437 3212 Detected object count: 0
20:24:50.0437 3212 Actual detected object count: 0
20:25:22.0203 3232 ============================================================
20:25:22.0203 3232 Scan started
20:25:22.0203 3232 Mode: Manual; 
20:25:22.0203 3232 ============================================================
20:25:22.0343 3232 ================ Scan system memory ========================
20:25:22.0343 3232 System memory - ok
20:25:22.0343 3232 ================ Scan services =============================
20:25:22.0468 3232 [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:25:22.0468 3232 !SASCORE - ok
20:25:22.0578 3232 Abiosdsk - ok
20:25:22.0593 3232 abp480n5 - ok
20:25:22.0656 3232 [ B6920AE5566C42F09DF44E70388BE78A ] ac97intc C:\WINDOWS\system32\drivers\ac97ich4.sys
20:25:22.0656 3232 ac97intc - ok
20:25:22.0734 3232 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:25:22.0734 3232 ACPI - ok
20:25:22.0765 3232 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:25:22.0781 3232 ACPIEC - ok
20:25:22.0890 3232 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:25:22.0890 3232 AdobeFlashPlayerUpdateSvc - ok
20:25:22.0906 3232 adpu160m - ok
20:25:22.0937 3232 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:25:22.0937 3232 aec - ok
20:25:23.0000 3232 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:25:23.0000 3232 AFD - ok
20:25:23.0015 3232 Aha154x - ok
20:25:23.0031 3232 aic78u2 - ok
20:25:23.0046 3232 aic78xx - ok
20:25:23.0093 3232 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:25:23.0093 3232 Alerter - ok
20:25:23.0187 3232 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
20:25:23.0187 3232 ALG - ok
20:25:23.0203 3232 AliIde - ok
20:25:23.0218 3232 amsint - ok
20:25:23.0281 3232 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:25:23.0281 3232 AppMgmt - ok
20:25:23.0296 3232 asc - ok
20:25:23.0312 3232 asc3350p - ok
20:25:23.0328 3232 asc3550 - ok
20:25:23.0375 3232 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:25:23.0375 3232 AsyncMac - ok
20:25:23.0406 3232 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:25:23.0421 3232 atapi - ok
20:25:23.0421 3232 Atdisk - ok
20:25:23.0468 3232 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:25:23.0468 3232 Atmarpc - ok
20:25:23.0531 3232 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:25:23.0531 3232 AudioSrv - ok
20:25:23.0593 3232 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:25:23.0593 3232 audstub - ok
20:25:23.0671 3232 [ B60F57B4D9CDBC663CC03EB8AF7EC34E ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:25:23.0671 3232 bcm4sbxp - ok
20:25:23.0734 3232 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:25:23.0734 3232 Beep - ok
20:25:23.0812 3232 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
20:25:23.0828 3232 BITS - ok
20:25:23.0890 3232 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
20:25:23.0890 3232 Browser - ok
20:25:24.0062 3232 catchme - ok
20:25:24.0109 3232 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:25:24.0109 3232 cbidf2k - ok
20:25:24.0140 3232 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:25:24.0156 3232 CCDECODE - ok
20:25:24.0296 3232 [ C8E9F9C289EEF55B97EE2C1D245B1AF3 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
20:25:24.0312 3232 ccEvtMgr - ok
20:25:24.0328 3232 [ C70B0215DE5CFC5681D536506EDB42DD ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
20:25:24.0328 3232 ccSetMgr - ok
20:25:24.0359 3232 cd20xrnt - ok
20:25:24.0421 3232 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:25:24.0421 3232 Cdaudio - ok
20:25:24.0484 3232 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:25:24.0484 3232 Cdfs - ok
20:25:24.0531 3232 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:25:24.0531 3232 Cdrom - ok
20:25:24.0531 3232 Changer - ok
20:25:24.0562 3232 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:25:24.0562 3232 CiSvc - ok
20:25:24.0609 3232 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:25:24.0609 3232 ClipSrv - ok
20:25:24.0625 3232 CmdIde - ok
20:25:24.0640 3232 COMSysApp - ok
20:25:24.0656 3232 Cpqarray - ok
20:25:24.0718 3232 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:25:24.0718 3232 CryptSvc - ok
20:25:24.0734 3232 dac2w2k - ok
20:25:24.0750 3232 dac960nt - ok
20:25:24.0828 3232 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:25:24.0828 3232 DcomLaunch - ok
20:25:24.0890 3232 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:25:24.0890 3232 Dhcp - ok
20:25:24.0953 3232 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:25:24.0953 3232 Disk - ok
20:25:24.0968 3232 dmadmin - ok
20:25:25.0031 3232 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:25:25.0031 3232 dmboot - ok
20:25:25.0078 3232 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys
20:25:25.0078 3232 dmio - ok
20:25:25.0125 3232 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:25:25.0125 3232 dmload - ok
20:25:25.0171 3232 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:25:25.0171 3232 dmserver - ok
20:25:25.0234 3232 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:25:25.0234 3232 DMusic - ok
20:25:25.0296 3232 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:25:25.0296 3232 Dnscache - ok
20:25:25.0343 3232 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:25:25.0343 3232 Dot3svc - ok
20:25:25.0359 3232 dpti2o - ok
20:25:25.0390 3232 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:25:25.0390 3232 drmkaud - ok
20:25:25.0453 3232 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:25:25.0453 3232 EapHost - ok
20:25:25.0531 3232 [ 8F7DBC4BE48F5388A6FE1F285E7948EF ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:25:25.0531 3232 eeCtrl - ok
20:25:25.0546 3232 EraserUtilRebootDrv - ok
20:25:25.0609 3232 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:25:25.0609 3232 ERSvc - ok
20:25:25.0687 3232 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
20:25:25.0687 3232 Eventlog - ok
20:25:25.0750 3232 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
20:25:25.0750 3232 EventSystem - ok
20:25:25.0812 3232 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:25:25.0812 3232 Fastfat - ok
20:25:25.0875 3232 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:25:25.0875 3232 FastUserSwitchingCompatibility - ok
20:25:25.0921 3232 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:25:25.0937 3232 Fdc - ok
20:25:25.0953 3232 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:25:25.0953 3232 Fips - ok
20:25:26.0015 3232 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:25:26.0015 3232 Flpydisk - ok
20:25:26.0078 3232 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:25:26.0078 3232 FltMgr - ok
20:25:26.0156 3232 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:25:26.0156 3232 Fs_Rec - ok
20:25:26.0218 3232 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:25:26.0218 3232 Ftdisk - ok
20:25:26.0265 3232 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:25:26.0265 3232 Gpc - ok
20:25:26.0375 3232 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:26.0390 3232 gupdate - ok
20:25:26.0390 3232 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:25:26.0406 3232 gupdatem - ok
20:25:26.0500 3232 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:25:26.0500 3232 helpsvc - ok
20:25:26.0515 3232 HidServ - ok
20:25:26.0562 3232 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:25:26.0562 3232 HidUsb - ok
20:25:26.0609 3232 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:25:26.0609 3232 hkmsvc - ok
20:25:26.0625 3232 hpn - ok
20:25:26.0671 3232 [ 77E4FF0B73BC0AEAAF39BF0C8104231F ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:25:26.0687 3232 HSFHWBS2 - ok
20:25:26.0734 3232 [ 60E1604729A15EF4A3B05F298427B3B1 ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:25:26.0750 3232 HSF_DP - ok
20:25:26.0828 3232 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:25:26.0828 3232 HTTP - ok
20:25:26.0890 3232 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:25:26.0890 3232 HTTPFilter - ok
20:25:26.0906 3232 i2omgmt - ok
20:25:26.0921 3232 i2omp - ok
20:25:26.0984 3232 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:25:26.0984 3232 i8042prt - ok
20:25:27.0062 3232 [ 0ACEBB31989CBF9A5663FE4A33D28D21 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:25:27.0078 3232 ialm - ok
20:25:27.0203 3232 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:25:27.0203 3232 IDriverT - ok
20:25:27.0250 3232 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:25:27.0250 3232 Imapi - ok
20:25:27.0328 3232 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:25:27.0343 3232 ImapiService - ok
20:25:27.0359 3232 ini910u - ok
20:25:27.0406 3232 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
20:25:27.0406 3232 IntelIde - ok
20:25:27.0468 3232 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:25:27.0468 3232 intelppm - ok
20:25:27.0515 3232 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:25:27.0515 3232 ip6fw - ok
20:25:27.0562 3232 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:25:27.0562 3232 IpFilterDriver - ok
20:25:27.0593 3232 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:25:27.0593 3232 IpInIp - ok
20:25:27.0656 3232 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:25:27.0656 3232 IpNat - ok
20:25:27.0734 3232 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:25:27.0734 3232 IPSec - ok
20:25:27.0765 3232 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:25:27.0765 3232 IRENUM - ok
20:25:27.0828 3232 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:25:27.0828 3232 isapnp - ok
20:25:27.0843 3232 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:25:27.0843 3232 Kbdclass - ok
20:25:27.0921 3232 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:25:27.0921 3232 kmixer - ok
20:25:27.0984 3232 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:25:27.0984 3232 KSecDD - ok
20:25:28.0046 3232 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:25:28.0046 3232 lanmanserver - ok
20:25:28.0109 3232 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:25:28.0109 3232 lanmanworkstation - ok
20:25:28.0125 3232 lbrtfdc - ok
20:25:28.0203 3232 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:25:28.0203 3232 LmHosts - ok
20:25:28.0218 3232 [ EEAEA6514BA7C9D273B5E87C4E1AAB30 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:25:28.0218 3232 mdmxsdk - ok
20:25:28.0281 3232 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:25:28.0281 3232 Messenger - ok
20:25:28.0328 3232 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:25:28.0328 3232 mnmdd - ok
20:25:28.0390 3232 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:25:28.0390 3232 mnmsrvc - ok
20:25:28.0453 3232 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:25:28.0453 3232 Modem - ok
20:25:28.0500 3232 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:25:28.0500 3232 MODEMCSA - ok
20:25:28.0546 3232 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:25:28.0546 3232 Mouclass - ok
20:25:28.0562 3232 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:25:28.0578 3232 MountMgr - ok
20:25:28.0640 3232 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
20:25:28.0640 3232 MpFilter - ok
20:25:28.0656 3232 mraid35x - ok
20:25:28.0671 3232 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:25:28.0687 3232 MRxDAV - ok
20:25:28.0765 3232 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:25:28.0765 3232 MRxSmb - ok
20:25:28.0812 3232 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:25:28.0812 3232 MSDTC - ok
20:25:28.0875 3232 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:25:28.0875 3232 Msfs - ok
20:25:28.0890 3232 MSIServer - ok
20:25:28.0921 3232 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:25:28.0921 3232 MSKSSRV - ok
20:25:29.0000 3232 MsMpSvc - ok
20:25:29.0015 3232 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:25:29.0015 3232 MSPCLOCK - ok
20:25:29.0046 3232 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:25:29.0046 3232 MSPQM - ok
20:25:29.0109 3232 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:25:29.0109 3232 mssmbios - ok
20:25:29.0140 3232 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:25:29.0140 3232 MSTEE - ok
20:25:29.0203 3232 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:25:29.0203 3232 Mup - ok
20:25:29.0250 3232 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:25:29.0250 3232 NABTSFEC - ok
20:25:29.0328 3232 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
20:25:29.0343 3232 napagent - ok
20:25:29.0437 3232 [ 862F55824AC81295837B0AB63F91071F ] NAVENG C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\naveng.sys
20:25:29.0437 3232 NAVENG - ok
20:25:29.0515 3232 [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\navex15.sys
20:25:29.0531 3232 NAVEX15 - ok
20:25:29.0578 3232 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:25:29.0578 3232 NDIS - ok
20:25:29.0625 3232 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:25:29.0625 3232 NdisIP - ok
20:25:29.0671 3232 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:25:29.0671 3232 NdisTapi - ok
20:25:29.0734 3232 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:25:29.0734 3232 Ndisuio - ok
20:25:29.0765 3232 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:25:29.0765 3232 NdisWan - ok
20:25:29.0828 3232 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:25:29.0828 3232 NDProxy - ok
20:25:29.0859 3232 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:25:29.0859 3232 NetBIOS - ok
20:25:29.0921 3232 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:25:29.0921 3232 NetBT - ok
20:25:29.0984 3232 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
20:25:29.0984 3232 NetDDE - ok
20:25:30.0000 3232 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:25:30.0000 3232 NetDDEdsdm - ok
20:25:30.0062 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
20:25:30.0062 3232 Netlogon - ok
20:25:30.0125 3232 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
20:25:30.0125 3232 Netman - ok
20:25:30.0156 3232 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
20:25:30.0156 3232 Nla - ok
20:25:30.0187 3232 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:25:30.0187 3232 Npfs - ok
20:25:30.0265 3232 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:25:30.0265 3232 Ntfs - ok
20:25:30.0296 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:25:30.0296 3232 NtLmSsp - ok
20:25:30.0359 3232 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:25:30.0359 3232 NtmsSvc - ok
20:25:30.0375 3232 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:25:30.0375 3232 Null - ok
20:25:30.0437 3232 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:25:30.0437 3232 NwlnkFlt - ok
20:25:30.0468 3232 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:25:30.0468 3232 NwlnkFwd - ok
20:25:30.0531 3232 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:25:30.0531 3232 Parport - ok
20:25:30.0609 3232 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:25:30.0609 3232 PartMgr - ok
20:25:30.0671 3232 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:25:30.0671 3232 ParVdm - ok
20:25:30.0734 3232 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:25:30.0734 3232 PCI - ok
20:25:30.0750 3232 PCIDump - ok
20:25:30.0812 3232 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:25:30.0812 3232 PCIIde - ok
20:25:30.0875 3232 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:25:30.0875 3232 Pcmcia - ok
20:25:30.0890 3232 PDCOMP - ok
20:25:30.0906 3232 PDFRAME - ok
20:25:30.0921 3232 PDRELI - ok
20:25:30.0937 3232 PDRFRAME - ok
20:25:30.0953 3232 perc2 - ok
20:25:30.0968 3232 perc2hib - ok
20:25:31.0234 3232 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
20:25:31.0234 3232 PEVSystemStart - ok
20:25:31.0281 3232 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
20:25:31.0281 3232 PlugPlay - ok
20:25:31.0296 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:25:31.0328 3232 PolicyAgent - ok
20:25:31.0375 3232 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:25:31.0390 3232 PptpMiniport - ok
20:25:31.0406 3232 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:25:31.0406 3232 Processor - ok
20:25:31.0421 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:25:31.0421 3232 ProtectedStorage - ok
20:25:31.0437 3232 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:25:31.0453 3232 PSched - ok
20:25:31.0515 3232 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:25:31.0515 3232 Ptilink - ok
20:25:31.0531 3232 ql1080 - ok
20:25:31.0546 3232 Ql10wnt - ok
20:25:31.0562 3232 ql12160 - ok
20:25:31.0578 3232 ql1240 - ok
20:25:31.0593 3232 ql1280 - ok
20:25:31.0625 3232 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:25:31.0625 3232 RasAcd - ok
20:25:31.0671 3232 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:25:31.0671 3232 RasAuto - ok
20:25:31.0718 3232 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:25:31.0718 3232 Rasl2tp - ok
20:25:31.0781 3232 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:25:31.0781 3232 RasMan - ok
20:25:31.0812 3232 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:25:31.0812 3232 RasPppoe - ok
20:25:31.0859 3232 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:25:31.0859 3232 Raspti - ok
20:25:31.0906 3232 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:25:31.0906 3232 Rdbss - ok
20:25:31.0921 3232 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:25:31.0921 3232 RDPCDD - ok
20:25:31.0968 3232 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:25:31.0968 3232 rdpdr - ok
20:25:32.0046 3232 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:25:32.0046 3232 RDPWD - ok
20:25:32.0109 3232 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:25:32.0109 3232 RDSessMgr - ok
20:25:32.0156 3232 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:25:32.0156 3232 redbook - ok
20:25:32.0218 3232 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:25:32.0218 3232 RemoteAccess - ok
20:25:32.0281 3232 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:25:32.0281 3232 RemoteRegistry - ok
20:25:32.0343 3232 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
20:25:32.0359 3232 RpcLocator - ok
20:25:32.0421 3232 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:25:32.0421 3232 RpcSs - ok
20:25:32.0484 3232 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:25:32.0484 3232 RSVP - ok
20:25:32.0531 3232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
20:25:32.0531 3232 SamSs - ok
20:25:32.0593 3232 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:25:32.0593 3232 SASDIFSV - ok
20:25:32.0625 3232 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:25:32.0625 3232 SASKUTIL - ok
20:25:32.0656 3232 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:25:32.0671 3232 SCardSvr - ok
20:25:32.0718 3232 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:25:32.0734 3232 Schedule - ok
20:25:32.0781 3232 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:25:32.0781 3232 Secdrv - ok
20:25:32.0843 3232 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:25:32.0843 3232 seclogon - ok
20:25:32.0859 3232 senfilt - ok
20:25:32.0921 3232 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
20:25:32.0921 3232 SENS - ok
20:25:32.0984 3232 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:25:32.0984 3232 serenum - ok
20:25:33.0046 3232 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:25:33.0046 3232 Serial - ok
20:25:33.0078 3232 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:25:33.0078 3232 Sfloppy - ok
20:25:33.0140 3232 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:25:33.0156 3232 SharedAccess - ok
20:25:33.0187 3232 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:25:33.0187 3232 ShellHWDetection - ok
20:25:33.0203 3232 Simbad - ok
20:25:33.0250 3232 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:25:33.0250 3232 SLIP - ok
20:25:33.0265 3232 smwdm - ok
20:25:33.0312 3232 [ 262C62AA7E74E7CDC0BD8926741B6A60 ] SNDSrvc C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
20:25:33.0312 3232 SNDSrvc - ok
20:25:33.0359 3232 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:25:33.0359 3232 SONYPVU1 - ok
20:25:33.0375 3232 Sparrow - ok
20:25:33.0421 3232 [ C30FA11923892A4DBD1C747DB8492E8F ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:25:33.0421 3232 SPBBCDrv - ok
20:25:33.0484 3232 [ EA07435C72A8534C3A8E02D87246E546 ] SPBBCSvc C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
20:25:33.0500 3232 SPBBCSvc - ok
20:25:33.0546 3232 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:25:33.0562 3232 splitter - ok
20:25:33.0625 3232 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:25:33.0625 3232 Spooler - ok
20:25:33.0687 3232 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:25:33.0687 3232 sr - ok
20:25:33.0750 3232 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
20:25:33.0750 3232 srservice - ok
20:25:33.0828 3232 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:25:33.0843 3232 Srv - ok
20:25:33.0906 3232 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:25:33.0906 3232 SSDPSRV - ok
20:25:33.0953 3232 [ A9573045BAA16EAB9B1085205B82F1ED ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
20:25:33.0953 3232 StillCam - ok
20:25:34.0031 3232 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:25:34.0031 3232 stisvc - ok
20:25:34.0093 3232 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:25:34.0093 3232 streamip - ok
20:25:34.0140 3232 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:25:34.0140 3232 swenum - ok
20:25:34.0203 3232 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:25:34.0203 3232 swmidi - ok
20:25:34.0218 3232 SwPrv - ok
20:25:34.0234 3232 symc810 - ok
20:25:34.0250 3232 symc8xx - ok
20:25:34.0265 3232 SymEvent - ok
20:25:34.0296 3232 [ C1BBD1D20ACC5ECADCA086228AD52BDD ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
20:25:34.0296 3232 SYMREDRV - ok
20:25:34.0359 3232 [ 9BF7FDDAB95F8AABC361774DC844F755 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS
20:25:34.0359 3232 SYMTDI - ok
20:25:34.0375 3232 sym_hi - ok
20:25:34.0390 3232 sym_u3 - ok
20:25:34.0468 3232 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:25:34.0468 3232 sysaudio - ok
20:25:34.0515 3232 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:25:34.0515 3232 SysmonLog - ok
20:25:34.0578 3232 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:25:34.0578 3232 TapiSrv - ok
20:25:34.0656 3232 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:25:34.0656 3232 Tcpip - ok
20:25:34.0718 3232 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:25:34.0718 3232 TDPIPE - ok
20:25:34.0765 3232 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:25:34.0765 3232 TDTCP - ok
20:25:34.0796 3232 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:25:34.0796 3232 TermDD - ok
20:25:34.0875 3232 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
20:25:34.0875 3232 TermService - ok
20:25:34.0906 3232 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
20:25:34.0906 3232 Themes - ok
20:25:34.0968 3232 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
20:25:34.0968 3232 TlntSvr - ok
20:25:34.0984 3232 TosIde - ok
20:25:35.0031 3232 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:25:35.0031 3232 TrkWks - ok
20:25:35.0093 3232 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:25:35.0093 3232 Udfs - ok
20:25:35.0109 3232 ultra - ok
20:25:35.0156 3232 [ C81B8635DEE0D3EF5F64B3DD643023A5 ] UMWdf C:\WINDOWS\System32\wdfmgr.exe
20:25:35.0156 3232 UMWdf - ok
20:25:35.0218 3232 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:25:35.0234 3232 Update - ok
20:25:35.0296 3232 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:25:35.0312 3232 upnphost - ok
20:25:35.0343 3232 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
20:25:35.0343 3232 UPS - ok
20:25:35.0390 3232 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
20:25:35.0390 3232 usbaudio - ok
20:25:35.0406 3232 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:25:35.0406 3232 usbccgp - ok
20:25:35.0468 3232 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:25:35.0468 3232 usbehci - ok
20:25:35.0531 3232 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:25:35.0531 3232 usbhub - ok
20:25:35.0578 3232 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:25:35.0578 3232 usbprint - ok
20:25:35.0593 3232 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:25:35.0593 3232 usbscan - ok
20:25:35.0609 3232 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:25:35.0609 3232 USBSTOR - ok
20:25:35.0656 3232 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:25:35.0656 3232 usbuhci - ok
20:25:35.0718 3232 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:25:35.0718 3232 VgaSave - ok
20:25:35.0734 3232 ViaIde - ok
20:25:35.0750 3232 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:25:35.0750 3232 VolSnap - ok
20:25:35.0812 3232 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
20:25:35.0812 3232 VSS - ok
20:25:35.0921 3232 [ 13ACFED0E6ADCA97440169DFD127EBCF ] VX3000 C:\WINDOWS\system32\DRIVERS\VX3000.sys
20:25:35.0937 3232 VX3000 - ok
20:25:35.0984 3232 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
20:25:35.0984 3232 W32Time - ok
20:25:36.0015 3232 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:25:36.0015 3232 Wanarp - ok
20:25:36.0062 3232 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
20:25:36.0062 3232 wanatw - ok
20:25:36.0078 3232 WDICA - ok
20:25:36.0140 3232 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:25:36.0140 3232 wdmaud - ok
20:25:36.0218 3232 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:25:36.0218 3232 WebClient - ok
20:25:36.0312 3232 [ F59ED5A43B988A18EF582BB07B2327A7 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:25:36.0328 3232 winachsf - ok
20:25:36.0453 3232 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:25:36.0453 3232 winmgmt - ok
20:25:36.0562 3232 [ A477391B7A8B0A0DAABADB17CF533A4B ] WmdmPmSN C:\WINDOWS\System32\mspmsnsv.dll
20:25:36.0562 3232 WmdmPmSN - ok
20:25:36.0640 3232 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:25:36.0640 3232 Wmi - ok
20:25:36.0703 3232 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:25:36.0703 3232 WmiApSrv - ok
20:25:36.0750 3232 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:25:36.0750 3232 WS2IFSL - ok
20:25:36.0796 3232 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:25:36.0812 3232 wscsvc - ok
20:25:36.0859 3232 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:25:36.0859 3232 WSTCODEC - ok
20:25:36.0906 3232 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:25:36.0921 3232 wuauserv - ok
20:25:37.0000 3232 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:25:37.0000 3232 WZCSVC - ok
20:25:37.0046 3232 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:25:37.0062 3232 xmlprov - ok
20:25:37.0078 3232 ================ Scan global ===============================
20:25:37.0125 3232 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
20:25:37.0187 3232 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:25:37.0218 3232 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
20:25:37.0250 3232 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
20:25:37.0250 3232 [Global] - ok
20:25:37.0250 3232 ================ Scan MBR ==================================
20:25:37.0281 3232 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
20:25:37.0546 3232 \Device\Harddisk0\DR0 - ok
20:25:37.0546 3232 ================ Scan VBR ==================================
20:25:37.0562 3232 [ 5CE384B6C00AFA013D4DAEC69DB7F63F ] \Device\Harddisk0\DR0\Partition1
20:25:37.0562 3232 \Device\Harddisk0\DR0\Partition1 - ok
20:25:37.0562 3232 ============================================================
20:25:37.0562 3232 Scan finished
20:25:37.0562 3232 ============================================================
20:25:37.0593 3224 Detected object count: 0
20:25:37.0593 3224 Actual detected object count: 0


----------



## Cookiegal (Aug 27, 2003)

I will have another fix for you but will have to work on preparing it and will post it tomorrow.


----------



## mculls (Apr 30, 2007)

ok cheers


----------



## Cookiegal (Aug 27, 2003)

Before I post the fix I noticed something I didn't see yesterday and that is that you ran FRST from your Temporary Internet Files so you didn't save it on the desktop as instructed. This may affect how it works (or doesn't work).

However, rather than moving it (it may be impossible to find it there anyway), I believe there's a new version out so please redownload FRST and save it to your desktop. This is very important. Then run the scan again as you did the first time and post the new logs please.


----------



## mculls (Apr 30, 2007)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by thomas cozier (administrator) on 02-07-2013 10:18:29
Running from C:\Documents and Settings\thomas cozier\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VX3000] C:\WINDOWS\vVX3000.exe [709992 2007-04-10] (Microsoft Corporation)
HKLM\...\Run: [RegistryUpdate] [x]
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-14] (SUPERAntiSpyware.com)
HKCU\...\Policies\system: [disableregistrytools] 0
HKU\Owner\...\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background [ 2008-04-13] (Microsoft Corporation)
HKU\Owner\...\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [x]
HKU\Owner\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime [x]
HKU\Owner\...\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [x]
Lsa: [Notification Packages] scecli scecli scecli scecli scecli
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default
FF Homepage: hxxp://www.zerourl.com/en/index.php?rvs=hompag
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Extension: No Name - C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-10-04] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [177776 2005-10-04] (Symantec Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S2 PEVSystemStart; C:\ComboFix\pev.3XE [256000 2011-06-26] ()
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S3 SNDSrvc; "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97ich4.sys [107776 2002-04-15] (Intel Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-09-15] (Symantec Corporation)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [24720 2005-10-19] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [195728 2005-10-19] (Symantec Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys [x]
S3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\naveng.sys [x]
S3 NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\navex15.sys [x]
S3 senfilt; system32\drivers\senfilt.sys [x]
S3 smwdm; system32\drivers\smwdm.sys [x]
S3 SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [x]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-02 10:16 - 2013-07-02 10:16 - 01372429 ____A (Farbar) C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
2013-07-01 20:00 - 2013-07-01 20:01 - 00065536 ____A C:\Windows\Minidump\Mini070113-01.dmp
2013-07-01 20:00 - 2013-07-01 20:00 - 00000000 ____D C:\Windows\Minidump
2013-07-01 19:12 - 2013-07-01 19:12 - 00000000 RASHD C:\cmdcons
2013-07-01 19:12 - 2012-09-24 15:35 - 00000211 ____A C:\Boot.bak
2013-07-01 19:12 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr
2013-07-01 19:06 - 2013-07-01 20:01 - 00000000 ___SD C:\ComboFix
2013-07-01 17:11 - 2013-07-01 17:11 - 00000088 ____A C:\Windows\Reimage.ini
2013-07-01 16:54 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-01 16:54 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-01 16:54 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-01 16:49 - 2013-07-01 18:38 - 00000000 ____D C:\Documents and Settings\thomas cozier\Local Settings\Application Data\LogMeIn Rescue Applet
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\PC Utility Kit
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\DriverCure
2013-07-01 16:41 - 2013-07-01 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Utility Kit
2013-07-01 14:09 - 2013-07-01 14:09 - 00012383 ____A C:\Documents and Settings\thomas cozier\Desktop\attach.txt
2013-07-01 14:09 - 2013-07-01 14:09 - 00006340 ____A C:\Documents and Settings\thomas cozier\Desktop\dds.txt
2013-07-01 13:45 - 2013-07-01 16:53 - 00000000 ____D C:\Qoobox
2013-07-01 13:45 - 2013-07-01 13:45 - 00000000 ____D C:\Windows\erdnt
2013-07-01 13:41 - 2013-07-01 13:41 - 05084517 ____R (Swearware) C:\Documents and Settings\thomas cozier\Desktop\ComboFix.exe
2013-07-01 13:01 - 2013-07-01 13:01 - 00000000 ____D C:\FRST
2013-07-01 12:03 - 2013-07-01 12:54 - 00002463 ____A C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
2013-07-01 12:03 - 2013-07-01 12:03 - 00000000 ____D C:\Program Files\Trend Micro
2013-07-01 12:00 - 2013-07-01 12:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2013-06-29 17:32 - 2013-06-29 17:32 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-28 10:58 - 2013-07-01 08:00 - 00000120 ____A C:\Windows\setupact.log
2013-06-28 10:58 - 2013-06-28 10:58 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 12:06 - 2013-06-25 12:06 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-22 11:43 - 2013-06-22 11:43 - 00000000 __SHD C:\Windows\CSC
2013-06-18 09:56 - 2013-06-18 10:08 - 00000000 ____D C:\Documents and Settings\thomas cozier\My Documents\Elise_M
2013-06-12 12:04 - 2013-06-25 12:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$

==================== One Month Modified Files and Folders ========

2013-07-02 10:16 - 2013-07-02 10:16 - 01372429 ____A (Farbar) C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
2013-07-02 09:55 - 2013-01-10 19:18 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 09:31 - 2012-04-22 09:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 09:07 - 2006-01-12 16:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-02 08:14 - 2013-01-10 19:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 08:14 - 2013-01-06 14:18 - 00000282 ____A C:\Windows\Tasks\Go for FilesUpdate.job
2013-07-02 08:14 - 2007-09-27 17:54 - 00000062 __ASH C:\Documents and Settings\thomas cozier\Local Settings\desktop.ini
2013-07-02 08:14 - 2003-07-16 16:53 - 00002444 ____A C:\Windows\System32\wpa.dbl
2013-07-02 00:20 - 2013-03-31 10:51 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
2013-07-02 00:05 - 2007-09-27 17:54 - 00000178 ___SH C:\Documents and Settings\thomas cozier\ntuser.ini
2013-07-01 20:10 - 2006-01-11 11:52 - 01851596 ____A C:\Windows\WindowsUpdate.log
2013-07-01 20:01 - 2013-07-01 20:00 - 00065536 ____A C:\Windows\Minidump\Mini070113-01.dmp
2013-07-01 20:01 - 2013-07-01 19:06 - 00000000 ___SD C:\ComboFix
2013-07-01 20:01 - 2006-01-10 10:47 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-07-01 20:01 - 2006-01-10 10:47 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-07-01 20:01 - 2006-01-10 10:41 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-01 20:01 - 2006-01-10 05:36 - 00000159 ____A C:\Windows\wiadebug.log
2013-07-01 20:01 - 2006-01-10 05:36 - 00000048 ____A C:\Windows\wiaservc.log
2013-07-01 20:00 - 2013-07-01 20:00 - 00000000 ____D C:\Windows\Minidump
2013-07-01 20:00 - 2006-01-10 05:24 - 534872064 ____A C:\Windows\MEMORY.DMP
2013-07-01 19:12 - 2013-07-01 19:12 - 00000000 RASHD C:\cmdcons
2013-07-01 19:12 - 2006-01-10 05:32 - 00000327 _RASH C:\boot.ini
2013-07-01 18:38 - 2013-07-01 16:49 - 00000000 ____D C:\Documents and Settings\thomas cozier\Local Settings\Application Data\LogMeIn Rescue Applet
2013-07-01 17:11 - 2013-07-01 17:11 - 00000088 ____A C:\Windows\Reimage.ini
2013-07-01 17:03 - 2013-07-01 16:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Utility Kit
2013-07-01 16:54 - 2006-01-10 10:47 - 00032498 ____A C:\Windows\SchedLgU.Txt
2013-07-01 16:53 - 2013-07-01 13:45 - 00000000 ____D C:\Qoobox
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\PC Utility Kit
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\DriverCure
2013-07-01 14:09 - 2013-07-01 14:09 - 00012383 ____A C:\Documents and Settings\thomas cozier\Desktop\attach.txt
2013-07-01 14:09 - 2013-07-01 14:09 - 00006340 ____A C:\Documents and Settings\thomas cozier\Desktop\dds.txt
2013-07-01 13:45 - 2013-07-01 13:45 - 00000000 ____D C:\Windows\erdnt
2013-07-01 13:41 - 2013-07-01 13:41 - 05084517 ____R (Swearware) C:\Documents and Settings\thomas cozier\Desktop\ComboFix.exe
2013-07-01 13:01 - 2013-07-01 13:01 - 00000000 ____D C:\FRST
2013-07-01 12:54 - 2013-07-01 12:03 - 00002463 ____A C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
2013-07-01 12:03 - 2013-07-01 12:03 - 00000000 ____D C:\Program Files\Trend Micro
2013-07-01 12:00 - 2013-07-01 12:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2013-07-01 08:00 - 2013-06-28 10:58 - 00000120 ____A C:\Windows\setupact.log
2013-06-30 16:54 - 2012-05-28 15:15 - 00001954 ____A C:\Windows\epplauncher.mif
2013-06-29 17:32 - 2013-06-29 17:32 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-29 16:38 - 2011-10-25 13:13 - 00000000 __HDC C:\Windows\$NtUninstallKB974112_0$
2013-06-28 10:58 - 2013-06-28 10:58 - 00000000 ____A C:\Windows\setuperr.log
2013-06-27 13:05 - 2006-01-10 05:24 - 00000000 ____D C:\Windows\Cursors
2013-06-26 12:41 - 2008-07-05 18:38 - 00000000 __SHD C:\Documents and Settings\thomas cozier\UserData
2013-06-25 12:22 - 2006-01-10 05:33 - 00201736 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-25 12:06 - 2013-06-25 12:06 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-06-25 12:06 - 2013-06-12 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-25 12:02 - 2013-05-14 21:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-25 12:01 - 2013-05-14 21:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-23 01:43 - 2013-03-27 12:49 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-06-22 12:31 - 2012-04-22 09:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-22 12:31 - 2011-10-04 12:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-22 11:48 - 2006-01-10 10:38 - 00000000 ____D C:\Windows\Registration
2013-06-22 11:43 - 2013-06-22 11:43 - 00000000 __SHD C:\Windows\CSC
2013-06-18 10:08 - 2013-06-18 09:56 - 00000000 ____D C:\Documents and Settings\thomas cozier\My Documents\Elise_M
2013-06-02 17:21 - 2006-01-11 12:45 - 73381792 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Microsoft Security Client\MsMpEng.exe => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== End Of Log ============================


----------



## mculls (Apr 30, 2007)

FRST didn't give me the 2nd log this time


----------



## Cookiegal (Aug 27, 2003)

Did you install all of these things intentionally since the last run?

2013-07-01 16:49 - 2013-07-01 18:38 - 00000000 ____D C:\Documents and Settings\thomas cozier\Local Settings\Application Data\LogMeIn Rescue Applet
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\PC Utility Kit
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\DriverCure
2013-07-01 16:41 - 2013-07-01 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Utility Kit

And if so why?


----------



## Cookiegal (Aug 27, 2003)

Also, did ComboFix create a log? If so, it would be at C:\combofix.txt


----------



## mculls (Apr 30, 2007)

not intentional--accidentally loaded pc utility kit when attempting to remove norton, had norton rep on remote which i terminated


----------



## mculls (Apr 30, 2007)

Cookiegal said:


> Also, did ComboFix create a log? If so, it would be at C:\combofix.txt


can't find a log for it-don't think it finished running


----------



## Cookiegal (Aug 27, 2003)

It looks like ComboFix did remove part of the infection even if it didn't complete.

Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## mculls (Apr 30, 2007)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-07-2013
Ran by thomas cozier at 2013-07-02 11:46:12 Run:1
Running from C:\Documents and Settings\thomas cozier\Desktop
Boot Mode: Normal

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryUpdate => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Value deleted successfully.
HKCR\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0} => Key not found.
Firefox homepage deleted successfully.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\LegitLib.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SqmApi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.


The system needs a manual reboot. 

==== End of Fixlog ====


----------



## mculls (Apr 30, 2007)

I restarted computer-do I need to run FRST again?


----------



## Cookiegal (Aug 27, 2003)

Yes, please do that and post the new log.


----------



## mculls (Apr 30, 2007)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by thomas cozier (administrator) on 02-07-2013 12:45:15
Running from C:\Documents and Settings\thomas cozier\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(Microsoft Corporation) C:\WINDOWS\vVX3000.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VX3000] C:\WINDOWS\vVX3000.exe [709992 2007-04-10] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4760816 2013-05-14] (SUPERAntiSpyware.com)
HKCU\...\Policies\system: [disableregistrytools] 0
HKU\Owner\...\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background [ 2008-04-13] (Microsoft Corporation)
HKU\Owner\...\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [x]
HKU\Owner\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\bak\qttask.exe" -atboottime [x]
HKU\Owner\...\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [x]
Lsa: [Notification Packages] scecli scecli scecli scecli scecli
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Extension: No Name - C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-10-04] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [177776 2005-10-04] (Symantec Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S2 PEVSystemStart; C:\ComboFix\pev.3XE [256000 2011-06-26] ()
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S3 SNDSrvc; "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 ac97intc; C:\Windows\System32\drivers\ac97ich4.sys [107776 2002-04-15] (Intel Corporation)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-09-15] (Symantec Corporation)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [737874 2004-08-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [24720 2005-10-19] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [195728 2005-10-19] (Symantec Corporation)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys [x]
S3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\naveng.sys [x]
S3 NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110917.007\navex15.sys [x]
S3 senfilt; system32\drivers\senfilt.sys [x]
S3 smwdm; system32\drivers\smwdm.sys [x]
S3 SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [x]
U3 Winsock - Google Desktop Search Backup Before First Install; No ImagePath
U3 Winsock - Google Desktop Search Backup Before Last Install; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-02 10:16 - 2013-07-02 10:16 - 01372429 ____A (Farbar) C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
2013-07-01 20:00 - 2013-07-01 20:01 - 00065536 ____A C:\Windows\Minidump\Mini070113-01.dmp
2013-07-01 20:00 - 2013-07-01 20:00 - 00000000 ____D C:\Windows\Minidump
2013-07-01 19:12 - 2013-07-01 19:12 - 00000000 RASHD C:\cmdcons
2013-07-01 19:12 - 2012-09-24 15:35 - 00000211 ____A C:\Boot.bak
2013-07-01 19:12 - 2004-08-03 23:00 - 00260272 _RASH C:\cmldr
2013-07-01 19:06 - 2013-07-01 20:01 - 00000000 ___SD C:\ComboFix
2013-07-01 17:11 - 2013-07-01 17:11 - 00000088 ____A C:\Windows\Reimage.ini
2013-07-01 16:54 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-07-01 16:54 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-07-01 16:54 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-07-01 16:54 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-07-01 16:49 - 2013-07-01 18:38 - 00000000 ____D C:\Documents and Settings\thomas cozier\Local Settings\Application Data\LogMeIn Rescue Applet
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\PC Utility Kit
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\DriverCure
2013-07-01 16:41 - 2013-07-01 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Utility Kit
2013-07-01 14:09 - 2013-07-01 14:09 - 00006340 ____A C:\Documents and Settings\thomas cozier\Desktop\dds.txt
2013-07-01 13:45 - 2013-07-01 16:53 - 00000000 ____D C:\Qoobox
2013-07-01 13:45 - 2013-07-01 13:45 - 00000000 ____D C:\Windows\erdnt
2013-07-01 13:41 - 2013-07-01 13:41 - 05084517 ____R (Swearware) C:\Documents and Settings\thomas cozier\Desktop\ComboFix.exe
2013-07-01 13:01 - 2013-07-02 11:46 - 00000000 ____D C:\FRST
2013-07-01 12:03 - 2013-07-01 12:54 - 00002463 ____A C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
2013-07-01 12:03 - 2013-07-01 12:03 - 00000000 ____D C:\Program Files\Trend Micro
2013-07-01 12:00 - 2013-07-01 12:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2013-06-29 17:32 - 2013-06-29 17:32 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-28 10:58 - 2013-07-01 08:00 - 00000120 ____A C:\Windows\setupact.log
2013-06-28 10:58 - 2013-06-28 10:58 - 00000000 ____A C:\Windows\setuperr.log
2013-06-25 12:06 - 2013-06-25 12:06 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-22 11:43 - 2013-06-22 11:43 - 00000000 __SHD C:\Windows\CSC
2013-06-18 09:56 - 2013-06-18 10:08 - 00000000 ____D C:\Documents and Settings\thomas cozier\My Documents\Elise_M
2013-06-12 12:04 - 2013-06-25 12:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$

==================== One Month Modified Files and Folders ========

2013-07-02 12:43 - 2013-03-31 10:51 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job
2013-07-02 12:31 - 2012-04-22 09:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 12:05 - 2006-01-11 11:52 - 01883238 ____A C:\Windows\WindowsUpdate.log
2013-07-02 12:00 - 2013-03-27 12:49 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job
2013-07-02 11:55 - 2013-01-10 19:18 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 11:55 - 2013-01-10 19:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 11:51 - 2013-01-06 14:18 - 00000282 ____A C:\Windows\Tasks\Go for FilesUpdate.job
2013-07-02 11:51 - 2007-09-27 17:54 - 00000062 __ASH C:\Documents and Settings\thomas cozier\Local Settings\desktop.ini
2013-07-02 11:51 - 2006-01-10 05:36 - 00000157 ____A C:\Windows\wiadebug.log
2013-07-02 11:51 - 2006-01-10 05:36 - 00000048 ____A C:\Windows\wiaservc.log
2013-07-02 11:51 - 2003-07-16 16:53 - 00002444 ____A C:\Windows\System32\wpa.dbl
2013-07-02 11:50 - 2006-01-10 10:47 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-07-02 11:50 - 2006-01-10 10:47 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-07-02 11:50 - 2006-01-10 10:41 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 11:49 - 2007-09-27 17:54 - 00000178 ___SH C:\Documents and Settings\thomas cozier\ntuser.ini
2013-07-02 11:49 - 2006-01-10 10:47 - 00032498 ____A C:\Windows\SchedLgU.Txt
2013-07-02 11:46 - 2013-07-01 13:01 - 00000000 ____D C:\FRST
2013-07-02 10:16 - 2013-07-02 10:16 - 01372429 ____A (Farbar) C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
2013-07-02 09:07 - 2006-01-12 16:42 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-01 20:01 - 2013-07-01 20:00 - 00065536 ____A C:\Windows\Minidump\Mini070113-01.dmp
2013-07-01 20:01 - 2013-07-01 19:06 - 00000000 ___SD C:\ComboFix
2013-07-01 20:00 - 2013-07-01 20:00 - 00000000 ____D C:\Windows\Minidump
2013-07-01 20:00 - 2006-01-10 05:24 - 534872064 ____A C:\Windows\MEMORY.DMP
2013-07-01 19:12 - 2013-07-01 19:12 - 00000000 RASHD C:\cmdcons
2013-07-01 19:12 - 2006-01-10 05:32 - 00000327 _RASH C:\boot.ini
2013-07-01 18:38 - 2013-07-01 16:49 - 00000000 ____D C:\Documents and Settings\thomas cozier\Local Settings\Application Data\LogMeIn Rescue Applet
2013-07-01 17:11 - 2013-07-01 17:11 - 00000088 ____A C:\Windows\Reimage.ini
2013-07-01 17:03 - 2013-07-01 16:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PC Utility Kit
2013-07-01 16:53 - 2013-07-01 13:45 - 00000000 ____D C:\Qoobox
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\PC Utility Kit
2013-07-01 16:43 - 2013-07-01 16:43 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\DriverCure
2013-07-01 14:09 - 2013-07-01 14:09 - 00006340 ____A C:\Documents and Settings\thomas cozier\Desktop\dds.txt
2013-07-01 13:45 - 2013-07-01 13:45 - 00000000 ____D C:\Windows\erdnt
2013-07-01 13:41 - 2013-07-01 13:41 - 05084517 ____R (Swearware) C:\Documents and Settings\thomas cozier\Desktop\ComboFix.exe
2013-07-01 12:54 - 2013-07-01 12:03 - 00002463 ____A C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
2013-07-01 12:03 - 2013-07-01 12:03 - 00000000 ____D C:\Program Files\Trend Micro
2013-07-01 12:00 - 2013-07-01 12:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\APN
2013-07-01 08:00 - 2013-06-28 10:58 - 00000120 ____A C:\Windows\setupact.log
2013-06-30 16:54 - 2012-05-28 15:15 - 00001954 ____A C:\Windows\epplauncher.mif
2013-06-29 17:32 - 2013-06-29 17:32 - 00001678 ____A C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
2013-06-29 17:32 - 2013-06-29 17:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-29 16:38 - 2011-10-25 13:13 - 00000000 __HDC C:\Windows\$NtUninstallKB974112_0$
2013-06-28 10:58 - 2013-06-28 10:58 - 00000000 ____A C:\Windows\setuperr.log
2013-06-27 13:05 - 2006-01-10 05:24 - 00000000 ____D C:\Windows\Cursors
2013-06-26 12:41 - 2008-07-05 18:38 - 00000000 __SHD C:\Documents and Settings\thomas cozier\UserData
2013-06-25 12:22 - 2006-01-10 05:33 - 00201736 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-25 12:06 - 2013-06-25 12:06 - 00000206 ____A C:\Windows\System32\MRT.INI
2013-06-25 12:06 - 2013-06-12 12:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2839229$
2013-06-25 12:02 - 2013-05-14 21:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-06-25 12:01 - 2013-05-14 21:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-06-22 12:31 - 2012-04-22 09:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-22 12:31 - 2011-10-04 12:22 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-06-22 11:48 - 2013-06-22 11:48 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-06-22 11:48 - 2006-01-10 10:38 - 00000000 ____D C:\Windows\Registration
2013-06-22 11:43 - 2013-06-22 11:43 - 00000000 __SHD C:\Windows\CSC
2013-06-18 10:08 - 2013-06-18 09:56 - 00000000 ____D C:\Documents and Settings\thomas cozier\My Documents\Elise_M
2013-06-02 17:21 - 2006-01-11 12:45 - 73381792 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Very good.

Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished a log will be produced. Please copy and paste the log into your next reply.


----------



## mculls (Apr 30, 2007)

# AdwCleaner v2.303 - Logfile created 07/02/2013 at 13:25:20
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : thomas cozier - KEVIN-2C3RRQUXO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\thomas cozier\Application Data\DriverCure
Folder Found : C:\Documents and Settings\thomas cozier\Application Data\Media Finder
Folder Found : C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Found : C:\Documents and Settings\thomas cozier\Application Data\Viewpoint
Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v2.0.0.10 (en-US)

File : C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3595 octets] - [02/07/2013 13:25:20]

########## EOF - C:\AdwCleaner[R1].txt - [3655 octets] ##########


----------



## Cookiegal (Aug 27, 2003)

Please run AdwCleaner again and this time select the "delete" option and post the resulting log.


----------



## mculls (Apr 30, 2007)

# AdwCleaner v2.303 - Logfile created 07/02/2013 at 14:01:43
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : thomas cozier - KEVIN-2C3RRQUXO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\thomas cozier\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\thomas cozier\Application Data\Media Finder
Folder Deleted : C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Deleted : C:\Documents and Settings\thomas cozier\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702


----------



## Cookiegal (Aug 27, 2003)

That removed a lot of junk so we'll see if this one finds any more.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


----------



## Cookiegal (Aug 27, 2003)

Since that tool says to disable security programs can you try running the Norton Removal Tool now and see if you can before running Junkware?


----------



## mculls (Apr 30, 2007)

downloaded and saved NRT to desktop ran---however, the following programs were found---Symantec antivirus 9 or later---These must be removed thru "add/remove programs" before Norton removal Tool can proceed


----------



## Cookiegal (Aug 27, 2003)

Yes, please see my last post just above yours. I take it you meant before JRT can proceed.


----------



## mculls (Apr 30, 2007)

should I run JRT even though that symantec antivirus is still there?


----------



## Cookiegal (Aug 27, 2003)

Did you try to run the Symantec Removal tool again?


----------



## mculls (Apr 30, 2007)

yes, thats where I got the symantec antivirus 9 message


----------



## Cookiegal (Aug 27, 2003)

It looks like that's a corporate version. Is this a company computer?


----------



## mculls (Apr 30, 2007)

no--someone gave it to me three years ago-believe it was personal computer


----------



## Cookiegal (Aug 27, 2003)

Well it looks like they installed a corporate version on it and the consumer removal tool doesn't work on that.


----------



## mculls (Apr 30, 2007)

Should I run JRT?


----------



## Cookiegal (Aug 27, 2003)

We still need to run ComboFix but you may have to contact Symantec for assistance with removal of that corporate product. I see you have Revo Uninstaller so you could try that but the Symantec program may require a password to uninstall it.


----------



## Cookiegal (Aug 27, 2003)

mculls said:


> Should I run JRT?


I'd hold off on that for now.


----------



## Cookiegal (Aug 27, 2003)

This needs to be done as well to repair some services the infection alters.

Download the ESET services repair tool, extract the file to your desktop.


Double-click *ServicesRepair.exe*,
If security notifications appear, click Continue or Run and then click Yes when asked if you want to proceed.
Once the tool has finished, you will be prompted to restart your computer. Click *Yes* to restart.
a log will be saved in the CCSupport folder the tool created on your desktop, please post the content in your next reply


----------



## mculls (Apr 30, 2007)

Hi, that last post wouldnt open-------but I followed symantec's instructions to remove symantec antivirus 9 mainly by cleaning out the registry-it worked-- I used the Norton Removal Tool, so I think I'm ready to go on JRT or ComboFix


----------



## Cookiegal (Aug 27, 2003)

OK, I fixed the link so please run Eset Services Repair first and post that log.


----------



## mculls (Apr 30, 2007)

Log Opened: 2013-07-02 @ 18:59:02
18:59:02 - -----------------
18:59:02 - | Begin Logging |
18:59:02 - -----------------
18:59:02 - Fix started on a WIN_XP X86 computer
18:59:02 - Prep in progress. Please Wait.
18:59:07 - Prep complete
18:59:07 - Repairing Services Now. Please wait...

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Setup>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.

The operation completed successfully
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\XP\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Enum>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
18:59:11 - Services Repair Complete.
18:59:26 - Reboot Initiated


----------



## mculls (Apr 30, 2007)

looks like it turned my firewall off


----------



## Cookiegal (Aug 27, 2003)

Can you turn it back on?


----------



## mculls (Apr 30, 2007)

Yes, back on


----------



## Cookiegal (Aug 27, 2003)

OK, let's run ComboFix now but I'd like you to remove the one you already have by dragging it to the Recycle Bin as it may have been damaged. I assume it already installed the Recovery Console so if that's the case then just ignore that part but if not then allow it to install.

Be sure you download it to the desktop (no other location).

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Be sure to disable MSE first before running ComboFix.

Post the log from ComboFix when you've accomplished that.


----------



## mculls (Apr 30, 2007)

MSE is back now but whats the best way to disable it?


----------



## Cookiegal (Aug 27, 2003)

Right-click the MSE icon in the notification area and then click Open to open MSE. Then click on the Settings tab and click on "Real-time protection" item in the left side pane.

Uncheck "Turn on real-time protection (recommended)", and click Save changes.

Right after ComboFix has finished running then be sure to go back and check it again to re-enable it.


----------



## mculls (Apr 30, 2007)

I ran the Norton removal tool but ComboFix STILL gives a warning that Symantec antivirus corporate edition is a real time scanner and to disable it-maybe I missed something in the registry? very annoying


----------



## Cookiegal (Aug 27, 2003)

I had a feeling that would happen.

Did the Recovery Console already get installed?


----------



## mculls (Apr 30, 2007)

How do I find out? Dont see it


----------



## Cookiegal (Aug 27, 2003)

You would have seen the prompt when you first ran it and you would have had to click on Yes to install it. It should show up as a boot option when starting up Windows but it will flash very quickly as it will default to loading Windows if you don't choose to boot to the Recovery Console.


----------



## mculls (Apr 30, 2007)

Yes, I see it when I restarted--should I use it? It asks, which windows installation would you like to log onto?

You don't have to get back to me tonight-thanks for everything so far


----------



## Cookiegal (Aug 27, 2003)

No. I just wanted to know if it's installed because I want you to run ComboFix from safe mode. Boot the computer to safe mode by continuously tapping the F8 key on your keyboard after starting it and before Windows loads. Norton shouldn't be running in safe mode. See if you can run ComboFix that way.


----------



## mculls (Apr 30, 2007)

ran ComboFix in safemode-same warning re: symantec antivirus


----------



## Cookiegal (Aug 27, 2003)

Alright, let's do this instead:

Download *OTS.exe * to your Desktop. 

Close any open browsers.
If your Real protection or Antivirus interferes with OTS, allow it to run.
Double-click on *OTS.exe* to start the program.
At the top put a check mark in the box beside "Scan All Users".
Under the *Additional Scans *section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
Now click the *Run Scan *button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file.
Use the *Reply* button, scroll down to the attachments section and attach the notepad file here.


----------



## mculls (Apr 30, 2007)

```
OTS logfile created on: 7/3/2013 10:18:11 AM - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Documents and Settings\thomas cozier\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
510.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 51.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 20.38 Gb Free Space | 54.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KEVIN-2C3RRQUXO
Current User Name: thomas cozier
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\thomas cozier\Desktop\OTS.exe -> [2013/07/03 10:15:28 | 000,646,656 | ---- | M] (OldTimer Tools)
sascore.exe -> C:\Program Files\SUPERAntiSpyware\SASCore.exe -> [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com)
superantispyware.exe -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -> [2013/05/14 21:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com)
msmpeng.exe -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation)
msseces.exe -> C:\Program Files\Microsoft Security Client\msseces.exe -> [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
vvx3000.exe -> C:\WINDOWS\vVX3000.exe -> [2007/04/10 17:46:48 | 000,709,992 | R--- | M] (Microsoft Corporation)
 
[Modules - No Company Name]
[Win32 Services - Safe List]
(PEVSystemStart) PEVSystemStart [Auto | Stopped] ->  -> File not found
(HidServ) Human Interface Device Access [Disabled | Stopped] ->  -> File not found
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -> [2013/06/22 12:31:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated)
(!SASCORE) SAS Core Service [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -> [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com)
(MsMpSvc) Microsoft Antimalware Service [Auto | Running] -> c:\Program Files\Microsoft Security Client\MsMpEng.exe -> [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation)
 
[Driver Services - Safe List]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(VX3000) VX-3000 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\VX3000.sys -> [2007/04/10 17:46:48 | 001,966,696 | R--- | M] (Microsoft Corporation)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSFHWBS2.sys -> [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSF_DP.sys -> [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys -> [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.)
(ac97intc) Intel(r) 82801DB/DBM Audio Driver Service (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ac97ich4.sys -> [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\] > -> -> 
HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\: Main\\"Start Page" -> http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage -> 
HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\thomas cozier\Application Data\Mozilla\FireFox\Profiles\0gx49u0o.default\prefs.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Mozilla Firefox 2.0.0.10\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components -> C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\MOZILLA FIREFOX\COMPONENTS -> 
HKLM\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins -> C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\MOZILLA FIREFOX\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions -> [2012/07/24 18:49:16 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\extensions -> [2007/09/27 17:58:20 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
< HOSTS File > ([2003/07/16 16:29:34 | 000,000,734 | ---- | M] - 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2005/09/23 21:12:08 | 000,063,136 | ---- | M] (Adobe Systems Incorporated)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"VX3000" -> C:\WINDOWS\vVX3000.exe [C:\WINDOWS\vVX3000.exe] -> [2007/04/10 17:46:48 | 000,709,992 | R--- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\] > -> HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"SUPERAntiSpyware" -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> [2013/05/14 21:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2005/09/23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [1999/02/17 16:05:56 | 000,065,588 | ---- | M] (Microsoft Corporation)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> 
< Owner.KEVIN-2C3RRQUXO Startup Folder > -> C:\Documents and Settings\Owner.KEVIN-2C3RRQUXO\Start Menu\Programs\Startup -> 
< thomas cozier Startup Folder > -> C:\Documents and Settings\thomas cozier\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011] > -> HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011] > -> HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\] > -> HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Value error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\] > -> HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\] > -> HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1319477025562 [WUWebControl Class] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [HKLM] -> http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe [Virtools WebPlayer Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{B78C1420-911B-4E38-B9BE-A8D7ADB835C8}\\DhcpNameServer -> 192.168.1.1   (Broadcom 440x 10/100 Integrated Controller) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> C:\WINDOWS\system32\userinit.exe -> [2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2004/08/20 16:50:54 | 000,344,064 | ---- | M] (Intel Corporation)
NavLogon -> C:\WINDOWS\system32\NavLogon.dll -> [2005/11/15 14:28:12 | 000,043,760 | ---- | M] (Symantec Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2013/05/07 18:36:36 | 000,115,440 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS3.tmp\SymNRT.exe" ->  [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool] -> File not found
"C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS5.tmp\SymNRT.exe" ->  [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS5.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool] -> File not found
"C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS8.tmp\SymNRT.exe" ->  [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS8.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool] -> File not found
"C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS9.tmp\SymNRT.exe" ->  [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS9.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool] -> File not found
"C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSA.tmp\SymNRT.exe" ->  [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSA.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool] -> File not found
"C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSC.tmp\SymNRT.exe" ->  [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSC.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool] -> File not found
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" ->  [C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace] -> File not found
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" ->  [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote] -> File not found
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" ->  [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> File not found
"C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer] -> [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/01/10 10:41:52 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = comfile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 0 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 ->  -> File not found
HidServ ->  -> File not found
Ias ->  -> File not found
Iprip ->  -> File not found
Irmon ->  -> File not found
NWCWorkstation ->  -> File not found
Nwsapagent ->  -> File not found
WmdmPmSp ->  -> File not found
*MultiFile Done* -> -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 5/2/2013 9:27:49 AM Computer Name = KEVIN-2C3RRQUXO | Source = MsiInstaller | ID = 10005 -> Description = Product: Microsoft Security Client -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft Security Client\SymSrv.yes, 
Application [ Error ] 5/2/2013 9:27:50 AM Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client | ID = 5000 -> Description = 
Application [ Error ] 5/2/2013 9:27:58 AM Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client Setup | ID = 100 -> Description = HRESULT:0x80070643 Description:.  0x80070643. Fatal error during installation.
Application [ Error ] 5/2/2013 9:27:58 AM Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client | ID = 5000 -> Description = 
Application [ Error ] 5/14/2013 10:55:54 AM Computer Name = KEVIN-2C3RRQUXO | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.19412, fault address 0x00095a96.
Application [ Error ] 5/14/2013 9:48:15 PM Computer Name = KEVIN-2C3RRQUXO | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 5/14/2013 9:48:15 PM Computer Name = KEVIN-2C3RRQUXO | Source = crypt32 | ID = 131083 -> Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.  
Application [ Error ] 5/19/2013 12:43:54 PM Computer Name = KEVIN-2C3RRQUXO | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23487, fault address 0x00095ac6.
Application [ Error ] 5/19/2013 12:44:07 PM Computer Name = KEVIN-2C3RRQUXO | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23487, fault address 0x00095ac6.
Application [ Error ] 5/19/2013 12:59:58 PM Computer Name = KEVIN-2C3RRQUXO | Source = Application Error | ID = 1000 -> Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23487, fault address 0x00095ac6.
System [ Error ] 7/2/2013 9:33:30 PM Computer Name = KEVIN-2C3RRQUXO | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 7/2/2013 9:37:23 PM Computer Name = KEVIN-2C3RRQUXO | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 7/2/2013 9:37:27 PM Computer Name = KEVIN-2C3RRQUXO | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 7/2/2013 9:38:12 PM Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7001 -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:   %%31
System [ Error ] 7/2/2013 9:38:12 PM Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7001 -> Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:   %%31
System [ Error ] 7/2/2013 9:38:12 PM Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7001 -> Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:   %%31
System [ Error ] 7/2/2013 9:38:12 PM Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7001 -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:   %%31
System [ Error ] 7/2/2013 9:38:12 PM Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load:   AFD  Fips  intelppm  IPSec  MpFilter  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  SASDIFSV  SASKUTIL  Tcpip  WS2IFSL
System [ Error ] 7/2/2013 9:39:23 PM Computer Name = KEVIN-2C3RRQUXO | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service netman with arguments ""  in order to run the server:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 7/2/2013 9:39:29 PM Computer Name = KEVIN-2C3RRQUXO | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\thomas cozier\Desktop\OTS.exe -> [2013/07/03 10:15:27 | 000,646,656 | ---- | C] (OldTimer Tools)
 32788R22FWJFW -> C:\32788R22FWJFW -> [2013/07/02 21:32:14 | 000,000,000 | --SD | C]
 puppy.exe -> C:\Documents and Settings\thomas cozier\Desktop\puppy.exe -> [2013/07/02 19:29:36 | 005,084,414 | R--- | C] (Swearware)
 CC Support -> C:\Documents and Settings\All Users\Desktop\CC Support -> [2013/07/02 18:58:34 | 000,000,000 | ---D | C]
 JRT.exe -> C:\Documents and Settings\thomas cozier\Desktop\JRT.exe -> [2013/07/02 14:53:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov)
 FRST.exe -> C:\Documents and Settings\thomas cozier\Desktop\FRST.exe -> [2013/07/02 10:16:33 | 001,372,429 | ---- | C] (Farbar)
 Minidump -> C:\WINDOWS\Minidump -> [2013/07/01 20:00:49 | 000,000,000 | ---D | C]
 cmdcons -> C:\cmdcons -> [2013/07/01 19:12:35 | 000,000,000 | RHSD | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2013/07/01 16:54:17 | 000,518,144 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2013/07/01 16:54:17 | 000,060,416 | ---- | C] (NirSoft)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2013/07/01 16:54:16 | 000,406,528 | ---- | C] (SteelWerX)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2013/07/01 16:54:16 | 000,212,480 | ---- | C] (SteelWerX)
 LogMeIn Rescue Applet -> C:\Documents and Settings\thomas cozier\Local Settings\Application Data\LogMeIn Rescue Applet -> [2013/07/01 16:49:58 | 000,000,000 | ---D | C]
 PC Utility Kit -> C:\Documents and Settings\thomas cozier\Application Data\PC Utility Kit -> [2013/07/01 16:43:23 | 000,000,000 | ---D | C]
 PC Utility Kit -> C:\Documents and Settings\All Users\Application Data\PC Utility Kit -> [2013/07/01 16:41:49 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2013/07/01 13:45:49 | 000,000,000 | ---D | C]
 My Music -> C:\Documents and Settings\All Users\Documents\My Music -> [2013/07/01 13:45:35 | 000,000,000 | R--D | C]
 Administrative Tools -> C:\Documents and Settings\thomas cozier\Start Menu\Programs\Administrative Tools -> [2013/07/01 13:45:34 | 000,000,000 | R--D | C]
 erdnt -> C:\WINDOWS\erdnt -> [2013/07/01 13:45:07 | 000,000,000 | ---D | C]
 FRST -> C:\FRST -> [2013/07/01 13:01:57 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files\Trend Micro -> [2013/07/01 12:03:09 | 000,000,000 | ---D | C]
 HiJackThis -> C:\Documents and Settings\thomas cozier\Start Menu\Programs\HiJackThis -> [2013/07/01 12:03:09 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com -> [2013/06/29 17:32:53 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware -> [2013/06/29 17:32:40 | 000,000,000 | ---D | C]
 SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [2013/06/29 17:32:32 | 000,000,000 | ---D | C]
 SUPERAntiSpyware -> C:\Program Files\SUPERAntiSpyware -> [2013/06/29 17:32:32 | 000,000,000 | ---D | C]
 Recent -> C:\Documents and Settings\thomas cozier\Recent -> [2013/06/26 12:41:43 | 000,000,000 | RH-D | C]
 Adobe -> C:\Documents and Settings\NetworkService\Application Data\Adobe -> [2013/06/22 11:48:02 | 000,000,000 | ---D | C]
 Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2013/06/22 11:48:02 | 000,000,000 | ---D | C]
 CSC -> C:\WINDOWS\CSC -> [2013/06/22 11:43:03 | 000,000,000 | -HSD | C]
 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\thomas cozier\Desktop\OTS.exe -> [2013/07/03 10:15:28 | 000,646,656 | ---- | M] (OldTimer Tools)
 GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2013/07/03 10:12:37 | 000,000,896 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2013/07/03 10:12:30 | 000,002,444 | ---- | M] ()
 Go for FilesUpdate.job -> C:\WINDOWS\tasks\Go for FilesUpdate.job -> [2013/07/03 10:12:29 | 000,000,282 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2013/07/03 10:12:15 | 000,002,048 | --S- | M] ()
 Microsoft Antimalware Scheduled Scan.job -> C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job -> [2013/07/03 10:03:29 | 000,000,384 | -H-- | M] ()
 MpIdleTask.job -> C:\WINDOWS\tasks\MpIdleTask.job -> [2013/07/03 10:03:21 | 000,000,366 | -H-- | M] ()
 GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2013/07/03 09:55:01 | 000,000,900 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\WINDOWS\tasks\Adobe Flash Player Updater.job -> [2013/07/03 09:31:18 | 000,000,830 | ---- | M] ()
 puppy.exe -> C:\Documents and Settings\thomas cozier\Desktop\puppy.exe -> [2013/07/02 19:29:55 | 005,084,414 | R--- | M] (Swearware)
 ServicesRepair.exe -> C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe -> [2013/07/02 18:57:04 | 004,009,167 | ---- | M] ()
 registrybackup.reg -> C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg -> [2013/07/02 16:47:30 | 010,731,624 | ---- | M] ()
 JRT.exe -> C:\Documents and Settings\thomas cozier\Desktop\JRT.exe -> [2013/07/02 14:54:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov)
 Norton_Removal_Tool.exe -> C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe -> [2013/07/02 14:17:38 | 000,866,592 | ---- | M] ()
 AdwCleaner.exe -> C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe -> [2013/07/02 13:24:30 | 000,648,201 | ---- | M] ()
 FRST.exe -> C:\Documents and Settings\thomas cozier\Desktop\FRST.exe -> [2013/07/02 10:16:35 | 001,372,429 | ---- | M] (Farbar)
 MEMORY.DMP -> C:\WINDOWS\MEMORY.DMP -> [2013/07/01 20:00:39 | 534,872,064 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2013/07/01 19:12:57 | 000,000,327 | RHS- | M] ()
 Reimage.ini -> C:\WINDOWS\Reimage.ini -> [2013/07/01 17:11:19 | 000,000,088 | ---- | M] ()
 HiJackThis.lnk -> C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk -> [2013/07/01 12:54:13 | 000,002,463 | ---- | M] ()
 epplauncher.mif -> C:\WINDOWS\epplauncher.mif -> [2013/06/30 16:54:44 | 000,001,954 | ---- | M] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2013/06/29 17:32:41 | 000,001,678 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2013/06/25 12:22:40 | 000,201,736 | ---- | M] ()
 MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2013/06/25 12:06:09 | 000,000,206 | ---- | M] ()
 FlashPlayerApp.exe -> C:\WINDOWS\System32\FlashPlayerApp.exe -> [2013/06/22 12:31:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\WINDOWS\System32\FlashPlayerCPLApp.cpl -> [2013/06/22 12:31:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated)
 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 17 C:\Documents and Settings\thomas cozier\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\thomas cozier\Local Settings\Temp\*.tmp -> 
 15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> 
 
[Files - No Company Name]
 ServicesRepair.exe -> C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe -> [2013/07/02 18:56:31 | 004,009,167 | ---- | C] ()
 registrybackup.reg -> C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg -> [2013/07/02 16:47:30 | 010,731,624 | ---- | C] ()
 Norton_Removal_Tool.exe -> C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe -> [2013/07/02 14:17:25 | 000,866,592 | ---- | C] ()
 AdwCleaner.exe -> C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe -> [2013/07/02 13:24:08 | 000,648,201 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2013/07/01 19:12:57 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2013/07/01 19:12:42 | 000,260,272 | RHS- | C] ()
 Reimage.ini -> C:\WINDOWS\Reimage.ini -> [2013/07/01 17:11:19 | 000,000,088 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2013/07/01 16:54:17 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2013/07/01 16:54:17 | 000,208,896 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2013/07/01 16:54:17 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2013/07/01 16:54:17 | 000,068,096 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2013/07/01 16:54:16 | 000,098,816 | ---- | C] ()
 HiJackThis.lnk -> C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk -> [2013/07/01 12:03:09 | 000,002,463 | ---- | C] ()
 SUPERAntiSpyware Free Edition.lnk -> C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk -> [2013/06/29 17:32:41 | 000,001,678 | ---- | C] ()
 MRT.INI -> C:\WINDOWS\System32\MRT.INI -> [2013/06/25 12:06:09 | 000,000,206 | ---- | C] ()
 iacenc.dll -> C:\WINDOWS\System32\iacenc.dll -> [2012/03/29 17:31:57 | 000,003,072 | ---- | C] ()
 jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7 -> C:\Documents and Settings\thomas cozier\Local Settings\Application Data\jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7 -> [2012/01/03 20:45:28 | 000,002,300 | -HS- | C] ()
 jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7 -> C:\Documents and Settings\All Users\Application Data\jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7 -> [2012/01/03 20:45:28 | 000,002,300 | -HS- | C] ()
 msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2011/10/24 09:16:13 | 000,000,002 | ---- | C] ()
< End of report >
```


----------



## Cookiegal (Aug 27, 2003)

Start *OTS*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here please.


```
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> 
YN -> HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://securityresponse.symantec.com/avcenter/fix_homepage/
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> 
YN -> HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://securityresponse.symantec.com/avcenter/fix_homepage/
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> 
YN -> HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://securityresponse.symantec.com/avcenter/fix_homepage/
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> 
YN -> HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://securityresponse.symantec.com/avcenter/fix_homepage/
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{3369AF0D-62E9-4bda-8103-B4C75499B578}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\] > -> HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Value error.]
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\] > -> HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN ->   .[msn] -> My Computer
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> NavLogon -> C:\WINDOWS\system32\NavLogon.dll
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS3.tmp\SymNRT.exe" -> [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS3.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool]
YN -> "C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS5.tmp\SymNRT.exe" -> [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS5.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool]
YN -> "C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS8.tmp\SymNRT.exe" -> [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS8.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool]
YN -> "C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS9.tmp\SymNRT.exe" -> [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS9.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool]
YN -> "C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSA.tmp\SymNRT.exe" -> [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSA.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool]
YN -> "C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSC.tmp\SymNRT.exe" -> [C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSC.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool]
YN -> "C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer]
[Files/Folders - Created Within 30 Days]
NY ->  LogMeIn Rescue Applet -> C:\Documents and Settings\thomas cozier\Local Settings\Application Data\LogMeIn Rescue Applet
NY ->  PC Utility Kit -> C:\Documents and Settings\thomas cozier\Application Data\PC Utility Kit
NY ->  PC Utility Kit -> C:\Documents and Settings\All Users\Application Data\PC Utility Kit
NY ->  8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY ->  15 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY ->  1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp
[Files - No Company Name]
NY ->  jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7 -> C:\Documents and Settings\thomas cozier\Local Settings\Application Data\jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7
[Empty Temp Folders]
[EmptyFlash]
[EmptyJava]
[Start Explorer]
[Reboot]
```


----------



## mculls (Apr 30, 2007)

got this message--ots.exe-corrupt file

The file or directory C:\$mft is corrupt and unreadable. please run the chkdsk utility


----------



## mculls (Apr 30, 2007)

All Processes Killed
[Registry - Safe List]
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}\ not found.
Registry value HKEY_USERS\S-1-5-21-796845957-1220945662-839522115-1011\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry key HKEY_USERS\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ not found.
File C:\WINDOWS\system32\NavLogon.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS3.tmp\SymNRT.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS5.tmp\SymNRT.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS8.tmp\SymNRT.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zS9.tmp\SymNRT.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSA.tmp\SymNRT.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\thomas cozier\Local Settings\Temp\7zSC.tmp\SymNRT.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\explorer.exe not found.
[Files/Folders - Created Within 30 Days]
File C:\Documents and Settings\thomas cozier\Local Settings\Application Data\LogMeIn Rescue Applet not found!
File C:\Documents and Settings\thomas cozier\Application Data\PC Utility Kit not found!
File C:\Documents and Settings\All Users\Application Data\PC Utility Kit not found!
[Files - No Company Name]
File C:\Documents and Settings\thomas cozier\Local Settings\Application Data\jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7 not found!
[Empty Temp Folders]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 96871480 bytes

User: NetworkService
->Temp folder emptied: 1658702 bytes
->Temporary Internet Files folder emptied: 529731120 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 17373 bytes
->FireFox cache emptied: 12491078 bytes
->Flash cache emptied: 71101 bytes

User: Owner.KEVIN-2C3RRQUXO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17962614 bytes
->Flash cache emptied: 598 bytes

User: thomas cozier
->Temp folder emptied: 57782119 bytes
->Temporary Internet Files folder emptied: 296215718 bytes
->Java cache emptied: 3487417 bytes
->FireFox cache emptied: 5351304 bytes
->Flash cache emptied: 2722931 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 722270 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 566351 bytes
RecycleBin emptied: 385108 bytes

Total Files Cleaned = 979.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

User: Owner.KEVIN-2C3RRQUXO
->Flash cache emptied: 0 bytes

User: thomas cozier
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Guest

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 0 bytes

User: Owner.KEVIN-2C3RRQUXO

User: thomas cozier
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 07032013_165012

Files\Folders moved on Reboot...
C:\Documents and Settings\thomas cozier\Local Settings\Temporary Internet Files\Content.IE5\TR6CP3CO\1102467-microsoft-security-essentials-wont-open-6[1].html moved successfully.
C:\WINDOWS\temp\MpCmdRun.log moved successfully.
C:\WINDOWS\temp\MpSigStub.log moved successfully.

Registry entries deleted on Reboot...


----------



## Cookiegal (Aug 27, 2003)

Do you get that message when you reboot?

Did you run chkdsk?


----------



## mculls (Apr 30, 2007)

no, ran ckdsk automatically when rebooted- seems ok


----------



## Cookiegal (Aug 27, 2003)

I thought it would do that. Please post the chkdsk log.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up. This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## mculls (Apr 30, 2007)

Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk. 
Index entry ads[7] of index $I30 in file 0x235f points to unused file 0x11937.
Deleting index entry ads[7] in index $I30 of file 9055.
Index entry ADS_7_~1 of index $I30 in file 0x235f points to unused file 0x11937.
Deleting index entry ADS_7_~1 in index $I30 of file 9055.
Index entry ad[1].gif of index $I30 in file 0x235f points to unused file 0x10776.
Deleting index entry ad[1].gif in index $I30 of file 9055.
Index entry ad[1].htm of index $I30 in file 0x235f points to unused file 0x10d52.
Deleting index entry ad[1].htm in index $I30 of file 9055.
Index entry AD_1_~1.GIF of index $I30 in file 0x235f points to unused file 0x10776.
Deleting index entry AD_1_~1.GIF in index $I30 of file 9055.
Index entry AD_1_~1.HTM of index $I30 in file 0x235f points to unused file 0x10d52.
Deleting index entry AD_1_~1.HTM in index $I30 of file 9055.
Index entry afr[10].htm of index $I30 in file 0x235f points to unused file 0x119b3.
Deleting index entry afr[10].htm in index $I30 of file 9055.
Index entry afr[5].htm of index $I30 in file 0x235f points to unused file 0x11304.
Deleting index entry afr[5].htm in index $I30 of file 9055.
Index entry AFR_10~1.HTM of index $I30 in file 0x235f points to unused file 0x119b3.
Deleting index entry AFR_10~1.HTM in index $I30 of file 9055.
Index entry AFR_5_~1.HTM of index $I30 in file 0x235f points to unused file 0x11304.
Deleting index entry AFR_5_~1.HTM in index $I30 of file 9055.
Index entry ag_close-0f5ce0593411bf671b70203d3cb5f3367446db0f[1].png of index $I30 in file 0x235f points to unused file 0x105c1.
Deleting index entry ag_close-0f5ce0593411bf671b70203d3cb5f3367446db0f[1].png in index $I30 of file 9055.
Index entry AG_CLO~1.PNG of index $I30 in file 0x235f points to unused file 0x105c1.
Deleting index entry AG_CLO~1.PNG in index $I30 of file 9055.
Index entry audiences[1] of index $I30 in file 0x235f points to unused file 0x11844.
Deleting index entry audiences[1] in index $I30 of file 9055.
Index entry AUDIEN~1 of index $I30 in file 0x235f points to unused file 0x11844.
Deleting index entry AUDIEN~1 in index $I30 of file 9055.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Cleaning up 388 unused index entries from index $SII of file 0x9.
Cleaning up 388 unused index entries from index $SDH of file 0x9.
Cleaning up 388 unused security descriptors.
Correcting errors in the master file table's (MFT) BITMAP attribute.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

39053983 KB total disk space.
15901192 KB in 70456 files.
29616 KB in 5707 indexes.
0 KB in bad sectors.
452179 KB in use by the system.
65536 KB occupied by the log file.
22670996 KB available on disk.

4096 bytes in each allocation unit.
9763495 total allocation units on disk.
5667749 allocation units available on disk.

Internal Info:
aa c7 05 00 89 29 01 00 f9 ad 01 00 00 00 00 00 .....)..........
d7 0e 00 00 00 00 00 00 b5 06 00 00 00 00 00 00 ................
0c fe d5 06 00 00 00 00 5e 1e 25 54 00 00 00 00 ........^.%T....
f4 47 ed 1c 00 00 00 00 00 00 00 00 00 00 00 00 .G..............
00 00 00 00 00 00 00 00 52 82 60 7f 00 00 00 00 ........R.`.....
99 9e 36 00 00 00 00 00 90 38 07 00 38 13 01 00 ..6......8..8...
00 00 00 00 00 20 88 ca 03 00 00 00 4b 16 00 00 ..... ......K...

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at


----------



## Cookiegal (Aug 27, 2003)

OK, it doesn't look like there was anything too serious. No bad sectors so that's good.

So let's try running ComboFix even if it gives an Alert about Norton.


----------



## mculls (Apr 30, 2007)

ComboFix require a reboot? anyway, got thru all 50 stages here's log

ComboFix 13-07-03.01 - thomas cozier 07/03/2013 19:22:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.301 [GMT -4:00]
Running from: c:\documents and settings\thomas cozier\Desktop\puppy.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\thomas cozier\Application Data\alot
.
.
((((((((((((((((((((((((( Files Created from 2013-06-03 to 2013-07-03 )))))))))))))))))))))))))))))))
.
.
2013-07-03 23:02 . 2013-07-03 23:02	29904	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D001F1A4-928E-4245-A581-D3D6CFF0A08A}\MpKsl0d68b6bf.sys
2013-07-03 21:13 . 2013-07-03 21:13	--------	d-----w-	C:\found.004
2013-07-03 21:06 . 2013-06-12 01:18	7068072	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D001F1A4-928E-4245-A581-D3D6CFF0A08A}\mpengine.dll
2013-07-03 20:39 . 2013-07-03 20:39	--------	d-----w-	C:\_OTS
2013-07-03 14:33 . 2013-06-12 01:18	7068072	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-01 17:01 . 2013-07-02 15:46	--------	d-----w-	C:\FRST
2013-07-01 16:03 . 2013-07-01 16:03	388096	----a-r-	c:\documents and settings\thomas cozier\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-07-01 16:03 . 2013-07-01 16:03	--------	d-----w-	c:\program files\Trend Micro
2013-06-29 21:32 . 2013-06-29 21:32	--------	d-----w-	c:\documents and settings\thomas cozier\Application Data\SUPERAntiSpyware.com
2013-06-29 21:32 . 2013-06-29 21:32	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-06-29 21:32 . 2013-06-29 21:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-22 15:48 . 2013-06-22 15:48	--------	d-----w-	c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 16:31 . 2012-04-22 13:51	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-22 16:31 . 2011-10-04 16:22	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2003-07-16 16:45	920064	----a-w-	c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2003-07-16 16:26	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2003-07-16 16:24	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2008-07-25 03:24	385024	----a-w-	c:\windows\system32\html.iec
2013-05-03 01:26 . 2003-07-16 16:33	2193536	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2002-08-29 01:04	2070144	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2012-05-28 19:16	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2003-07-16 16:45	920064	----a-w-	c:\windows\system32\wininet(5).dll
2013-04-16 22:17 . 2003-07-16 16:43	1215488	----a-w-	c:\windows\system32\urlmon(5).dll
2013-04-16 22:17 . 2003-07-16 16:43	105984	----a-w-	c:\windows\system32\url(5).dll
2013-04-10 01:31 . 2003-07-16 16:45	1876352	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 MpKsl0d68b6bf;MpKsl0d68b6bf;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D001F1A4-928E-4245-A581-D3D6CFF0A08A}\MpKsl0d68b6bf.sys [7/3/2013 7:02 PM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 4:11 PM 119056]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0D68B6BF
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 16:31]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-10 23:17]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-10 23:17]
.
2013-07-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
2013-07-03 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-03 19:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4216)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-07-03 19:40:04
ComboFix-quarantined-files.txt 2013-07-03 23:40
.
Pre-Run: 23,073,628,160 bytes free
Post-Run: 23,167,713,280 bytes free
.
- - End Of File - - 29E70A428847203E423A290CF3338138
8F558EB6672622401DA993E1E865C861


----------



## mculls (Apr 30, 2007)

was away for a bit-restarted and the thing is running like a champ now--are hungapp issues resolved? 

getting a yellow security alert box that says you are about to leave a secure internet connection. It will be possible for others to view information you send. Do you want to continue?


----------



## Cookiegal (Aug 27, 2003)

Probably but just to be thorough let's do an on-line scan:

Please run the following on-line scanner.

Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

http://www.eset.com/online-scanner

Accept the Terms of Use and then press the Start button

Allow the ActiveX control to be installed.

Put a check by Remove found threats and then run the scan.

When the scan is finished, you will see the results in a window.

A log.txt file is created here: C:\Program Files\ESET\ESET Online Scanner\log.txt.

Open the log file with Notepad and copy and paste the contents here please.


----------



## mculls (Apr 30, 2007)

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=87ff82070a879946b5ca2654e69038e2
# engine=14262
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-04 03:10:49
# local_time=2013-07-03 11:10:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 66 94 7244971 13277505 0 0
# scanned=64087
# found=0
# cleaned=0
# scan_time=5976


----------



## mculls (Apr 30, 2007)

nah, this is like "The Exorcist" still have hungapp problem on facebook


----------



## Cookiegal (Aug 27, 2003)

That's the first I'm hearing of that problem. What exactly happens and when?

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## mculls (Apr 30, 2007)

Facebook is slow and gets "stuck" then I get the "windows not responding..."-past 5 days or so---also noticing "virtual memory minimum too low...." yellow notice occurring twice in past 2 days

Vino's Event Viewer v01c run on Windows XP in English
Report run at 04/07/2013 3:29:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/07/2013 11:57:09 PM
Type: error Category: 101
Event: 1002 Source: Application Hang
The event description cannot be found.

Log: 'Application' Date/Time: 03/07/2013 7:03:34 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. 

Log: 'Application' Date/Time: 03/07/2013 10:10:02 AM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. 

Log: 'Application' Date/Time: 02/07/2013 8:02:36 PM
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp, P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL. 

Log: 'Application' Date/Time: 02/07/2013 2:05:13 PM
Type: error Category: 0
Event: 48 Source: ccEvtMgr
The event description cannot be found.

Log: 'Application' Date/Time: 02/07/2013 11:51:02 AM
Type: error Category: 0
Event: 48 Source: ccEvtMgr
The event description cannot be found.

Log: 'Application' Date/Time: 02/07/2013 8:34:35 AM
Type: error Category: 101
Event: 1002 Source: Application Hang
The event description cannot be found.

Log: 'Application' Date/Time: 30/06/2013 4:54:45 PM
Type: error Category: 0
Event: 100 Source: Microsoft Security Client Setup
HRESULT:0x80070643
Description:. 0x80070643. Fatal error during installation. 

Log: 'Application' Date/Time: 30/06/2013 4:54:44 PM
Type: error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.

Log: 'Application' Date/Time: 30/06/2013 4:54:26 PM
Type: error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/07/2013 1:07:36 AM
Type: error Category: 0
Event: 10010 Source: DCOM
The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout. 

Log: 'System' Date/Time: 03/07/2013 4:51:04 PM
Type: error Category: 2
Event: 55 Source: Ntfs
The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:. 

Log: 'System' Date/Time: 03/07/2013 4:50:13 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 

Log: 'System' Date/Time: 03/07/2013 4:50:13 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 

Log: 'System' Date/Time: 03/07/2013 4:39:35 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 

Log: 'System' Date/Time: 03/07/2013 4:39:35 PM
Type: error Category: 0
Event: 7031 Source: Service Control Manager
The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service. 

Log: 'System' Date/Time: 02/07/2013 9:39:29 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 

Log: 'System' Date/Time: 02/07/2013 9:39:23 PM
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} 

Log: 'System' Date/Time: 02/07/2013 9:38:12 PM
Type: error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL 

Log: 'System' Date/Time: 02/07/2013 9:38:12 PM
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/07/2013 2:34:12 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 04/07/2013 11:45:20 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 03/07/2013 9:11:23 PM
Type: warning Category: 0
Event: 5100 Source: Microsoft Antimalware
Microsoft Antimalware has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 8/3/2013 1:11:22 AM 

Log: 'System' Date/Time: 03/07/2013 12:07:34 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 02/07/2013 2:05:37 PM
Type: warning Category: 0
Event: 5100 Source: Microsoft Antimalware
Microsoft Antimalware has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 8/1/2013 6:05:37 PM 

Log: 'System' Date/Time: 02/07/2013 9:40:44 AM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 30/06/2013 10:50:49 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 30/06/2013 3:46:54 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. 

Log: 'System' Date/Time: 28/06/2013 10:29:00 PM
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. 

Log: 'System' Date/Time: 27/06/2013 9:47:26 AM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.


----------



## Cookiegal (Aug 27, 2003)

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## mculls (Apr 30, 2007)

OTL logfile created on: 7/4/2013 4:17:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 78.81 Mb Available Physical Memory | 15.45% Memory free
1.55 Gb Paging File | 0.37 Gb Available in Paging File | 23.78% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.24 Gb Free Space | 57.02% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/14 21:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/06/22 12:31:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/07/04 12:16:10 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BBFC4E41-77ED-4350-B737-C3C9FB36B913}\MpKsl1e7e46a2.sys -- (MpKsl1e7e46a2)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/04/10 17:46:48 | 001,966,696 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\plugins

[2012/07/24 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions
[2007/09/27 17:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\extensions
[2006/03/03 21:05:24 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png.virtual.lnk
[2006/03/03 21:05:14 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png.virtual.lnk
[2006/03/03 21:05:21 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif.virtual.lnk
[2006/03/03 21:05:21 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src.virtual.lnk
[2006/03/03 21:05:24 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif.virtual.lnk
[2006/03/03 21:05:22 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src.virtual.lnk
[2006/03/03 21:05:15 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-1.new.virtual.lnk
[2006/03/03 21:05:22 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif.virtual.lnk
[2006/03/03 21:05:14 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src.virtual.lnk

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/10 10:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/04 16:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/03 19:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/07/03 17:13:49 | 000,000,000 | ---D | C] -- C:\found.004
[2013/07/03 16:39:28 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/07/03 10:15:27 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 19:29:36 | 005,085,735 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/02 18:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/07/02 14:53:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 10:16:33 | 001,372,429 | ---- | C] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/07/01 19:12:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/01 16:54:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/01 16:54:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/01 16:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/01 16:54:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/01 13:45:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/01 13:45:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/07/01 13:45:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\Administrative Tools
[2013/07/01 13:45:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/01 13:01:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\HiJackThis
[2013/06/29 17:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/26 12:41:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\thomas cozier\Recent
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/06/22 11:43:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/04 16:12:58 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/07/04 15:55:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/04 15:31:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/04 15:26:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/04 11:55:44 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/04 10:06:24 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/04 01:04:44 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/04 00:54:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/03 19:02:38 | 005,085,735 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/03 10:15:28 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 18:57:04 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | M] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:54:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 14:17:38 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:30 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/02 10:16:35 | 001,372,429 | ---- | M] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:39 | 534,872,064 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/07/01 19:12:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/01 17:11:19 | 000,000,088 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2013/07/01 12:54:13 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/06/30 16:54:44 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/06/29 17:32:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:22:40 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/25 12:06:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/22 12:31:36 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/22 12:31:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/07/04 15:26:40 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/02 18:56:31 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | C] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:17:25 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:08 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/01 19:12:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/01 19:12:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/01 17:11:19 | 000,000,088 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2013/07/01 16:54:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/01 16:54:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/01 16:54:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/01 16:54:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/01 16:54:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/01 12:03:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/06/29 17:32:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/03/29 17:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/03 20:45:28 | 000,002,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7
[2011/10/24 09:16:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/19 15:44:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/03 21:03:17 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL Extras logfile created on: 7/4/2013 4:17:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 78.81 Mb Available Physical Memory | 15.45% Memory free
1.55 Gb Paging File | 0.37 Gb Available in Paging File | 23.78% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.24 Gb Free Space | 57.02% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox (1.5)" = Mozilla Firefox (1.5) [BufferZone]
"Revo Uninstaller" = Revo Uninstaller 1.93
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/2/2013 9:27:49 AM | Computer Name = KEVIN-2C3RRQUXO | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Security Client -- The installer has encountered
an unexpected error installing this package. This may indicate a problem with this
package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft
Security Client\SymSrv.yes,

Error - 5/2/2013 9:27:50 AM | Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/2/2013 9:27:58 AM | Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:. 0x80070643. Fatal error during installation.

Error - 5/2/2013 9:27:58 AM | Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client | ID = 5000
Description =

Error - 5/14/2013 10:55:54 AM | Computer Name = KEVIN-2C3RRQUXO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19412, fault address 0x00095a96.

Error - 5/14/2013 9:48:15 PM | Computer Name = KEVIN-2C3RRQUXO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 5/14/2013 9:48:15 PM | Computer Name = KEVIN-2C3RRQUXO | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 5/19/2013 12:43:54 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23487, fault address 0x00095ac6.

Error - 5/19/2013 12:44:07 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23487, fault address 0x00095ac6.

Error - 5/19/2013 12:59:58 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.23487, fault address 0x00095ac6.

[ System Events ]
Error - 7/2/2013 9:38:12 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 7/2/2013 9:38:12 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL

Error - 7/2/2013 9:39:23 PM | Computer Name = KEVIN-2C3RRQUXO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/2/2013 9:39:29 PM | Computer Name = KEVIN-2C3RRQUXO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/3/2013 4:39:35 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 
15000 milliseconds: Restart the service.

Error - 7/3/2013 4:39:35 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 7/3/2013 4:50:13 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 
15000 milliseconds: Restart the service.

Error - 7/3/2013 4:50:13 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 7/3/2013 4:51:04 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 7/4/2013 1:07:36 AM | Computer Name = KEVIN-2C3RRQUXO | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

< End of report >


----------



## mculls (Apr 30, 2007)

Here are the details on hungapp

Error Signature
SZ AppName: iexplore.exe
SZ AppVer: 8.0.6001.18702
SZ ModName: hungapp

Error Report Contents
C:\Docume~1\Thomas~1\Locals~1\Temp\WERcdc2.dir00\iexplore.exe.mdmp
C:\Docume~1\Thomas~1\Locals~1\Temp\WERcdc2.dir00\appcompat.txt


----------



## Cookiegal (Aug 27, 2003)

Thanks. I will review those logs and post further instructions a little later on today.


----------



## Cookiegal (Aug 27, 2003)

Please navigate to the following file and delete it from the startup as this will bog down a computer:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*Microsoft Office.lnk*

You also need to add more RAM when we're done to bring it to 1GB as you're running on only 512.

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
[2013/07/01 17:11:19 | 000,000,088 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2012/01/03 20:45:28 | 000,002,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## mculls (Apr 30, 2007)

========== OTL ==========
C:\WINDOWS\Reimage.ini moved successfully.
File C:\Documents not found.

OTL by OldTimer - Version 3.2.69.0 log created on 07052013_135756


----------



## Cookiegal (Aug 27, 2003)

You didn't run the entire script correctly. You have to copy and paste the entire contents of the code box (that means you may have to slide the mouse over to the right to capture the third line which is very long).

Please run the tool again but with the script below which I've amended because the first file was removed successfully so there's no need to repeat that one. But be careful to capture the entire second line:


```
:OTL
[2012/01/03 20:45:28 | 000,002,300 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7
```


----------



## mculls (Apr 30, 2007)

========== OTL ==========
C:\Documents and Settings\All Users\Application Data\jhn04oq03qy7wdeenval744005g5plk625q14ngaoa7 moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 07052013_143410


----------



## Cookiegal (Aug 27, 2003)

OK. That worked.

How are things now?


----------



## mculls (Apr 30, 2007)

otl log after reboot

OTL logfile created on: 7/5/2013 4:01:43 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 140.88 Mb Available Physical Memory | 27.62% Memory free
1.38 Gb Paging File | 1.00 Gb Available in Paging File | 72.49% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.60 Gb Free Space | 58.01% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/14 21:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2005/09/23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/06/22 12:31:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/04/10 17:46:48 | 001,966,696 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\plugins

[2012/07/24 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions
[2007/09/27 17:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\extensions
[2006/03/03 21:05:24 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png.virtual.lnk
[2006/03/03 21:05:14 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png.virtual.lnk
[2006/03/03 21:05:21 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif.virtual.lnk
[2006/03/03 21:05:21 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src.virtual.lnk
[2006/03/03 21:05:24 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif.virtual.lnk
[2006/03/03 21:05:22 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src.virtual.lnk
[2006/03/03 21:05:15 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-1.new.virtual.lnk
[2006/03/03 21:05:22 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif.virtual.lnk
[2006/03/03 21:05:14 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src.virtual.lnk

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/10 10:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/05 13:57:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/05 13:53:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/04 16:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/03 19:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/07/03 17:13:49 | 000,000,000 | ---D | C] -- C:\found.004
[2013/07/03 16:39:28 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/07/03 10:15:27 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 19:29:36 | 005,085,735 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/02 18:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/07/02 14:53:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 10:16:33 | 001,372,429 | ---- | C] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/07/01 19:12:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/01 16:54:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/01 16:54:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/01 16:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/01 16:54:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/01 13:45:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/01 13:45:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/07/01 13:45:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\Administrative Tools
[2013/07/01 13:45:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/01 13:01:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\HiJackThis
[2013/06/29 17:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/26 12:41:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\thomas cozier\Recent
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/06/22 11:43:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2013/07/05 16:07:58 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/05 16:07:54 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/07/05 16:00:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/05 15:58:27 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/05 15:58:16 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/05 15:57:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/05 15:31:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/04 15:26:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/03 19:02:38 | 005,085,735 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/03 10:15:28 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 18:57:04 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | M] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:54:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 14:17:38 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:30 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/02 10:16:35 | 001,372,429 | ---- | M] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:39 | 534,872,064 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/07/01 19:12:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/01 12:54:13 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/06/30 16:54:44 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/06/29 17:32:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:22:40 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/25 12:06:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2013/07/04 15:26:40 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/02 18:56:31 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | C] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:17:25 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:08 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/01 19:12:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/01 19:12:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/01 16:54:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/01 16:54:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/01 16:54:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/01 16:54:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/01 16:54:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/01 12:03:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/06/29 17:32:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/03/29 17:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/24 09:16:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/19 15:44:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/03 21:03:17 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/03/02 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BufferZone
[2011/10/24 09:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\Aim
[2013/01/06 14:18:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\GoforFiles
[2012/04/01 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\LimeWire
[2012/03/29 17:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\PC Cleaners
[2012/07/15 14:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\PCPro
[2013/01/15 01:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\Spotify

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis default scan log.

Also using HijackThis, please do this:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## mculls (Apr 30, 2007)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:50:08 PM, on 7/5/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3884 bytes


----------



## mculls (Apr 30, 2007)

2nd request

Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.5
Adobe Shockwave Player
CCleaner
Conexant D850 56K V.9x DFVc Modem
Google Update Helper
HiJackThis
Hotfix for Windows XP (KB2756822)
Intel(R) Extreme Graphics Driver
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Pro Studio, Dell Editon
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2000 Professional
Microsoft Security Client
Mozilla Firefox (1.5) [BufferZone]
Revo Uninstaller 1.93
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978037)
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2736233)
Update for Windows XP (KB900485)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Service Pack 3


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:files
C:\Documents and Settings\thomas cozier\Application Data\GoforFiles
C:\Documents and Settings\thomas cozier\Application Data\PC Cleaners
C:\Documents and Settings\thomas cozier\Application Data\PCPro
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## mculls (Apr 30, 2007)

OTL logfile created on: 7/5/2013 7:21:59 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 124.06 Mb Available Physical Memory | 24.33% Memory free
1.38 Gb Paging File | 1.00 Gb Available in Paging File | 72.49% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.62 Gb Free Space | 58.05% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/14 21:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/10 17:46:48 | 000,709,992 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2005/09/23 23:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/06/22 12:31:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/04/10 17:46:48 | 001,966,696 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\plugins

[2012/07/24 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions
[2007/09/27 17:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\extensions
[2006/03/03 21:05:24 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png.virtual.lnk
[2006/03/03 21:05:14 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png.virtual.lnk
[2006/03/03 21:05:21 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif.virtual.lnk
[2006/03/03 21:05:21 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src.virtual.lnk
[2006/03/03 21:05:24 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif.virtual.lnk
[2006/03/03 21:05:22 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src.virtual.lnk
[2006/03/03 21:05:15 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-1.new.virtual.lnk
[2006/03/03 21:05:22 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif.virtual.lnk
[2006/03/03 21:05:14 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src.virtual.lnk

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/10 10:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/05 13:57:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/05 13:53:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/04 16:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/03 19:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/07/03 17:13:49 | 000,000,000 | ---D | C] -- C:\found.004
[2013/07/03 16:39:28 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/07/03 10:15:27 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 19:29:36 | 005,085,735 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/02 18:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/07/02 14:53:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 10:16:33 | 001,372,429 | ---- | C] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/07/01 19:12:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/01 16:54:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/01 16:54:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/01 16:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/01 16:54:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/01 13:45:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/01 13:45:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/07/01 13:45:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\Administrative Tools
[2013/07/01 13:45:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/01 13:01:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\HiJackThis
[2013/06/29 17:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/26 12:41:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\thomas cozier\Recent
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/06/22 11:43:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2013/07/05 19:31:22 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/05 19:28:52 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/05 19:28:47 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/07/05 19:19:17 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/05 19:19:10 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/05 19:18:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/05 19:00:03 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/05 18:53:21 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/04 15:26:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/03 19:02:38 | 005,085,735 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/03 10:15:28 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 18:57:04 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | M] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:54:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 14:17:38 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:30 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/02 10:16:35 | 001,372,429 | ---- | M] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:39 | 534,872,064 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/07/01 19:12:57 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/06/30 16:54:44 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/06/29 17:32:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:22:40 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/06/25 12:06:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2013/07/04 15:26:40 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/02 18:56:31 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | C] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:17:25 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:08 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/01 19:12:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/01 19:12:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/01 16:54:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/01 16:54:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/01 16:54:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/01 16:54:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/01 16:54:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/01 12:03:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/06/29 17:32:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/03/29 17:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/24 09:16:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/19 15:44:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/03 21:03:17 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/03/02 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BufferZone
[2011/10/24 09:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\Aim
[2012/04/01 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\LimeWire
[2013/01/15 01:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\Spotify

========== Purity Check ==========

< End of report >


----------



## mculls (Apr 30, 2007)

Facebook seems to be the only site giving me major issues-painfully slow and hungapp when I try to leave--otherwise things are running smooth-could that one site be infected somehow?


----------



## Cookiegal (Aug 27, 2003)

It's possible a page is compromised but is that when logging out of your account?


----------



## mculls (Apr 30, 2007)

no-


----------



## Cookiegal (Aug 27, 2003)

Try logging out of your Facebook account and then run the following program:

Please download *TFC* by OldTimer to your desktop.

Double-click *TFC.exe* to run it. (If you are running Vista then right-click on the file and select *Run As Administrator*).
*Note: It will close all programs when you run it so make sure you have saved everything you may have been working on before you begin.*
Click the *Start* button to begin the process. It should only take a short time so let it run uninterrupted until it's finished. 
When it's finished it should reboot your machine. If it doesn't then please reboot manually to be sure everything is cleared.

After the reboot let me know if there's any difference when you log back into Facebook.


----------



## mculls (Apr 30, 2007)

no difference, still hungapp----also getting more frequent ---Windows-virtual memory minimum too low----Your system is low on virtual memory.....alerts


----------



## Cookiegal (Aug 27, 2003)

Please go to *Start * *Run *- type *msconfig*  click OK and click on the *startup tab*. Uncheck everything there except for your anti-virus program. Then reboot and let me know if the problem persists please.


----------



## mculls (Apr 30, 2007)

Unfortunately, no great improvement, still slow ----how about I get rid of some unneeded junk like AOL I never use?


----------



## Cookiegal (Aug 27, 2003)

You really need to add more RAM to the system. I would do that before we do anything else. We've downloaded some programs and the system probably can't handle it.

You could go through Add or Remove programs and uninstall anything you no longer use.

Are you regularly clearing out Temporary File and Temporary Internet Files?


----------



## mculls (Apr 30, 2007)

yes, any way to find these and remove them?

Error Signature
SZ AppName: iexplore.exe
SZ AppVer: 8.0.6001.18702
SZ ModName: hungapp

Error Report Contents
C:\Docume~1\Thomas~1\Locals~1\Temp\WERcdc2.dir00\iexplore.exe.mdmp
C:\Docume~1\Thomas~1\Locals~1\Temp\WERcdc2.dir00\appcompat.txt


----------



## Cookiegal (Aug 27, 2003)

What do you mean? Those are insignificant.


----------



## mculls (Apr 30, 2007)

Thought those are causing hungapp?


----------



## Cookiegal (Aug 27, 2003)

It's just an error from the Event Viewer showing that Internet Explorer hung at some point.

Have you tried another browser like Firefox as a test to see if the same problem exists with Facebook? If not, please do so.


----------



## mculls (Apr 30, 2007)

Can you tell if I have any parts of Windows 8 installed? and if so, should I remove?

I used to have Mozilla Firefox, do I need to reinstall? Which version do you recommend? Thank you for all your assistance. My condolences to the people of Quebec.


----------



## Cookiegal (Aug 27, 2003)

mculls said:


> My condolences to the people of Quebec.


Thank you. It's a terrible tragedy with 13 confirmed dead but that will undoubtedly rise as many are still unaccounted for.


----------



## Cookiegal (Aug 27, 2003)

> Can you tell if I have any parts of Windows 8 installed? and if so, should I remove?


I'm not sure I understand the question. Windows 8 is an operating system and you can't have parts of it installed. If Windows 8 was installed it would have to be a separate partition and you would have the option of booting to either operating system on startup.


> I used to have Mozilla Firefox, do I need to reinstall? Which version do you recommend?


Yes, if it's not showing in your Add or Remove Programs in the Control Panel (it would appear as Mozilla Firefox) then you'll have to reinstall. You should get the latest version which is 22.0.


----------



## mculls (Apr 30, 2007)

Reinstalled Firefox-so far, so good--Facebook running properly----any way to switch over a favorites list or do you have to do it all manually? Thanks again for your help--you're very good----

Firefox also telling me I need upgrade adobe flash? I thought I had necessary adobe already


----------



## Cookiegal (Aug 27, 2003)

Yes, Adobe Flash just had a new update so you should install it.

That's good that Firefox works so it means there's a problem with IE.

Please try running IE with no addons. To do that, right-click the IE icon on your desktop (nt the one in the quick launch) and select "Start Without Add-ons". Let me know if Facebook works better that way.


----------



## mculls (Apr 30, 2007)

Having trouble upgrading--I already have adobe reader 7.0 which is 64 mbs-also adobe flashplayer 11 activex-Do I need to do anything with these? Uninstall first?


----------



## mculls (Apr 30, 2007)

never mind, got it to work!


----------



## Cookiegal (Aug 27, 2003)

OK, have you tried running Internet Explorer with no add-ons?


----------



## mculls (Apr 30, 2007)

not yet, having too much fun with Firefox--alot faster


----------



## Cookiegal (Aug 27, 2003)

Firefox is my browser of choice but I have to admit it took me a long time to convert from Internet Explorer. 

Let me know when you get a chance to try IE without any add-ons. We really should get it fixed even if you continue to use Firefox, if we can.


----------



## mculls (Apr 30, 2007)

Will do---


----------



## mculls (Apr 30, 2007)

Started IE like instructed, facebook still has problems--other sites no problems


----------



## Cookiegal (Aug 27, 2003)

Please run DDS again and post only the dds.txt log.


----------



## mculls (Apr 30, 2007)

what's DDS? Don't see it in desktop?


----------



## Cookiegal (Aug 27, 2003)

It should still be there as we've used it before. But if not, you can redownload it. In this case post both logs.

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the *dds.scr* file to run the program.

It will automatically run in silent mode and then you will see the following note:

*"Two logs shall be created on your Desktop".*

The logs will be named *dds.txt* and *attach.txt*.

Wait until the logs appear and then copy and paste their contents in your post.


----------



## mculls (Apr 30, 2007)

This is why I asked about Windows 8-because I see some references too it below

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by thomas cozier at 11:49:23 on 2013-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.158 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1319477025562
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\thomas cozier\application data\mozilla\firefox\profiles\0gx49u0o.default\
FF - plugin: c:\program files\google\update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
.
=============== Created Last 30 ================
.
2013-07-11 12:44:45	7068072	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{95e62cab-5896-446c-ac8f-beb4530109e0}\mpengine.dll
2013-07-09 21:06:07	7068072	------w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-09 19:43:15	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2013-07-05 17:57:56	--------	d-----w-	C:\_OTL
2013-07-03 21:13:49	--------	d-----w-	C:\found.004
2013-07-03 20:39:28	--------	d-----w-	C:\_OTS
2013-07-01 23:12:35	--------	d-sha-r-	C:\cmdcons
2013-07-01 20:54:17	256000	----a-w-	c:\windows\PEV.exe
2013-07-01 20:54:17	208896	----a-w-	c:\windows\MBR.exe
2013-07-01 20:54:16	98816	----a-w-	c:\windows\sed.exe
2013-07-01 17:01:57	--------	d-----w-	C:\FRST
2013-07-01 16:03:09	388096	----a-r-	c:\documents and settings\thomas cozier\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-01 16:03:09	--------	d-----w-	c:\program files\Trend Micro
2013-06-29 21:32:53	--------	d-----w-	c:\documents and settings\thomas cozier\application data\SUPERAntiSpyware.com
2013-06-29 21:32:32	--------	d-----w-	c:\program files\SUPERAntiSpyware
2013-06-29 21:32:32	--------	d-----w-	c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-06-22 15:48:15	--------	d-----w-	c:\windows\system32\wbem\repository\FS
2013-06-22 15:48:15	--------	d-----w-	c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2013-07-09 21:11:47	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-09 21:11:47	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-08 03:55:44	385024	----a-w-	c:\windows\system32\html.iec
2013-06-07 21:56:06	920064	----a-w-	c:\windows\system32\wininet.dll
2013-06-07 21:56:06	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02	562688	----a-w-	c:\windows\system32\qedit.dll
2013-06-04 01:40:45	1876736	----a-w-	c:\windows\system32\win32k.sys
2013-05-10 16:43:16	1696256	----a-w-	c:\windows\system32\wmv9vcm.dll
2013-05-03 01:26:26	2193536	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18	2070144	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-25 06:46:38	868528	----a-w-	c:\windows\system32\wmvdmod.dll
2013-04-16 22:17:15	920064	----a-w-	c:\windows\system32\wininet(5).dll
2013-04-16 22:17:15	1215488	----a-w-	c:\windows\system32\urlmon(5).dll
2013-04-16 22:17:15	105984	----a-w-	c:\windows\system32\url(5).dll
.
============= FINISH: 11:52:30.35 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2007 6:15:33 PM
System Uptime: 7/11/2013 9:32:38 AM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 21.902 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP276: 4/21/2013 12:34:42 PM - Software Distribution Service 3.0
RP277: 4/22/2013 12:35:11 PM - Software Distribution Service 3.0
RP278: 4/23/2013 12:35:59 PM - Software Distribution Service 3.0
RP279: 4/24/2013 12:35:35 PM - Software Distribution Service 3.0
RP280: 4/25/2013 12:35:14 PM - Software Distribution Service 3.0
RP281: 4/26/2013 12:35:36 PM - Software Distribution Service 3.0
RP282: 4/27/2013 12:52:01 PM - System Checkpoint
RP283: 4/27/2013 2:08:05 PM - Software Distribution Service 3.0
RP284: 4/28/2013 1:45:51 AM - Software Distribution Service 3.0
RP285: 4/28/2013 2:07:59 PM - Software Distribution Service 3.0
RP286: 4/29/2013 2:08:50 PM - System Checkpoint
RP287: 4/30/2013 10:16:12 AM - Software Distribution Service 3.0
RP288: 5/1/2013 10:18:09 AM - Software Distribution Service 3.0
RP289: 5/1/2013 6:29:26 PM - Revo Uninstaller's restore point - Microsoft Security Essentials
RP290: 5/2/2013 9:42:02 AM - Restore Operation
RP291: 5/3/2013 10:36:09 AM - System Checkpoint
RP292: 5/4/2013 11:29:56 AM - System Checkpoint
RP293: 5/5/2013 11:24:48 AM - Installed Microsoft Fix it 50692
RP294: 5/6/2013 12:10:45 PM - System Checkpoint
RP295: 5/7/2013 12:50:21 PM - System Checkpoint
RP296: 5/8/2013 1:06:00 PM - System Checkpoint
RP297: 5/9/2013 1:46:17 PM - System Checkpoint
RP298: 5/10/2013 2:28:22 PM - System Checkpoint
RP299: 5/11/2013 4:09:33 PM - System Checkpoint
RP300: 5/12/2013 4:57:23 PM - System Checkpoint
RP301: 5/13/2013 6:00:16 PM - System Checkpoint
RP302: 5/14/2013 7:06:21 PM - System Checkpoint
RP303: 5/14/2013 9:44:22 PM - Software Distribution Service 3.0
RP304: 5/15/2013 9:58:52 PM - System Checkpoint
RP305: 5/16/2013 10:35:10 PM - System Checkpoint
RP306: 5/17/2013 10:37:24 PM - System Checkpoint
RP307: 5/18/2013 11:37:25 PM - System Checkpoint
RP308: 5/19/2013 11:56:12 PM - System Checkpoint
RP309: 5/21/2013 12:23:32 AM - System Checkpoint
RP310: 5/22/2013 12:40:06 AM - System Checkpoint
RP311: 5/23/2013 1:23:34 AM - System Checkpoint
RP312: 5/24/2013 2:22:31 AM - System Checkpoint
RP313: 5/25/2013 3:22:29 AM - System Checkpoint
RP314: 5/26/2013 4:22:29 AM - System Checkpoint
RP315: 5/27/2013 5:22:29 AM - System Checkpoint
RP316: 5/28/2013 11:56:48 AM - System Checkpoint
RP317: 5/29/2013 12:15:34 PM - System Checkpoint
RP318: 5/30/2013 1:07:23 PM - System Checkpoint
RP319: 5/31/2013 1:49:02 PM - System Checkpoint
RP320: 6/1/2013 2:54:52 PM - System Checkpoint
RP321: 6/2/2013 4:23:09 PM - System Checkpoint
RP322: 6/3/2013 6:02:56 PM - System Checkpoint
RP323: 6/4/2013 8:13:05 PM - System Checkpoint
RP324: 6/5/2013 8:13:57 PM - System Checkpoint
RP325: 6/6/2013 8:52:02 PM - System Checkpoint
RP326: 6/7/2013 9:50:49 PM - System Checkpoint
RP327: 6/8/2013 9:51:55 PM - System Checkpoint
RP328: 6/9/2013 10:42:58 PM - System Checkpoint
RP329: 6/10/2013 10:43:15 PM - System Checkpoint
RP330: 6/11/2013 10:51:05 PM - System Checkpoint
RP331: 6/12/2013 12:00:21 PM - Software Distribution Service 3.0
RP332: 6/13/2013 12:25:57 PM - System Checkpoint
RP333: 6/14/2013 1:53:58 PM - System Checkpoint
RP334: 6/15/2013 2:58:58 PM - System Checkpoint
RP335: 6/16/2013 3:11:46 PM - System Checkpoint
RP336: 6/17/2013 3:19:58 PM - System Checkpoint
RP337: 6/18/2013 3:31:43 PM - System Checkpoint
RP338: 6/19/2013 5:50:16 PM - System Checkpoint
RP339: 6/20/2013 6:23:18 PM - System Checkpoint
RP340: 6/21/2013 8:05:42 PM - System Checkpoint
RP341: 6/22/2013 11:44:43 AM - Restore Operation
RP342: 6/23/2013 2:59:20 PM - System Checkpoint
RP343: 6/25/2013 12:00:19 PM - Software Distribution Service 3.0
RP344: 6/27/2013 12:31:48 AM - System Checkpoint
RP345: 6/28/2013 10:20:33 AM - System Checkpoint
RP346: 6/29/2013 12:53:57 PM - System Checkpoint
RP347: 6/30/2013 2:13:56 PM - System Checkpoint
RP348: 7/1/2013 12:03:07 PM - Installed HiJackThis
RP349: 7/2/2013 11:56:30 AM - Software Distribution Service 3.0
RP350: 7/3/2013 12:26:15 PM - System Checkpoint
RP351: 7/3/2013 5:05:54 PM - Software Distribution Service 3.0
RP352: 7/4/2013 5:43:24 PM - System Checkpoint
RP353: 7/4/2013 7:41:58 PM - Software Distribution Service 3.0
RP354: 7/5/2013 8:32:16 PM - System Checkpoint
RP355: 7/6/2013 8:24:59 AM - Software Distribution Service 3.0
RP356: 7/7/2013 1:37:11 AM - Software Distribution Service 3.0
RP357: 7/7/2013 8:17:31 AM - Software Distribution Service 3.0
RP358: 7/8/2013 8:41:09 AM - System Checkpoint
RP359: 7/8/2013 10:19:22 AM - Software Distribution Service 3.0
RP360: 7/9/2013 11:19:23 AM - System Checkpoint
RP361: 7/9/2013 1:22:53 PM - Software Distribution Service 3.0
RP362: 7/10/2013 8:15:25 AM - Software Distribution Service 3.0
RP363: 7/11/2013 8:44:39 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0.5
Adobe Shockwave Player
CCleaner
Conexant D850 56K V.9x DFVc Modem
Google Update Helper
HiJackThis
Hotfix for Windows XP (KB2756822)
Intel(R) Extreme Graphics Driver
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Pro Studio, Dell Editon
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Application Error Reporting
Microsoft Office 2000 Professional
Microsoft Security Client
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Revo Uninstaller 1.93
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834902)
Security Update for Windows Media Player (KB2845142)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978037)
Spotify
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2736233)
Update for Windows XP (KB900485)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/7/2013 3:46:42 PM, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/7/2013 3:46:42 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
.
==== End Of File ===========================


----------



## Cookiegal (Aug 27, 2003)

Are you referring to this?

Internet Explorer: 8.0.6001.18702

Internet Explorer 8 is a browser whereas Windows 8 is an operating system (you have XP).

In Internet Explorer, go to Tools - Internet Options - Security Tab - highlight Restricted Sites and then click on sites and check the list to make sure Facebook.com is not mentioned there.

Then click on the Privacy tab and let me know what your settings say there at the top.


----------



## mculls (Apr 30, 2007)

Facebook is not there---privacy is on medium setting--pop up blocker is turned on and disable toolbars and extensions is checked


----------



## Cookiegal (Aug 27, 2003)

In IE8 click on *Tools *- *Compatibility View Settings*. Are there any sites listed there and if so is Facebook one of them?

Also, which boxes at the bottom of that box are checked?


----------



## mculls (Apr 30, 2007)

one site, moonbattery.com is listed and i don't know why--

display Intranet sites in compatibility view is checked


----------



## Cookiegal (Aug 27, 2003)

I would remove that site from that list.

I think at this point it might be worth a try to reset Internet Explorer to default settings. Here's an article from MS explaining how to do it (you can use their FixIt button or do it manually) but also what gets kept and what gets deleted so you know before you decide whether or not you want to try this.

http://windows.microsoft.com/en-ca/windows-vista/reset-internet-explorer-8-settings


----------



## mculls (Apr 30, 2007)

I'll look into it and let you know----


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.


----------



## mculls (Apr 30, 2007)

followed your instructions--things going well so far, facebook still a little slower than Firefox but no hungapps--thank you


----------



## Cookiegal (Aug 27, 2003)

Great. Why don't you run it for a couple of days and report back how things are. Then if all is OK, I will have some final instructions for you.


----------



## mculls (Apr 30, 2007)

Hi, seems to be going well-no hung app issues when sites move slow, system fixes itself?


----------



## mculls (Apr 30, 2007)

To clarify, actually sometimes the computer does get "stuck" for a bit to the point where I have to reboot the computer because I have a lack of patience


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again and this time at the top expand the "file date" part and select 60 days instead of the default 30 days and post the new log.


----------



## mculls (Apr 30, 2007)

OTL logfile created on: 7/18/2013 12:48:32 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 251.29 Mb Available Physical Memory | 49.27% Memory free
1.38 Gb Paging File | 0.97 Gb Available in Paging File | 70.53% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.91 Gb Free Space | 58.82% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/07/09 17:11:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 10:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/04/10 17:46:48 | 001,966,696 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/03/03 21:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/03/03 21:05:12 | 000,000,000 | ---D | M]

[2012/07/24 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions
[2007/09/27 17:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\extensions
[2013/07/09 15:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/09 15:42:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/03/03 21:05:24 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png.virtual.lnk
[2006/03/03 21:05:14 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png.virtual.lnk
[2006/03/03 21:05:21 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif.virtual.lnk
[2006/03/03 21:05:21 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src.virtual.lnk
[2006/03/03 21:05:24 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif.virtual.lnk
[2006/03/03 21:05:22 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src.virtual.lnk
[2006/03/03 21:05:15 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-1.new.virtual.lnk
[2006/03/03 21:05:22 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif.virtual.lnk
[2006/03/03 21:05:14 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src.virtual.lnk

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/10 10:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 60 Days ==========

[2013/07/11 11:48:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\dds.scr
[2013/07/09 15:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\My Documents\Downloads
[2013/07/09 15:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/09 15:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/07/09 15:39:41 | 000,280,136 | ---- | C] (Mozilla) -- C:\Documents and Settings\thomas cozier\Desktop\Firefox Setup Stub 22.0.exe
[2013/07/08 13:32:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\thomas cozier\Recent
[2013/07/07 15:45:03 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\TFC.exe
[2013/07/05 13:57:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/05 13:53:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/04 16:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/03 19:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/07/03 17:13:49 | 000,000,000 | ---D | C] -- C:\found.004
[2013/07/03 16:39:28 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/07/03 10:15:27 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 19:29:36 | 005,085,735 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/02 18:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/07/02 14:53:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 10:16:33 | 001,372,429 | ---- | C] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/07/01 19:12:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/01 16:54:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/01 16:54:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/01 16:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/01 16:54:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/01 13:45:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/01 13:45:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/07/01 13:45:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\Administrative Tools
[2013/07/01 13:45:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/01 13:01:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\HiJackThis
[2013/06/29 17:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/06/22 11:43:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 60 Days ==========

[2013/07/18 12:37:00 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/18 12:36:38 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/07/18 12:31:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/18 12:27:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/18 12:27:26 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/18 12:27:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/18 12:26:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/18 12:05:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/11 11:49:04 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\dds.scr
[2013/07/10 08:29:08 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 08:27:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/09 17:11:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/09 17:11:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/09 15:43:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/09 15:39:53 | 000,280,136 | ---- | M] (Mozilla) -- C:\Documents and Settings\thomas cozier\Desktop\Firefox Setup Stub 22.0.exe
[2013/07/07 15:45:18 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\TFC.exe
[2013/07/05 18:53:21 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/04 15:26:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/03 19:02:38 | 005,085,735 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/03 10:15:28 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 18:57:04 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | M] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:54:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 14:17:38 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:30 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/02 10:16:35 | 001,372,429 | ---- | M] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/06/30 16:54:44 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/06/29 17:32:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/07 23:55:44 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/06/07 17:56:06 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/06/07 17:56:06 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/06/07 17:56:06 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/06/07 17:56:06 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/06/07 17:56:06 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/06/07 17:56:06 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/06/07 17:56:06 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/06/07 17:56:06 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/06/07 17:56:06 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/06/07 17:56:06 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/06/07 17:56:06 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/06/07 17:56:06 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/06/07 17:56:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/06/07 17:56:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/06/07 17:56:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/06/07 17:56:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/06/07 17:56:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/06/07 17:56:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/06/07 17:56:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/06/07 17:56:05 | 011,112,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/06/07 17:56:05 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/06/07 17:56:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/06/07 17:56:05 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/06/07 17:56:05 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/06/07 17:56:05 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/06/07 17:56:05 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/06/07 17:56:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/06/07 17:56:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/06/07 14:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/06/07 14:26:09 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/06/04 03:23:02 | 000,562,688 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2013/06/03 21:40:45 | 001,876,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2013/06/03 21:40:45 | 001,876,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2013/05/24 09:30:22 | 000,108,691 | ---- | M] () -- C:\Documents and Settings\thomas cozier\My Documents\lisagrossman1.jpg

========== Files Created - No Company Name ==========

[2013/07/10 08:17:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/07/09 15:43:24 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/04 15:26:40 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/02 18:56:31 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | C] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:17:25 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:08 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/01 19:12:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/01 19:12:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/01 16:54:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/01 16:54:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/01 16:54:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/01 16:54:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/01 16:54:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/01 12:03:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/06/29 17:32:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2013/06/04 03:23:02 | 000,562,688 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2013/05/24 09:30:21 | 000,108,691 | ---- | C] () -- C:\Documents and Settings\thomas cozier\My Documents\lisagrossman1.jpg
[2012/03/29 17:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/24 09:16:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/19 15:44:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/03 21:03:17 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Do you recognize these Firefox search plugins as something you've added or customized?

[2006/03/03 21:05:24 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png.virtual.lnk
[2006/03/03 21:05:14 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png.virtual.lnk
[2006/03/03 21:05:21 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif.virtual.lnk
[2006/03/03 21:05:21 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src.virtual.lnk
[2006/03/03 21:05:24 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif.virtual.lnk
[2006/03/03 21:05:22 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src.virtual.lnk
[2006/03/03 21:05:15 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-1.new.virtual.lnk
[2006/03/03 21:05:22 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif.virtual.lnk
[2006/03/03 21:05:14 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src.virtual.lnk

The reason I ask is because then generally don't have virtual.lnk after them but I hesitate to remove them without asking.


----------



## mculls (Apr 30, 2007)

no, do not recognize


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again. Under the *Custom Scans/Fixes* box at the bottom paste in the following:


```
:OTL
[2006/03/03 21:05:24 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png.virtual.lnk
[2006/03/03 21:05:14 | 000,002,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png.virtual.lnk
[2006/03/03 21:05:21 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png.virtual.lnk
[2006/03/03 21:05:23 | 000,002,177 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src.virtual.lnk
[2006/03/03 21:05:14 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif.virtual.lnk
[2006/03/03 21:05:21 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src.virtual.lnk
[2006/03/03 21:05:24 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif.virtual.lnk
[2006/03/03 21:05:22 | 000,002,094 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src.virtual.lnk
[2006/03/03 21:05:15 | 000,002,103 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-1.new.virtual.lnk
[2006/03/03 21:05:22 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif.virtual.lnk
[2006/03/03 21:05:14 | 000,002,083 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src.virtual.lnk
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


----------



## mculls (Apr 30, 2007)

OTL logfile created on: 7/18/2013 6:12:06 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 131.59 Mb Available Physical Memory | 25.80% Memory free
1.38 Gb Paging File | 1.00 Gb Available in Paging File | 72.53% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 22.21 Gb Free Space | 59.63% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/07/09 17:11:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 10:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/04/10 17:46:48 | 001,966,696 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/03/03 21:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/03/03 21:05:12 | 000,000,000 | ---D | M]

[2012/07/24 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions
[2007/09/27 17:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\extensions
[2013/07/09 15:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/09 15:42:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/10 10:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/11 11:48:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\dds.scr
[2013/07/09 15:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\My Documents\Downloads
[2013/07/09 15:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/09 15:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/07/08 13:32:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\thomas cozier\Recent
[2013/07/07 15:45:03 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\TFC.exe
[2013/07/05 13:57:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/05 13:53:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/04 16:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/03 19:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/07/03 17:13:49 | 000,000,000 | ---D | C] -- C:\found.004
[2013/07/03 16:39:28 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/07/03 10:15:27 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 19:29:36 | 005,085,735 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/02 18:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/07/02 14:53:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 10:16:33 | 001,372,429 | ---- | C] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/07/01 19:12:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/01 16:54:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/01 16:54:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/01 16:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/01 16:54:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/01 13:45:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/01 13:45:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/07/01 13:45:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\Administrative Tools
[2013/07/01 13:45:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/01 13:01:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\HiJackThis
[2013/06/29 17:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/06/22 11:43:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2013/07/18 18:19:19 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/18 18:19:04 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/07/18 18:10:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/18 18:09:48 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/18 18:09:32 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/18 18:08:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/18 18:05:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/18 17:31:19 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/11 11:49:04 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\dds.scr
[2013/07/10 08:29:08 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 08:27:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/09 15:43:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/07 15:45:18 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\TFC.exe
[2013/07/05 18:53:21 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/04 15:26:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/03 19:02:38 | 005,085,735 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/03 10:15:28 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 18:57:04 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | M] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:54:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 14:17:38 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:30 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/02 10:16:35 | 001,372,429 | ---- | M] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/06/30 16:54:44 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/06/29 17:32:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2013/07/10 08:17:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/07/09 15:43:24 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/04 15:26:40 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/02 18:56:31 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | C] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:17:25 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:08 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/01 19:12:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/01 19:12:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/01 16:54:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/01 16:54:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/01 16:54:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/01 16:54:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/01 16:54:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/01 12:03:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/06/29 17:32:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/03/29 17:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/24 09:16:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/19 15:44:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/03 21:03:17 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/03/02 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BufferZone
[2011/10/24 09:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\Aim
[2012/04/01 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\LimeWire
[2013/01/15 01:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\Spotify

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please run OTL again with this script. For some reason this entry didn't get fixed.


```
:OTL
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
```


----------



## mculls (Apr 30, 2007)

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 07182013_191318


----------



## Cookiegal (Aug 27, 2003)

Can you please run OTL one more time and post the log so I can see if that entry got removed?


----------



## mculls (Apr 30, 2007)

OTL logfile created on: 7/18/2013 8:04:35 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 282.57 Mb Available Physical Memory | 55.41% Memory free
1.38 Gb Paging File | 1.00 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 22.15 Gb Free Space | 59.47% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/07/09 17:11:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 10:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/04/10 17:46:48 | 001,966,696 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/03/03 21:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/03/03 21:05:12 | 000,000,000 | ---D | M]

[2012/07/24 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions
[2007/09/27 17:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\extensions
[2013/07/09 15:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/09 15:42:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/10 10:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/11 11:48:38 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\dds.scr
[2013/07/09 15:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\My Documents\Downloads
[2013/07/09 15:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/07/09 15:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/07/08 13:32:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\thomas cozier\Recent
[2013/07/07 15:45:03 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\TFC.exe
[2013/07/05 13:57:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/05 13:53:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/04 16:15:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/03 19:40:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/07/03 17:13:49 | 000,000,000 | ---D | C] -- C:\found.004
[2013/07/03 16:39:28 | 000,000,000 | ---D | C] -- C:\_OTS
[2013/07/03 10:15:27 | 000,646,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 19:29:36 | 005,085,735 | R--- | C] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/02 18:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\CC Support
[2013/07/02 14:53:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 10:16:33 | 001,372,429 | ---- | C] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/07/01 20:00:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/07/01 19:12:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/07/01 16:54:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/07/01 16:54:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/07/01 16:54:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/07/01 16:54:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/07/01 13:45:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/01 13:45:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2013/07/01 13:45:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\Administrative Tools
[2013/07/01 13:45:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/07/01 13:01:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/07/01 12:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Start Menu\Programs\HiJackThis
[2013/06/29 17:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thomas cozier\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/06/29 17:32:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/06/22 11:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/06/22 11:43:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

========== Files - Modified Within 30 Days ==========

[2013/07/18 20:05:05 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/18 20:05:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/18 19:43:00 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/07/18 19:31:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/18 18:19:19 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/18 18:10:02 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/07/18 18:09:48 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/18 18:08:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/11 11:49:04 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\dds.scr
[2013/07/10 08:29:08 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/10 08:27:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/09 15:43:25 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/07 15:45:18 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\TFC.exe
[2013/07/05 18:53:21 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/07/04 16:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTL.exe
[2013/07/04 15:26:57 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/03 19:02:38 | 005,085,735 | R--- | M] (Swearware) -- C:\Documents and Settings\thomas cozier\Desktop\puppy.exe
[2013/07/03 10:15:28 | 000,646,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\Desktop\OTS.exe
[2013/07/02 18:57:04 | 004,009,167 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | M] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:54:11 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\thomas cozier\Desktop\JRT.exe
[2013/07/02 14:17:38 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:30 | 000,648,201 | ---- | M] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/02 10:16:35 | 001,372,429 | ---- | M] (Farbar) -- C:\Documents and Settings\thomas cozier\Desktop\FRST.exe
[2013/06/30 16:54:44 | 000,001,954 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/06/29 17:32:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI

========== Files Created - No Company Name ==========

[2013/07/10 08:17:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/07/09 15:43:24 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/07/09 15:43:18 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/07/04 15:26:40 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\thomas cozier\Desktop\VEW.exe
[2013/07/02 18:56:31 | 004,009,167 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\ServicesRepair.exe
[2013/07/02 16:47:30 | 010,731,624 | ---- | C] () -- C:\Documents and Settings\thomas cozier\My Documents\registrybackup.reg
[2013/07/02 14:17:25 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\Norton_Removal_Tool.exe
[2013/07/02 13:24:08 | 000,648,201 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\AdwCleaner.exe
[2013/07/01 19:12:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/07/01 19:12:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/07/01 16:54:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/07/01 16:54:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/07/01 16:54:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/07/01 16:54:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/07/01 16:54:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/07/01 12:03:09 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Desktop\HiJackThis.lnk
[2013/06/29 17:32:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/06/25 12:06:09 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/03/29 17:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/24 09:16:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/19 15:44:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/03 21:03:17 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/03/02 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BufferZone
[2011/10/24 09:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\Aim
[2012/04/01 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\LimeWire
[2013/01/15 01:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\thomas cozier\Application Data\Spotify

========== Purity Check ==========

< End of report >


----------



## Cookiegal (Aug 27, 2003)

I'd like you to export the following registry key please.

Please go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## mculls (Apr 30, 2007)

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\domains\ ]
"msn"=dword:00000000


----------



## Cookiegal (Aug 27, 2003)

OK that entry isn't causing any problems so there's no need to remove it.

The only other thing I can think to say is that you need to add at least another 512 of RAM. Running XP on only 512 will indeed affect the performance.


----------



## mculls (Apr 30, 2007)

ok---recommendations? cost and instillation?


----------



## Cookiegal (Aug 27, 2003)

I know your computer is a Dell but can you tell me what the model is?

Hardware is not my specialty but I'll ask one of our Trusted Advisors to help you on choosing the correct RAM.

RAM is pretty cheap BTW so it won't be a great expense and will be well worth it.


----------



## mculls (Apr 30, 2007)

I believe it is a Dell Intel pentium


----------



## Cookiegal (Aug 27, 2003)

Need more than that. The model name should be on the case.

Flavallee guessed it was a Dimenson 2400 but your computer specs say a Dimension v350. Can you confirm that it's v350?


----------



## mculls (Apr 30, 2007)

its a Dimension 2400--Flavalee guessed correctly ha ha


----------



## Cookiegal (Aug 27, 2003)

Thanks.


----------



## flavallee (May 12, 2002)

The *Dell Dimension 2400* desktop has 2 slots and supports up to 2 GB of RAM - up to 1 GB in each slot.

It uses 184-pin DDR PC2700(DDR333), 2.5 volt, CL=2.5, unbuffered, non-ECC modules.

Here are links to the 2 GB(1 GB X 2) matching set of 1 GB modules for it:

http://www.crucial.com/store/partspecs.aspx?IMODULE=CT2KIT12864Z335

http://www.newegg.com/Product/Product.aspx?Item=N82E16820148089

Increasing the RAM in that desktop from its current 512 MB to 2 GB(2048 MB) will noticably improve its speed and performance, especially when memory-hungry functions are being done.

---------------------------------------------------------


----------



## mculls (Apr 30, 2007)

ok, thanks---


----------



## Cookiegal (Aug 27, 2003)

Let us know how things are after you install some additional RAM please.


----------



## mculls (Apr 30, 2007)

will do--should I keep all those tools you suggested?


----------



## Cookiegal (Aug 27, 2003)

Here are some final instructions for you.

As with any infection, I recommend that you change all passwords for logging into to sites that you use on your computer as a precaution.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *ComboFix /uninstall* in the runbox and click *OK*. Note the *space* between the *X* and the */uninstall*, it needs to be there.









Please open OTL again and click on the button that says "CleanUp" at the top. This will remove some of the tools we've used and will also uninstall the OTS program.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.


----------



## mculls (Apr 30, 2007)

followed your instructions--things working well--thank you


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## mculls (Apr 30, 2007)

You do a great job-thanks again


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------



## mculls (Apr 30, 2007)

Hi Cookiegal--while checking my microsoft security essentials, I discovered that it detected trojan js/blacoleref.dd three days ago-I removed it---anything else i should do?

Thanks


----------



## Cookiegal (Aug 27, 2003)

I need to know the name of the file and the entire path to it please.


----------



## mculls (Apr 30, 2007)

how?


----------



## Cookiegal (Aug 27, 2003)

I believe in MSE there's something called History where you will see the quarantined files.


----------



## mculls (Apr 30, 2007)

I removed it-but this morning MSE detected this: rogue JS/fake alert


----------



## Cookiegal (Aug 27, 2003)

What do you mean you removed it, you emptied the quarantine?

Open MSE and click on the History tab then select the Quarantined Items and let me know what is listed there.


----------



## mculls (Apr 30, 2007)

yes, I removed them from quarantine-is that wrong? If so, did not realize


----------



## Cookiegal (Aug 27, 2003)

Yes because I can't know where they were located or what the file names were.

Please download *OTL* to your Desktop. 

Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long. 
When the scan completes, it will open two Notepad windows called *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy and paste the contents of both of these files here in your next reply.


----------



## mculls (Apr 30, 2007)

ok, before I do that--it appeared again--hope this helps:

trojan JS/blacoleref.dd

file:C:\Documents and Settings\thomas cozier\Local Settings\Temporary Internet Files\Content.IE5\A1BGRO77\piqhost_com[1].txt


----------



## Cookiegal (Aug 27, 2003)

That's in your Temporary Internet files. Please do the following as well. You can do this after running OTL.

Please download *TFC* by OldTimer to your desktop.

Double-click *TFC.exe* to run it. (If you are running Vista then right-click on the file and select *Run As Administrator*).
*Note: It will close all programs when you run it so make sure you have saved everything you may have been working on before you begin.*
Click the *Start* button to begin the process. It should only take a short time so let it run uninterrupted until it's finished. 
When it's finished it should reboot your machine. If it doesn't then please reboot manually to be sure everything is cleared.


----------



## mculls (Apr 30, 2007)

OTL logfile created on: 8/15/2013 11:40:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 175.10 Mb Available Physical Memory | 34.33% Memory free
1.38 Gb Paging File | 1.01 Gb Available in Paging File | 73.10% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 23.85 Gb Free Space | 64.04% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/15 11:39:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thomas cozier\My Documents\Downloads\OTL.exe
PRC - [2013/06/18 10:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/09 17:11:43 | 016,166,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/06/18 10:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/07/09 17:11:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 10:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/23 16:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\smwdm.sys -- (smwdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\senfilt.sys -- (senfilt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/08/14 12:49:18 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C600AFB8-32DD-46F0-8E58-F33A14F1CBE7}\MpKsl5d449370.sys -- (MpKsl5d449370)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/04/10 17:46:48 | 001,966,696 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/04/15 14:31:50 | 000,107,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ich4.sys -- (ac97intc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Components: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.10\extensions\\Plugins: C:\VIRTUAL\UNTRUS~1\C_\PROGRA~1\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2006/03/03 21:05:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2006/03/03 21:05:12 | 000,000,000 | ---D | M]

[2012/07/24 18:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Extensions
[2007/09/27 17:58:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thomas cozier\Application Data\Mozilla\Firefox\Profiles\0gx49u0o.default\extensions
[2013/07/09 15:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/09 15:42:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/...ls/en/x86/client/wuweb_site.cab?1319477025562 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe (Virtools WebPlayer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B78C1420-911B-4E38-B9BE-A8D7ADB835C8}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thomas cozier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/10 10:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/26 09:26:57 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/07/24 11:01:02 | 000,000,000 | --SD | C] -- C:\puppy

========== Files - Modified Within 30 Days ==========

[2013/08/15 11:31:11 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/15 11:05:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/15 09:39:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/08/15 09:38:36 | 000,002,444 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/15 09:38:34 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/15 09:38:19 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/08/14 12:30:50 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/08/14 12:20:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/14 12:03:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/25 22:47:17 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/07/25 22:47:17 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/07/25 22:47:17 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/07/25 22:47:17 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/07/25 22:47:16 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/07/25 22:47:16 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/07/25 22:47:13 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/07/25 22:47:12 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/07/25 22:47:10 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/07/25 22:47:06 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/07/25 11:52:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/07/24 11:15:02 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/06/25 12:06:09 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/03/29 17:31:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/24 09:16:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/08/19 15:44:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\thomas cozier\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/03 21:03:17 | 000,001,767 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

OTL Extras logfile created on: 8/15/2013 11:40:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\thomas cozier\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 175.10 Mb Available Physical Memory | 34.33% Memory free
1.38 Gb Paging File | 1.01 Gb Available in Paging File | 73.10% Paging File free
Paging file location(s): C:\pagefile.sys 930 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 23.85 Gb Free Space | 64.04% Space Free | Partition Type: NTFS

Computer Name: KEVIN-2C3RRQUXO | User Name: thomas cozier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.93
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/30/2013 10:44:31 AM | Computer Name = KEVIN-2C3RRQUXO | Source = Application Hang | ID = 1001
Description =

Error - 6/30/2013 10:56:13 AM | Computer Name = KEVIN-2C3RRQUXO | Source = Application Hang | ID = 1002
Description =

Error - 6/30/2013 4:54:25 PM | Computer Name = KEVIN-2C3RRQUXO | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft Security Client -- The installer has encountered
an unexpected error installing this package. This may indicate a problem with this
package. The error code is 2324. The arguments are: 1920, c:\Program Files\Microsoft
Security Client\SymSrv.yes,

Error - 6/30/2013 4:54:26 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client | ID = 5000
Description =

Error - 6/30/2013 4:54:44 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client | ID = 5000
Description =

Error - 6/30/2013 4:54:45 PM | Computer Name = KEVIN-2C3RRQUXO | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:. 0x80070643. Fatal error during installation.

Error - 7/2/2013 8:34:35 AM | Computer Name = KEVIN-2C3RRQUXO | Source = Application Hang | ID = 1002
Description =

Error - 7/2/2013 11:51:02 AM | Computer Name = KEVIN-2C3RRQUXO | Source = ccEvtMgr | ID = 48
Description =

Error - 7/2/2013 2:05:13 PM | Computer Name = KEVIN-2C3RRQUXO | Source = ccEvtMgr | ID = 48
Description =

Error - 7/2/2013 8:02:36 PM | Computer Name = KEVIN-2C3RRQUXO | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.

< End of report >


----------



## Cookiegal (Aug 27, 2003)

Please go * here* to download *HijackThis*.

Click on the button that says *Download Now EXE Version* and save the *HijackThis.exe* file to your desktop.
Double-click the * HijackThis.exe* file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
Click on the *Scan* button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
Click on the *Save log* button and save the log file to your desktop. Copy and paste the contents of the log in your post.
*Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary.*

Also, please do this using HijackThis:

Open HijackThis and click on the *Open Misc Tools section* button. Click on the *Open Uninstall Manager* button. Click the *Save List* button. Save the list then copy and paste it here.


----------



## mculls (Apr 30, 2007)

I still have hijack this from last time--can I use that?


----------



## Cookiegal (Aug 27, 2003)

Yes indeed. I wasn't sure if you still had it.


----------



## mculls (Apr 30, 2007)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:40 PM, on 8/15/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 3692 bytes


----------



## Cookiegal (Aug 27, 2003)

I think you've overlooked the second part of my instructions as there's a second report to post using HijackThis please.


----------



## mculls (Apr 30, 2007)

right, here goes

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0.5
Adobe Shockwave Player
CCleaner
Conexant D850 56K V.9x DFVc Modem
Google Update Helper
HiJackThis
Hotfix for Windows XP (KB2756822)
Intel(R) Extreme Graphics Driver
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 3
Jasc Paint Shop Pro Studio, Dell Editon
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2000 Professional
Microsoft Security Client
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Revo Uninstaller 1.93
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834902)
Security Update for Windows Media Player (KB2845142)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978037)
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2863058)
Update for Windows XP (KB900485)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Service Pack 3


----------



## Cookiegal (Aug 27, 2003)

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.


----------



## mculls (Apr 30, 2007)

Results of screen317's Security Check version 0.99.72 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Please wait while WMIC is being installed.d 
i 
s 
p 
l 
a 
y 
N 
a 
m 
e 
ECHO is off.
M 
i 
c 
r 
o 
s 
o 
f 
t 
ECHO is off.
S 
e 
c 
u 
r 
i 
t 
y 
ECHO is off.
E 
s 
e 
n 
t 
i 
a 
l 
s 
ECHO is off.
S 
y 
m 
a 
n 
t 
e 
c 
ECHO is off.
A 
n 
t 
i 
V 
i 
r 
u 
s 
ECHO is off.
C 
o 
r 
p 
o 
r 
a 
t 
e 
ECHO is off.
E 
d 
i 
t 
i 
o 
n 
ECHO is off.
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
SUPERAntiSpyware 
CCleaner 
Adobe Flash Player 11.8.800.94 
Adobe Reader 7 *Adobe Reader out of Date!* 
Mozilla Firefox 22.0 *Firefox out of Date!* 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C:: 11% *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End of Log``````````````````````*


----------



## Cookiegal (Aug 27, 2003)

Something didn't go right because of the format and it missed one but you need to update the following software to the latest version so that vulnerabilities found in the older versions are patched:

Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox 22.0 Firefox out of Date!

Also, your Java is out of date.


Download the latest version of *Java SE Runtime Environment 7 Update 25*.
Accept the License Agreement and then select the option to download the *Windows x86 Offline* version 
Save the executable file to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with * Java Runtime Environment, JRE, J2SE or Java(TM)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download and follow the prompts to install the newest version.

This is the older version that you have that needs to be uninstalled:

J2SE Runtime Environment 5.0 Update 3


----------



## mculls (Apr 30, 2007)

Done, thanks--should I run defragmenter too? Do I have SSD? Also, what should i do with that quarantined trojan in MSE?


----------



## Cookiegal (Aug 27, 2003)

What is the make and model of the computer?

You can delete that file from quarantine if you wish but it doesn't do any harm to leave it there either.


----------



## Cookiegal (Aug 27, 2003)

Sorry, I went back to the beginning of the thread and see it's a Dell Dimension 2400.

Please go to *Sart *- *Run *- type in *dxdiag *and click OK. It will open a screen called DirectX Diagnostic Tool which will run for a minute to collect information from the system. Once it's finished, to the bottom right you will see a button called "Save All Information". Please click on that and save it to Notepad and then copy and paste the contents here.


----------



## mculls (Apr 30, 2007)

------------------
System Information
------------------
Time of this report: 8/16/2013, 19:49:08
Machine name: KEVIN-2C3RRQUXO
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_qfe.130704-0421)
Language: English (Regional Setting: English)
System Manufacturer: Dell Computer Corporation
System Model: Dimension 2400 
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A05
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz
Memory: 510MB RAM
Page File: 752MB used, 657MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: No problems found.
Sound Tab 1: No problems found.
Sound Tab 2: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller
Manufacturer: Intel Corporation
Chip type: Intel(R) 82845G Graphics Controller
DAC type: Internal
Device Key: Enum\PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01
Display Memory: 64.0 MB
Current Mode: 1024 x 768 (32 bit) (60Hz)
Monitor: Plug and Play Monitor
Monitor Max Res: 1600,1200
Driver Name: ialmrnt5.dll
Driver Version: 6.14.0010.3889 (English)
DDI Version: 9 (or higher)
Driver Attributes: Final Retail
Driver Date/Size: 8/20/2004 17:11:36, 37951 bytes
WHQL Logo'd: Yes
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: ialmnt5.sys
Mini VDD Date: 8/20/2004 17:26:00, 737874 bytes
Device Identifier: {D7B78E66-6622-11CF-A97C-6A21A0C2CB35}
Vendor ID: 0x8086
Device ID: 0x2562
SubSys ID: 0x01601028
Revision ID: 0x0001
Revision ID: 0x0001
Video Accel: 
Deinterlace Caps: n/a
Registry: OK
DDraw Status: Enabled
D3D Status: Enabled
AGP Status: Not Available
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: Intel(r) Integrated Audio
Default Sound Playback: Yes
Default Voice Playback: Yes
Hardware ID: PCI\VEN_8086&DEV_24C5&SUBSYS_01601028&REV_01
Manufacturer ID: 1
Product ID: 100
Type: WDM
Driver Name: ac97ich4.sys
Driver Version: 5.10.0000.3552 (English)
Driver Attributes: Final Retail
WHQL Logo'd: Yes
Date and Size: 4/15/2002 14:31:50, 107776 bytes
Other Files: 
Driver Provider: Intel
HW Accel Level: Full
Cap Flags: 0xB5B
Min/Max Sample Rate: 8000, 48000
Static/Strm HW Mix Bufs: 1, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run

Description: Modem #0 Line Playback (emulated)
Default Sound Playback: No
Default Voice Playback: No
Hardware ID: 
Manufacturer ID: 1
Product ID: 81
Type: Emulated
Driver Name: 
Driver Version: 
Driver Attributes: 
WHQL Logo'd: 
Date and Size: 
Other Files: 
Driver Provider: 
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX(tm) 2.0 Listen/Src: No, No
I3DL2(tm) Listen/Src: No, No
Sensaura(tm) ZoomFX(tm): No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: Intel(r) Integrated Audio
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name: ac97ich4.sys
Driver Version: 5.10.0000.3552 (English)
Driver Attributes: Final Retail
Date and Size: 4/15/2002 14:31:50, 107776 bytes
Cap Flags: 0x41
Format Flags: 0xCCC

Description: Modem #0 Line Record (emulated)
Default Sound Capture: No
Default Voice Capture: No
Driver Name: 
Driver Version: 
Driver Attributes: 
Date and Size: 
Cap Flags: 0x20
Format Flags: 0x0

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Intel(r) Integrated Audio, Software (Kernel Mode), Output, DLS, Internal
Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x24C7
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 4/13/2008 14:45:37, 59520 bytes
| Driver: usbd.sys, 7/16/2003 12:43:08, 4736 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
| Matching Device ID: *pnp0303
| Service: i8042prt
| Driver: i8042prt.sys, 4/13/2008 15:18:00, 52480 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
| 
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 4/13/2008 20:13:20, 40840 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
| 
+ PS/2 Compatible Mouse
| Matching Device ID: *pnp0f13
| Service: i8042prt
| Driver: i8042prt.sys, 4/13/2008 15:18:00, 52480 bytes
| Driver: mouclass.sys, 4/13/2008 14:39:47, 23040 bytes
| 
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 4/13/2008 20:13:20, 40840 bytes
| Driver: mouclass.sys, 4/13/2008 14:39:47, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.6311)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.6311)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.6311)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.6311)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)

DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 Modem Service Provider: Conexant D850 56K V.9x DFVc Modem
DirectPlay8 Serial Service Provider: COM1
DirectPlay8 Serial Service Provider: COM3
DirectPlay8 TCP/IP Service Provider: Local Area Connection 2 - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech(TM) 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------

------------------------
Disk & DVD/CD-ROM Drives
------------------------
Drive: C:
Free Space: 24.2 GB
Total Space: 38.1 GB
File System: NTFS
Model: WDC WD400BB-75FJA1

Drive: D:
Model: SAMSUNG CD-ROM SC-148A
Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:46, 62976 bytes

--------------
System Devices
--------------
Name: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller
Device ID: PCI\VEN_8086&DEV_2562&SUBSYS_01601028&REV_01\3&172E68DD&0&10
Driver: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys, 6.14.0010.3889 (English), 8/20/2004 17:26:00, 737874 bytes
Driver: C:\WINDOWS\system32\ialmrnt5.dll, 6.14.0010.3889 (English), 8/20/2004 17:11:36, 37951 bytes
Driver: C:\WINDOWS\system32\ialmdnt5.dll, 6.14.0010.3889 (English), 8/20/2004 17:11:30, 100924 bytes
Driver: C:\WINDOWS\system32\ialmdev5.dll, 6.14.0010.3889 (English), 8/20/2004 17:18:44, 153008 bytes
Driver: C:\WINDOWS\system32\ialmdd5.dll, 6.14.0010.3889 (English), 8/20/2004 17:25:28, 766576 bytes
Driver: C:\WINDOWS\system32\hccutils.dll, 3.00.0000.3889 (English), 8/20/2004 16:50:18, 118784 bytes
Driver: C:\WINDOWS\system32\igfxsrvc.dll, 3.00.0000.3889 (English), 8/20/2004 16:50:54, 344064 bytes
Driver: C:\WINDOWS\system32\igfxpph.dll, 3.00.0000.3889 (English), 8/20/2004 16:54:50, 225280 bytes
Driver: C:\WINDOWS\system32\igfxeud.dll, 3.00.0000.3889 (English), 8/20/2004 16:54:20, 225280 bytes
Driver: C:\WINDOWS\system32\igfxcpl.cpl, 3.00.0000.3889 (English), 8/20/2004 16:53:06, 94208 bytes
Driver: C:\WINDOWS\system32\igfxcfg.exe, 3.00.0000.3889 (English), 8/20/2004 16:52:54, 495616 bytes
Driver: C:\WINDOWS\system32\igfxdiag.exe, 3.00.0000.3889 (English), 8/20/2004 16:53:36, 151552 bytes
Driver: C:\WINDOWS\system32\igfxdgps.dll, 3.00.0000.3889 (English), 8/20/2004 16:53:38, 45056 bytes
Driver: C:\WINDOWS\system32\igfxdev.dll, 3.00.0000.3889 (English), 8/20/2004 16:50:10, 139264 bytes
Driver: C:\WINDOWS\system32\igfxdo.dll, 3.00.0000.3889 (English), 8/20/2004 16:49:54, 86016 bytes
Driver: C:\WINDOWS\system32\igfxrenu.lrc, 3.00.0000.3889 (English), 8/20/2004 16:50:24, 159744 bytes
Driver: C:\WINDOWS\system32\igfxhenu.lhp, 8/20/2004 16:56:22, 57151 bytes
Driver: C:\WINDOWS\system32\igfxtray.exe, 3.00.0000.3889 (English), 8/20/2004 16:55:14, 155648 bytes
Driver: C:\WINDOWS\system32\igfxzoom.exe, 3.00.0000.3889 (English), 8/20/2004 16:56:10, 114688 bytes
Driver: C:\WINDOWS\system32\igfxhk.dll, 3.00.0000.3889 (English), 8/20/2004 16:51:02, 126976 bytes
Driver: C:\WINDOWS\system32\hkcmd.exe, 3.00.0000.3889 (English), 8/20/2004 16:51:14, 118784 bytes
Driver: C:\WINDOWS\system32\igfxress.dll, 3.00.0000.3889 (English), 8/20/2004 16:50:30, 1245184 bytes
Driver: C:\WINDOWS\system32\igfxhchs.lhp, 8/20/2004 16:56:22, 57741 bytes
Driver: C:\WINDOWS\system32\igfxhcht.lhp, 8/20/2004 16:56:24, 58790 bytes
Driver: C:\WINDOWS\system32\igfxhdeu.lhp, 8/20/2004 16:56:26, 61538 bytes
Driver: C:\WINDOWS\system32\igfxhesp.lhp, 8/20/2004 16:56:28, 60185 bytes
Driver: C:\WINDOWS\system32\igfxhfra.lhp, 8/20/2004 16:56:30, 59701 bytes
Driver: C:\WINDOWS\system32\igfxhita.lhp, 8/20/2004 16:56:34, 59323 bytes
Driver: C:\WINDOWS\system32\igfxhjpn.lhp, 8/20/2004 16:56:36, 62266 bytes
Driver: C:\WINDOWS\system32\igfxhkor.lhp, 8/20/2004 16:56:38, 65335 bytes
Driver: C:\WINDOWS\system32\igfxhptb.lhp, 8/20/2004 16:56:40, 61138 bytes
Driver: C:\WINDOWS\system32\igfxhtha.lhp, 8/20/2004 16:56:44, 62231 bytes
Driver: C:\WINDOWS\system32\igfxrchs.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:22, 159744 bytes
Driver: C:\WINDOWS\system32\igfxrcht.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:22, 159744 bytes
Driver: C:\WINDOWS\system32\igfxrdeu.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:26, 163840 bytes
Driver: C:\WINDOWS\system32\igfxresp.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:28, 167936 bytes
Driver: C:\WINDOWS\system32\igfxrfra.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:30, 167936 bytes
Driver: C:\WINDOWS\system32\igfxrita.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:34, 167936 bytes
Driver: C:\WINDOWS\system32\igfxrjpn.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:36, 159744 bytes
Driver: C:\WINDOWS\system32\igfxrkor.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:36, 159744 bytes
Driver: C:\WINDOWS\system32\igfxrptb.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:40, 163840 bytes
Driver: C:\WINDOWS\system32\igfxrtha.lrc, 3.00.0000.3889 (English), 8/20/2004 16:56:44, 163840 bytes
Driver: C:\WINDOWS\system32\igfxext.exe, 3.00.0000.3889 (English), 8/20/2004 16:55:22, 110592 bytes
Driver: C:\WINDOWS\system32\igfxexps.dll, 3.00.0000.3889 (English), 8/20/2004 16:55:26, 36864 bytes
Driver: C:\WINDOWS\system32\ialmrem.dll, 6.14.0010.3889 (English), 8/20/2004 17:11:34, 49152 bytes
Driver: C:\WINDOWS\system32\ialmgicd.dll, 6.14.0010.3889 (English), 8/20/2004 17:09:16, 2289664 bytes
Driver: C:\WINDOWS\system32\ialmgdev.dll, 6.14.0010.3889 (English), 8/20/2004 17:10:54, 495616 bytes
Driver: C:\WINDOWS\system32\iAlmCoIn_v3889.dll, 1.00.1000.0001 (English), 8/20/2004 17:11:32, 61440 bytes

Name: Intel(R) 82845G/GL/GE/PE/GV Processor to I/O Controller - 2560 
Device ID: PCI\VEN_8086&DEV_2560&SUBSYS_00000000&REV_01\3&172E68DD&0&00
Driver: n/a

Name: Intel(r) 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
Device ID: PCI\VEN_8086&DEV_24CD&SUBSYS_01601028&REV_01\3&172E68DD&0&EF
Driver: n/a

Name: Intel(R) 82801DB Ultra ATA Storage Controller - 24CB
Device ID: PCI\VEN_8086&DEV_24CB&SUBSYS_01601028&REV_01\3&172E68DD&0&F9
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 7/16/2003 12:34:53, 3328 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:29, 24960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:30, 96512 bytes

Name: Intel(r) 82801DB/DBM USB Universal Host Controller - 24C7
Device ID: PCI\VEN_8086&DEV_24C7&SUBSYS_01601028&REV_01\3&172E68DD&0&EA
Driver: n/a

Name: Intel(r) 82801DB/DBM/DA AC '97 Audio Controller
Device ID: PCI\VEN_8086&DEV_24C5&SUBSYS_01601028&REV_01\3&172E68DD&0&FD
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.5512 (English), 4/13/2008 20:11:56, 4096 bytes
Driver: C:\WINDOWS\system32\ksproxy.ax, 5.03.2600.5512 (English), 4/13/2008 20:12:42, 129536 bytes
Driver: C:\WINDOWS\system32\drivers\ks.sys, 5.03.2600.5512 (English), 4/13/2008 15:16:36, 141056 bytes
Driver: C:\WINDOWS\system32\drivers\drmk.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:14, 60160 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys, 5.01.2600.5512 (English), 4/13/2008 15:19:41, 146048 bytes
Driver: C:\WINDOWS\system32\drivers\stream.sys, 5.03.2600.5512 (English), 4/13/2008 14:45:15, 49408 bytes
Driver: C:\WINDOWS\system32\wdmaud.drv, 5.01.2600.5512 (English), 4/13/2008 20:12:45, 23552 bytes
Driver: C:\WINDOWS\system32\drivers\ac97ich4.sys, 5.10.0000.3552 (English), 4/15/2002 14:31:50, 107776 bytes

Name: Intel(r) 82801DB/DBM USB Universal Host Controller - 24C4
Device ID: PCI\VEN_8086&DEV_24C4&SUBSYS_01601028&REV_01\3&172E68DD&0&E9
Driver: n/a

Name: Intel(R) 82801DB/DBM SMBus Controller - 24C3 
Device ID: PCI\VEN_8086&DEV_24C3&SUBSYS_01601028&REV_01\3&172E68DD&0&FB
Driver: n/a

Name: Intel(r) 82801DB/DBM USB Universal Host Controller - 24C2
Device ID: PCI\VEN_8086&DEV_24C2&SUBSYS_01601028&REV_01\3&172E68DD&0&E8
Driver: n/a

Name: Intel(R) 82801DB LPC Interface Controller - 24C0 
Device ID: PCI\VEN_8086&DEV_24C0&SUBSYS_00000000&REV_01\3&172E68DD&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:41, 37248 bytes

Name: Intel(R) 82801DB PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_81\3&172E68DD&0&F0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes

Name: Conexant D850 56K V.9x DFVc Modem
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&3B1CAF2B&0&28F0
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys, 7.06.0000.0000 (English), 11/17/2003 16:58:02, 680704 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys, 7.06.0000.0000 (English), 11/17/2003 16:59:20, 212224 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys, 7.06.0000.0000 (English), 11/17/2003 16:56:26, 1042432 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys, 1.00.0002.0002 (English), 4/9/2003 14:48:08, 11043 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\del200f.cty, 11/19/2003 03:15:00, 128398 bytes
Driver: C:\WINDOWS\system32\mdmxsdk.dll, 1.00.0002.0002 (English), 4/9/2003 15:01:32, 90112 bytes
Driver: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSetup.exe, 2.01.0008.0000 (English), 10/30/2003 16:25:38, 532480 bytes
Driver: C:\WINDOWS\system32\HSFCI008.dll, 7.99.0099.0099 (English), 10/23/2003 16:01:36, 32218 bytes

Name: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Driver: C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys, 3.63.0000.0000 (English), 6/30/2003 19:11:52, 43136 bytes

------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 279552 bytes
ddrawex.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 7/16/2003 12:21:54 10496 bytes
d3d8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 1179648 bytes
d3d8thk.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 8192 bytes
d3d9.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 7/16/2003 12:20:42 436224 bytes
d3dim700.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 824320 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 7/16/2003 12:20:42 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 7/16/2003 12:20:43 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 7/16/2003 12:20:43 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 7/16/2003 12:20:42 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 7/16/2003 12:21:21 33040 bytes
dplayx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 229888 bytes
dpmodemx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 7/16/2003 12:21:25 42768 bytes
dpwsockx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 57344 bytes
dplaysvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:17 29696 bytes
dpnsvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:17 17920 bytes
dpnet.dll: 5.03.2600.6311 English Final Retail 11/1/2012 22:02:42 375296 bytes
dpnlobby.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:20 3072 bytes
dpnaddr.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:19 3072 bytes
dpvoice.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 212480 bytes
dpvsetup.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:18 83456 bytes
dpvvox.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 116736 bytes
dpvacm.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 21504 bytes
dpnhpast.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 35328 bytes
dpnhupnp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 7/16/2003 12:21:24 53520 bytes
dinput.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 158720 bytes
dinput8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 7/16/2003 12:21:03 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 7/16/2003 12:20:59 394240 bytes
joy.cpl: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:41 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 7/16/2003 12:23:00 76800 bytes
pid.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:02 35328 bytes
dsound.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 367616 bytes
dsound3d.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 1293824 bytes
dswave.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 19456 bytes
dsdmo.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181248 bytes
dsdmoprp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 71680 bytes
dmusic.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 104448 bytes
dmband.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 28672 bytes
dmcompos.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 61440 bytes
dmime.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181248 bytes
dmloader.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 35840 bytes
dmstyle.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 105984 bytes
dmsynth.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 103424 bytes
dmscript.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 82432 bytes
dx7vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 619008 bytes
dx8vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 1227264 bytes
dxdiagn.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 2113536 bytes
mfc40.dll: 4.01.0000.6151 English Beta Retail 9/18/2010 02:53:25 954368 bytes
mfc42.dll: 6.02.8081.0000 English Final Retail 2/8/2011 09:33:55 978944 bytes
wsock32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 20:12:10 22528 bytes
amstream.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:49 70656 bytes
devenum.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:51 59904 bytes
dxmasf.dll: 6.04.0009.1133 English Final Retail 4/13/2008 20:11:52 498742 bytes
mciqtz32.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:56 35328 bytes
mpg2splt.ax: 6.05.2600.6333 English Final Retail 1/2/2013 02:49:10 148992 bytes
msdmo.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:59 14336 bytes
encapi.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:53 20480 bytes
qasf.dll: 10.00.0000.3646 English Final Retail 9/22/2004 18:46:02 221184 bytes
qcap.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 192512 bytes
qdv.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 279040 bytes
qdvd.dll: 6.05.2600.6169 English Final Retail 11/3/2011 11:28:36 386048 bytes
qedit.dll: 6.05.2600.6404 English Final Retail 6/4/2013 03:23:02 562688 bytes
qedwipes.dll: 6.05.2600.5512 English Final Retail 4/13/2008 13:21:32 733696 bytes
quartz.dll: 6.05.2600.6333 English Final Retail 1/2/2013 02:49:10 1292288 bytes
strmdll.dll: 4.01.0000.3938 English Final Retail 8/26/2009 04:00:21 247326 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 4/13/2008 20:12:42 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 4/13/2008 20:12:42 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 4/13/2008 20:11:55 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 4/13/2008 20:11:55 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 4/13/2008 20:11:55 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 4/13/2008 20:11:55 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 4/13/2008 20:11:55 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 4/13/2008 20:12:42 154624 bytes
mswebdvd.dll: 6.05.2600.5857 English Final Retail 8/5/2009 05:01:48 204800 bytes
ks.sys: 5.03.2600.5512 English Final Retail 4/13/2008 15:16:36 141056 bytes
ksproxy.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 129536 bytes
ksuser.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:56 4096 bytes
stream.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:45:15 49408 bytes
mspclock.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:50 5376 bytes
mspqm.sys: 5.01.2600.5512 English Final Retail 4/13/2008 14:39:51 4992 bytes
mskssrv.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:52 7552 bytes
swenum.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:53 4352 bytes
mstee.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:50 5504 bytes
ipsink.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 16384 bytes
mpeg2data.ax: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:42 118272 bytes
ndisip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:22 10880 bytes
streamip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:21 15232 bytes
msvidctl.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:01 1428992 bytes
slip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:23 11136 bytes
nabtsfec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:25 85248 bytes
ccdecode.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:23 17024 bytes
vbisurf.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 30208 bytes
msyuv.dll: 5.03.2600.5908 English Final Retail 11/27/2009 13:11:44 17920 bytes
kstvtune.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 61952 bytes
ksxbar.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 43008 bytes
kswdmcap.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 91136 bytes
vfwwdm32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 20:12:08 53760 bytes
wstcodec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:24 19200 bytes
wstdecod.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:10 50688 bytes

------------------
DirectShow Filters
------------------

WDM Streaming VBI Codecs:
NABTS/FEC VBI Codec,0x00200000,2,1,,5.03.2600.5512
CC Decoder,0x00200000,2,1,,5.03.2600.5512
WST Codec,0x00200000,1,1,,5.03.2600.5512

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMSpeech Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.6333
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.5512
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.6333
WM ASF Reader,0x00400000,0,0,qasf.dll,10.00.0000.3646
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,10.00.0000.3646
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.6333
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.6333
Indeo® video 5.10 Compression Filter,0x00200000,1,1,,5.2562.0015.0055
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2600.6333
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2600.6076
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6333
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.6333
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.06.0000.0052
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2600.6333
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.6333
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.6333
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,10.00.0000.3646
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.5512
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASX file Parser,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,10.00.0000.3646
NSC file Parser,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.6333
Windows Media source filter,0x00600000,0,2,wmpasf.dll,10.00.0000.3646
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.6333
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2600.6076
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.6169
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.6333
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.5512
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.6333
WM ASF Writer,0x00400000,0,0,qasf.dll,10.00.0000.3646
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.5512
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4504
File writer,0x00200000,1,0,qcap.dll,6.05.2600.5512
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.6169
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.6169
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.6333
.RAM file Parser,0x00600000,1,0,wmpasf.dll,10.00.0000.3646
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2600.6333
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.5512
Indeo® audio software,0x00500000,1,1,,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,10.00.0000.3646
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF URL Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,10.00.0000.3646
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.6404
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.6404
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,mpeg2data.ax,
IVF source filter,0x00600000,0,1,ivfsrc.ax,5.10.0002.0051
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2600.6076
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.5512
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.6169
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6333
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.6333
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.6333
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
Lyric Parser,0x00400000,1,1,quartz.dll,6.05.2600.6333
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.6333
XML Playlist,0x00400000,1,0,wmpasf.dll,10.00.0000.3646
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.5512
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.6333
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.6333
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.6333
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Pad VU Data Grabber,0x00600000,1,0,wmmfilt.dll,1.01.2427.0001
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.5512
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6333
ShotBoundaryDet,0x00200000,1,1,wmmfilt.dll,1.01.2427.0001
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.6333
Indeo® video 4.4 Decompression Filter,0x0009c400,1,1,,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00030d40,1,1,,4.51.0016.0003

WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5512

WDM Streaming Data Transforms:
Microsoft Kernel Acoustic Echo Canceller,0x00200000,2,2,,5.03.2600.5512
Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,,5.03.2600.5512
Microsoft Kernel DLS Synthesizer,0x00200000,1,1,,5.03.2600.5512
Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,,5.03.2600.5512

Video Compressors:
WMVideo Encoder DMO,0x00600800,1,1,,
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
WMVideo8 Encoder DMO,0x00600800,1,1,,
WMVideo Advanced Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.5512
Indeo® video 5.10 Compression Filter,0x00100000,1,1,,5.2562.0015.0055
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.6333
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo(R) Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.5512
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.5512
{D76E2820-1563-11CF-AC98-00AA004C0FA9},0x00200000,1,1,qcap.dll,6.05.2600.5512

Audio Compressors:
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.6333
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.6333
PCM,0x00200000,1,1,quartz.dll,6.05.2600.6333
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.6333
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.6333
DSP Group TrueSpeech(TM),0x00200000,1,1,quartz.dll,6.05.2600.6333
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.6333
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.6333
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.6333
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.6333
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.6333
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.6333
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.6333

Audio Capture Sources:
Intel(r) Integrated Audio,0x00200000,0,0,qcap.dll,6.05.2600.5512
Modem #0 Line Record,0x00200000,0,0,qcap.dll,6.05.2600.5512

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.6333
Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.05.2600.6333

WDM Streaming Capture Devices:
Intel(r) Integrated Audio,0x00200000,2,2,,5.03.2600.5512

WDM Streaming Rendering Devices:
Intel(r) Integrated Audio,0x00200000,2,2,,5.03.2600.5512

BDA Rendering Filters:
BDA IP Sink,0x00200000,1,1,,5.03.2600.5512

BDA Transport Information Renderers:
MPEG-2 Sections and Tables,0x00600000,1,0,mpeg2data.ax,

WDM Streaming Mixer Devices:
Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,,

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2600.6161
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2600.6161
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2600.6161

WDM Streaming Communication Transforms:
Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5512

Audio Renderers:
Intel(r) Integrated Audio,0x00200000,1,0,quartz.dll,6.05.2600.6333
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.6333
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.6333
DirectSound: Intel(r) Integrated Audio,0x00200000,1,0,quartz.dll,6.05.2600.6333
DirectSound: Modem #0 Line Playback (emulated),0x00200000,1,0,quartz.dll,6.05.2600.6333
Modem #0 Line Playback,0x00200000,1,0,quartz.dll,6.05.2600.6333

WDM Streaming System Devices:
Intel(r) Integrated Audio,0x00200000,10,3,,5.03.2600.5512

BDA Receiver Component:
BDA Slip De-Framer,0x00600000,1,1,,5.03.2600.5512


----------



## Cookiegal (Aug 27, 2003)

It's a regular hard drive and not a solid state one so you can go ahead and defrag it, which should then be done on a regular basis.

Have you gotten any more alerts?


----------



## mculls (Apr 30, 2007)

no-things progressing along-thanks


----------



## Cookiegal (Aug 27, 2003)

OK, that's good.

You can run OTL again and click the cleanup button to run that routine. It will delete itself when it's finished.

If it doesn't remove TFC and Security Check they can be dragged to the Recycle Bin.


----------



## mculls (Apr 30, 2007)

Hi, thought you might know how to proceed with this---I just obtained a got a castoff Dell Dimension 3000-still the same RAM as my 2400 though-I started it up and its got a ton of things I don't want like yahoo toolbars and other stuff-whats the best and most efficient way to clean out all the junk in it? thanks and it didn't seem to have virus protection when I went to control panel

cheers


----------



## Cookiegal (Aug 27, 2003)

My best advice for you when inheriting a computer like that is to wipe it to get rid of the previous owner's junk and then reload Windows.


----------



## mculls (Apr 30, 2007)

what is best way to wipe a used computer?


----------



## Cookiegal (Aug 27, 2003)

Reformat and reinstall Windows is all that's necessary unless you're donating or selling the computer, in which case it would be better to use specific software to actually wipe all traces of any data that may not be overwritten by a reformat and therefore with some effort could still be retrievable.


----------

