# Redirect and uncontrollable japanese (asian) media coming from speakers



## Was343 (Feb 27, 2012)

Hello, my laptop is malfunctioning. My google searches get redirected, even in safemode, to gimmeeanswers, happili, and other sites I have googled. Performance is getting slower. AVG, Symantec End Point, Spybot, and Windows Defender seem to pick up nothing. Also, just recently out of nowhere some kind of japanese movie began playing through my speakers, I could not stop it, mute it, or adjust the volume. No media was running on my computer, no open programs at all. I shut down my computer ASAP as this has never happened before ever!!! I ran the requested scans and will post below. GMER freezed at perflib\009 and I cannot save it. And now, while posting this, a box popped up titled Microsoft Windows, telling me my host process for windows has stopped working. I just remembered in an attempt to make the computer useable I disabled everything in the startup tab of msconfig minus my symantec. I used to work for the IT on my college campus and can do basic fixes and such. It has been a while though. It would be great if I can get this fixed as this is my wifes laptop and she is finishing college classes soon and needs it.

Thanks for any and all help!!!

If I need to reenable startup items let me know.

I will shut down this computer and check the forum from my IPAD until I get further instructions.

Scans:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:54:37 PM, on 2/26/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tina\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: MakeMeBabies 2.0 Toolbar - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll__BHODemonDisabled (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MakeMeBabies 2.0 Toolbar - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll__BHODemonDisabled (file missing)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8192 bytes
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Tina at 22:55:10 on 2012-02-26
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3061.1613 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\STacSV.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080731
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: MakeMeBabies 2.0 Toolbar: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - c:\program files\makemebabies_2.0\prxtbMake.dll__BHODemonDisabled
mURLSearchHooks: MakeMeBabies 2.0 Toolbar: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - c:\program files\makemebabies_2.0\prxtbMake.dll__BHODemonDisabled
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MakeMeBabies 2.0 Toolbar: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - c:\program files\makemebabies_2.0\prxtbMake.dll__BHODemonDisabled
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
mRun: [<NO NAME>] 
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{17E56E03-0D03-4697-8107-F9D1166E6D6F} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3D7F29D7-8A77-474C-A801-58BC0BE728DD} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tina\appdata\roaming\mozilla\firefox\profiles\px66xfar.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmfv.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-25 73728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2011-6-14 165888]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-3-3 1153368]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2011-6-14 5120]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-2-1 2440120]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-13 106104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 Nccidx86;Nonccid DFU detach 32 bit Driver;c:\windows\system32\drivers\Nccidx86.sys [2008-3-3 6656]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-11-11 59136]
S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [2011-5-12 7680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-21 04:25:48 -------- d--h--w- C:\$AVG
2012-02-21 03:04:54 -------- d-----w- c:\users\tina\appdata\roaming\AVG2012
2012-02-21 03:00:28 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-21 03:00:28 -------- d-----w- c:\programdata\AVG2012
2012-02-21 02:57:31 -------- d-----w- c:\program files\AVG
2012-02-21 02:18:46 -------- d-----w- c:\users\tina\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-21 01:56:09 -------- d--h--w- c:\programdata\Common Files
2012-02-21 01:55:41 -------- d-----w- c:\programdata\MFAData
2012-02-18 02:50:53 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ef17b4bd-0dfd-4ff0-b132-f10c1365eda0}\mpengine.dll
2012-02-14 21:51:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-05 00:32:19 -------- d-----w- c:\program files\iPod
2012-02-05 00:32:16 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-02-18 02:27:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-02 16:46:47 589824 ----a-w- C:\SP_Connector.exe
2012-01-27 06:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 22:57:24.45 ===============


----------



## Was343 (Feb 27, 2012)

It occurred to me reading other posts that gmer can take over an hour to scan. I did not wait that long as I am impatient sometimes. If it is typical for gmer to take that long let me know and I will let the computer sit and scan. Does the Internet need to be connected during the scan? Thanks!


----------



## Was343 (Feb 27, 2012)

Hey, sorry if I am being impatient. Not sure how long I should wait to get a reply but it says in the read this to bump your thread back to the top occasionally. Is there something I missed that I need to do? Thanks,


----------



## Was343 (Feb 27, 2012)

i tried to rerun the gmer and let it sit however now windows tells me gmer has stopped working correctly, and if i try and rescan windoows bluescreens and reboots...


----------



## Was343 (Feb 27, 2012)

Just hoping to remind someone I'm here. It looks like this site is busy!!!


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy 

Sorry for the delay, but as you've already seen, these forums are very busy.

Firstly, we need to update your Java as its out of date:

Please download *JavaRa* to your desktop and unzip it to its own folder 

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. 
Accept any prompts. 
Now, go *here* and download the latest Java Version.

For the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

--

Then, after that, can you do the following:

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

Please include the *MBAM log and, SUPERAntiSpyware Scan Log and a fresh HijackThis log *in your next reply

eddie_


----------



## Was343 (Feb 27, 2012)

Currently running the malwarebytes scan. It keeps telling me it is blocking a potentially malicious website 206.161.121.4 outgoing port 51389, process svchost.exe

Not sure if that means anything, but so far the instructions have worked perfetctly, java update didnt want to run at first. It sais it ccouldnt install with the current internet properties and my internet went to local only. I restarted and tried to install amd got a blue screen crash. Then it installed just fine.

The IP address and port that malwarebytes is blocking keeps changing...

No further for now...


----------



## eddie5659 (Mar 19, 2001)

Oki doki, hopefully it will explain which in the logs at the end of the run


----------



## eddie5659 (Mar 19, 2001)

If MBAM doesn't seem to want to carry on, leave it for now, and use the following tool:

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Was343 (Feb 27, 2012)

Superantispyware is currently scanning. Sorry, I have a couple of games that are big that i probably should have gotten rid of before all these scans. It didnt look like the malwarebytes rmoved anything but i guess you can tell more by the log it creates. It is however, blocking more of those ip addresses. They seem to be speeding up. As soon as it finishes I will post all the new logs. Thanks,


----------



## Was343 (Feb 27, 2012)

do you want the combofix done if mbam does work or one or the other?? i dont think i have combofix dled yet.


----------



## eddie5659 (Mar 19, 2001)

if Superantispyware finishes, post the log and at least its here. same with MBAM. As for Combofix, can you run it anyway, as it should give us more of an insight 

I'll be off soon, but I'll look at this tomorrow night, but most of the eveing I'll be away, but will look fully on Saturday


----------



## Was343 (Feb 27, 2012)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:33:59 PM, on 3/1/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Users\Tina\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: MakeMeBabies 2.0 Toolbar - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll__BHODemonDisabled (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MakeMeBabies 2.0 Toolbar - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll__BHODemonDisabled (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10430 bytes
------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:33:59 PM, on 3/1/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DoScan.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Users\Tina\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: MakeMeBabies 2.0 Toolbar - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll__BHODemonDisabled (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MakeMeBabies 2.0 Toolbar - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll__BHODemonDisabled (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10430 bytes
-----------------------------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.01.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tina :: FLAMINGOISLAND [administrator]
Protection: Enabled
3/1/2012 8:52:05 AM
mbam-log-2012-03-01 (08-52-05).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333198
Time elapsed: 2 hour(s), 15 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
------------------------------------------------------------------------------------
2012/03/01 08:51:43 -0600 FLAMINGOISLAND Tina MESSAGE Starting protection
2012/03/01 08:51:44 -0600 FLAMINGOISLAND Tina MESSAGE Executing scheduled update: Daily
2012/03/01 08:51:47 -0600 FLAMINGOISLAND Tina MESSAGE Protection started successfully
2012/03/01 08:51:50 -0600 FLAMINGOISLAND Tina MESSAGE Starting IP protection
2012/03/01 08:52:01 -0600 FLAMINGOISLAND Tina MESSAGE Scheduled update executed successfully: database updated from version v2012.03.01.02 to version v2012.03.01.03
2012/03/01 08:52:02 -0600 FLAMINGOISLAND Tina MESSAGE IP Protection started successfully
2012/03/01 08:52:02 -0600 FLAMINGOISLAND Tina MESSAGE Starting database refresh
2012/03/01 08:52:02 -0600 FLAMINGOISLAND Tina MESSAGE Stopping IP protection
2012/03/01 08:52:06 -0600 FLAMINGOISLAND Tina MESSAGE IP Protection stopped
2012/03/01 08:52:13 -0600 FLAMINGOISLAND Tina MESSAGE Database refreshed successfully
2012/03/01 08:52:13 -0600 FLAMINGOISLAND Tina MESSAGE Starting IP protection
2012/03/01 08:52:21 -0600 FLAMINGOISLAND Tina MESSAGE IP Protection started successfully
2012/03/01 08:52:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51389, Process: svchost.exe)
2012/03/01 08:52:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 51390, Process: svchost.exe)
2012/03/01 08:58:50 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 53294, Process: svchost.exe)
2012/03/01 09:03:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54367, Process: svchost.exe)
2012/03/01 09:04:48 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 54607, Process: svchost.exe)
2012/03/01 09:05:54 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 54751, Process: svchost.exe)
2012/03/01 09:06:18 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 54762, Process: svchost.exe)
2012/03/01 09:07:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 54836, Process: svchost.exe)
2012/03/01 09:13:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 55540, Process: svchost.exe)
2012/03/01 09:14:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55640, Process: svchost.exe)
2012/03/01 09:17:40 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 56279, Process: svchost.exe)
2012/03/01 09:20:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 56717, Process: svchost.exe)
2012/03/01 09:20:15 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56729, Process: svchost.exe)
2012/03/01 09:20:40 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 56820, Process: svchost.exe)
2012/03/01 09:21:44 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 56908, Process: svchost.exe)
2012/03/01 09:22:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 56965, Process: svchost.exe)
2012/03/01 09:25:39 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 57153, Process: svchost.exe)
2012/03/01 09:29:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 57374, Process: svchost.exe)
2012/03/01 09:29:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 57376, Process: svchost.exe)
2012/03/01 09:34:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58298, Process: svchost.exe)
2012/03/01 09:35:23 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58362, Process: svchost.exe)
2012/03/01 09:35:39 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58376, Process: svchost.exe)
2012/03/01 09:36:44 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58462, Process: svchost.exe)
2012/03/01 09:38:37 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58568, Process: svchost.exe)
2012/03/01 09:40:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 58762, Process: svchost.exe)
2012/03/01 09:41:11 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 58784, Process: svchost.exe)
2012/03/01 09:41:43 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 58879, Process: svchost.exe)
2012/03/01 09:41:59 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 58924, Process: svchost.exe)
2012/03/01 09:45:21 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 59256, Process: svchost.exe)
2012/03/01 09:48:50 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 59442, Process: svchost.exe)
2012/03/01 09:53:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 59912, Process: svchost.exe)
2012/03/01 09:53:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 59921, Process: svchost.exe)
2012/03/01 09:56:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60120, Process: svchost.exe)
2012/03/01 09:56:24 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 60252, Process: svchost.exe)
2012/03/01 09:58:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 60516, Process: svchost.exe)
2012/03/01 09:58:57 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 60532, Process: svchost.exe)
2012/03/01 10:00:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60655, Process: svchost.exe)
2012/03/01 10:00:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60699, Process: svchost.exe)
2012/03/01 10:01:15 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 60749, Process: svchost.exe)
2012/03/01 10:04:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 61211, Process: svchost.exe)
2012/03/01 10:07:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 61552, Process: svchost.exe)
2012/03/01 10:08:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 61688, Process: svchost.exe)
2012/03/01 10:12:48 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 62110, Process: svchost.exe)
2012/03/01 10:13:20 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 62136, Process: svchost.exe)
2012/03/01 10:14:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 62274, Process: svchost.exe)
2012/03/01 10:14:41 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 62306, Process: svchost.exe)
2012/03/01 10:16:42 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 62584, Process: svchost.exe)
2012/03/01 10:17:22 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 62744, Process: svchost.exe)
2012/03/01 10:20:44 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 63020, Process: svchost.exe)
2012/03/01 10:22:37 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 63107, Process: svchost.exe)
2012/03/01 10:23:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 63114, Process: svchost.exe)
2012/03/01 10:26:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 63174, Process: svchost.exe)
2012/03/01 10:26:55 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 63182, Process: svchost.exe)
2012/03/01 10:32:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 63564, Process: svchost.exe)
2012/03/01 10:33:15 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 63623, Process: svchost.exe)
2012/03/01 10:33:55 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 63710, Process: svchost.exe)
2012/03/01 10:34:11 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 63769, Process: svchost.exe)
2012/03/01 10:35:40 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 64088, Process: svchost.exe)
2012/03/01 10:38:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 64437, Process: svchost.exe)
2012/03/01 10:39:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 64618, Process: svchost.exe)
2012/03/01 10:39:42 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 64620, Process: svchost.exe)
2012/03/01 10:40:31 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 64734, Process: svchost.exe)
2012/03/01 10:41:44 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 64958, Process: svchost.exe)
2012/03/01 10:42:16 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 65063, Process: svchost.exe)
2012/03/01 10:43:45 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.150 (Type: outgoing, Port: 65364, Process: svchost.exe)
2012/03/01 10:44:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 65427, Process: svchost.exe)
2012/03/01 10:45:23 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49182, Process: svchost.exe)
2012/03/01 10:45:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 49255, Process: svchost.exe)
2012/03/01 10:47:48 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 49499, Process: svchost.exe)
2012/03/01 10:49:50 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 49864, Process: svchost.exe)
2012/03/01 10:51:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 50070, Process: svchost.exe)
2012/03/01 10:55:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50423, Process: svchost.exe)
2012/03/01 10:55:37 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50481, Process: svchost.exe)
2012/03/01 10:56:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50648, Process: svchost.exe)
2012/03/01 10:58:18 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50961, Process: svchost.exe)
2012/03/01 10:59:31 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 51113, Process: svchost.exe)
2012/03/01 11:00:20 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51191, Process: svchost.exe)
2012/03/01 11:04:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51371, Process: svchost.exe)
2012/03/01 11:06:54 -0600 FLAMINGOISLAND Tina IP-BLOCK 67.29.139.253 (Type: outgoing, Port: 51411, Process: svchost.exe)
2012/03/01 12:53:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.150 (Type: outgoing, Port: 51924, Process: svchost.exe)
2012/03/01 12:55:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 51927, Process: svchost.exe)
2012/03/01 12:57:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 51936, Process: svchost.exe)
2012/03/01 12:59:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 51944, Process: svchost.exe)
2012/03/01 13:01:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 51947, Process: svchost.exe)
2012/03/01 14:17:01 -0600 FLAMINGOISLAND Tina MESSAGE Starting protection
2012/03/01 14:17:16 -0600 FLAMINGOISLAND Tina MESSAGE Protection started successfully
2012/03/01 14:17:19 -0600 FLAMINGOISLAND Tina MESSAGE Starting IP protection
2012/03/01 14:17:23 -0600 FLAMINGOISLAND Tina MESSAGE IP Protection started successfully
2012/03/01 14:17:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 49163, Process: svchost.exe)
2012/03/01 14:18:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 49175, Process: svchost.exe)
2012/03/01 14:18:15 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 49180, Process: svchost.exe)
2012/03/01 14:18:24 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 49181, Process: svchost.exe)
2012/03/01 14:18:32 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49183, Process: svchost.exe)
2012/03/01 14:18:48 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 49186, Process: svchost.exe)
2012/03/01 14:24:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 50197, Process: svchost.exe)
2012/03/01 14:24:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50270, Process: svchost.exe)
2012/03/01 14:25:16 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50278, Process: svchost.exe)
2012/03/01 14:25:16 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50295, Process: svchost.exe)
2012/03/01 14:25:16 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50297, Process: svchost.exe)
2012/03/01 14:25:16 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50302, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50304, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50306, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50309, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50311, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50314, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50316, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50317, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50320, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50324, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50325, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50326, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50332, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50334, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50337, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50346, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50347, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50350, Process: svchost.exe)
2012/03/01 14:25:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50352, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50373, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50375, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50378, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50384, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 50385, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50387, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 50388, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50390, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50392, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50393, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 50394, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50396, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50399, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 50400, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50402, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50404, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50406, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50407, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50408, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50410, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50412, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50414, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50416, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50418, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50419, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50420, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50421, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50422, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50423, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50424, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50425, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50426, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50427, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50428, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50429, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50430, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50431, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50432, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50434, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50435, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50436, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50437, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50438, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50440, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50441, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50444, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50451, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50454, Process: svchost.exe)
2012/03/01 14:25:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50456, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50458, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50461, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50463, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50470, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50473, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50474, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50476, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50478, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50480, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50481, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50483, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50485, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50495, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50497, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50516, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50517, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50518, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50519, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50520, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50521, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50528, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50529, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50530, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50531, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50532, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50533, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50534, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50535, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 50537, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50551, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50552, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50553, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50554, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50555, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50556, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50557, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50558, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50560, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50567, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50573, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50575, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50585, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50586, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50587, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50588, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50593, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 50594, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 50595, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50596, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50615, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50616, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50633, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 50634, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50644, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50645, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50646, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50647, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50656, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50658, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50669, Process: svchost.exe)
2012/03/01 14:25:26 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50670, Process: svchost.exe)
2012/03/01 14:27:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 50678, Process: svchost.exe)
2012/03/01 14:27:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51045, Process: svchost.exe)
2012/03/01 14:27:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51046, Process: svchost.exe)
2012/03/01 14:27:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51047, Process: svchost.exe)
2012/03/01 14:27:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51048, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51049, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51050, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51052, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51056, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51058, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51060, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51061, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51063, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51064, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51065, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51066, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51067, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51068, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51069, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51071, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51072, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51073, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51075, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51076, Process: svchost.exe)
2012/03/01 14:27:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51077, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51114, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51116, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51117, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51119, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51120, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51121, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51122, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51124, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51125, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51126, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51129, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51131, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51134, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51135, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51137, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51138, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51139, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51141, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51144, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51145, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51146, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51149, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51150, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51152, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51154, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51156, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51157, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51158, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51160, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51161, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51162, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51163, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51165, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51166, Process: svchost.exe)
2012/03/01 14:28:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51167, Process: svchost.exe)
2012/03/01 14:28:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51168, Process: svchost.exe)
2012/03/01 14:28:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51172, Process: svchost.exe)
2012/03/01 14:28:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51173, Process: svchost.exe)
2012/03/01 14:28:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51174, Process: svchost.exe)
2012/03/01 14:28:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51178, Process: svchost.exe)
2012/03/01 14:28:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51179, Process: svchost.exe)
2012/03/01 14:28:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51182, Process: svchost.exe)
2012/03/01 14:28:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51185, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51188, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51192, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51195, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51196, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51197, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51199, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51200, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51201, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51202, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51203, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51205, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51206, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51207, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51208, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51209, Process: svchost.exe)
2012/03/01 14:28:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51210, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51211, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51212, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51213, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51218, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51219, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51220, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51221, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51222, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51223, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51224, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51225, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51226, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51227, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51228, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51229, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51230, Process: svchost.exe)
2012/03/01 14:28:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51231, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51232, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51233, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51234, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51235, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51236, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51238, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51239, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51240, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51241, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51242, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51243, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51244, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51245, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51246, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51247, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51248, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51249, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51250, Process: svchost.exe)
2012/03/01 14:28:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51251, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51252, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51253, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51254, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51255, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51256, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51257, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51258, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51259, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51260, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51261, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51262, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51263, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51264, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51265, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51266, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51267, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51268, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51269, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51275, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51276, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51280, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51282, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51293, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51299, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51304, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51305, Process: svchost.exe)
2012/03/01 14:28:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51306, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51307, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51308, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51309, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51310, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51311, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51312, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51313, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51314, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51316, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51319, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51320, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51321, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51323, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51324, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51337, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51358, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51360, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51385, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51401, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51403, Process: svchost.exe)
2012/03/01 14:28:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51405, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51849, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51850, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51851, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51852, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51853, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51854, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51855, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51856, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51857, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51858, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51859, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51860, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51861, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51866, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51867, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51868, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51869, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51870, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51871, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51872, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51873, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51875, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51876, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51877, Process: svchost.exe)
2012/03/01 14:30:27 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51878, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51879, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51880, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51881, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51882, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51883, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51885, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51886, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51887, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51888, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51890, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51891, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51892, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51893, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51895, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51896, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51897, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51898, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51900, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51901, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51904, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51906, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51907, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51908, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51910, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51911, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51916, Process: svchost.exe)
2012/03/01 14:30:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51918, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51919, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51920, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51922, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51923, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51924, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51925, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51926, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51929, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51931, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51933, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51935, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51937, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51938, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51940, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51941, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51942, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51943, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51945, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51948, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51950, Process: svchost.exe)
2012/03/01 14:30:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51953, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51954, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51955, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51956, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51957, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51958, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51959, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51961, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51962, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51963, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51964, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51966, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51968, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51969, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51970, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51971, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 51972, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51973, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51974, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51975, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51976, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51977, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51978, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51982, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51983, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51984, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51989, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 51991, Process: svchost.exe)
2012/03/01 14:30:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 51992, Process: svchost.exe)
2012/03/01 14:30:31 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 51993, Process: svchost.exe)
2012/03/01 14:30:31 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52003, Process: svchost.exe)
2012/03/01 14:30:32 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52004, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52005, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52007, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52010, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52011, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52012, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52013, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52014, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52015, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52016, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52017, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52018, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52019, Process: svchost.exe)
2012/03/01 14:30:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52020, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52021, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52022, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52023, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52024, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52025, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 52026, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52027, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52029, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52030, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52031, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52032, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52033, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52034, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52035, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52036, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52037, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52039, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52040, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52041, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52044, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52045, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52047, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52049, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52050, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52052, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52053, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52054, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52055, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52056, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52057, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52058, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52059, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52060, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52061, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52062, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52063, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52064, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52065, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52066, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52067, Process: svchost.exe)
2012/03/01 14:30:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52068, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52069, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52070, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52071, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52072, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52073, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52075, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52076, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52077, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52078, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52079, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52080, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52081, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52084, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52086, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52087, Process: svchost.exe)
2012/03/01 14:30:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52088, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52089, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52090, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52093, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52095, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52098, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52099, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52101, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 52102, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52103, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52105, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52106, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52107, Process: svchost.exe)
2012/03/01 14:30:36 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52109, Process: svchost.exe)
2012/03/01 14:30:37 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52110, Process: svchost.exe)
2012/03/01 14:30:37 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52111, Process: svchost.exe)
2012/03/01 14:30:37 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52115, Process: svchost.exe)
2012/03/01 14:30:37 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52116, Process: svchost.exe)
2012/03/01 14:30:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52127, Process: svchost.exe)
2012/03/01 14:30:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52128, Process: svchost.exe)
2012/03/01 14:30:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52129, Process: svchost.exe)
2012/03/01 14:30:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52130, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52131, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52132, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52133, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52134, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52135, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52136, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52137, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 52138, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52139, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52140, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52141, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 52142, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52143, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52144, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52145, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52146, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52147, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52148, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52149, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52150, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52151, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52152, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52153, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52154, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52155, Process: svchost.exe)
2012/03/01 14:30:47 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52156, Process: svchost.exe)
2012/03/01 14:30:48 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52157, Process: svchost.exe)
2012/03/01 14:30:48 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52158, Process: svchost.exe)
2012/03/01 14:30:48 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52159, Process: svchost.exe)
2012/03/01 14:30:48 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52160, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52575, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52576, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52577, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52578, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52579, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52582, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52583, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52584, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52585, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52586, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52587, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52589, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52590, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52594, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52592, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52597, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52598, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52601, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52602, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52603, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52604, Process: svchost.exe)
2012/03/01 14:33:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52605, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52606, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52612, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52615, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52620, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52622, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52623, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52625, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52626, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52627, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52634, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52635, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52636, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52639, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52647, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52649, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52650, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52652, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52653, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52654, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52655, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52656, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52657, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52658, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52659, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52660, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52661, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52662, Process: svchost.exe)
2012/03/01 14:33:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52663, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52664, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52665, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52651, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52667, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52666, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52669, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52670, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52672, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52675, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52676, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52681, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52682, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52683, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52684, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52685, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52686, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52687, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52697, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52698, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 52699, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52700, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52701, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52702, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 52703, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52704, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52705, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52706, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52707, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52708, Process: svchost.exe)
2012/03/01 14:33:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52709, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52710, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52711, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52713, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52714, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52715, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52716, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52717, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52718, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 52712, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52719, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52720, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52721, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52722, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52724, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52725, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52726, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52727, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52728, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52731, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52733, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52736, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52737, Process: svchost.exe)
2012/03/01 14:33:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52738, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52739, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52740, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52747, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52750, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52752, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52754, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52755, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52757, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52760, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52762, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52763, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52768, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52771, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52776, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52779, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52781, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52786, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52793, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 52794, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52795, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52796, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52797, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52799, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52800, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52801, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52802, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52805, Process: svchost.exe)
2012/03/01 14:33:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52809, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52811, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52813, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52822, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52823, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52826, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52830, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52831, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52833, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52836, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52837, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52841, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52840, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52848, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52849, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52853, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52858, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52859, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52861, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52862, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52864, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52876, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52879, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52880, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52881, Process: svchost.exe)
2012/03/01 14:33:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52882, Process: svchost.exe)
2012/03/01 14:33:11 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52886, Process: svchost.exe)
2012/03/01 14:33:11 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52887, Process: svchost.exe)
2012/03/01 14:33:11 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52889, Process: svchost.exe)
2012/03/01 14:33:11 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52890, Process: svchost.exe)
2012/03/01 14:33:11 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52898, Process: svchost.exe)
2012/03/01 14:33:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52900, Process: svchost.exe)
2012/03/01 14:33:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52903, Process: svchost.exe)
2012/03/01 14:33:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52907, Process: svchost.exe)
2012/03/01 14:33:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 52909, Process: svchost.exe)
2012/03/01 14:33:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52912, Process: svchost.exe)
2012/03/01 14:33:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 52915, Process: svchost.exe)
2012/03/01 14:38:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 53705, Process: svchost.exe)
2012/03/01 14:39:01 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 53836, Process: svchost.exe)
2012/03/01 14:39:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 53838, Process: svchost.exe)
2012/03/01 14:39:33 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 53865, Process: svchost.exe)
2012/03/01 14:39:42 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 53868, Process: svchost.exe)
2012/03/01 14:40:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 53873, Process: svchost.exe)
2012/03/01 14:41:10 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 53876, Process: svchost.exe)
2012/03/01 14:43:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 53879, Process: svchost.exe)
2012/03/01 14:45:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 53885, Process: svchost.exe)
2012/03/01 14:45:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 53886, Process: svchost.exe)
2012/03/01 14:46:41 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 53890, Process: svchost.exe)
2012/03/01 14:46:57 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 53892, Process: svchost.exe)
2012/03/01 14:49:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 53895, Process: svchost.exe)
2012/03/01 14:52:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 53979, Process: svchost.exe)
2012/03/01 14:59:38 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 54906, Process: svchost.exe)
2012/03/01 15:00:42 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 55078, Process: svchost.exe)
2012/03/01 15:00:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 55106, Process: svchost.exe)
2012/03/01 15:05:09 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 55792, Process: svchost.exe)
2012/03/01 15:05:25 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 55834, Process: svchost.exe)
2012/03/01 15:05:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 55850, Process: svchost.exe)
2012/03/01 15:08:32 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 56454, Process: svchost.exe)
2012/03/01 15:09:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 56719, Process: svchost.exe)
2012/03/01 15:10:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 56854, Process: svchost.exe)
2012/03/01 15:13:49 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 57418, Process: svchost.exe)
2012/03/01 15:14:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 57556, Process: svchost.exe)
2012/03/01 15:16:39 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 57846, Process: svchost.exe)
2012/03/01 15:17:03 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 57928, Process: svchost.exe)
2012/03/01 15:19:04 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 58174, Process: svchost.exe)
2012/03/01 15:19:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 58298, Process: svchost.exe)
2012/03/01 15:21:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 58447, Process: svchost.exe)
2012/03/01 15:24:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 94.100.18.194 (Type: outgoing, Port: 58844, Process: svchost.exe)
2012/03/01 15:25:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 58944, Process: svchost.exe)
2012/03/01 15:28:14 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 59203, Process: svchost.exe)
2012/03/01 15:32:50 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 59335, Process: svchost.exe)
2012/03/01 15:33:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 59347, Process: svchost.exe)
2012/03/01 15:34:43 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 59432, Process: svchost.exe)
2012/03/01 15:35:55 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 59477, Process: svchost.exe)
2012/03/01 15:38:13 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59686, Process: svchost.exe)
2012/03/01 15:39:58 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 59929, Process: svchost.exe)
2012/03/01 15:40:54 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 60008, Process: svchost.exe)
2012/03/01 15:43:28 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60197, Process: svchost.exe)
2012/03/01 15:44:24 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 60384, Process: svchost.exe)
2012/03/01 15:45:37 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 60545, Process: svchost.exe)
2012/03/01 15:46:17 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 60594, Process: svchost.exe)
2012/03/01 15:47:06 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 60660, Process: svchost.exe)
2012/03/01 15:47:22 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.35.99 (Type: outgoing, Port: 60732, Process: svchost.exe)
2012/03/01 15:48:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 60789, Process: svchost.exe)
2012/03/01 15:50:20 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 61029, Process: svchost.exe)
2012/03/01 15:51:40 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 61133, Process: svchost.exe)
2012/03/01 15:52:05 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 61145, Process: svchost.exe)
2012/03/01 15:53:01 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 61162, Process: svchost.exe)
2012/03/01 15:53:34 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 61189, Process: svchost.exe)
2012/03/01 15:55:35 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 61281, Process: svchost.exe)
2012/03/01 15:57:20 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.192.183.194 (Type: outgoing, Port: 61478, Process: svchost.exe)
2012/03/01 15:57:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 61513, Process: svchost.exe)
2012/03/01 15:58:01 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 61529, Process: svchost.exe)
2012/03/01 15:59:38 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 61562, Process: svchost.exe)
2012/03/01 16:00:02 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 61593, Process: svchost.exe)
2012/03/01 16:00:59 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 61736, Process: svchost.exe)
2012/03/01 16:01:31 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 61796, Process: svchost.exe)
2012/03/01 16:03:16 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 62090, Process: svchost.exe)
2012/03/01 16:05:18 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 62435, Process: svchost.exe)
2012/03/01 16:07:52 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 63009, Process: svchost.exe)
2012/03/01 16:09:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 63902, Process: svchost.exe)
2012/03/01 16:10:01 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 63979, Process: svchost.exe)
2012/03/01 16:11:46 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.2 (Type: outgoing, Port: 64261, Process: svchost.exe)
2012/03/01 16:12:59 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 64536, Process: svchost.exe)
2012/03/01 16:13:15 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 64568, Process: svchost.exe)
2012/03/01 16:16:54 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.150 (Type: outgoing, Port: 65058, Process: svchost.exe)
2012/03/01 16:18:55 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 65295, Process: svchost.exe)
2012/03/01 16:20:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 65422, Process: svchost.exe)
2012/03/01 16:20:57 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 49165, Process: svchost.exe)
2012/03/01 16:21:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 49259, Process: svchost.exe)
2012/03/01 16:22:42 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.35 (Type: outgoing, Port: 49462, Process: svchost.exe)
2012/03/01 16:22:50 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 49465, Process: svchost.exe)
2012/03/01 16:23:30 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 49500, Process: svchost.exe)
2012/03/01 16:24:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 49575, Process: svchost.exe)
2012/03/01 16:24:59 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 49577, Process: svchost.exe)
2012/03/01 16:25:55 -0600 FLAMINGOISLAND Tina IP-BLOCK 199.80.55.117 (Type: outgoing, Port: 49679, Process: svchost.exe)
2012/03/01 16:34:42 -0600 FLAMINGOISLAND Tina MESSAGE Starting protection
2012/03/01 16:34:49 -0600 FLAMINGOISLAND Tina MESSAGE Protection started successfully
2012/03/01 16:34:52 -0600 FLAMINGOISLAND Tina MESSAGE Starting IP protection
2012/03/01 16:35:10 -0600 FLAMINGOISLAND Tina MESSAGE IP Protection started successfully
2012/03/01 16:36:53 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.150 (Type: outgoing, Port: 50125, Process: svchost.exe)
2012/03/01 16:38:54 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 50210, Process: svchost.exe)
2012/03/01 16:39:43 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.5 (Type: outgoing, Port: 50261, Process: svchost.exe)
2012/03/01 16:39:51 -0600 FLAMINGOISLAND Tina IP-BLOCK 173.236.56.93 (Type: outgoing, Port: 50315, Process: svchost.exe)
2012/03/01 16:40:07 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 50430, Process: svchost.exe)
2012/03/01 16:40:55 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 50689, Process: svchost.exe)
2012/03/01 16:42:55 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 51111, Process: svchost.exe)
2012/03/01 16:44:55 -0600 FLAMINGOISLAND Tina IP-BLOCK 141.136.16.151 (Type: outgoing, Port: 51713, Process: svchost.exe)
2012/03/01 16:46:08 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.3 (Type: outgoing, Port: 52448, Process: svchost.exe)
2012/03/01 16:46:16 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52459, Process: svchost.exe)
2012/03/01 16:46:40 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52650, Process: svchost.exe)
2012/03/01 16:46:40 -0600 FLAMINGOISLAND Tina IP-BLOCK 109.206.185.167 (Type: outgoing, Port: 52651, Process: svchost.exe)
2012/03/01 16:46:56 -0600 FLAMINGOISLAND Tina IP-BLOCK 206.161.121.4 (Type: outgoing, Port: 52654, Process: svchost.exe)
2012/03/01 16:47:29 -0600 FLAMINGOISLAND Tina IP-BLOCK 178.162.172.39 (Type: outgoing, Port: 52714, Process: svchost.exe)
-----------------------------------------------------------------------------------
Hopefully I pasted all this correctly...

Thanks again for your help!!!


----------



## eddie5659 (Mar 19, 2001)

I'll have a good look tomorrow, but in the meantime, can you see if you can run ComboFix, as it looks a nasty infection there.


----------



## Was343 (Feb 27, 2012)

I DLed combo fix renamed to my desktop as instructed and disabled Symantec, windows defender, windows firewall, and malwarebytes. Combofix never asks about recovery or if I want it to scan. It opens a box and scrolls green type about extracting and deleting files and ends with an output file on m y c:. It never does anything after that. Te output file on my c opens what looks the same as opening "my computer". Then it just loops back to the c drive. not sure if i explained that right but i find no log file... what did i do wrong??


----------



## eddie5659 (Mar 19, 2001)

Okay, leave ComboFix for now, but can you run this for me so we can see what may be stopping it:

Download *OTL* to your Desktop 

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 


eddie


----------



## Was343 (Feb 27, 2012)

Running the OTL scan now. For the first time since i have been having problems my symantec picked up trojan.adh.2.

Any idea from the scans what i have or where it came from, the wife doesnt do much with this laptop other than her schoolwork??


----------



## Was343 (Feb 27, 2012)

Is there any problem with me logging into this site with my password on the infected laptop, which i have to do to post the logs. any chance my stuff iis being logged? Also, is it bad when I disable all my protections for combofix, seems as though it lets everything through that way? Sorry, its been way to long since I did any of this stuff.


----------



## Was343 (Feb 27, 2012)

OTL logfile created on: 3/2/2012 12:42:44 PM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 38.86% Memory free
6.18 Gb Paging File | 4.10 Gb Available in Paging File | 66.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 182.17 Gb Free Space | 63.81% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.29 Gb Free Space | 52.86% Space Free | Partition Type: NTFS

Computer Name: FLAMINGOISLAND | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 12:42:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
PRC - [2012/02/17 20:27:24 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2012/01/20 12:16:56 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/03/07 20:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/06/03 15:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 15:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 15:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 15:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/26 14:07:10 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/02/26 14:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/02/01 22:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 15:47:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/11/18 17:17:16 | 001,227,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe
PRC - [2007/09/24 03:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 03:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 03:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 03:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/02 12:35:50 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/03/02 12:35:50 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/03/01 14:20:10 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/03/01 14:20:09 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/08 03:07:16 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2012/01/08 03:07:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2011/10/14 02:33:05 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 02:32:55 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/01/26 09:17:24 | 000,081,920 | ---- | M] () -- C:\Windows\System32\erainp32.dll
MOD - [2008/05/19 00:25:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 07:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/03 17:06:52 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/03/07 20:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2009/06/03 15:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/02/26 14:07:08 | 001,799,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/02/01 22:37:00 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/02/01 20:43:02 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/12/18 15:46:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/12/10 14:46:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - [2012/02/03 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/03 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/04 02:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120229.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 02:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120229.034\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/12 19:41:34 | 000,006,656 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Nccidx86.sys -- (Nccidx86)
DRV - [2010/11/11 22:22:00 | 000,059,136 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/07/13 02:13:52 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/07/11 21:16:00 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/06/15 14:08:18 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/05/24 10:10:29 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/04/10 22:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/02/26 14:11:00 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/02/26 14:08:38 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/12/19 14:08:12 | 000,319,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/12/19 14:08:12 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/12/19 14:08:12 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/11/18 17:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/14 10:24:18 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/09/09 13:54:42 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/08/21 10:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 10:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/01/20 20:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/01 22:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/02 23:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/02 23:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/24 03:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/24 02:01:00 | 000,007,680 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\STCFUx32.sys -- (STCFUx32)
DRV - [2006/11/27 01:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 01:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 01:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 06:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...&query={searchTerms}&invocationType=tb50trie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080731
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...=en&ds=AVG&pr=pr&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d15c1608-ba3e-4aa0-aa6f-aa9337226087}:1.3.3

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Tina\AppData\Roaming\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/16 22:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/13 09:59:31 | 000,000,000 | ---D | M]

[2010/12/28 15:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2011/12/07 22:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions
[2011/04/14 21:12:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/27 10:51:46 | 000,000,000 | ---D | M] ("DoD Configuration") -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2012/03/01 08:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/01 08:19:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/16 22:55:41 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/03/18 20:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 03:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2012/03/01 08:18:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/01 15:47:38 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2012/02/20 21:05:36 | 000,003,739 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/16 22:55:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/16 22:55:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/20 20:42:52 | 000,441,349 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15171 more lines...
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MakeMeBabies 2.0 Toolbar) - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17E56E03-0D03-4697-8107-F9D1166E6D6F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D7F29D7-8A77-474C-A801-58BC0BE728DD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8cfbe92b-cce4-11dd-9258-002170703923}\Shell - "" = AutoRun
O33 - MountPoints2\{8cfbe92b-cce4-11dd-9258-002170703923}\Shell\AutoRun\command - "" = F:\Nextar.exe
O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 12:41:58 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2012/03/01 22:06:13 | 000,000,000 | ---D | C] -- C:\username123
[2012/03/01 18:03:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/01 18:02:03 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/01 14:19:48 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/01 14:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/01 14:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/01 14:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/01 09:40:05 | 015,067,912 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tina\Desktop\SUPERAntiSpyware.exe
[2012/03/01 08:50:31 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Malwarebytes
[2012/03/01 08:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/01 08:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/01 08:49:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/01 08:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/01 08:46:49 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/01 08:27:51 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\TFC.exe
[2012/03/01 08:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/01 07:38:50 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\JavaRA
[2012/02/26 21:43:27 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tina\Desktop\dds.com
[2012/02/26 21:42:32 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tina\Desktop\HijackThis.exe
[2012/02/26 21:11:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\SAVE!!!
[2012/02/20 21:00:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/02/20 20:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/20 20:18:46 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/20 19:56:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/20 19:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/04 18:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/04 18:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/02/04 18:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

========== Files - Modified Within 30 Days ==========

[2012/03/02 12:42:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2012/03/02 12:41:40 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/02 12:41:40 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/02 12:33:32 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 12:33:30 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 12:33:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 22:06:14 | 000,000,341 | ---- | M] () -- C:\Start_.cmd
[2012/03/01 14:19:14 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/01 09:40:13 | 015,067,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tina\Desktop\SUPERAntiSpyware.exe
[2012/03/01 08:50:02 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 08:47:56 | 009,502,424 | ---- | M] (Malwarebytes Corporation  ) -- C:\Users\Tina\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/01 08:27:57 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\TFC.exe
[2012/03/01 08:00:26 | 000,000,680 | ---- | M] () -- C:\Users\Tina\AppData\Local\d3d9caps.dat
[2012/02/26 21:44:33 | 000,302,592 | ---- | M] () -- C:\Users\Tina\Desktop\07d3ki9m.exe
[2012/02/26 21:43:27 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tina\Desktop\dds.com
[2012/02/26 21:42:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tina\Desktop\HijackThis.exe
[2012/02/20 21:19:14 | 000,621,755 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/02/20 20:42:52 | 000,441,349 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/20 20:35:56 | 000,441,349 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120220-204252.backup
[2012/02/17 21:21:39 | 000,441,349 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120220-203556.backup
[2012/02/02 10:46:47 | 000,589,824 | ---- | M] (Samsung Printer) -- C:\SP_Connector.exe

========== Files Created - No Company Name ==========

File not found -- C:\Users\Tina\Desktop\username123.exe
[2012/03/01 22:06:14 | 000,000,341 | ---- | C] () -- C:\Start_.cmd
[2012/03/01 14:19:14 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/01 08:50:02 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 08:03:14 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
[2012/03/01 08:03:14 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/02/26 21:44:32 | 000,302,592 | ---- | C] () -- C:\Users\Tina\Desktop\07d3ki9m.exe
[2012/02/22 19:19:35 | 000,621,755 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/12/28 10:12:19 | 000,043,286 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\UserTile.png
[2011/12/23 12:54:42 | 000,270,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/18 12:39:53 | 000,000,680 | ---- | C] () -- C:\Users\Tina\AppData\Local\d3d9caps.dat
[2011/08/03 22:57:34 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/08/03 22:57:33 | 000,138,056 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\PnkBstrK.sys
[2011/08/03 22:57:00 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/08/03 22:56:57 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/03 22:56:55 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/14 12:42:09 | 000,011,849 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\SmarThruOptions.xml
[2011/06/14 12:41:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011/06/14 12:40:56 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2011/06/14 12:40:52 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2011/06/14 12:33:44 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/06/14 12:33:32 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011/06/14 12:31:04 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll
[2011/06/14 12:29:40 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2011/06/14 12:29:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011/06/14 12:29:40 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011/06/14 12:29:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011/05/12 20:56:13 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini
[2011/05/12 11:40:33 | 000,070,656 | ---- | C] () -- C:\Windows\System32\dfboottime.exe
[2011/01/26 18:04:25 | 000,000,004 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\62DD48
[2011/01/26 18:04:24 | 000,870,128 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\mcs.rma
[2011/01/06 14:33:40 | 000,000,192 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/06/03 16:23:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010/05/17 18:10:50 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2010/05/17 17:46:12 | 000,148,946 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/05/17 17:45:58 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat

========== LOP Check ==========

[2008/08/26 21:43:03 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\acccore
[2012/02/20 20:18:46 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/16 17:19:02 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2010/05/20 09:39:17 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Image Zone Express
[2011/05/06 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Mystery of Mortlake Mansion
[2011/03/03 21:09:23 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PCDr
[2010/01/29 09:01:40 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Printer Info Cache
[2011/05/12 20:48:24 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PureEdge
[2011/09/11 17:47:04 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Research In Motion
[2011/01/26 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\SanDisk
[2011/09/04 09:05:40 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\SystemRequirementsLab
[2012/03/01 22:06:24 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >
-------------------------------------------------------------------------------
OTL Extras logfile created on: 3/2/2012 12:42:44 PM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 38.86% Memory free
6.18 Gb Paging File | 4.10 Gb Available in Paging File | 66.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 182.17 Gb Free Space | 63.81% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.29 Gb Free Space | 52.86% Space Free | Partition Type: NTFS

Computer Name: FLAMINGOISLAND | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078580B0-414C-4736-994D-17C509C97FF7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1046A1C2-37AA-4FB9-AB6A-97DD22CFA53F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4F888BB4-5830-4FBE-904E-6C5EA3BF8037}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5756E92B-2AF4-4C03-B625-E9E84C5883FE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5A9F636E-BB5B-484F-9430-BC4E697B6D30}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5B688A75-1862-44B4-9922-22B1FC103742}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{5CD0B75D-EE64-40AA-A0B6-ABE75230B370}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6659EEC0-7F4B-46F2-BC5B-528186B20616}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{691EA673-0A58-4509-8A59-DF5D8A37FBBE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A0DA1B9-7EAA-4401-999D-71128B21ABD2}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{8EA2DABC-5374-429D-966F-C59C5C38B568}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{9811C82F-C7D2-4B69-B8DB-5C8B262F5500}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A95BB938-DCCA-469B-B44D-F8E37ADD6F4C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B728088A-D5E2-4A48-B308-86E30314126A}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0617E153-32C6-4136-9577-5BEFDC869067}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{0E3582A0-FA93-4A00-B15C-1F3762576B8F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0E504638-EBB8-495C-830E-959DCA72D23B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bluefalcon3004\counter-strike\hl.exe | 
"{36B61301-02BB-44F3-858D-09EA227BC7EE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"{36B7654B-6019-4490-86E0-ADD179090F12}" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe | 
"{37CE5122-1E79-4F2B-B4B3-47EC556BD356}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\bluefalcon3004\team fortress classic\hl.exe | 
"{43F066A3-7555-4584-AE3A-87CBB68861F3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"{4E0F7B02-F601-4954-A619-2D4934F461A7}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{584DE793-23CC-475D-861C-0915C9C8BB4F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{59334AB1-EA8D-43F3-87AF-62043F38D8C4}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{5D3F32A9-15BE-45D5-8F24-0A8A840D0DB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bluefalcon3004\counter-strike\hl.exe | 
"{8125DA55-70B6-4D6A-BCF4-2968067D1F06}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8A37E952-80E7-4046-B82F-02D974A8055D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8DB1F9DB-C764-4216-86B5-7FFD3A68A992}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{910BD1DF-0750-40B7-B139-852526D2363F}" = protocol=1 | dir=in | [email protected],-28543 | 
"{A08A9D76-C712-4F04-AE76-F03D813B0552}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{B55F40DB-4A5A-40FF-A0D0-719A3809CD04}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\bluefalcon3004\team fortress classic\hl.exe | 
"{D7D4B226-03FF-4352-ACAE-574D5EC85772}" = protocol=58 | dir=out | [email protected],-28546 | 
"{DFA87802-A246-4AF8-B7E2-B2E404714149}" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe | 
"{E19732F4-8174-4851-97A3-F17A854886D1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{E26F0668-7A1F-4300-9D74-B757318D16FE}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{EC72B5DF-2A27-4DB8-A361-5086B1B7A46E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe | 
"{EDBA8CEF-A8EC-4693-8C44-6B614F70B5FE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{FB3425A7-8B38-4594-B206-498744F15F4D}" = protocol=1 | dir=out | [email protected],-28544 | 
"{FB8B2D49-0ACC-4400-AA8A-D9B49207A9AB}" = protocol=58 | dir=in | [email protected],-28545 | 
"{FEEA0BEA-FE9F-4F15-9EAF-30D13AB47ECA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"TCP Query User{3C32D584-96F8-4F3A-BE0D-4115ADAC175F}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe | 
"TCP Query User{58620BAC-584B-4F33-A1C5-67B1B1687D93}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe | 
"UDP Query User{538CE22B-402E-4E48-A4C4-155AC2B41887}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe | 
"UDP Query User{7462BC5E-CCA8-415D-B607-47A2AD5D293F}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1956e9f5-6f4b-4fc3-b6f4-5869d06d95e9}" = Actron Scanning Suite
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{1C55AE03-9FF0-4908-B42C-D191DA3C4F22}" = Medieval II Total War
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather The Game
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4D53DDBC-99AD-485C-AAD5-B1EA6930C278}" = Thermostat Installer
"{4E01B649-0023-4EB5-9263-57DE317C3418}" = ApproveIt Desktop
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80078570-6C67-486C-8CF0-B0D778FC69B5}" = Samsung Network PC Fax
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9852EB41-276E-1301-0481-6C4A585292D8}" = Picaboo X
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9D0745C-BABD-472B-8AF0-FAF888D31046}" = Medieval II Total War
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant
"{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}" = Symantec Endpoint Protection
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1387cd45119ecd721d3a050bd8f6cf38" = Diner Dash
"2FE89524DCB9993BBE35C3B1F50969BE84CDC26C" = Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)
"45C76934E7F547DB6EAFC059D897430F43112A87" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"719dba21aadbc5b8efd10b0ce0c290a1" = Mortimer Beckett and the Time Paradox
"726385ED6E9BD02F0F3E4611AEEAD174ADDDC0F2" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Ares" = Ares 2.1.7
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) 
"Defraggler" = Defraggler
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Download Manager" = Download Manager 2.3.10
"EF0DC109140519CEDBEF47D748890F9061EDC199" = Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )
"f3c5b9886c3471dfe2a3f285b8874441" = Mystery of Mortlake Mansion(TM)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"MakeMeBabies_2.0 Toolbar" = MakeMeBabies 2.0 Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Photo Viewer" = Photo Viewer V208G2
"PunkBusterSvc" = PunkBuster Services
"RealArcade" = RealArcade
"Rhapsody" = Rhapsody
"Sally's Salon" = Sally's Salon
"Sally's Spa" = Sally's Spa
"Samsung CLX-3180 Series" = Maintenance Samsung CLX-3180 Series
"Steam App 10" = Counter-Strike
"Steam App 13140" = America's Army 3
"Steam App 20" = Team Fortress Classic
"Viewer_armyifx" = Viewer_armyifx

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/27/2012 1:21:27 PM | Computer Name = FlamingoIsland | Source = System Restore | ID = 8210
Description =

Error - 3/1/2012 9:30:09 AM | Computer Name = FlamingoIsland | Source = WinMgmt | ID = 10
Description =

Error - 3/1/2012 9:43:33 AM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 14: description: CAL Failure

Error - 3/1/2012 9:49:44 AM | Computer Name = FlamingoIsland | Source = WinMgmt | ID = 10
Description =

Error - 3/1/2012 9:50:08 AM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
Event
Info: Terminate Process Action Taken: Logged Actor Process: C:\Windows\system32\taskmgr.exe
(PID 6020) Time: Thursday, March 01, 2012 7:50:08 AM

Error - 3/1/2012 9:50:30 AM | Computer Name = FlamingoIsland | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 3/1/2012 9:54:03 AM | Computer Name = FlamingoIsland | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(e0:b9:ba:67:9f:[email protected]::e2b9:baff:fe67:9f1b._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 3/1/2012 9:56:58 AM | Computer Name = FlamingoIsland | Source = EventSystem | ID = 4609
Description =

Error - 3/1/2012 9:59:12 AM | Computer Name = FlamingoIsland | Source = EventSystem | ID = 4609
Description =

Error - 3/1/2012 10:00:08 AM | Computer Name = FlamingoIsland | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 7/29/2011 5:35:07 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 16:35:07, Fri, Jul 29, 11 Error - Unable to gain access to user store

Error - 8/23/2011 11:43:51 AM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 10:43:50, Tue, Aug 23, 11 Error - Unable to gain access to user store

Error - 9/18/2011 1:19:53 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 12:19:53, Sun, Sep 18, 11 Error - Unable to gain access to user store

Error - 1/19/2012 11:16:16 AM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 09:16:16, Thu, Jan 19, 12 Error - Unable to gain access to user store

Error - 2/14/2012 2:57:38 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 12:57:38, Tue, Feb 14, 12 Error - Unable to gain access to user store

[ System Events ]
Error - 3/2/2012 12:03:11 AM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/2/2012 12:03:11 AM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/2/2012 12:04:45 AM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7022
Description =

Error - 3/2/2012 2:32:29 PM | Computer Name = FlamingoIsland | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/2/2012 2:32:42 PM | Computer Name = FlamingoIsland | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/2/2012 2:33:36 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/2/2012 2:33:36 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/2/2012 2:33:36 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/2/2012 2:33:36 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/2/2012 2:35:01 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7022
Description =

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, according to Symantec's website, trojan.adh.2. is a name given to malware that has no sig, as in not named fully. Do you know which files its targetting?

Logging onto this site should be okay, though you may want to change the password once we're all clear, just to be safe for the future 

Okay, can you uninstall *MakeMeBabies 2.0 Toolbar* either via AddRemove Programs in the Control Panel, or via Start | Programs.

Then, run this fix:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - File not found [Unknown | Stopped] -- -- (getPlusHelper)
IE - HKLM\..\URLSearchHook: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Tina\AppData\Roaming\nprhapengine.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (MakeMeBabies 2.0 Toolbar) - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
File not found -- C:\Users\Tina\Desktop\username123.exe
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

---------

Then, can you run this for me:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Windows\System32\stacsv.exe
C:\Windows\System32\drivers\Nccidx86.sys
C:\Windows\System32\dfboottime.cfg
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

---------

Then, can you run this for me:

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
When prompted, type 1 and validate 
The RKreport.txt shall be generated next to the executable. 
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Please post the contents of the RKreport.txt in your next Reply.


----------



## Was343 (Feb 27, 2012)

It is targeting the username123 file i DLed, so i would assume its not really a problem.

I would love to install the makemebabies toolbar as it is some stupid thing my wife used to use, however, when i click uninstall from the ***/remove program, the screen flashes and nothing happens. I also cannot find it in my programs. I actually thought i uninstalled it quite a while ago. I am a windows XP guy and am not sure how to procede to find it with vista.

Working on the rest now...


----------



## Was343 (Feb 27, 2012)

Am I running OTL as administrator or just clicking, I use vista?


----------



## Was343 (Feb 27, 2012)

My computer restarted and it says windows failed to start, start normally or use startup repair


----------



## Was343 (Feb 27, 2012)

I thought it was going so well too. I've got the cd that cme with th computer. I suppose unless you say offer an I will try and get it booting again.


----------



## Was343 (Feb 27, 2012)

My computer booted and logged in however it looks like it restored itself, somewhat. How would you like me to proceed, I have no idea what it did to fix itself.


----------



## Was343 (Feb 27, 2012)

Sorry im posting so many little replies but im just trying to stay up to date. It appears it restored my computer to before i downloaded any of the programs to start this thread, but, all my logs from the scans are still on the desktop. Other than that, I cannot tell what point my computer is at.


----------



## Was343 (Feb 27, 2012)

Has been uninstalled.


----------



## Was343 (Feb 27, 2012)

First two programs ran as instructed. Roguekiller does a scan on opening and says prescan finished in the box. It never asks me to validate or type 1. No log created either, and I am running it as administrator. I even renamed it to the winlogon. Still nothing multiple times...

Due to the restore I did a hijack this log as well, unknown it that will help you or not. Makemebabies did uninstall.

Sidenote, I have no problem uninstalling any programs you need me too, no idea what the wife has downloaded and installed.
-------------------------------------------------------------------------
All processes killed
========== OTL ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
Error: No service named sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter was found to stop!
Service\Driver key sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter not found.
Service getPlusHelper stopped successfully!
Service getPlusHelper deleted successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d4330680-c0ae-4226-8a21-0afe2fd1ac24} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}\ not found.
File C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{d4330680-c0ae-4226-8a21-0afe2fd1ac24} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}\ not found.
File C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll not found.
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{d4330680-c0ae-4226-8a21-0afe2fd1ac24} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}\ not found.
File C:\Program Files\MakeMeBabies_2.0\prxtbMake.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tina\Desktop\cmd.bat deleted successfully.
C:\Users\Tina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 53632 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Tina
->Temp folder emptied: 33687634 bytes
->Temporary Internet Files folder emptied: 16771482 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46455603 bytes
->Flash cache emptied: 1941269 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 675840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41153512 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 168126501 bytes

Total Files Cleaned = 295.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tina
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tina
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.35.0 log created on 03032012_164122
Files\Folders moved on Reboot...
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W9YH2T9Z\1042885-redirect-uncontrollable-japanese-asian-media-2[1].htm moved successfully.
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
Registry entries deleted on Reboot...
----------------------------------------------------------------------------
SystemLook 30.07.11 by jpshortstuff
Log created at 16:50 on 03/03/2012 by Tina
Administrator - Elevation successful
========== file ==========
C:\Windows\System32\stacsv.exe - File found and opened.
MD5: 7E6DD4B34ACD36AF6C711D2BDE91B040
Created at 04:03 on 26/02/2009
Modified at 20:45 on 13/09/2007
Size: 102400 bytes
Attributes: --a----
FileDescription: STacSV Module
FileVersion: 1.0.5614.0 nd654 cp1
ProductVersion: 1.0.5614.0 nd654 cp1
OriginalFilename: STacSV.EXE
InternalName: STacSV
ProductName: IDT Audio
CompanyName: IDT, Inc.
LegalCopyright: Copyright (c) 2004-2007, IDT, Inc.
Comments: 
C:\Windows\System32\drivers\Nccidx86.sys - File found and opened.
MD5: B8238A54FEE84490378DF698258C44A0
Created at 23:32 on 03/03/2008
Modified at 01:41 on 13/05/2011
Size: 6656 bytes
Attributes: --a----
FileDescription: Nonccid DFU detach 32 bit Driver
FileVersion: 1.00 built by: WinDDK
ProductVersion: 1.00
OriginalFilename: Nccidx86.sys
InternalName: Nonccid
ProductName: Nonccid DFU detach 32 bit Driver
CompanyName: SCM Microsystems Inc.
LegalCopyright: Copyright © SCM Microsystems Inc.,2008
C:\Windows\System32\dfboottime.cfg - File found and opened.
MD5: 5ED9C32355E6D871C3CDFD3A6E7B4C6E
Created at 17:40 on 12/05/2011
Modified at 16:33 on 01/10/2011
Size: 927 bytes
Attributes: --a----
No version information available.
-= EOF =-
--------------------------------------------------------------


----------



## Was343 (Feb 27, 2012)

Also a new symptom, my symantec wont open, says some of its services have been stopped, however in the taskbar it doesnt show anything wrong.

Just thought id share.


----------



## eddie5659 (Mar 19, 2001)

Sorry, this weekend was a busy time as it's my birthday tomorrow, so was out. Also, Sunday I was visiting family.



> I would love to install the makemebabies toolbar as it is some stupid thing my wife used to use, however, when i click uninstall from the ***/remove program, the screen flashes and nothing happens. I also cannot find it in my programs. I actually thought i uninstalled it quite a while ago. I am a windows XP guy and am not sure how to procede to find it with vista.


You can re-install it after we've finished if you want, its an optional removal. Not an actual virus, but spying capabilities 

Can you run these for me, so I can see if you have a rootkit installed:

--


Download *random's system information tool (RSIT)* by *random/random* from *here*.
*It is important that is saved to your desktop.*
Double click on *RSIT.exe* to run *RSIT*.
Click *Continue* at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both *log.txt* (<<will be maximized) and *info.txt* (<<will be minimized)

-------
Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

----

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









================

You may want to post these in seperate replies, as the RSIT log can be quite large


----------



## Was343 (Feb 27, 2012)

Sorry, what i meant to say is I would love to uninstall it. I have no desire to have it or anything else like it on the computer. I am currently out of town for a few days on buisness but will see what I can do long distance.

Thanks,


----------



## Was343 (Feb 27, 2012)

RSIT gave an error and closed. Windows stated host process for windows services stopped working and was closed.


----------



## Was343 (Feb 27, 2012)

I ran RSIT again and it opened the LOG file but no info, here it is...

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tina at 2012-03-11 20:42:34
Microsoft® Windows Vista Home Premium Service Pack 2
System drive C: has 196 GB (67%) free of 292 GB
Total RAM: 3061 MB (50% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:43:30 PM, on 3/11/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\DoScan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Users\Tina\Desktop\RSIT.exe
C:\Program Files\trend micro\Tina.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: SEP - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 10561 bytes
=========Mozilla firefox=========
ProfilePath - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"=C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@fileplanet.com/fpdlm]
"Description"=
"Path"=C:\Program Files\Download Manager\npfpdlm.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0]
"Description"=Rhapsody Control
"Path"=C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0]
"Description"=BlackBerry Web Software Loading Helper Plug-In for Mozilla browsers
"Path"=C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
mfc71.dll
msvcr71.dll
npdeployJava1.dll
npmfv.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
avg-secure-search.xml
bing.xml
creativecommons.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0941C58F-E461-4E03-BD7D-44C27392ADE1}]
PE_IE_Helper Class - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2010-02-01 69632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL [2011-05-13 210872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-03 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-03 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-09-24 159744]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-03-28 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-03-28 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-03-28 133656]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2008-05-19 3444736]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-09-13 405504]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-03 153640]
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-03 400936]
"Samsung PanelMgr"=C:\Windows\Samsung\PanelMgr\SSMMgr.exe [2011-07-06 688128]
"RIMBBLaunchAgent.exe"=C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-03-11 3905920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe [2011-11-14 247968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3180 Scan2PC]
C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe [2010-11-11 1998848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApproveItForOfficeSetup]
C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [2010-01-26 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyExcelKeys]
C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe [2010-01-26 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyWordKeys]
C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe [2010-01-26 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLX3180_Scan2Pc]
C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [2010-11-11 1998848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
C:\Dell\E-Center\EULALauncher.exe [2008-02-28 17920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe [2009-10-27 1103216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
C:\Program Files\PureEdge\Viewer 6.5\masqform.exe -RunOnce []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
C:\Windows\OEM02Mon.exe [2007-12-03 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
C:\Users\Tina\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2011-01-26 79872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ApproveIt StartUp.lnk]
C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico [2011-05-12 9216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
C:\PROGRA~1\DIGITA~1\DLG.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ActivClient Agent.lnk - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04 551296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-28 200704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP]
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-18 113024]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.VP60"=vp6vfw.dll
"vidc.VP61"=vp6vfw.dll
"vidc.VP62"=vp6vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-03-11 20:33:45 ----D---- C:\Program Files\trend micro
2012-03-11 20:33:43 ----D---- C:\rsit
2012-03-03 17:41:22 ----D---- C:\_OTL
2012-03-03 17:17:42 ----A---- C:\Windows\system32\mshtmled.dll
2012-03-03 17:17:41 ----A---- C:\Windows\system32\iertutil.dll
2012-03-03 17:17:40 ----A---- C:\Windows\system32\jscript.dll
2012-03-03 17:17:39 ----A---- C:\Windows\system32\jscript9.dll
2012-03-03 17:17:38 ----A---- C:\Windows\system32\wininet.dll
2012-03-03 17:17:37 ----A---- C:\Windows\system32\url.dll
2012-03-03 17:17:37 ----A---- C:\Windows\system32\jsproxy.dll
2012-03-03 17:17:37 ----A---- C:\Windows\system32\ieui.dll
2012-03-03 17:17:35 ----A---- C:\Windows\system32\mshtml.dll
2012-03-03 17:17:34 ----A---- C:\Windows\system32\ieframe.dll
2012-03-03 17:17:33 ----A---- C:\Windows\system32\urlmon.dll
2012-03-03 17:02:14 ----A---- C:\Windows\system32\drivers\SYMEVENT.SYS
2012-03-03 16:59:18 ----A---- C:\Windows\system32\sysferThunk.dll
2012-03-03 16:59:18 ----A---- C:\Windows\system32\sysfer.dll
2012-03-03 16:59:18 ----A---- C:\Windows\system32\SymVPN.dll
2012-03-03 16:59:18 ----A---- C:\Windows\system32\FwsVpn.dll
2012-03-03 16:59:18 ----A---- C:\Windows\system32\drivers\WGX.SYS
2012-03-03 16:59:18 ----A---- C:\Windows\system32\drivers\SysPlant.sys
2012-03-03 16:57:59 ----D---- C:\Windows\system32\drivers\SEP
2012-03-03 16:54:58 ----D---- C:\Program Files\Common Files\Java
2012-03-03 16:54:40 ----A---- C:\Windows\system32\javaws.exe
2012-03-03 16:54:40 ----A---- C:\Windows\system32\javaw.exe
2012-03-03 16:54:40 ----A---- C:\Windows\system32\java.exe
2012-03-03 16:42:12 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-03-01 23:06:13 ----D---- C:\username123
2012-03-01 19:03:14 ----D---- C:\Qoobox
2012-03-01 19:02:03 ----SD---- C:\32788R22FWJFW
2012-03-01 15:19:48 ----D---- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com
2012-03-01 15:19:07 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-03-01 15:19:07 ----D---- C:\Program Files\SUPERAntiSpyware
2012-03-01 09:50:31 ----D---- C:\Users\Tina\AppData\Roaming\Malwarebytes
2012-03-01 09:49:59 ----D---- C:\ProgramData\Malwarebytes
2012-03-01 09:49:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-01 09:20:05 ----D---- C:\Program Files\Common Files\Java(51)
2012-02-20 21:57:31 ----D---- C:\Program Files\AVG
2012-02-20 21:18:46 ----D---- C:\Users\Tina\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-20 20:56:09 ----HD---- C:\ProgramData\Common Files
2012-02-20 20:55:41 ----D---- C:\ProgramData\MFAData
======List of files/folders modified in the last 1 month======
2012-03-11 20:43:32 ----D---- C:\Windows\Temp
2012-03-11 20:41:16 ----D---- C:\Windows\Prefetch
2012-03-11 20:33:45 ----D---- C:\Program Files
2012-03-11 20:29:02 ----D---- C:\Windows\System32
2012-03-11 20:29:02 ----D---- C:\Windows\inf
2012-03-11 20:29:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-11 20:27:25 ----D---- C:\Windows\system32\drivers
2012-03-11 20:21:03 ----SHD---- C:\System Volume Information
2012-03-05 23:16:41 ----SHD---- C:\Windows\Installer
2012-03-05 23:16:41 ----RSD---- C:\Windows\assembly
2012-03-04 00:28:19 ----D---- C:\Windows\winsxs
2012-03-04 00:11:29 ----HD---- C:\ProgramData
2012-03-04 00:05:39 ----D---- C:\Windows\PLA
2012-03-03 18:39:41 ----D---- C:\Windows\Microsoft.NET
2012-03-03 18:24:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-03-03 18:05:34 ----D---- C:\Windows\system32\config
2012-03-03 18:02:36 ----D---- C:\Windows\twain_32
2012-03-03 18:02:36 ----D---- C:\Windows\Tasks
2012-03-03 18:02:36 ----D---- C:\Windows\system32\Tasks
2012-03-03 18:02:36 ----D---- C:\Windows\system32\spool
2012-03-03 18:02:36 ----D---- C:\Windows\system32\Msdtc
2012-03-03 18:02:35 ----RD---- C:\Windows\Offline Web Pages
2012-03-03 18:02:35 ----D---- C:\Windows\system32\drivers\UMDF
2012-03-03 18:02:35 ----D---- C:\Windows\system32\CodeIntegrity
2012-03-03 18:02:35 ----D---- C:\Windows\pss
2012-03-03 18:02:34 ----RSD---- C:\Windows\Media
2012-03-03 18:02:29 ----SD---- C:\Windows\Downloaded Program Files
2012-03-03 18:02:22 ----RD---- C:\Users
2012-03-03 18:02:21 ----D---- C:\ProgramData\Microsoft Help
2012-03-03 18:02:21 ----D---- C:\ProgramData\HP Product Assistant
2012-03-03 18:02:20 ----RD---- C:\Program Files\Skype
2012-03-03 18:02:20 ----D---- C:\Program Files\Scan Assistant
2012-03-03 18:02:20 ----D---- C:\Program Files\Roxio
2012-03-03 18:02:20 ----D---- C:\Program Files\Microsoft Works
2012-03-03 18:02:18 ----D---- C:\Program Files\iTunes
2012-03-03 18:02:17 ----D---- C:\Program Files\DellTPad
2012-03-03 18:02:16 ----D---- C:\Program Files\Common Files\SureThing Shared
2012-03-03 18:02:16 ----D---- C:\Program Files\Common Files\Skype
2012-03-03 18:02:16 ----D---- C:\Program Files\Bonjour
2012-03-03 18:02:16 ----D---- C:\Program Files\ApproveIt
2012-03-03 18:02:15 ----D---- C:\Ares DL
2012-03-03 18:01:30 ----D---- C:\Windows\registration
2012-03-03 18:01:26 ----DC---- C:\Windows\system32\DRVSTORE
2012-03-03 18:01:26 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-03-03 18:01:25 ----D---- C:\Windows\system32\WindowsPowerShell
2012-03-03 18:01:24 ----HD---- C:\Program Files\InstallShield Installation Information
2012-03-03 18:01:24 ----D---- C:\Windows\Samsung
2012-03-03 18:01:24 ----D---- C:\Program Files\SamsungPrinterLiveUpdate
2012-03-03 18:01:24 ----D---- C:\Program Files\Readiris10
2012-03-03 18:01:24 ----D---- C:\Program Files\Common Files\SRC Shared
2012-03-03 18:01:24 ----D---- C:\Program Files\Common Files\microsoft shared
2012-03-03 18:01:23 ----D---- C:\Program Files\Rhapsody
2012-03-03 18:01:23 ----D---- C:\Program Files\Real
2012-03-03 18:01:23 ----D---- C:\Program Files\iPod
2012-03-03 18:01:22 ----D---- C:\Games
2012-03-03 18:01:21 ----D---- C:\Users\Tina\AppData\Roaming\PureEdge
2012-03-03 18:01:21 ----D---- C:\Program Files\Mozilla Firefox
2012-03-03 18:01:20 ----D---- C:\Windows\system32\Adobe
2012-03-03 18:01:20 ----D---- C:\Program Files\Common Files\Real
2012-03-03 18:01:19 ----D---- C:\Program Files\Adobe
2012-03-03 18:01:18 ----D---- C:\Users\Tina\AppData\Roaming\SanDisk
2012-03-03 18:01:17 ----D---- C:\ProgramData\HP
2012-03-03 18:01:17 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-03-03 18:01:16 ----D---- C:\Windows\Hewlett-Packard
2012-03-03 18:01:16 ----D---- C:\Program Files\Hp
2012-03-03 18:01:16 ----D---- C:\Program Files\Common Files\Apple
2012-03-03 18:01:15 ----D---- C:\Users\Tina\AppData\Roaming\Creative
2012-03-03 18:01:15 ----D---- C:\ProgramData\Dell
2012-03-03 18:01:15 ----D---- C:\Program Files\Conduit
2012-03-03 18:01:15 ----D---- C:\Program Files\Common Files\HP
2012-03-03 18:01:14 ----D---- C:\Program Files\QuickTime
2012-03-03 18:01:13 ----D---- C:\BigFishGamesCache
2012-03-03 18:01:10 ----D---- C:\Windows\system32\EventProviders
2012-03-03 18:01:06 ----D---- C:\ProgramData\AOL Downloads
2012-03-03 18:01:05 ----D---- C:\ProgramData\Skype
2012-03-03 18:01:03 ----D---- C:\Program Files\IBM
2012-03-03 18:01:02 ----D---- C:\Users\Tina\AppData\Roaming\Skype
2012-03-03 18:01:01 ----D---- C:\Program Files\Steam
2012-03-03 18:01:00 ----D---- C:\Users\Tina\AppData\Roaming\Move Networks
2012-03-03 18:00:58 ----D---- C:\Program Files\RealArcade
2012-03-03 18:00:55 ----D---- C:\Program Files\DIFX
2012-03-03 18:00:53 ----D---- C:\ProgramData\Scanning Suite
2012-03-03 18:00:53 ----D---- C:\ProgramData\CyberLink
2012-03-03 18:00:53 ----D---- C:\Program Files\CyberLink
2012-03-03 18:00:53 ----D---- C:\Program Files\Common Files\Roxio Shared
2012-03-03 18:00:52 ----D---- C:\Program Files\Dell
2012-03-03 18:00:52 ----D---- C:\Program Files\Common Files\ActivIdentity
2012-03-03 18:00:51 ----D---- C:\Users\Tina\AppData\Roaming\Mystery of Mortlake Mansion
2012-03-03 18:00:51 ----D---- C:\Program Files\Apple Software Update
2012-03-03 18:00:50 ----D---- C:\Program Files\Electronic Arts
2012-03-03 18:00:50 ----D---- C:\Program Files\Common Files\Research In Motion
2012-03-03 18:00:50 ----D---- C:\DELL
2012-03-03 18:00:48 ----D---- C:\ProgramData\Apple Computer
2012-03-03 18:00:48 ----D---- C:\ProgramData\AOL OCP
2012-03-03 18:00:47 ----D---- C:\Program Files\Common Files\Adobe
2012-03-03 18:00:46 ----D---- C:\Program Files\NetWaiting
2012-03-03 18:00:46 ----D---- C:\Program Files\Modem Diagnostic Tool
2012-03-03 18:00:46 ----D---- C:\Program Files\Creative Live! Cam
2012-03-03 18:00:46 ----D---- C:\Program Files\Creative
2012-03-03 18:00:46 ----D---- C:\Program Files\CONEXANT
2012-03-03 18:00:46 ----D---- C:\Program Files\Common Files\Reallusion
2012-03-03 18:00:46 ----D---- C:\Program Files\Common Files\Creative
2012-03-03 18:00:44 ----SD---- C:\ProgramData\Microsoft
2012-03-03 18:00:44 ----D---- C:\Users\Tina\AppData\Roaming\Research In Motion
2012-03-03 18:00:42 ----SD---- C:\Users\Tina\AppData\Roaming\Microsoft
2012-03-03 18:00:42 ----HD---- C:\Windows\system32\GroupPolicy
2012-03-03 18:00:41 ----D---- C:\Program Files\Microsoft Office
2012-03-03 18:00:40 ----D---- C:\ProgramData\InstallShield
2012-03-03 18:00:40 ----D---- C:\ProgramData\Apple
2012-03-03 18:00:40 ----D---- C:\Program Files\Samsung
2012-03-03 18:00:40 ----D---- C:\Program Files\Common Files\InstallShield
2012-03-03 18:00:40 ----D---- C:\Program Files\AOL Install
2012-03-03 18:00:39 ----D---- C:\Windows\rescache
2012-03-03 18:00:39 ----D---- C:\ProgramData\McAfee
2012-03-03 18:00:39 ----D---- C:\Program Files\CCleaner
2012-03-03 18:00:38 ----D---- C:\Program Files\Microsoft.NET
2012-03-03 18:00:38 ----D---- C:\Program Files\Dell DataSafe Online
2012-03-03 18:00:37 ----D---- C:\Windows\Setup
2012-03-03 18:00:37 ----D---- C:\Windows\Downloaded Installations
2012-03-03 18:00:37 ----D---- C:\Program Files\Cisco
2012-03-03 18:00:37 ----D---- C:\Program Files\Broadcom
2012-03-03 18:00:37 ----D---- C:\Drivers
2012-03-03 18:00:36 ----D---- C:\Windows\system32\oobe
2012-03-03 18:00:35 ----RHD---- C:\MSOCache
2012-03-03 18:00:35 ----D---- C:\Program Files\Defraggler
2012-03-03 18:00:33 ----SHD---- C:\found.002
2012-03-03 18:00:33 ----D---- C:\ProgramData\Uninstall
2012-03-03 18:00:15 ----D---- C:\Windows\WindowsMobile
2012-03-03 18:00:15 ----D---- C:\Windows\Web
2012-03-03 18:00:15 ----D---- C:\Windows\system32\XPSViewer
2012-03-03 18:00:15 ----D---- C:\Windows\system32\winrm
2012-03-03 18:00:15 ----D---- C:\Windows\system32\WCN
2012-03-03 18:00:15 ----D---- C:\Windows\system32\wbem
2012-03-03 18:00:15 ----D---- C:\Windows\system32\sysprep
2012-03-03 18:00:15 ----D---- C:\Windows\system32\Speech
2012-03-03 18:00:15 ----D---- C:\Windows\system32\SMI
2012-03-03 18:00:15 ----D---- C:\Windows\system32\slmgr
2012-03-03 18:00:15 ----D---- C:\Windows\system32\RemInst
2012-03-03 18:00:15 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2012-03-03 18:00:15 ----D---- C:\Windows\system32\networklist
2012-03-03 18:00:15 ----D---- C:\Windows\system32\MUI
2012-03-03 18:00:15 ----D---- C:\Windows\system32\migwiz
2012-03-03 18:00:14 ----D---- C:\Windows\system32\licensing
2012-03-03 18:00:14 ----D---- C:\Windows\system32\IME
2012-03-03 18:00:14 ----D---- C:\Windows\system32\en-US
2012-03-03 18:00:14 ----D---- C:\Windows\system32\DriverStore
2012-03-03 18:00:13 ----D---- C:\Windows\system32\com
2012-03-03 18:00:13 ----D---- C:\Windows\system32\Boot
2012-03-03 18:00:13 ----D---- C:\Windows\Speech
2012-03-03 18:00:13 ----D---- C:\Windows\servicing
2012-03-03 18:00:13 ----D---- C:\Windows\ServiceProfiles
2012-03-03 18:00:13 ----D---- C:\Windows\schemas
2012-03-03 18:00:12 ----D---- C:\Windows\Resources
2012-03-03 18:00:12 ----D---- C:\Windows\Provisioning
2012-03-03 18:00:12 ----D---- C:\Windows\PolicyDefinitions
2012-03-03 18:00:12 ----D---- C:\Windows\Performance
2012-03-03 18:00:12 ----D---- C:\Windows\MSAgent
2012-03-03 18:00:12 ----D---- C:\Windows\IME
2012-03-03 18:00:12 ----D---- C:\Windows\Help
2012-03-03 18:00:12 ----D---- C:\Windows\ehome
2012-03-03 18:00:12 ----D---- C:\Windows\DigitalLocker
2012-03-03 18:00:12 ----D---- C:\Windows\Branding
2012-03-03 18:00:11 ----D---- C:\Windows\Boot
2012-03-03 18:00:11 ----D---- C:\Windows\AppPatch
2012-03-03 18:00:10 ----D---- C:\Program Files\Windows Sidebar
2012-03-03 18:00:10 ----D---- C:\Program Files\Windows Photo Gallery
2012-03-03 18:00:10 ----D---- C:\Program Files\Windows NT
2012-03-03 18:00:10 ----D---- C:\Program Files\Windows Media Player
2012-03-03 18:00:10 ----D---- C:\Program Files\Windows Journal
2012-03-03 18:00:10 ----D---- C:\Program Files\Windows Defender
2012-03-03 18:00:10 ----D---- C:\Program Files\Windows Collaboration
2012-03-03 18:00:10 ----D---- C:\Program Files\Windows Calendar
2012-03-03 18:00:10 ----D---- C:\Program Files\Reference Assemblies
2012-03-03 18:00:10 ----D---- C:\Program Files\MSBuild
2012-03-03 18:00:10 ----D---- C:\Program Files\Movie Maker
2012-03-03 18:00:10 ----D---- C:\Program Files\Microsoft Games
2012-03-03 18:00:10 ----D---- C:\Program Files\Common Files\System
2012-03-03 18:00:09 ----SHD---- C:\found.001
2012-03-03 18:00:09 ----SHD---- C:\found.000
2012-03-03 18:00:09 ----D---- C:\Program Files\Common Files\SpeechEngines
2012-03-03 17:58:22 ----D---- C:\Windows
2012-03-03 17:54:02 ----D---- C:\Program Files\Viewpoint
2012-03-03 17:49:18 ----D---- C:\Windows\system32\LogFiles
2012-03-03 17:41:33 ----D---- C:\Windows\system32\drivers\etc
2012-03-03 17:29:13 ----D---- C:\Windows\system32\catroot
2012-03-03 17:26:03 ----D---- C:\Program Files\Microsoft Silverlight
2012-03-03 17:24:09 ----D---- C:\Windows\system32\migration
2012-03-03 17:24:08 ----D---- C:\Program Files\Internet Explorer
2012-03-03 17:19:16 ----D---- C:\Windows\Debug
2012-03-03 17:19:12 ----A---- C:\Windows\system32\mrt.exe
2012-03-03 17:18:45 ----D---- C:\Windows\system32\catroot2
2012-03-03 17:15:03 ----D---- C:\Program Files\Windows Mail
2012-03-03 17:02:14 ----D---- C:\Program Files\Symantec
2012-03-03 16:54:58 ----D---- C:\Program Files\Common Files
2012-03-03 16:54:19 ----A---- C:\Windows\system32\deployJava1.dll
2012-03-03 16:38:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2012-03-03 16:23:09 ----D---- C:\ProgramData\Symantec
2012-03-03 16:15:59 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-02-23 09:18:36 ----N---- C:\Windows\system32\MpSigStub.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-02-12 277784]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840]
R0 SymDS;Symantec Data Store; C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS [2011-05-02 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS [2011-05-17 756856]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120215.011\BHDrvx86.sys [2012-02-15 820344]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2012-03-03 374392]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120302.002\IDSvix86.sys [2012-01-20 368248]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS [2011-05-27 516216]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS [2011-05-27 50168]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS [2011-05-10 136312]
R1 SYMTDIV;Symantec Vista Network Dispatch Driver; C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDIV.SYS [2011-04-21 331384]
R1 SysPlant;SysPlant for NT; C:\Windows\system32\Drivers\SysPlant.sys [2012-03-03 92080]
R1 Teefer2;Symantec Endpoint Protection Firewall; C:\Windows\system32\DRIVERS\Teefer.sys [2011-05-20 50096]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-27 32256]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-27 43520]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-27 37376]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-07-11 5120]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 8192]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-24 155136]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2008-05-19 1044984]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-03 106104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-02 986624]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-02 206848]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-28 2016256]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 20464]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120303.009\NAVENG.SYS [2012-03-03 86136]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120303.009\NAVEX15.SYS [2012-03-03 1576312]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-01 330240]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2012-03-03 127096]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-02 659968]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-07-13 38400]
S2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys []
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2009-06-15 57536]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 Nccidx86;Nonccid DFU detach 32 bit Driver; C:\Windows\system32\DRIVERS\Nccidx86.sys [2011-05-12 6656]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2011-02-16 64000]
S3 SCR3XX2K;SCR3xx USB SmartCardReader; C:\Windows\system32\DRIVERS\SCR3XX2K.sys [2010-11-11 59136]
S3 STCFUx32;STC DFU Driver; C:\Windows\system32\DRIVERS\STCFUx32.SYS [2007-01-24 7680]
S3 SyDvCtrl;SyDvCtrl; \??\C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys [2011-06-17 23984]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-08-02 42496]
S3 USBCCID;USB Smart Card reader; C:\Windows\system32\DRIVERS\usbccid.sys [2009-04-10 30208]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-08-04 75064]
R2 Samsung Network Fax Server;Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2010-03-07 165888]
R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [2011-06-14 137224]
R2 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe [2011-06-17 280496]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-09-13 102400]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2008-05-19 24064]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe [2011-06-17 1664744]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-08-03 411432]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-09-20 73728]
S4 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-04 386560]
-----------------EOF-----------------


----------



## Was343 (Feb 27, 2012)

FOUND IT!!!

info.txt logfile of random's system information tool 1.09 2012-03-11 20:35:33
======Uninstall list======
Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->C:\Program Files\InstallShield Installation Information\{AC584CC1-0EA7-49AD-ADD5-D0039459466F}\setup.exe -runfromtemp -l0x0009 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 
32 Bit HP CIO Components Installer-->MsiExec.exe /I{A80FA752-C491-4ED9-ABF0-4278563160B2}
ActivClient CAC x86-->MsiExec.exe /I{1BE8806A-84F8-4655-A381-0D5524430944}
Actron Scanning Suite-->MsiExec.exe /X{1956e9f5-6f4b-4fc3-b6f4-5869d06d95e9}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
America's Army 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/13140
AOL Install-->MsiExec.exe /I{2357B8BC-88C9-4A72-818C-050CC4EB0778}
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
ApproveIt Desktop-->MsiExec.exe /I{4E01B649-0023-4EB5-9263-57DE317C3418}
Ares 2.1.7-->"C:\Program Files\Ares\uninstall.exe"
Banctec Service Agreement-->MsiExec.exe /I{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}
BlackBerry Desktop Software 6.1-->MsiExec.exe /I{75157F34-02C6-4831-BD66-3BC49E7A8394}
BlackBerry Desktop Software 6.1-->MsiExec.exe /i{75157F34-02C6-4831-BD66-3BC49E7A8394}
BlackBerry Device Software Updater-->MsiExec.exe /X{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
Dell DataSafe Online-->MsiExec.exe /I{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Diner Dash-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\1387cd45119ecd721d3a050bd8f6cf38.rguninst" "AddRemove"
Download Manager 2.3.10-->C:\Program Files\Download Manager\uninst.exe
EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe" 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}
HPDiagnosticAlert-->MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
IBM Lotus Forms Viewer 3.5.1-->MsiExec.exe /X{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}
iTunes-->MsiExec.exe /I{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}
Java(TM) 6 Update 31-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216031FF}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Maintenance Samsung CLX-3180 Series-->"C:\Program Files\Samsung\Samsung CLX-3180 Series\Setup\Setup.exe" /R
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Medieval II Total War-->"C:\Program Files\InstallShield Installation Information\{A9D0745C-BABD-472B-8AF0-FAF888D31046}\setup.exe" -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Outlook Web Access S/MIME-->MsiExec.exe /X{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mortimer Beckett and the Time Paradox-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\719dba21aadbc5b8efd10b0ce0c290a1.rguninst" "AddRemove"
Mozilla Firefox 9.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}
Mystery of Mortlake Mansion(TM)-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\f3c5b9886c3471dfe2a3f285b8874441.rguninst" "AddRemove"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Photo Viewer V208G2-->"C:\Program Files\Photo Viewer V208G2\uninstall.exe"
Picaboo X-->msiexec /qb /x {9852EB41-276E-1301-0481-6C4A585292D8}
Picaboo X-->MsiExec.exe /I{9852EB41-276E-1301-0481-6C4A585292D8}
Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Readiris Pro 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}\setup.exe" -l0x9 
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sally's Salon-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\Sally's Salon.rguninst" "AddRemove"
Sally's Spa-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\Sally's Spa.rguninst" "AddRemove"
Samsung Network PC Fax-->C:\Program Files\InstallShield Installation Information\{80078570-6C67-486C-8CF0-B0D778FC69B5}\setup.exe -runfromtemp -l0x0009 -removeonly
Scan Assistant-->C:\Program Files\InstallShield Installation Information\{BF6CF460-40C3-49BA-800A-4B934B6498B1}\setup.exe -runfromtemp -l0x0009 /uninst -l0009 -removeonly
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2553089)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
Security Update for 2007 Microsoft Office System (KB2553090)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
Security Update for 2007 Microsoft Office System (KB2584063)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmarThru 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{90F1943D-EA4A-4460-B59F-30023F3BA69A}\setup.exe" -l0x9 uninstall -l0009
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Symantec Endpoint Protection-->MsiExec.exe /I{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}
System Requirements Lab for Intel-->MsiExec.exe /I{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}
Team Fortress Classic-->"C:\Program Files\Steam\steam.exe" steam://uninstall/20
The Godfather The Game-->C:\Program Files\Electronic Arts\The Godfather The Game\EAUninstall.exe
Thermostat Installer-->MsiExec.exe /I{4D53DDBC-99AD-485C-AAD5-B1EA6930C278}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Viewer_armyifx-->C:\Program Files\Viewer_armyifx\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_800df20f\ftdibus.inf
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_f93efb81\ftdiport.inf
Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\spxusb.inf_90582266\spxusb.inf
Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\spxvcp.inf_c6dd4f17\spxvcp.inf
======Hosts File======
::1 localhost
======Security center information======
AV: Symantec Endpoint Protection
AS: Symantec Endpoint Protection
AS: Windows Defender
AS: SUPERAntiSpyware
======System event log======
Computer Name: FlamingoIsland
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971029(Update) into Install Requested(Install Requested) state
Record Number: 127570
Source Name: Microsoft-Windows-Servicing
Time Written: 20110211090335.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: FlamingoIsland
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971029(Update) into Install Requested(Install Requested) state
Record Number: 127569
Source Name: Microsoft-Windows-Servicing
Time Written: 20110211090335.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: FlamingoIsland
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971029(Update) into Install Requested(Install Requested) state
Record Number: 127567
Source Name: Microsoft-Windows-Servicing
Time Written: 20110211090335.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: FlamingoIsland
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971029(Update) into Install Requested(Install Requested) state
Record Number: 127566
Source Name: Microsoft-Windows-Servicing
Time Written: 20110211090335.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: FlamingoIsland
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971029(Update) into Install Requested(Install Requested) state
Record Number: 127562
Source Name: Microsoft-Windows-Servicing
Time Written: 20110211090335.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: FlamingoIsland
Event Code: 0
Message: 
Record Number: 24593
Source Name: SDWinSec.exe
Time Written: 20120225030421.000000-000
Event Type: Error
User: 
Computer Name: FlamingoIsland
Event Code: 0
Message: 
Record Number: 24592
Source Name: SDWinSec.exe
Time Written: 20120225030321.000000-000
Event Type: Error
User: 
Computer Name: FlamingoIsland
Event Code: 0
Message: 
Record Number: 24591
Source Name: SDWinSec.exe
Time Written: 20120225030221.000000-000
Event Type: Error
User: 
Computer Name: FlamingoIsland
Event Code: 0
Message: 
Record Number: 24590
Source Name: SDWinSec.exe
Time Written: 20120225030121.000000-000
Event Type: Error
User: 
Computer Name: FlamingoIsland
Event Code: 0
Message: 
Record Number: 24589
Source Name: SDWinSec.exe
Time Written: 20120225030021.000000-000
Event Type: Error
User:


----------



## Was343 (Feb 27, 2012)

Here is the log:
21:00:02.0847 5808 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:00:02.0879 5808 ============================================================
21:00:02.0879 5808 Current date / time: 2012/03/11 21:00:02.0879
21:00:02.0879 5808 SystemInfo:
21:00:02.0879 5808 
21:00:02.0879 5808 OS Version: 6.0.6002 ServicePack: 2.0
21:00:02.0879 5808 Product type: Workstation
21:00:02.0879 5808 ComputerName: FLAMINGOISLAND
21:00:02.0879 5808 UserName: Tina
21:00:02.0879 5808 Windows directory: C:\Windows
21:00:02.0879 5808 System windows directory: C:\Windows
21:00:02.0879 5808 Processor architecture: Intel x86
21:00:02.0879 5808 Number of processors: 2
21:00:02.0879 5808 Page size: 0x1000
21:00:02.0879 5808 Boot type: Normal boot
21:00:02.0879 5808 ============================================================
21:00:03.0440 5808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:00:03.0440 5808 \Device\Harddisk0\DR0:
21:00:03.0440 5808 MBR used
21:00:03.0440 5808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2F800, BlocksNum 0x1400000
21:00:03.0440 5808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x142F800, BlocksNum 0x23AFE7F8
21:00:03.0549 5808 Initialize success
21:00:03.0549 5808 ============================================================
21:00:27.0761 4116 ============================================================
21:00:27.0761 4116 Scan started
21:00:27.0761 4116 Mode: Manual; SigCheck; TDLFS; 
21:00:27.0761 4116 ============================================================
21:00:28.0073 4116 Suspicious service (Hidden): 48571748
21:00:28.0182 4116 48571748 ( HiddenService.Multi.Generic ) - warning
21:00:28.0182 4116 48571748 - detected HiddenService.Multi.Generic (1)
21:00:28.0260 4116 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:00:28.0385 4116 ACPI - ok
21:00:28.0572 4116 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:00:28.0650 4116 adp94xx - ok
21:00:28.0899 4116 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:00:28.0915 4116 adpahci - ok
21:00:29.0118 4116 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:00:29.0133 4116 adpu160m - ok
21:00:29.0180 4116 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:00:29.0196 4116 adpu320 - ok
21:00:29.0383 4116 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:00:29.0477 4116 AFD - ok
21:00:29.0586 4116 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:00:29.0601 4116 agp440 - ok
21:00:29.0648 4116 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:00:29.0679 4116 aic78xx - ok
21:00:29.0711 4116 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:00:29.0726 4116 aliide - ok
21:00:29.0804 4116 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:00:29.0820 4116 amdagp - ok
21:00:29.0851 4116 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:00:29.0867 4116 amdide - ok
21:00:29.0898 4116 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:00:29.0960 4116 AmdK7 - ok
21:00:30.0007 4116 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
21:00:30.0069 4116 AmdK8 - ok
21:00:30.0116 4116 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:00:30.0194 4116 ApfiltrService - ok
21:00:30.0241 4116 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:00:30.0257 4116 arc - ok
21:00:30.0288 4116 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:00:30.0303 4116 arcsas - ok
21:00:30.0397 4116 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:30.0491 4116 AsyncMac - ok
21:00:30.0537 4116 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:00:30.0553 4116 atapi - ok
21:00:30.0569 4116 BCM42RLY - ok
21:00:30.0662 4116 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:00:30.0740 4116 BCM43XX - ok
21:00:30.0927 4116 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:00:30.0990 4116 bcm4sbxp - ok
21:00:31.0021 4116 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:00:31.0068 4116 Beep - ok
21:00:31.0442 4116 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120215.011\BHDrvx86.sys
21:00:31.0489 4116 BHDrvx86 - ok
21:00:31.0723 4116 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:00:31.0785 4116 blbdrive - ok
21:00:31.0910 4116 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:00:31.0988 4116 bowser - ok
21:00:32.0051 4116 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:00:32.0175 4116 BrFiltLo - ok
21:00:32.0222 4116 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:00:32.0300 4116 BrFiltUp - ok
21:00:32.0331 4116 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:00:32.0597 4116 Brserid - ok
21:00:32.0690 4116 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:00:32.0799 4116 BrSerWdm - ok
21:00:32.0877 4116 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:00:32.0955 4116 BrUsbMdm - ok
21:00:32.0971 4116 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:00:33.0049 4116 BrUsbSer - ok
21:00:33.0065 4116 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:00:33.0189 4116 BTHMODEM - ok
21:00:33.0221 4116 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:00:33.0283 4116 cdfs - ok
21:00:33.0314 4116 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:00:33.0377 4116 cdrom - ok
21:00:33.0439 4116 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
21:00:33.0486 4116 circlass - ok
21:00:33.0517 4116 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:00:33.0548 4116 CLFS - ok
21:00:33.0595 4116 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:00:33.0642 4116 CmBatt - ok
21:00:33.0673 4116 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:00:33.0689 4116 cmdide - ok
21:00:33.0720 4116 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:00:33.0735 4116 Compbatt - ok
21:00:33.0767 4116 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:00:33.0782 4116 crcdisk - ok
21:00:33.0813 4116 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:00:33.0876 4116 Crusoe - ok
21:00:33.0938 4116 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:00:34.0016 4116 DfsC - ok
21:00:34.0079 4116 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
21:00:34.0094 4116 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
21:00:34.0094 4116 DgiVecp - detected UnsignedFile.Multi.Generic (1)
21:00:34.0172 4116 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:00:34.0188 4116 disk - ok
21:00:34.0250 4116 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
21:00:34.0313 4116 Dot4 - ok
21:00:34.0359 4116 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:00:34.0406 4116 Dot4Print - ok
21:00:34.0453 4116 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
21:00:34.0484 4116 dot4usb - ok
21:00:34.0547 4116 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:00:34.0593 4116 drmkaud - ok
21:00:34.0703 4116 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:00:34.0734 4116 DXGKrnl - ok
21:00:34.0781 4116 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:00:34.0843 4116 e1express - ok
21:00:34.0890 4116 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:00:34.0968 4116 E1G60 - ok
21:00:35.0030 4116 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:00:35.0046 4116 Ecache - ok
21:00:35.0171 4116 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:00:35.0186 4116 eeCtrl - ok
21:00:35.0264 4116 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:00:35.0295 4116 elxstor - ok
21:00:35.0514 4116 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:00:35.0529 4116 EraserUtilRebootDrv - ok
21:00:35.0654 4116 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
21:00:35.0717 4116 ErrDev - ok
21:00:35.0826 4116 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:00:35.0888 4116 exfat - ok
21:00:35.0966 4116 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:00:36.0044 4116 fastfat - ok
21:00:36.0138 4116 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:00:36.0185 4116 fdc - ok
21:00:36.0216 4116 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:00:36.0231 4116 FileInfo - ok
21:00:36.0263 4116 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:00:36.0294 4116 Filetrace - ok
21:00:36.0325 4116 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:00:36.0387 4116 flpydisk - ok
21:00:36.0481 4116 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:00:36.0497 4116 FltMgr - ok
21:00:36.0559 4116 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:00:36.0606 4116 Fs_Rec - ok
21:00:36.0653 4116 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\Windows\system32\drivers\ftdibus.sys
21:00:36.0653 4116 FTDIBUS - ok
21:00:36.0684 4116 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:00:36.0699 4116 gagp30kx - ok
21:00:36.0731 4116 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:00:36.0746 4116 GEARAspiWDM - ok
21:00:36.0793 4116 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:00:36.0887 4116 HdAudAddService - ok
21:00:36.0949 4116 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:00:37.0011 4116 HDAudBus - ok
21:00:37.0043 4116 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:00:37.0105 4116 HidBth - ok
21:00:37.0152 4116 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:00:37.0261 4116 HidIr - ok
21:00:37.0323 4116 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:00:37.0355 4116 HidUsb - ok
21:00:37.0386 4116 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:00:37.0401 4116 HpCISSs - ok
21:00:37.0526 4116 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:00:37.0589 4116 HSF_DPV - ok
21:00:37.0667 4116 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:00:37.0713 4116 HSXHWAZL - ok
21:00:37.0807 4116 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:00:37.0838 4116 HTTP - ok
21:00:37.0869 4116 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:00:37.0885 4116 i2omp - ok
21:00:37.0916 4116 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:00:37.0979 4116 i8042prt - ok
21:00:38.0025 4116 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
21:00:38.0041 4116 iaStor - ok
21:00:38.0181 4116 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:00:38.0197 4116 iaStorV - ok
21:00:38.0353 4116 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120302.002\IDSvix86.sys
21:00:38.0384 4116 IDSVix86 - ok
21:00:38.0618 4116 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:00:38.0821 4116 igfx - ok
21:00:38.0868 4116 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:00:38.0883 4116 iirsp - ok
21:00:38.0930 4116 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
21:00:38.0946 4116 intelide - ok
21:00:39.0133 4116 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:00:39.0195 4116 intelppm - ok
21:00:39.0242 4116 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:39.0289 4116 IpFilterDriver - ok
21:00:39.0305 4116 IpInIp - ok
21:00:39.0351 4116 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:00:39.0429 4116 IPMIDRV - ok
21:00:39.0523 4116 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:00:39.0570 4116 IPNAT - ok
21:00:39.0617 4116 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:00:39.0663 4116 IRENUM - ok
21:00:39.0679 4116 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:00:39.0710 4116 isapnp - ok
21:00:39.0741 4116 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:00:39.0773 4116 iScsiPrt - ok
21:00:40.0350 4116 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:00:40.0365 4116 iteatapi - ok
21:00:40.0381 4116 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:00:40.0397 4116 iteraid - ok
21:00:40.0584 4116 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:00:40.0599 4116 kbdclass - ok
21:00:40.0802 4116 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:00:40.0911 4116 kbdhid - ok
21:00:41.0114 4116 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
21:00:41.0145 4116 KSecDD - ok
21:00:41.0567 4116 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:00:41.0660 4116 lltdio - ok
21:00:41.0785 4116 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:00:41.0801 4116 LSI_FC - ok
21:00:41.0863 4116 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:00:41.0879 4116 LSI_SAS - ok
21:00:41.0925 4116 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:00:41.0941 4116 LSI_SCSI - ok
21:00:41.0972 4116 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:00:42.0035 4116 luafv - ok
21:00:42.0050 4116 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:00:42.0081 4116 MBAMProtector - ok
21:00:42.0113 4116 MCSTRM - ok
21:00:42.0175 4116 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:00:42.0191 4116 mdmxsdk - ok
21:00:42.0284 4116 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:00:42.0300 4116 megasas - ok
21:00:42.0362 4116 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:00:42.0393 4116 MegaSR - ok
21:00:42.0425 4116 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:00:42.0487 4116 Modem - ok
21:00:42.0596 4116 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:00:42.0643 4116 monitor - ok
21:00:42.0690 4116 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:00:42.0705 4116 mouclass - ok
21:00:42.0799 4116 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:00:42.0846 4116 mouhid - ok
21:00:42.0908 4116 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:00:42.0924 4116 MountMgr - ok
21:00:42.0955 4116 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:00:42.0986 4116 mpio - ok
21:00:43.0002 4116 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:00:43.0049 4116 mpsdrv - ok
21:00:43.0127 4116 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:00:43.0142 4116 Mraid35x - ok
21:00:43.0220 4116 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:00:43.0251 4116 MRxDAV - ok
21:00:43.0298 4116 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:43.0392 4116 mrxsmb - ok
21:00:43.0439 4116 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:43.0517 4116 mrxsmb10 - ok
21:00:43.0563 4116 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:43.0610 4116 mrxsmb20 - ok
21:00:43.0657 4116 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
21:00:43.0688 4116 msahci - ok
21:00:43.0719 4116 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:00:43.0735 4116 msdsm - ok
21:00:43.0782 4116 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:00:43.0829 4116 Msfs - ok
21:00:43.0875 4116 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:00:43.0891 4116 msisadrv - ok
21:00:43.0922 4116 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:00:43.0985 4116 MSKSSRV - ok
21:00:44.0016 4116 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:44.0078 4116 MSPCLOCK - ok
21:00:44.0109 4116 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:00:44.0172 4116 MSPQM - ok
21:00:44.0234 4116 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:00:44.0250 4116 MsRPC - ok
21:00:44.0312 4116 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:44.0328 4116 mssmbios - ok
21:00:44.0359 4116 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:00:44.0437 4116 MSTEE - ok
21:00:44.0484 4116 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:00:44.0499 4116 Mup - ok
21:00:44.0609 4116 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:00:44.0624 4116 NativeWifiP - ok
21:00:44.0967 4116 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120303.009\NAVENG.SYS
21:00:44.0983 4116 NAVENG - ok
21:00:45.0825 4116 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120303.009\NAVEX15.SYS
21:00:45.0903 4116 NAVEX15 - ok
21:00:46.0044 4116 Nccidx86 (b8238a54fee84490378df698258c44a0) C:\Windows\system32\DRIVERS\Nccidx86.sys
21:00:46.0137 4116 Nccidx86 - ok
21:00:46.0481 4116 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:00:46.0527 4116 NDIS - ok
21:00:46.0746 4116 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:46.0793 4116 NdisTapi - ok
21:00:46.0902 4116 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:46.0933 4116 Ndisuio - ok
21:00:46.0995 4116 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:47.0073 4116 NdisWan - ok
21:00:47.0183 4116 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:00:47.0495 4116 NDProxy - ok
21:00:47.0651 4116 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:00:47.0853 4116 NetBIOS - ok
21:00:48.0009 4116 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:00:48.0181 4116 netbt - ok
21:00:48.0493 4116 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:00:48.0509 4116 nfrd960 - ok
21:00:48.0711 4116 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:00:48.0789 4116 Npfs - ok
21:00:48.0867 4116 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:00:49.0023 4116 nsiproxy - ok
21:00:49.0117 4116 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:00:49.0195 4116 Ntfs - ok
21:00:49.0273 4116 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:00:49.0523 4116 ntrigdigi - ok
21:00:49.0663 4116 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:00:49.0819 4116 Null - ok
21:00:49.0944 4116 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:00:49.0959 4116 nvraid - ok
21:00:50.0053 4116 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:00:50.0069 4116 nvstor - ok
21:00:50.0147 4116 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:00:50.0209 4116 nv_agp - ok
21:00:50.0256 4116 NwlnkFlt - ok
21:00:50.0271 4116 NwlnkFwd - ok
21:00:50.0334 4116 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
21:00:50.0443 4116 OEM02Dev - ok
21:00:50.0474 4116 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
21:00:50.0552 4116 OEM02Vfx - ok
21:00:50.0599 4116 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:00:50.0646 4116 ohci1394 - ok
21:00:50.0771 4116 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:00:50.0880 4116 Parport - ok
21:00:51.0005 4116 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
21:00:51.0020 4116 partmgr - ok
21:00:51.0083 4116 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:00:51.0161 4116 Parvdm - ok
21:00:51.0395 4116 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:00:51.0410 4116 pci - ok
21:00:51.0535 4116 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:00:51.0551 4116 pciide - ok
21:00:51.0707 4116 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:00:51.0738 4116 pcmcia - ok
21:00:51.0785 4116 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:00:51.0909 4116 PEAUTH - ok
21:00:52.0019 4116 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:00:52.0065 4116 PptpMiniport - ok
21:00:52.0112 4116 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:00:52.0143 4116 Processor - ok
21:00:52.0221 4116 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:00:52.0268 4116 PSched - ok
21:00:52.0315 4116 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
21:00:52.0331 4116 PxHelp20 - ok
21:00:52.0377 4116 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:00:52.0471 4116 ql2300 - ok
21:00:52.0502 4116 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:00:52.0533 4116 ql40xx - ok
21:00:52.0565 4116 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:00:52.0596 4116 QWAVEdrv - ok
21:00:52.0799 4116 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:00:53.0017 4116 R300 - ok
21:00:53.0064 4116 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:00:53.0111 4116 RasAcd - ok
21:00:53.0142 4116 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:53.0189 4116 Rasl2tp - ok
21:00:53.0235 4116 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:53.0298 4116 RasPppoe - ok
21:00:53.0329 4116 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:00:53.0360 4116 RasSstp - ok
21:00:53.0407 4116 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:00:53.0454 4116 rdbss - ok
21:00:53.0501 4116 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:53.0547 4116 RDPCDD - ok
21:00:53.0610 4116 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:00:53.0688 4116 rdpdr - ok
21:00:53.0703 4116 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:00:53.0735 4116 RDPENCDD - ok
21:00:53.0797 4116 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
21:00:53.0891 4116 RDPWD - ok
21:00:54.0000 4116 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:00:54.0062 4116 rimmptsk - ok
21:00:54.0125 4116 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:00:54.0187 4116 rimsptsk - ok
21:00:54.0296 4116 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
21:00:54.0327 4116 RimUsb - ok
21:00:54.0405 4116 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
21:00:54.0499 4116 RimVSerPort - ok
21:00:54.0546 4116 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:00:54.0577 4116 rismxdp - ok
21:00:54.0624 4116 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:00:54.0749 4116 ROOTMODEM - ok
21:00:54.0811 4116 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:00:54.0873 4116 rspndr - ok
21:00:54.0967 4116 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:00:54.0983 4116 SASDIFSV - ok
21:00:55.0045 4116 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:00:55.0061 4116 SASKUTIL - ok
21:00:55.0154 4116 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:00:55.0170 4116 sbp2port - ok
21:00:55.0248 4116 SCR3XX2K (21abb8d3d85e33c206b10f7629d7433c) C:\Windows\system32\DRIVERS\SCR3XX2K.sys
21:00:55.0310 4116 SCR3XX2K - ok
21:00:55.0357 4116 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:00:55.0388 4116 sdbus - ok
21:00:55.0575 4116 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:00:55.0685 4116 secdrv - ok
21:00:55.0872 4116 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:00:55.0950 4116 Serenum - ok
21:00:56.0012 4116 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:00:56.0231 4116 Serial - ok
21:00:56.0262 4116 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:00:56.0433 4116 sermouse - ok
21:00:56.0496 4116 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
21:00:56.0605 4116 sffdisk - ok
21:00:56.0683 4116 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:00:56.0823 4116 sffp_mmc - ok
21:00:56.0901 4116 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:00:57.0151 4116 sffp_sd - ok
21:00:57.0245 4116 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:00:57.0480 4116 sfloppy - ok
21:00:57.0620 4116 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:00:57.0636 4116 sisagp - ok
21:00:57.0760 4116 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:00:57.0792 4116 SiSRaid2 - ok
21:00:57.0854 4116 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:00:57.0885 4116 SiSRaid4 - ok
21:00:57.0932 4116 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:00:58.0041 4116 Smb - ok
21:00:58.0104 4116 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:00:58.0119 4116 spldr - ok
21:00:58.0291 4116 SRTSP (d1646b3db1e401a7fce2f82547d0ce32) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
21:00:58.0353 4116 SRTSP - ok
21:00:58.0447 4116 SRTSPX (ab26657d755cc81f073892d833de426b) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
21:00:58.0478 4116 SRTSPX - ok
21:00:58.0587 4116 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:00:58.0728 4116 srv - ok
21:00:58.0821 4116 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:00:58.0977 4116 srv2 - ok
21:00:59.0133 4116 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:00:59.0258 4116 srvnet - ok
21:00:59.0367 4116 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
21:00:59.0414 4116 SSPORT ( UnsignedFile.Multi.Generic ) - warning
21:00:59.0414 4116 SSPORT - detected UnsignedFile.Multi.Generic (1)
21:00:59.0462 4116 STCFUx32 (232ddb986b6607edb49766ad39265d68) C:\Windows\system32\DRIVERS\STCFUx32.SYS
21:00:59.0524 4116 STCFUx32 - ok
21:00:59.0618 4116 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
21:00:59.0680 4116 STHDA - ok
21:00:59.0805 4116 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:00:59.0821 4116 swenum - ok
21:00:59.0961 4116 SyDvCtrl (10349d3c68e7ff0527fdb1a55975999d) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys
21:00:59.0977 4116 SyDvCtrl - ok
21:01:00.0008 4116 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:01:00.0023 4116 Symc8xx - ok
21:01:00.0086 4116 SymDS (4f52d56310fef75249914f352dde7d13) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
21:01:00.0117 4116 SymDS - ok
21:01:00.0195 4116 SymEFA (6c30d676b806ed0324124c85146b46bc) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
21:01:00.0242 4116 SymEFA - ok
21:01:00.0304 4116 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
21:01:00.0335 4116 SymEvent - ok
21:01:00.0430 4116 SymIRON (057ac299d7a61bab2a1bdc483280ae57) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
21:01:00.0461 4116 SymIRON - ok
21:01:00.0508 4116 SYMTDIV (d42a7229e333af725f1445f785e4658d) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDIV.SYS
21:01:00.0539 4116 SYMTDIV - ok
21:01:00.0602 4116 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:01:00.0617 4116 Sym_hi - ok
21:01:00.0648 4116 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:01:00.0680 4116 Sym_u3 - ok
21:01:00.0711 4116 SysPlant (853e08ab8078b2d36ec157acb9bb0d55) C:\Windows\system32\Drivers\SysPlant.sys
21:01:00.0726 4116 SysPlant - ok
21:01:00.0851 4116 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
21:01:00.0945 4116 Tcpip - ok
21:01:01.0007 4116 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
21:01:01.0070 4116 Tcpip6 - ok
21:01:01.0132 4116 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:01:01.0163 4116 tcpipreg - ok
21:01:01.0226 4116 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:01:01.0272 4116 TDPIPE - ok
21:01:01.0335 4116 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:01:01.0366 4116 TDTCP - ok
21:01:01.0397 4116 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:01:01.0460 4116 tdx - ok
21:01:01.0522 4116 Teefer2 (1734c9a8fa3b853a221a8d937e0e23b4) C:\Windows\system32\DRIVERS\Teefer.sys
21:01:01.0538 4116 Teefer2 - ok
21:01:01.0569 4116 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:01:01.0584 4116 TermDD - ok
21:01:01.0678 4116 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:01:01.0709 4116 tssecsrv - ok
21:01:01.0756 4116 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:01:01.0803 4116 tunmp - ok
21:01:01.0850 4116 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:01:01.0896 4116 tunnel - ok
21:01:01.0959 4116 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:01:01.0974 4116 uagp35 - ok
21:01:02.0021 4116 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:01:02.0052 4116 udfs - ok
21:01:02.0115 4116 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:01:02.0146 4116 uliagpkx - ok
21:01:02.0177 4116 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:01:02.0193 4116 uliahci - ok
21:01:02.0224 4116 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:01:02.0240 4116 UlSata - ok
21:01:02.0286 4116 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:01:02.0302 4116 ulsata2 - ok
21:01:02.0349 4116 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:01:02.0396 4116 umbus - ok
21:01:02.0489 4116 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:01:02.0536 4116 USBAAPL - ok
21:01:02.0567 4116 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:01:02.0598 4116 usbccgp - ok
21:01:02.0645 4116 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
21:01:02.0692 4116 USBCCID - ok
21:01:02.0754 4116 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:01:02.0817 4116 usbcir - ok
21:01:02.0848 4116 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:01:02.0879 4116 usbehci - ok
21:01:02.0926 4116 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:01:02.0988 4116 usbhub - ok
21:01:03.0035 4116 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:01:03.0098 4116 usbohci - ok
21:01:03.0144 4116 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:01:03.0176 4116 usbprint - ok
21:01:03.0207 4116 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:01:03.0254 4116 usbscan - ok
21:01:03.0316 4116 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:01:03.0347 4116 USBSTOR - ok
21:01:03.0394 4116 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:01:03.0441 4116 usbuhci - ok
21:01:03.0488 4116 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:01:03.0534 4116 vga - ok
21:01:03.0566 4116 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:01:03.0597 4116 VgaSave - ok
21:01:03.0612 4116 viaagp  (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:01:03.0628 4116 viaagp - ok
21:01:03.0659 4116 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:01:03.0706 4116 ViaC7 - ok
21:01:03.0722 4116 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:01:03.0737 4116 viaide - ok
21:01:03.0753 4116 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:01:03.0768 4116 volmgr - ok
21:01:03.0878 4116 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:01:03.0893 4116 volmgrx - ok
21:01:03.0940 4116 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:01:03.0956 4116 volsnap - ok
21:01:03.0987 4116 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:01:04.0002 4116 vsmraid - ok
21:01:04.0049 4116 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:01:04.0112 4116 WacomPen - ok
21:01:04.0143 4116 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:01:04.0174 4116 Wanarp - ok
21:01:04.0190 4116 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:01:04.0205 4116 Wanarpv6 - ok
21:01:04.0236 4116 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:01:04.0252 4116 Wd - ok
21:01:04.0299 4116 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:01:04.0330 4116 Wdf01000 - ok
21:01:04.0408 4116 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:01:04.0486 4116 winachsf - ok
21:01:04.0595 4116 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:01:04.0642 4116 WmiAcpi - ok
21:01:04.0720 4116 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:01:04.0767 4116 WpdUsb - ok
21:01:04.0814 4116 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:01:04.0907 4116 ws2ifsl - ok
21:01:04.0954 4116 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:01:05.0001 4116 WUDFRd - ok
21:01:05.0032 4116 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
21:01:05.0063 4116 XAudio - ok
21:01:05.0110 4116 MBR (0x1B8) (4bf077b4df3f4f5483a79d4ce511c7f3) \Device\Harddisk0\DR0
21:01:05.0141 4116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:01:05.0141 4116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:01:05.0188 4116 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:01:05.0188 4116 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:01:05.0219 4116 Boot (0x1200) (3d9a4e8b630543cabd41322d4fd41002) \Device\Harddisk0\DR0\Partition0
21:01:05.0219 4116 \Device\Harddisk0\DR0\Partition0 - ok
21:01:05.0235 4116 Boot (0x1200) (b7f8d59d6e44f523264c1a5aeefc9c94) \Device\Harddisk0\DR0\Partition1
21:01:05.0235 4116 \Device\Harddisk0\DR0\Partition1 - ok
21:01:05.0235 4116 ============================================================
21:01:05.0250 4116 Scan finished
21:01:05.0250 4116 ============================================================
21:01:05.0266 4424 Detected object count: 5
21:01:05.0266 4424 Actual detected object count: 5
21:02:19.0085 4424 48571748 ( HiddenService.Multi.Generic ) - skipped by user
21:02:19.0085 4424 48571748 ( HiddenService.Multi.Generic ) - User select action: Skip 
21:02:19.0085 4424 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:19.0085 4424 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:19.0085 4424 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
21:02:19.0085 4424 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:02:19.0335 4424 \Device\Harddisk0\DR0\# - copied to quarantine
21:02:19.0335 4424 \Device\Harddisk0\DR0 - copied to quarantine
21:02:19.0382 4424 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:02:19.0397 4424 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:02:19.0397 4424 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:02:19.0413 4424 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:02:19.0413 4424 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:02:19.0428 4424 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:02:19.0444 4424 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:02:19.0444 4424 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:02:19.0460 4424 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:02:19.0460 4424 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:02:19.0460 4424 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:02:19.0460 4424 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:02:19.0553 4424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:02:19.0553 4424 \Device\Harddisk0\DR0 - ok
21:02:19.0553 4424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 
21:02:19.0553 4424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:02:19.0553 4424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
21:03:03.0016 5772 Deinitialize success
--------------------------------------------
As soon as this program took action, symantec popped up with these,
Trojan.Adclicker Cleaned
Trojan Horse Quarantined
Hacktool.Rootkit Cleaned
Trojan Horse Quarantined
Trojan.Gen Quarantined
Trojan.Adclicker Cleaned


----------



## Was343 (Feb 27, 2012)

asked me if I wanted to DL avast for better scanning results, as it was not in your instruction I said no.

Also, this could be a stupid question, but I use vista, and in a few of your instructions you told me to right click and run as administrator. If you dont put it in there, I usually dont do it. Should I always do that with the programs you tell me to use, I am not a vista guy.

aswMBR currently running...


----------



## Was343 (Feb 27, 2012)

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-11 21:14:57
-----------------------------
21:14:57.651 OS Version: Windows 6.0.6002 Service Pack 2
21:14:57.651 Number of processors: 2 586 0xF0D
21:14:57.651 ComputerName: FLAMINGOISLAND UserName: Tina
21:15:00.490 Initialize success
21:15:44.076 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:15:44.076 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:15:44.091 Disk 0 MBR read successfully
21:15:44.091 Disk 0 MBR scan
21:15:44.091 Disk 0 Windows VISTA default MBR code
21:15:44.091 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 94 MB offset 63
21:15:44.107 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 194560
21:15:44.122 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 292348 MB offset 21166080
21:15:44.122 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 619896832
21:15:44.154 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 619898880
21:15:44.154 Disk 0 scanning sectors +625139712
21:15:44.232 Disk 0 scanning C:\Windows\system32\drivers
21:15:51.236 Service scanning
21:16:11.797 Modules scanning
21:16:18.271 Disk 0 trace - called modules:
21:16:18.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
21:16:18.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8699aac8]
21:16:18.286 3 CLASSPNP.SYS[8ab9e8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85723030]
21:16:18.286 Scan finished successfully
21:18:40.513 Disk 0 MBR has been saved successfully to "C:\Users\Tina\Desktop\MBR.dat"
21:18:40.529 The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR.txt"


----------



## eddie5659 (Mar 19, 2001)

Most of the time it should be okay to run the tools as they are. Its just now and then certain ones prefer the Admin option, but I'll let you know when 

Looks like TDSSKiller found a rootkit, so lets triple-check with this tool:

Please download *MBRCheck.exe* to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:



> Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type *N* and press *Enter*. A report will be produced on the desktop. Post that report in your next reply.

===================

Also, can you delete the copy of ComboFix that you tried to use before, and download a fresh one, and see if you can scan now


----------



## Was343 (Feb 27, 2012)

MBRCheck, version 1.2.3
(c) 2010, AD
Command-line: 
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1720
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 167):
0x8201D000 \SystemRoot\system32\ntkrnlpa.exe
0x823D7000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80675000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80683000 \SystemRoot\system32\drivers\acpi.sys
0x806C9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806DA000 \SystemRoot\system32\drivers\pci.sys
0x80701000 \SystemRoot\System32\drivers\partmgr.sys
0x80710000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80713000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8071D000 \SystemRoot\system32\drivers\volmgr.sys
0x8072C000 \SystemRoot\System32\drivers\volmgrx.sys
0x80776000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8077D000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8078B000 \SystemRoot\system32\drivers\pciide.sys
0x80792000 \SystemRoot\System32\drivers\mountmgr.sys
0x8260C000 \SystemRoot\system32\drivers\iastorv.sys
0x826AD000 \SystemRoot\system32\drivers\iastor.sys
0x8276B000 \SystemRoot\system32\drivers\atapi.sys
0x82773000 \SystemRoot\system32\drivers\ataport.SYS
0x82791000 \SystemRoot\system32\drivers\fltmgr.sys
0x807A2000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
0x827C3000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A40C000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
0x8A4CB000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A4D4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A602000 \SystemRoot\system32\drivers\ndis.sys
0x8A70D000 \SystemRoot\system32\drivers\msrpc.sys
0x8A738000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A803000 \SystemRoot\System32\drivers\tcpip.sys
0x8A8ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AA06000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB16000 \SystemRoot\system32\drivers\volsnap.sys
0x8AB4F000 \SystemRoot\System32\Drivers\spldr.sys
0x8AB57000 \SystemRoot\System32\Drivers\mup.sys
0x8AB66000 \SystemRoot\System32\drivers\ecache.sys
0x8AB8D000 \SystemRoot\system32\drivers\disk.sys
0x8AB9E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ABBF000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ABD5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ABE0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ABE9000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E60D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EC5A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8ECFA000 \SystemRoot\System32\drivers\watchdog.sys
0x8ED06000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8ED11000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ED4F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8ED5E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EE03000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8EF05000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EF15000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EF23000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8EF3D000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8EF4B000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8EF5F000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8EFB0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EFC3000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8EFEF000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EDEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A908000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EFFA000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EDF6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E600000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A920000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A94F000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ABC8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ABF8000 \SystemRoot\System32\Drivers\RootMdm.sys
0x8A990000 \SystemRoot\system32\drivers\modem.sys
0x8A99D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A9B4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A9BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A9E2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A773000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A787000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A9F1000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0x8A79C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A7AC000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A7D6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A7E0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A546000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A7ED000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A57B000 \SystemRoot\system32\drivers\stwrt.sys
0x8A5D0000 \SystemRoot\system32\drivers\portcls.sys
0x827D3000 \SystemRoot\system32\drivers\drmk.sys
0x805BB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x92A0C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x92B0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x92C0A000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
0x92C90000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
0x92CB3000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
0x92CBE000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x9339E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x933B5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x933B7000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x933F1000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x933F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x93200000 \SystemRoot\System32\Drivers\Null.SYS
0x92CE4000 \SystemRoot\System32\Drivers\Beep.SYS
0x92CEB000 \SystemRoot\System32\drivers\vga.sys
0x92CF7000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x92D18000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x92D20000 \SystemRoot\system32\drivers\rdpencdd.sys
0x92D28000 \SystemRoot\System32\Drivers\Msfs.SYS
0x92D33000 \SystemRoot\System32\Drivers\Npfs.SYS
0x92D41000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x92D4A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x92D60000 \SystemRoot\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDIV.SYS
0x92DB9000 \SystemRoot\system32\DRIVERS\smb.sys
0x97201000 \SystemRoot\system32\drivers\afd.sys
0x97249000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9727B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x97291000 \SystemRoot\system32\DRIVERS\Teefer.sys
0x972B2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x972C0000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x972D3000 \SystemRoot\system32\Drivers\SysPlant.sys
0x972EF000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x97311000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x97317000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x97353000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9760A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x97668000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x97686000 \SystemRoot\System32\Drivers\dfsc.sys
0x9769D000 \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120302.011\BHDrvx86.sys
0x9E420000 \SystemRoot\System32\win32k.sys
0x97776000 \SystemRoot\System32\drivers\Dxapi.sys
0x9E640000 \SystemRoot\System32\TSDDD.dll
0x9E660000 \SystemRoot\System32\cdd.dll
0x9778F000 \SystemRoot\system32\drivers\luafv.sys
0xBBC0E000 \SystemRoot\system32\drivers\spsys.sys
0xBBCBE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xBBCCE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xBBCF8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBBD02000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xBBD15000 \SystemRoot\system32\drivers\HTTP.sys
0xBBD82000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xBBD9F000 \SystemRoot\system32\DRIVERS\bowser.sys
0xBBDB8000 \SystemRoot\System32\drivers\mpsdrv.sys
0xBBDCD000 \SystemRoot\system32\drivers\mrxdav.sys
0x977AA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x973BB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x977C9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x92DCD000 \SystemRoot\System32\DRIVERS\srv2.sys
0xBD60C000 \SystemRoot\System32\DRIVERS\srv.sys
0xBD681000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBD685000 \SystemRoot\system32\drivers\peauth.sys
0xBD763000 \SystemRoot\System32\Drivers\secdrv.SYS
0xBD76D000 \SystemRoot\System32\Drivers\fastfat.SYS
0xBD795000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0xBD79C000 \SystemRoot\System32\drivers\tcpipreg.sys
0xBD7A8000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xBD7B0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xBD7C6000 \??\C:\Windows\system32\drivers\mbam.sys
0x93207000 \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120313.002\NAVEX15.SYS
0xBD7D9000 \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120313.002\NAVENG.SYS
0xBD600000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9735D000 \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120313.001\IDSvix86.sys
0xBD66A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77B50000 \Windows\System32\ntdll.dll
Processes (total 91):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
624 csrss.exe
668 csrss.exe
676 C:\Windows\System32\wininit.exe
716 C:\Windows\System32\winlogon.exe
756 C:\Windows\System32\services.exe
768 C:\Windows\System32\lsass.exe
788 C:\Windows\System32\lsm.exe
912 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\audiodg.exe
1344 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\SLsvc.exe
1400 C:\Windows\System32\svchost.exe
1536 C:\Windows\System32\svchost.exe
1684 C:\Windows\System32\WLTRYSVC.EXE
1696 C:\Windows\System32\BCMWLTRY.EXE
1716 C:\Windows\System32\wlanext.exe
1852 C:\Windows\System32\spoolsv.exe
1880 C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
1936 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
1944 C:\Windows\System32\svchost.exe
488 C:\Program Files\SUPERAntiSpyware\SASCore.exe
504 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
584 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
616 C:\Program Files\Bonjour\mDNSResponder.exe
904 C:\Windows\System32\svchost.exe
1592 C:\Windows\System32\PnkBstrA.exe
2080 C:\Windows\System32\svchost.exe
2112 C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
2152 C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
2176 C:\Windows\System32\stacsv.exe
2440 C:\Windows\System32\svchost.exe
2472 C:\Windows\System32\svchost.exe
2500 C:\Windows\System32\SearchIndexer.exe
3140 C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
3152 C:\Windows\System32\taskeng.exe
3192 C:\Windows\System32\dwm.exe
3324 C:\Windows\explorer.exe
3596 C:\Program Files\Windows Defender\MSASCui.exe
3620 C:\Program Files\DellTPad\Apoint.exe
3636 C:\Windows\System32\hkcmd.exe
3644 C:\Windows\System32\igfxpers.exe
3664 C:\Windows\System32\WLTRAY.EXE
3676 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
3688 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
3696 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
3712 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
3720 C:\Windows\Samsung\PanelMgr\SSMMgr.exe
3728 C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
3784 C:\Program Files\iTunes\iTunesHelper.exe
3804 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
3832 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3840 C:\Windows\System32\igfxsrvc.exe
3852 C:\Program Files\Windows Media Player\wmpnscfg.exe
3908 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3948 C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
3956 C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
3968 C:\Program Files\Dell\QuickSet\quickset.exe
1084 WmiPrvSE.exe
4024 C:\Windows\System32\taskeng.exe
4244 C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
4300 WmiPrvSE.exe
4456 C:\Program Files\Windows Media Player\wmpnetwk.exe
4560 unsecapp.exe
4580 C:\Program Files\iPod\bin\iPodService.exe
4792 C:\Windows\System32\svchost.exe
5144 C:\Program Files\DellTPad\ApMsgFwd.exe
5496 C:\Program Files\DellTPad\hidfind.exe
5508 C:\Program Files\DellTPad\ApntEx.exe
4976 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2576 C:\Windows\System32\taskeng.exe
3008 C:\Windows\System32\wuauclt.exe
2936 taskeng.exe
6000 C:\Windows\System32\svchost.exe
5268 C:\Program Files\Internet Explorer\iexplore.exe
2364 C:\Program Files\Internet Explorer\iexplore.exe
2012 C:\Program Files\Internet Explorer\ielowutil.exe
5816 C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe
5580 C:\Program Files\Internet Explorer\iexplore.exe
5520 C:\Windows\System32\SearchProtocolHost.exe
500 C:\Windows\System32\SearchFilterHost.exe
3004 dllhost.exe
2192 dllhost.exe
2896 C:\Users\Tina\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`85f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`05f00000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT0, Rev: 11.01A11
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!
-----------------------------------------------------
Combofix ran, finished, and opened the log, but then my computer installed updates and restarted. Does it save the log somewhere, I will keep looking, and what is it called, combofix is saves as username123 on my desktop?

Thanks,


----------



## Was343 (Feb 27, 2012)

Found it, right where it should have been...
ComboFix 12-03-14.01 - Tina 03/14/2012 10:46:42.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3061.1460 [GMT -5:00]
Running from: c:\users\Tina\Desktop\username123.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Tina\GoToAssistDownloadHelper.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 17:02 . 2012-03-14 17:02 -------- d-----w- c:\users\Tina\AppData\Local\temp
2012-03-14 17:02 . 2012-03-14 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 06:39 . 2012-02-20 07:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7BA878C8-83BF-40F3-BF4E-E9D86D20D7B8}\mpengine.dll
2012-03-12 02:49 . 2012-03-12 02:49 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-12 02:48 . 2012-03-12 02:48 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-03-12 02:48 . 2012-03-12 02:48 94128 ----a-w- c:\windows\system32\FwsVpn.dll
2012-03-12 02:48 . 2012-03-12 02:48 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-03-12 02:48 . 2012-03-12 02:48 374704 ----a-w- c:\windows\system32\sysfer.dll
2012-03-12 02:48 . 2012-03-12 02:48 10672 ----a-w- c:\windows\system32\sysferThunk.dll
2012-03-12 02:46 . 2012-03-12 02:46 -------- d-----w- c:\windows\system32\drivers\SEP
2012-03-12 02:02 . 2012-03-12 02:02 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-12 01:33 . 2012-03-12 01:50 -------- d-----w- c:\program files\trend micro
2012-03-12 01:33 . 2012-03-12 01:46 -------- d-----w- C:\rsit
2012-03-03 22:41 . 2012-03-03 22:41 -------- d-----w- C:\_OTL
2012-03-03 21:59 . 2012-03-12 02:48 240048 ----a-w- c:\windows\system32\SymVPN.dll
2012-03-03 21:54 . 2012-03-03 21:54 -------- d-----w- c:\program files\Common Files\Java
2012-03-03 21:42 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-03 21:32 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-02 04:06 . 2012-03-02 04:06 -------- d-----w- C:\username123
2012-03-01 20:19 . 2012-03-01 20:19 -------- d-----w- c:\users\Tina\AppData\Roaming\SUPERAntiSpyware.com
2012-03-01 20:19 . 2012-03-12 01:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-01 20:19 . 2012-03-01 20:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-01 14:50 . 2012-03-01 14:50 -------- d-----w- c:\users\Tina\AppData\Roaming\Malwarebytes
2012-03-01 14:49 . 2012-03-01 14:49 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 14:49 . 2012-03-03 21:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-21 02:57 . 2012-02-21 02:57 -------- d-----w- c:\program files\AVG
2012-02-21 02:18 . 2012-02-21 02:18 -------- d-----w- c:\users\Tina\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-02-21 01:56 . 2012-02-21 01:56 -------- d--h--w- c:\programdata\Common Files
2012-02-21 01:55 . 2012-03-01 14:28 -------- d-----w- c:\programdata\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 01:59 . 2011-06-10 19:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-03 21:54 . 2011-04-12 12:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 14:18 . 2009-10-03 13:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-02 16:46 . 2011-06-28 18:27 589824 ----a-w- C:\SP_Connector.exe
2003-03-19 02:20 . 2011-05-13 02:48 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 09:42 . 2011-05-13 02:48 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2012-01-17 04:55 . 2011-12-12 23:06 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-28 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ApproveIt StartUp.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
backup=c:\windows\pss\ApproveIt StartUp.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyExcelKeys]
c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyWordKeys]
c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3180 Scan2PC]
2010-11-11 09:46 1998848 ----a-w- c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApproveItForOfficeSetup]
2010-01-26 15:26 155648 ----a-w- c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 05:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLX3180_Scan2Pc]
2010-11-11 09:46 1998848 ----a-w- c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2011-01-27 00:08 79872 ----a-w- c:\users\Tina\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-masqform - c:\program files\PureEdge\Viewer 6.5\masqform.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 12:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
[0] 0x72006900
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-14 12:06:36
ComboFix-quarantined-files.txt 2012-03-14 17:06
.
Pre-Run: 206,779,387,904 bytes free
Post-Run: 206,728,499,200 bytes free
.
- - End Of File - - 5130D6C2DBB17051A02F1B72E4C60E93
--------------------------------------
Sidenote, I used some advice on your site for blocking cookies, and now when I try to reply to this forum it logs me out before I can, what did I do wrong...?


----------



## eddie5659 (Mar 19, 2001)

Good to see ComboFix finally ran 

As for the cookies, where was the information posted?

--

Can you uninstall this via AddRemove Programs or Start | Programs:

*Viewpoint Media Player*

Then, can you run the next two tools:

Please download *GooredFix* from one of the locations below and *save it to your Desktop*
*Download Mirror #1*
*Download Mirror #2*

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select *Run As Administrator* (Vista).
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

----------

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.
Also, in the RKQuarantine folder on the Desktop, is a file called Physicaldrive0_User. Can you zip and attach the file here

eddie


----------



## Was343 (Feb 27, 2012)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:09 on 14/03/2012 (Tina)
Firefox version 9.0.1 (en-US)
========== GooredScan ==========

========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:29 28/12/2010]
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [14:19 01/03/2012]
C:\Users\Tina\Application Data\Mozilla\Firefox\Profiles\px66xfar.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [03:12 15/04/2011]
{d15c1608-ba3e-4aa0-aa6f-aa9337226087} [16:51 27/10/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:50 26/02/2009]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\" [02:51 12/03/2012]
-=E.O.F=-
-------------------------------------
This took less than a second to run, I suppose thats normal


----------



## Was343 (Feb 27, 2012)

RogueKiller V7.3.1 [03/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Tina [Admin rights]
Mode: Scan -- Date: 03/14/2012 22:18:10
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x822D653D -> HOOKED (Unknown @ 0x89755B90)
SSDT[14] : NtAlertThread @ 0x8224F255 -> HOOKED (Unknown @ 0x89755C70)
SSDT[18] : NtAllocateVirtualMemory @ 0x8228B4FB -> HOOKED (Unknown @ 0x89791B20)
SSDT[21] : NtAlpcConnectPort @ 0x8222D887 -> HOOKED (Unknown @ 0x87B013F8)
SSDT[42] : NtAssignProcessToJobObject @ 0x82200B43 -> HOOKED (Unknown @ 0x89761EB8)
SSDT[67] : NtCreateMutant @ 0x8226380C -> HOOKED (Unknown @ 0x89753748)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x8220335A -> HOOKED (Unknown @ 0x89761B90)
SSDT[78] : NtCreateThread @ 0x822D4BB4 -> HOOKED (Unknown @ 0x89755988)
SSDT[116] : NtDebugActiveProcess @ 0x822A7D22 -> HOOKED (Unknown @ 0x89625008)
SSDT[129] : NtDuplicateObject @ 0x8223B551 -> HOOKED (Unknown @ 0x87A99268)
SSDT[147] : NtFreeVirtualMemory @ 0x820C7F5D -> HOOKED (Unknown @ 0x89791980)
SSDT[156] : NtImpersonateAnonymousToken @ 0x821FDF12 -> HOOKED (Unknown @ 0x89753008)
SSDT[158] : NtImpersonateThread @ 0x8221354F -> HOOKED (Unknown @ 0x89755AB0)
SSDT[165] : NtLoadDriver @ 0x821AEDEE -> HOOKED (Unknown @ 0x87AFC4E0)
SSDT[177] : NtMapViewOfSection @ 0x8225389A -> HOOKED (Unknown @ 0x89753AA8)
SSDT[184] : NtOpenEvent @ 0x8223CDCF -> HOOKED (Unknown @ 0x897535F0)
SSDT[194] : NtOpenProcess @ 0x82263FA8 -> HOOKED (Unknown @ 0x89CD3CB8)
SSDT[195] : NtOpenProcessToken @ 0x82244A2E -> HOOKED (Unknown @ 0x87A991A8)
SSDT[197] : NtOpenSection @ 0x8225466D -> HOOKED (Unknown @ 0x897531E8)
SSDT[201] : NtOpenThread @ 0x8225F4FA -> HOOKED (Unknown @ 0x897910D0)
SSDT[210] : NtProtectVirtualMemory @ 0x8225D2DD -> HOOKED (Unknown @ 0x89761D80)
SSDT[282] : NtResumeThread @ 0x8225EB45 -> HOOKED (Unknown @ 0x89755D50)
SSDT[289] : NtSetContextThread @ 0x822D5883 -> HOOKED (Unknown @ 0x89755FD0)
SSDT[305] : NtSetInformationProcess @ 0x822578C8 -> HOOKED (Unknown @ 0x89753950)
SSDT[317] : NtSetSystemInformation @ 0x82229EEB -> HOOKED (Unknown @ 0x897530A0)
SSDT[330] : NtSuspendProcess @ 0x822D6477 -> HOOKED (Unknown @ 0x89753440)
SSDT[331] : NtSuspendThread @ 0x821DD92B -> HOOKED (Unknown @ 0x89755E30)
SSDT[334] : NtTerminateProcess @ 0x82234143 -> HOOKED (Unknown @ 0x89CD3C60)
SSDT[335] : NtTerminateThread @ 0x8225F52F -> HOOKED (Unknown @ 0x89755F10)
SSDT[348] : NtUnmapViewOfSection @ 0x82253B5D -> HOOKED (Unknown @ 0x87A99128)
SSDT[358] : NtWriteVirtualMemory @ 0x8225092D -> HOOKED (Unknown @ 0x89791A50)
SSDT[382] : NtCreateThreadEx @ 0x8225EFE4 -> HOOKED (Unknown @ 0x89761C80)
S_SSDT[317] : Unknown -> HOOKED (Unknown @ 0x8A24D858)
S_SSDT[397] : Unknown -> HOOKED (Unknown @ 0x8A258920)
S_SSDT[428] : Unknown -> HOOKED (Unknown @ 0x8A243460)
S_SSDT[430] : Unknown -> HOOKED (Unknown @ 0x8A242BB0)
S_SSDT[442] : Unknown -> HOOKED (Unknown @ 0x8A2462B8)
S_SSDT[479] : Unknown -> HOOKED (Unknown @ 0x8A232290)
S_SSDT[497] : Unknown -> HOOKED (Unknown @ 0x8A236610)
S_SSDT[498] : Unknown -> HOOKED (Unknown @ 0x8A243D78)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0x8A243108)
S_SSDT[576] : Unknown -> HOOKED (Unknown @ 0x8A240608)
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-75ZCT0 +++++
--- User ---
[MBR] bd685d468cc23e5207dda3c9e4fcee6f
[BSP] dcda6abd8ed780a846fb9e740d03a8c3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 94 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 194560 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21166080 | Size: 292348 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 619896832 | Size: 2560 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

--------------------------
symantec blocked this and quarantined it as a suspicious file, I had to go into the quarantine and restore it, in case it happens to others...


----------



## Was343 (Feb 27, 2012)

as requested


----------



## Was343 (Feb 27, 2012)

Didnt zip it


----------



## Was343 (Feb 27, 2012)

Any chance you can give me an example of what your looking for in these reports or would it take too long?


----------



## eddie5659 (Mar 19, 2001)

I'm just trying to see if there is a rootkit still there, as if it is, we need to remove it before we can continue. Just checking with the below tool, as a triple-check 

Gooredfix was clean 
----

Please download *GMER* *(only for use on 32-bit operating systems)* from: http://gmer.net/index.php

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze.*


----------



## Was343 (Feb 27, 2012)

Gmer log too long. Attached


----------



## eddie5659 (Mar 19, 2001)

Excellent, nice and clean as well 

Okay, I just want to check a file from the original IP block that you got when running MBAM before.

Using OTL, can you do the following (only one log may be produced, which is fine)


Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under the Custom Scan box paste this in


```
netsvcs
%SYSTEMDRIVE%\*.*
%windir%\system32\tasks\*.*
/md5start
svchost.exe
netdtect.sys
rca.sys
ip6fw.sys
secdrv.sys
runtime.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
CREATERESTOREPOINT
```

Then click the *Run Scan* button at the top 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic 

eddie


----------



## Was343 (Feb 27, 2012)

OTL Extras logfile created on: 3/16/2012 5:53:43 PM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.38% Memory free
6.18 Gb Paging File | 4.36 Gb Available in Paging File | 70.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 200.41 Gb Free Space | 70.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.28 Gb Free Space | 52.84% Space Free | Partition Type: NTFS

Computer Name: FLAMINGOISLAND | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C45C60-5C9E-4A3A-98AD-80E47A9D89E8}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\symcorpui.exe | 
"{5253EB6C-994F-4B32-9A44-65155ECCA271}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\symcorpui.exe | 
"{65EBA351-B5AE-41E8-9333-16A65221A10B}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\snac.exe | 
"{CE03BC61-81BF-4842-ACF9-45FD10ADA0A5}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\smc.exe | 
"{D1F9A6F7-1941-4A42-A9AF-48CC569584C9}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\smc.exe | 
"{F2E925D4-AF5E-4400-9C28-BBABE2681DA8}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\snac.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1956e9f5-6f4b-4fc3-b6f4-5869d06d95e9}" = Actron Scanning Suite
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{1C55AE03-9FF0-4908-B42C-D191DA3C4F22}" = Medieval II Total War
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather The Game
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4D53DDBC-99AD-485C-AAD5-B1EA6930C278}" = Thermostat Installer
"{4E01B649-0023-4EB5-9263-57DE317C3418}" = ApproveIt Desktop
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80078570-6C67-486C-8CF0-B0D778FC69B5}" = Samsung Network PC Fax
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9852EB41-276E-1301-0481-6C4A585292D8}" = Picaboo X
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9D0745C-BABD-472B-8AF0-FAF888D31046}" = Medieval II Total War
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1387cd45119ecd721d3a050bd8f6cf38" = Diner Dash
"2FE89524DCB9993BBE35C3B1F50969BE84CDC26C" = Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)
"45C76934E7F547DB6EAFC059D897430F43112A87" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"719dba21aadbc5b8efd10b0ce0c290a1" = Mortimer Beckett and the Time Paradox
"726385ED6E9BD02F0F3E4611AEEAD174ADDDC0F2" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Ares" = Ares 2.1.7
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) 
"Defraggler" = Defraggler
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Download Manager" = Download Manager 2.3.10
"EF0DC109140519CEDBEF47D748890F9061EDC199" = Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )
"f3c5b9886c3471dfe2a3f285b8874441" = Mystery of Mortlake Mansion(TM)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Photo Viewer" = Photo Viewer V208G2
"PunkBusterSvc" = PunkBuster Services
"RealArcade" = RealArcade
"Rhapsody" = Rhapsody
"Sally's Salon" = Sally's Salon
"Sally's Spa" = Sally's Spa
"Samsung CLX-3180 Series" = Maintenance Samsung CLX-3180 Series
"Steam App 10" = Counter-Strike
"Steam App 13140" = America's Army 3
"Steam App 20" = Team Fortress Classic
"Viewer_armyifx" = Viewer_armyifx

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2012 12:46:45 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:45 AM

Error - 3/14/2012 12:46:45 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:45 AM

Error - 3/14/2012 12:46:45 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:45 AM

Error - 3/14/2012 12:46:56 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:56 AM

Error - 3/14/2012 12:46:56 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:56 AM

Error - 3/14/2012 12:46:56 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:56 AM

Error - 3/14/2012 12:47:06 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:47:06 AM

Error - 3/14/2012 12:47:06 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:47:06 AM

Error - 3/14/2012 12:47:06 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:47:06 AM

Error - 3/14/2012 12:47:06 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:47:06 AM

[ Broadcom Wireless LAN Events ]
Error - 8/23/2011 11:43:51 AM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 10:43:50, Tue, Aug 23, 11 Error - Unable to gain access to user store

Error - 9/18/2011 1:19:53 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 12:19:53, Sun, Sep 18, 11 Error - Unable to gain access to user store

Error - 1/19/2012 11:16:16 AM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 09:16:16, Thu, Jan 19, 12 Error - Unable to gain access to user store

Error - 2/14/2012 2:57:38 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 12:57:38, Tue, Feb 14, 12 Error - Unable to gain access to user store

Error - 3/2/2012 8:14:38 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 18:14:37, Fri, Mar 02, 12 Error - Unable to gain access to user store

Error - 3/15/2012 8:02:15 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 19:02:14, Thu, Mar 15, 12 Error - Unable to gain access to user store

Error - 3/15/2012 8:06:55 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 19:06:55, Thu, Mar 15, 12 Error - Unable to gain access to user store

[ System Events ]
Error - 3/14/2012 3:05:55 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2012 3:05:55 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2012 3:07:26 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7022
Description =

Error - 3/15/2012 7:58:58 PM | Computer Name = FlamingoIsland | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/15/2012 7:59:21 PM | Computer Name = FlamingoIsland | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/15/2012 8:00:05 PM | Computer Name = FlamingoIsland | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:57:39 PM on 3/15/2012 was unexpected.

Error - 3/15/2012 8:00:49 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2012 8:00:49 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2012 8:00:49 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2012 8:01:57 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7022
Description =

< End of report >


----------



## Was343 (Feb 27, 2012)

OTL Extras logfile created on: 3/16/2012 5:53:43 PM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.38% Memory free
6.18 Gb Paging File | 4.36 Gb Available in Paging File | 70.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 200.41 Gb Free Space | 70.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.28 Gb Free Space | 52.84% Space Free | Partition Type: NTFS

Computer Name: FLAMINGOISLAND | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19C45C60-5C9E-4A3A-98AD-80E47A9D89E8}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\symcorpui.exe | 
"{5253EB6C-994F-4B32-9A44-65155ECCA271}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\symcorpui.exe | 
"{65EBA351-B5AE-41E8-9333-16A65221A10B}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\snac.exe | 
"{CE03BC61-81BF-4842-ACF9-45FD10ADA0A5}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\smc.exe | 
"{D1F9A6F7-1941-4A42-A9AF-48CC569584C9}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\smc.exe | 
"{F2E925D4-AF5E-4400-9C28-BBABE2681DA8}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\snac.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1956e9f5-6f4b-4fc3-b6f4-5869d06d95e9}" = Actron Scanning Suite
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{1C55AE03-9FF0-4908-B42C-D191DA3C4F22}" = Medieval II Total War
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = The Godfather The Game
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4D53DDBC-99AD-485C-AAD5-B1EA6930C278}" = Thermostat Installer
"{4E01B649-0023-4EB5-9263-57DE317C3418}" = ApproveIt Desktop
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80078570-6C67-486C-8CF0-B0D778FC69B5}" = Samsung Network PC Fax
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9852EB41-276E-1301-0481-6C4A585292D8}" = Picaboo X
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A9D0745C-BABD-472B-8AF0-FAF888D31046}" = Medieval II Total War
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{BF6CF460-40C3-49BA-800A-4B934B6498B1}" = Scan Assistant
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1387cd45119ecd721d3a050bd8f6cf38" = Diner Dash
"2FE89524DCB9993BBE35C3B1F50969BE84CDC26C" = Windows Driver Package - SPX Service Solutions, Inc (spxusb) Ports (13/04/2009 1.03)
"45C76934E7F547DB6EAFC059D897430F43112A87" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"719dba21aadbc5b8efd10b0ce0c290a1" = Mortimer Beckett and the Time Paradox
"726385ED6E9BD02F0F3E4611AEEAD174ADDDC0F2" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Ares" = Ares 2.1.7
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) 
"Defraggler" = Defraggler
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Download Manager" = Download Manager 2.3.10
"EF0DC109140519CEDBEF47D748890F9061EDC199" = Windows Driver Package - SPX Service Solutions, Inc (usbser) Ports (10/02/06 )
"f3c5b9886c3471dfe2a3f285b8874441" = Mystery of Mortlake Mansion(TM)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Photo Viewer" = Photo Viewer V208G2
"PunkBusterSvc" = PunkBuster Services
"RealArcade" = RealArcade
"Rhapsody" = Rhapsody
"Sally's Salon" = Sally's Salon
"Sally's Spa" = Sally's Spa
"Samsung CLX-3180 Series" = Maintenance Samsung CLX-3180 Series
"Steam App 10" = Counter-Strike
"Steam App 13140" = America's Army 3
"Steam App 20" = Team Fortress Classic
"Viewer_armyifx" = Viewer_armyifx

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/14/2012 12:46:45 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:45 AM

Error - 3/14/2012 12:46:45 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:45 AM

Error - 3/14/2012 12:46:45 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:45 AM

Error - 3/14/2012 12:46:56 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:56 AM

Error - 3/14/2012 12:46:56 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:56 AM

Error - 3/14/2012 12:46:56 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:46:56 AM

Error - 3/14/2012 12:47:06 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:47:06 AM

Error - 3/14/2012 12:47:06 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:47:06 AM

Error - 3/14/2012 12:47:06 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:47:06 AM

Error - 3/14/2012 12:47:06 PM | Computer Name = FlamingoIsland | Source = Symantec AntiVirus | ID = 16711725
Description = Scan type: Tamper Protection Scan Event: Security risk detected: C:\USERNAME123904U\PEV.3XE
File:
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location:
Deleted or access blocked Computer: FLAMINGOISLAND User: Tina Action taken: Date found:
Wednesday, March 14, 2012 11:47:06 AM

[ Broadcom Wireless LAN Events ]
Error - 8/23/2011 11:43:51 AM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 10:43:50, Tue, Aug 23, 11 Error - Unable to gain access to user store

Error - 9/18/2011 1:19:53 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 12:19:53, Sun, Sep 18, 11 Error - Unable to gain access to user store

Error - 1/19/2012 11:16:16 AM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 09:16:16, Thu, Jan 19, 12 Error - Unable to gain access to user store

Error - 2/14/2012 2:57:38 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 12:57:38, Tue, Feb 14, 12 Error - Unable to gain access to user store

Error - 3/2/2012 8:14:38 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 18:14:37, Fri, Mar 02, 12 Error - Unable to gain access to user store

Error - 3/15/2012 8:02:15 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 19:02:14, Thu, Mar 15, 12 Error - Unable to gain access to user store

Error - 3/15/2012 8:06:55 PM | Computer Name = FlamingoIsland | Source = WLAN-Tray | ID = 0
Description = 19:06:55, Thu, Mar 15, 12 Error - Unable to gain access to user store

[ System Events ]
Error - 3/14/2012 3:05:55 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2012 3:05:55 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/14/2012 3:07:26 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7022
Description =

Error - 3/15/2012 7:58:58 PM | Computer Name = FlamingoIsland | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/15/2012 7:59:21 PM | Computer Name = FlamingoIsland | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 3/15/2012 8:00:05 PM | Computer Name = FlamingoIsland | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:57:39 PM on 3/15/2012 was unexpected.

Error - 3/15/2012 8:00:49 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2012 8:00:49 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2012 8:00:49 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7000
Description =

Error - 3/15/2012 8:01:57 PM | Computer Name = FlamingoIsland | Source = Service Control Manager | ID = 7022
Description =

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Hmmm, you seem to have posted the Extra's.txt twice by mistake. On the desktop, is there another notepad with the wording OTL.txt for the same date:

*OTL Extras logfile created on: 3/16/2012 5:53:43 PM - Run 1*

eddie


----------



## Was343 (Feb 27, 2012)

OTL logfile created on: 3/16/2012 5:53:43 PM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.38% Memory free
6.18 Gb Paging File | 4.36 Gb Available in Paging File | 70.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 200.41 Gb Free Space | 70.20% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.28 Gb Free Space | 52.84% Space Free | Partition Type: NTFS

Computer Name: FLAMINGOISLAND | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/11 20:59:25 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012/03/03 16:32:49 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
PRC - [2012/01/16 23:55:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/06 07:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011/06/17 20:10:04 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
PRC - [2011/06/14 19:31:44 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/03/07 21:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 16:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/24 04:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 04:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 04:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 04:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/14 14:30:26 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012/03/14 14:30:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/03/14 14:08:41 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/01/16 23:55:40 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/12/12 18:27:39 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/14 03:32:55 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/06 07:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/26 10:17:24 | 000,081,920 | ---- | M] () -- C:\Windows\System32\erainp32.dll
MOD - [2008/05/19 01:25:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/03 18:06:52 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/17 20:10:04 | 001,664,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/06/17 19:50:30 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)
SRV - [2011/06/14 19:31:44 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2010/03/07 21:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (kxrdyfod)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (BCM42RLY)
DRV - [2012/03/11 22:05:47 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120316.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/03/11 22:05:45 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120316.004\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/11 22:05:37 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/11 22:05:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/03/11 21:49:56 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/11 21:48:21 | 000,092,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2012/03/02 21:12:19 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120315.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/03/02 18:50:50 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120302.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/17 20:06:48 | 000,023,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2011/05/27 23:07:30 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/05/27 23:07:30 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/05/20 21:50:04 | 000,050,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2011/05/17 23:32:28 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS -- (SymEFA)
DRV - [2011/05/12 20:41:34 | 000,006,656 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Nccidx86.sys -- (Nccidx86)
DRV - [2011/05/10 23:54:58 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/05/02 22:19:00 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS -- (SymDS)
DRV - [2011/04/21 01:21:32 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\symtdiv.sys -- (SYMTDIV)
DRV - [2010/11/11 23:22:00 | 000,059,136 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/07/13 03:13:52 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/07/11 22:16:00 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/06/15 15:08:18 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/04/10 23:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/01 23:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 00:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 00:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/24 04:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/24 03:01:00 | 000,007,680 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\STCFUx32.sys -- (STCFUx32)
DRV - [2006/11/27 02:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 02:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 02:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 07:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...&query={searchTerms}&invocationType=tb50trie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2012/03/15 19:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/16 23:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/03 18:02:20 | 000,000,000 | ---D | M]

[2010/12/28 16:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2011/12/07 23:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions
[2012/03/03 18:00:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/03 18:00:44 | 000,000,000 | ---D | M] ("DoD Configuration") -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2012/03/01 09:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/03 16:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/16 23:55:41 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/03/18 21:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2012/03/03 16:54:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/01 16:47:38 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2012/02/20 22:05:36 | 000,003,739 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/16 23:55:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/16 23:55:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/14 12:02:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17E56E03-0D03-4697-8107-F9D1166E6D6F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D7F29D7-8A77-474C-A801-58BC0BE728DD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 03:00:30 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/03/14 22:09:59 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\GooredFix Backups
[2012/03/14 22:08:53 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tina\Desktop\GooredFix.exe
[2012/03/14 14:04:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/14 12:06:45 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\temp
[2012/03/14 12:06:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/14 10:43:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/14 10:43:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/14 10:43:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/14 10:43:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/14 10:43:16 | 000,000,000 | ---D | C] -- C:\username123904u
[2012/03/13 14:50:19 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/13 14:50:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/13 14:50:17 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/13 14:50:17 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/13 14:50:17 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/13 14:50:17 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/13 14:50:09 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/11 21:49:56 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/11 21:48:22 | 000,032,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\WGX.SYS
[2012/03/11 21:48:21 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
[2012/03/11 21:48:21 | 000,094,128 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2012/03/11 21:48:21 | 000,092,080 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2012/03/11 21:48:21 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\sysferThunk.dll
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F
[2012/03/11 21:14:17 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Tina\Desktop\aswMBR.exe
[2012/03/11 21:02:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/11 20:43:33 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\tdsskiller.exe
[2012/03/11 20:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/03/11 20:33:43 | 000,000,000 | ---D | C] -- C:\rsit
[2012/03/05 23:23:40 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\PRINT
[2012/03/04 00:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/03 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\RK_Quarantine
[2012/03/03 17:41:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/03 17:17:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/03 17:17:39 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/03 17:17:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/03 17:17:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/03 17:17:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/03 17:17:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/03 16:59:18 | 000,240,048 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2012/03/03 16:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/03 16:54:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/03 16:54:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/03 16:54:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/03 16:51:11 | 000,909,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tina\Desktop\JavaSetup6u31 3MAR12.exe
[2012/03/03 16:51:08 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\JavaRa-1.16-16-12-11
[2012/03/03 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\symantec
[2012/03/03 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Old Logs
[2012/03/03 16:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/03 16:42:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/03 16:32:49 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2012/03/03 16:30:23 | 015,125,536 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tina\Desktop\SUPERAntiSpyware.exe
[2012/03/03 16:29:37 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/03 16:29:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\TFC.exe
[2012/03/03 16:26:32 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Tina\Desktop\dds.com
[2012/03/03 16:25:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tina\Desktop\HijackThis.exe
[2012/03/01 23:06:13 | 000,000,000 | ---D | C] -- C:\username123
[2012/03/01 19:03:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/01 15:19:48 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/01 15:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/01 15:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/01 09:50:31 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Malwarebytes
[2012/03/01 09:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/01 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/01 09:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(51)
[2012/02/20 21:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/20 21:18:46 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/20 20:56:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/20 20:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

========== Files - Modified Within 30 Days ==========

[2012/03/16 17:00:22 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/16 17:00:22 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 19:06:29 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/15 19:06:29 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/15 19:00:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/15 15:18:20 | 000,302,592 | ---- | M] () -- C:\Users\Tina\Desktop\wpo2ovhj.exe
[2012/03/14 22:16:36 | 001,219,072 | ---- | M] () -- C:\Users\Tina\Desktop\roguekiller.exe
[2012/03/14 22:08:53 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tina\Desktop\GooredFix.exe
[2012/03/14 14:05:23 | 000,270,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 13:59:40 | 002,465,436 | ---- | M] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2012/03/14 12:02:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/14 10:35:22 | 000,080,384 | ---- | M] () -- C:\Users\Tina\Desktop\MBRCheck.exe
[2012/03/11 21:49:56 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/11 21:49:56 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/11 21:49:56 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/11 21:48:22 | 000,240,048 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2012/03/11 21:48:22 | 000,032,208 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WGX.SYS
[2012/03/11 21:48:21 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
[2012/03/11 21:48:21 | 000,094,128 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2012/03/11 21:48:21 | 000,092,080 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2012/03/11 21:48:21 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysferThunk.dll
[2012/03/11 21:48:21 | 000,000,114 | ---- | M] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2012/03/11 21:14:21 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Tina\Desktop\aswMBR.exe
[2012/03/11 20:59:25 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/11 20:43:34 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\tdsskiller.exe
[2012/03/11 20:31:47 | 000,781,383 | ---- | M] () -- C:\Users\Tina\Desktop\RSIT.exe
[2012/03/04 00:11:05 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/03 17:05:19 | 000,000,104 | ---- | M] () -- C:\Users\Tina\Desktop\Computer - Shortcut.lnk
[2012/03/03 16:54:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/03 16:54:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/03 16:54:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/03 16:54:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/03 16:33:32 | 000,139,264 | ---- | M] () -- C:\Users\Tina\Desktop\SystemLook.exe
[2012/03/03 16:32:49 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2012/03/03 16:30:51 | 015,125,536 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tina\Desktop\SUPERAntiSpyware.exe
[2012/03/03 16:29:46 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/03 16:29:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\TFC.exe
[2012/03/03 16:26:33 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Tina\Desktop\dds.com
[2012/03/03 16:25:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tina\Desktop\HijackThis.exe
[2012/03/03 00:49:14 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tina\Desktop\JavaSetup6u31 3MAR12.exe
[2012/03/01 09:00:26 | 000,000,680 | ---- | M] () -- C:\Users\Tina\AppData\Local\d3d9caps.dat
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2012/03/15 15:18:20 | 000,302,592 | ---- | C] () -- C:\Users\Tina\Desktop\wpo2ovhj.exe
[2012/03/14 22:16:35 | 001,219,072 | ---- | C] () -- C:\Users\Tina\Desktop\roguekiller.exe
[2012/03/14 10:43:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/14 10:43:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/14 10:43:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/14 10:43:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/14 10:43:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/14 10:35:22 | 000,080,384 | ---- | C] () -- C:\Users\Tina\Desktop\MBRCheck.exe
[2012/03/11 21:49:58 | 002,465,436 | ---- | C] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2012/03/11 21:49:56 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/11 21:49:56 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/11 21:48:21 | 000,000,114 | ---- | C] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2012/03/11 20:31:46 | 000,781,383 | ---- | C] () -- C:\Users\Tina\Desktop\RSIT.exe
[2012/03/04 00:11:05 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/03 17:05:19 | 000,000,104 | ---- | C] () -- C:\Users\Tina\Desktop\Computer - Shortcut.lnk
[2012/03/03 16:33:32 | 000,139,264 | ---- | C] () -- C:\Users\Tina\Desktop\SystemLook.exe
[2011/12/28 11:12:19 | 000,043,286 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\UserTile.png
[2011/12/23 13:54:42 | 000,270,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/18 13:39:53 | 000,000,680 | ---- | C] () -- C:\Users\Tina\AppData\Local\d3d9caps.dat
[2011/08/03 23:57:34 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/08/03 23:57:33 | 000,138,056 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\PnkBstrK.sys
[2011/08/03 23:57:00 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/08/03 23:56:57 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/03 23:56:55 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/14 13:42:09 | 000,011,849 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\SmarThruOptions.xml
[2011/06/14 13:41:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011/06/14 13:40:56 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2011/06/14 13:40:52 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2011/06/14 13:33:44 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/06/14 13:33:32 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011/06/14 13:31:04 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll
[2011/06/14 13:29:40 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2011/06/14 13:29:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011/06/14 13:29:40 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011/06/14 13:29:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011/05/12 21:56:13 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini
[2011/05/12 12:40:33 | 000,070,656 | ---- | C] () -- C:\Windows\System32\dfboottime.exe
[2011/01/26 19:04:25 | 000,000,004 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\62DD48
[2011/01/26 19:04:24 | 000,870,128 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\mcs.rma
[2011/01/06 15:33:40 | 000,000,192 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/06/03 17:23:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010/05/17 19:10:50 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2010/05/17 18:46:12 | 000,148,946 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/05/17 18:45:58 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/03/14 12:06:38 | 000,014,286 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/31 01:17:53 | 000,005,140 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/01/06 15:33:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/19 22:34:48 | 000,000,742 | -H-- | M] () -- C:\IPH.PH
[2011/01/06 15:33:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/30 22:40:13 | 000,026,927 | ---- | M] () -- C:\newfile.enc
[2008/07/30 22:40:13 | 000,026,927 | ---- | M] () -- C:\newkey
[2012/03/15 18:59:21 | 3524,587,520 | -HS- | M] () -- C:\pagefile.sys
[2012/02/02 11:48:15 | 000,019,466 | ---- | M] () -- C:\SamsungPrinter_Update.log
[2008/07/30 22:42:51 | 000,002,090 | ---- | M] () -- C:\SetWiFiBT.txt
[2012/02/02 11:46:47 | 000,589,824 | ---- | M] (Samsung Printer) -- C:\SP_Connector.exe
[2008/07/30 23:01:03 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/09/02 11:25:28 | 000,000,000 | ---- | M] () -- C:\t1e8.2
[2009/12/29 18:42:58 | 000,000,000 | ---- | M] () -- C:\t1eg.2
[2011/01/02 21:12:39 | 000,000,000 | ---- | M] () -- C:\t1f4.2
[2009/11/22 08:26:27 | 000,000,000 | ---- | M] () -- C:\t1f8.1
[2009/11/22 08:26:27 | 000,000,000 | ---- | M] () -- C:\t1f8.2
[2011/09/18 12:18:00 | 000,000,000 | ---- | M] () -- C:\t1fc.1
[2011/09/18 12:18:00 | 000,000,000 | ---- | M] () -- C:\t1fc.2
[2010/11/28 15:08:43 | 000,000,000 | ---- | M] () -- C:\t1fg.2
[2009/09/25 18:30:40 | 000,000,000 | ---- | M] () -- C:\t1gc.2
[2011/05/30 07:21:42 | 000,000,000 | ---- | M] () -- C:\t1gk.2
[2012/03/11 21:03:03 | 000,088,182 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_11.03.2012_21.00.02_log.txt
[2012/03/12 09:01:12 | 000,084,552 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_12.03.2012_08.59.52_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %windir%\system32\tasks\*.* >
[2011/04/25 12:23:22 | 000,003,202 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-3581695761-1960197390-2949407558-1000
[2011/04/25 12:23:21 | 000,003,338 | ---- | M] () -- C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3581695761-1960197390-2949407558-1000
[2012/03/16 16:06:43 | 000,003,706 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{B2C5685F-E2D7-436C-9C88-69BE730832B7}
[2008/09/17 19:18:23 | 000,003,150 | ---- | M] () -- C:\Windows\system32\tasks\Vista Task Low
[2009/06/15 23:33:05 | 000,002,882 | ---- | M] () -- C:\Windows\system32\tasks\{3BD76508-8414-4F7A-AEE9-91D07DCDF5F0}
[2011/08/14 22:05:56 | 000,003,190 | ---- | M] () -- C:\Windows\system32\tasks\{90923D0B-8C04-40E5-B8D8-497561F9BBA1}
[2011/05/12 09:47:04 | 000,003,204 | ---- | M] () -- C:\Windows\system32\tasks\{A441BE70-9E57-40B5-8221-5BAB7E7D6B71}
[2010/06/03 13:18:02 | 000,003,198 | ---- | M] () -- C:\Windows\system32\tasks\{E7C4D141-4E52-4871-8E88-34CC354E8DDA}

< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/02/12 16:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SECDRV.SYS >
[2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=90A3935D05B494A5A39D37E71F09A677 -- C:\Windows\System32\drivers\secdrv.sys
[2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) MD5=90A3935D05B494A5A39D37E71F09A677 -- C:\Windows\winsxs\x86_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_5b761551c05a7af8\secdrv.sys

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, the actual files look okay, but the IP's that MBAM blocked were for different countries. Also, do you still have the Asian music in your speakers?

Can you do a scan of the following:


Please go to  VirSCAN.org FREE on-line scan service
Copy and paste the following file path into the *"Suspicious files to scan"*box on the top of the page:

*C:\Windows\System32\stacsv.exe*

 Click on the *Upload* button
 Once the Scan is completed, click on the "*Copy to Clipboard*" button. This will copy the link of the report into the Clipboard.
 Paste the contents of the Clipboard in your next reply.

And can you do the same for these:

*C:\Windows\System32\drivers\Nccidx86.sys*

---------

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Windows\System32\stacsv.exe
C:\Windows\System32\drivers\Nccidx86.sys
C:\Windows\system32\DRIVERS\Teefer.sys
c:\windows\system32\drivers\WGX.SYS
:dir
C:\Users\Tina\AppData\Roaming\62DD48 /sub
C:\Program Files\Common Files\Java(51) /sub
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

I also want to take a deeper look, to see if there is something causing the IP connections.


Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted. 
Under the Custom Scan box paste this in


```
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg 
%systemroot%\*.jpg 
%systemroot%\*.png 
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav 
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x 
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
type C:\Windows\system32\tasks\{3BD76508-8414-4F7A-AEE9-91D07DCDF5F0} /c
type C:\Windows\system32\tasks\{90923D0B-8C04-40E5-B8D8-497561F9BBA1} /c
type C:\Windows\system32\tasks\{A441BE70-9E57-40B5-8221-5BAB7E7D6B71} /c
type C:\Windows\system32\tasks\{E7C4D141-4E52-4871-8E88-34CC354E8DDA} /c
```

Then click the *Run Scan* button at the top 
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL. 
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


----------



## Was343 (Feb 27, 2012)

No, the music doesnt play anymore. Also MBAM stopped blocking IP addresses completely, at least when im watching it.


----------



## Was343 (Feb 27, 2012)

VirSCAN.org Scanned Report :
Scanned time : 2009/10/21 01:28:40 (CDT)
Scanner results: Scanners did not find malware!
File Name : stacsv.exe
File Size : 102400 byte
File Type : PE32 executable for MS Windows (console) Intel 80386 32-bit
MD5 : 7e6dd4b34acd36af6c711d2bde91b040
SHA1 : 0cb320fe758472ef7607be2ec4f7f5a3858fe3bc
Online report : http://r.virscan.org/ad2d788c892c77af9f5bee550462f14c
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091021043110 2009-10-21 5.61 -
AhnLab V3 2009.10.21.00 2009.10.21 2009-10-21 1.00 -
AntiVir 8.2.1.42 7.1.6.129 2009-10-20 0.46 -
Antiy 2.0.18 20091021.3035329 2009-10-21 0.13 -
Arcavir 2009 200910201017 2009-10-20 0.05 -
Authentium 5.1.1 200910210227 2009-10-21 1.49 -
AVAST! 4.7.4 091020-0 2009-10-20 0.01 -
AVG 8.5.288 270.14.24/2449 2009-10-21 0.47 -
BitDefender 7.81008.4430593 7.28466 2009-10-21 3.86 -
CA (VET) 9.0.0.143 35.1.7074 2009-10-20 10.76 -
ClamAV 0.95.2 9918 2009-10-21 0.03 -
Comodo 3.12 2675 2009-10-21 3.46 -
CP Secure 1.3.0.5 2009.10.21 2009-10-21 0.06 -
Dr.Web 4.44.0.9170 2009.10.21 2009-10-21 6.40 -
F-Prot 4.4.4.56 20091020 2009-10-20 1.40 -
F-Secure 7.02.73807 2009.10.21.03 2009-10-21 0.14 -
Fortinet 2.81-3.120 10.968 2009-10-20 0.81 -
GData 19.8506/19.517 20091021 2009-10-21 17.37 -
ViRobot 20091020 2009.10.20 2009-10-20 0.63 -
Ikarus T3.1.01.72 2009.10.21.74211 2009-10-21 4.29 -
JiangMin 11.0.800 2009.10.19 2009-10-19 18.81 -
Kaspersky 5.5.10 2009.10.21 2009-10-21 0.13 -
KingSoft 2009.2.5.15 2009.10.21.7 2009-10-21 0.88 -
McAfee 5.3.00 5777 2009-10-20 4.76 -
Microsoft 1.5101 2009.10.20 2009-10-20 7.45 -
Norman 6.01.09 6.01.00 2009-10-20 4.01 -
Panda 9.05.01 2009.10.20 2009-10-20 9.95 -
Trend Micro 8.700-1004 6.565.00 2009-10-20 0.04 -
Quick Heal 10.00 2009.10.20 2009-10-20 2.45 -
Rising 20.0 21.52.20.00 2009-10-21 2.45 -
Sophos 3.00.1 4.46 2009-10-21 2.74 -
Sunbelt 5460 5460 2009-10-20 2.16 -
Symantec 1.3.0.24 20091020.006 2009-10-20 0.07 -
nProtect 20091019.02 5889965 2009-10-19 9.04 -
The Hacker 6.5.0.2 v00049 2009-10-20 0.97 -
VBA32 3.12.10.11 20091020.1141 2009-10-20 1.89 -
VirusBuster 4.5.11.10 10.112.74/2010359 2009-10-20 2.46 -


----------



## Was343 (Feb 27, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 11:30 on 20/03/2012 by Tina
Administrator - Elevation successful
========== file ==========
C:\Windows\System32\stacsv.exe - File found and opened.
MD5: 7E6DD4B34ACD36AF6C711D2BDE91B040
Created at 04:03 on 26/02/2009
Modified at 20:45 on 13/09/2007
Size: 102400 bytes
Attributes: --a----
FileDescription: STacSV Module
FileVersion: 1.0.5614.0 nd654 cp1
ProductVersion: 1.0.5614.0 nd654 cp1
OriginalFilename: STacSV.EXE
InternalName: STacSV
ProductName: IDT Audio
CompanyName: IDT, Inc.
LegalCopyright: Copyright (c) 2004-2007, IDT, Inc.
Comments: 
C:\Windows\System32\drivers\Nccidx86.sys - File found and opened.
MD5: B8238A54FEE84490378DF698258C44A0
Created at 23:32 on 03/03/2008
Modified at 01:41 on 13/05/2011
Size: 6656 bytes
Attributes: --a----
FileDescription: Nonccid DFU detach 32 bit Driver
FileVersion: 1.00 built by: WinDDK
ProductVersion: 1.00
OriginalFilename: Nccidx86.sys
InternalName: Nonccid
ProductName: Nonccid DFU detach 32 bit Driver
CompanyName: SCM Microsystems Inc.
LegalCopyright: Copyright © SCM Microsystems Inc.,2008
C:\Windows\system32\DRIVERS\Teefer.sys - File found and opened.
MD5: 1734C9A8FA3B853A221A8D937E0E23B4
Created at 02:50 on 21/05/2011
Modified at 02:50 on 21/05/2011
Size: 50096 bytes
Attributes: --a----
FileDescription: Symantec CMC Firewall Teefer3
FileVersion: 12.1.655.731
ProductVersion: 12.1.655.731
OriginalFilename: teefer3.sys
InternalName: Teefer3
ProductName: Symantec CMC Firewall
CompanyName: Symantec Corporation
LegalCopyright: Copyright © 2010 Symantec Corporation. All rights reserved. Use of this product is subject to license terms.
c:\windows\system32\drivers\WGX.SYS - File found and opened.
MD5: AFC17F46E16FB86105692D644D886EA5
Created at 02:48 on 12/03/2012
Modified at 02:48 on 12/03/2012
Size: 32208 bytes
Attributes: --a----
FileDescription: Symantec Network Access Control Protocol Driver
FileVersion: 12.1.671.4971
ProductVersion: 12.1.671.4971
OriginalFilename: WGX.sys
InternalName: WGX
ProductName: Symantec Network Access Control
CompanyName: Symantec Corporation
LegalCopyright: Copyright © 2011 Symantec Corporation. All rights reserved. Use of this product is subject to license terms.
========== dir ==========
C:\Users\Tina\AppData\Roaming\62DD48 - Unable to find folder.
C:\Program Files\Common Files\Java(51) - Parameters: "/sub"
---Files---
None found.
C:\Program Files\Common Files\Java(51)\Java Update d------ [14:20 01/03/2012]
task.xml --a---- 1297 bytes [20:02 18/01/2012] [20:02 18/01/2012]
task64.xml --a---- 1302 bytes [20:02 18/01/2012] [20:02 18/01/2012]
-= EOF =-


----------



## Was343 (Feb 27, 2012)

VirSCAN.org Scanned Report :
Scanned time : 2012/03/20 11:28:36 (CDT)
Scanner results: Scanners did not find malware!
File Name : Nccidx86.sys
File Size : 6656 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : b8238a54fee84490378df698258c44a0
SHA1 : 266a5e9c38319b8d4a9dbebb4295e9ce9c9c4f7e
Online report : http://r.virscan.org/8b2069835e44ac8285447bbc58a43780
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20120320110137 2012-03-20 8.49 -
AhnLab V3 2012.03.20.00 2012.03.20 2012-03-20 15.46 -
AntiVir 8.2.10.24 7.11.25.170 2012-03-20 0.39 -
Antiy 2.0.18 2.0.18. 0002-18-00 0.28 -
Arcavir 2011 201203200727 2012-03-20 4.36 -
Authentium 5.1.1 201203201326 2012-03-20 1.67 -
AVAST! 4.7.4 120317-0 2012-03-17 0.23 -
AVG 12.0.1782 2114/4882 2012-03-20 0.45 -
BitDefender 7.90123.7033271 7.41478 2012-03-17 8.70 -
ClamAV 0.97.3 14671 2012-03-20 0.27 -
Comodo 5.1 11845 2012-03-20 4.26 -
CP Secure 1.3.0.5 2012.03.20 2012-03-20 0.51 -
Dr.Web 7.0.0.11250 2012.03.19 2012-03-19 23.68 -
F-Prot 4.6.2.117 20120320 2012-03-20 1.66 -
F-Secure 7.02.73807 2012.02.07.03 2012-02-07 0.34 -
Fortinet 4.3.392 15.336 2012-03-19 1.39 -
GData 22.4313 20120320 2012-03-20 12.80 -
ViRobot 20120320 2012.03.20 2012-03-20 1.98 -
Ikarus T3.1.32.20.0 2012.03.20.80769 2012-03-20 6.85 -
JiangMin 13.0.900 2012.03.19 2012-03-19 5.18 -
Kaspersky 5.5.10 2012.03.20 2012-03-20 0.48 -
KingSoft 2009.2.5.15 2012.3.20.17 2012-03-20 3.92 -
McAfee 5400.1158 6654 2012-03-19 18.64 -
Microsoft 1.8101 2012.03.20 2012-03-20 12.24 -
NOD32 3.0.21 6983 2012-03-20 0.30 -
Panda 9.05.01 2012.03.20 2012-03-20 9.79 -
Trend Micro 9.500-1005 8.852.03 2012-03-20 0.19 -
Quick Heal 11.00 2012.03.20 2012-03-20 2.72 -
Rising 20.0 24.02.01.01 2012-03-20 5.68 -
Sophos 3.29.0 4.75 2012-03-20 5.57 -
Sunbelt 3.9.2530.2 11687 2012-03-19 6.28 -
Symantec 1.3.0.24 20120318.006 2012-03-18 0.17 -
nProtect 20120320.01 10943486 2012-03-20 8.46 -
The Hacker 6.7.0.1 v00428 2012-03-19 1.45 -
VBA32 3.12.16.4 20120320.0938 2012-03-20 4.72 -
VirusBuster 5.4.1.9 14.1.267.0/81603812012-03-20 0.25 -


----------



## Was343 (Feb 27, 2012)

OTL logfile created on: 3/20/2012 11:34:01 AM - Run 2
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Tina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 41.51% Memory free
6.18 Gb Paging File | 4.51 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 195.83 Gb Free Space | 68.59% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.28 Gb Free Space | 52.84% Space Free | Partition Type: NTFS

Computer Name: FLAMINGOISLAND | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 00:35:10 | 000,334,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd1.exe
PRC - [2012/03/03 16:32:49 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
PRC - [2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
PRC - [2012/02/23 09:18:36 | 000,025,696 | ---- | M] (Microsoft Corporation) -- c:\0976f871c4fa7334056e\MpMiniSigStub.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/07/06 07:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2011/06/17 20:10:04 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
PRC - [2011/06/17 20:06:12 | 000,198,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe
PRC - [2011/06/14 19:31:44 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/03/07 21:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 16:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/24 04:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 04:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 04:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 04:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/14 14:30:26 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll
MOD - [2012/03/14 14:30:17 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/03/14 14:08:41 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/14 03:32:55 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/06 07:17:17 | 000,688,128 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/26 10:17:24 | 000,081,920 | ---- | M] () -- C:\Windows\System32\erainp32.dll
MOD - [2008/05/19 01:25:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/03 18:06:52 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/17 20:10:04 | 001,664,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/06/17 19:50:30 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)
SRV - [2011/06/14 19:31:44 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2010/03/07 21:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (BCM42RLY)
DRV - [2012/03/16 20:32:58 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120317.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/03/11 22:05:47 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120318.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/03/11 22:05:45 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120318.006\NAVENG.SYS -- (NAVENG)
DRV - [2012/03/11 22:05:37 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/03/11 22:05:36 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/03/11 21:49:56 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/03/11 21:48:21 | 000,092,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2012/03/02 18:50:50 | 000,820,856 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120302.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/12/10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/17 20:06:48 | 000,023,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SyDvCtrl32.sys -- (SyDvCtrl)
DRV - [2011/05/27 23:07:30 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/05/27 23:07:30 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/05/20 21:50:04 | 000,050,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2011/05/17 23:32:28 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS -- (SymEFA)
DRV - [2011/05/12 20:41:34 | 000,006,656 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Nccidx86.sys -- (Nccidx86)
DRV - [2011/05/10 23:54:58 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/05/02 22:19:00 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS -- (SymDS)
DRV - [2011/04/21 01:21:32 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\symtdiv.sys -- (SYMTDIV)
DRV - [2010/11/11 23:22:00 | 000,059,136 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/07/13 03:13:52 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2009/07/11 22:16:00 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009/06/15 15:08:18 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/04/10 23:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/01 23:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 00:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 00:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/24 04:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/24 03:01:00 | 000,007,680 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\STCFUx32.sys -- (STCFUx32)
DRV - [2006/11/27 02:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 02:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 02:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/21 07:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...&query={searchTerms}&invocationType=tb50trie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com...&query={searchTerms}&invocationType=tb50trie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2012/03/18 20:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/16 23:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/03 18:02:20 | 000,000,000 | ---D | M]

[2010/12/28 16:29:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Extensions
[2011/12/07 23:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions
[2012/03/03 18:00:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/03 18:00:44 | 000,000,000 | ---D | M] ("DoD Configuration") -- C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2012/03/01 09:19:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/03 16:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/16 23:55:41 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/03/18 21:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2012/03/03 16:54:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/02/01 16:47:38 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2012/02/20 22:05:36 | 000,003,739 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/16 23:55:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/16 23:55:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/14 12:02:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17E56E03-0D03-4697-8107-F9D1166E6D6F}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D7F29D7-8A77-474C-A801-58BC0BE728DD}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tina\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (dfboottime \??\C:\Windows\System32\dfboottime.cfg)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/16 03:00:30 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/03/14 22:09:59 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\GooredFix Backups
[2012/03/14 22:08:53 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tina\Desktop\GooredFix.exe
[2012/03/14 14:04:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/14 12:06:45 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\temp
[2012/03/14 12:06:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/14 10:43:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/14 10:43:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/14 10:43:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/14 10:43:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/14 10:43:16 | 000,000,000 | ---D | C] -- C:\username123904u
[2012/03/13 14:50:19 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/13 14:50:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/13 14:50:17 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/13 14:50:17 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/13 14:50:17 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/13 14:50:17 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/13 14:50:09 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/11 21:49:56 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/11 21:48:22 | 000,032,208 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\WGX.SYS
[2012/03/11 21:48:21 | 000,374,704 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
[2012/03/11 21:48:21 | 000,094,128 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2012/03/11 21:48:21 | 000,092,080 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2012/03/11 21:48:21 | 000,010,672 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\sysferThunk.dll
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105
[2012/03/11 21:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\SEP\0C01029F
[2012/03/11 21:14:17 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Tina\Desktop\aswMBR.exe
[2012/03/11 21:02:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/11 20:43:33 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\tdsskiller.exe
[2012/03/11 20:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/03/11 20:33:43 | 000,000,000 | ---D | C] -- C:\rsit
[2012/03/05 23:23:40 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\PRINT
[2012/03/04 00:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/03/03 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\RK_Quarantine
[2012/03/03 17:41:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/03 17:17:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/03 17:17:39 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/03 17:17:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/03 17:17:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/03 17:17:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/03 17:17:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/03 16:59:18 | 000,240,048 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2012/03/03 16:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/03 16:54:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/03 16:54:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/03 16:54:40 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/03 16:51:11 | 000,909,088 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Tina\Desktop\JavaSetup6u31 3MAR12.exe
[2012/03/03 16:51:08 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\JavaRa-1.16-16-12-11
[2012/03/03 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\symantec
[2012/03/03 16:44:32 | 000,000,000 | ---D | C] -- C:\Users\Tina\Desktop\Old Logs
[2012/03/03 16:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/03 16:42:12 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/03 16:32:49 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2012/03/03 16:30:23 | 015,125,536 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Tina\Desktop\SUPERAntiSpyware.exe
[2012/03/03 16:29:37 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/03 16:29:01 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\TFC.exe
[2012/03/03 16:26:32 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Tina\Desktop\dds.com
[2012/03/03 16:25:45 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tina\Desktop\HijackThis.exe
[2012/03/01 23:06:13 | 000,000,000 | ---D | C] -- C:\username123
[2012/03/01 19:03:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/01 15:19:48 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/01 15:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/01 15:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/01 09:50:31 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\Malwarebytes
[2012/03/01 09:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/01 09:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/01 09:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java(51)
[2012/02/20 21:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/02/20 21:18:46 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/20 20:56:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/02/20 20:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

========== Files - Modified Within 30 Days ==========

[2012/03/20 11:29:15 | 000,139,264 | ---- | M] () -- C:\Users\Tina\Desktop\SystemLook.exe
[2012/03/20 11:17:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 06:18:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 06:18:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/18 22:23:10 | 000,108,640 | ---- | M] () -- C:\Users\Tina\Desktop\Letter of Rec- Ruth.pdf
[2012/03/18 20:41:23 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/18 20:41:23 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/15 15:18:20 | 000,302,592 | ---- | M] () -- C:\Users\Tina\Desktop\wpo2ovhj.exe
[2012/03/14 22:16:36 | 001,219,072 | ---- | M] () -- C:\Users\Tina\Desktop\roguekiller.exe
[2012/03/14 22:08:53 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tina\Desktop\GooredFix.exe
[2012/03/14 14:05:23 | 000,270,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/14 13:59:40 | 002,465,436 | ---- | M] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2012/03/14 12:02:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/14 10:35:22 | 000,080,384 | ---- | M] () -- C:\Users\Tina\Desktop\MBRCheck.exe
[2012/03/11 21:49:56 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/03/11 21:49:56 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/11 21:49:56 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/11 21:48:22 | 000,240,048 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\SymVPN.dll
[2012/03/11 21:48:22 | 000,032,208 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\WGX.SYS
[2012/03/11 21:48:21 | 000,374,704 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysfer.dll
[2012/03/11 21:48:21 | 000,094,128 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\FwsVpn.dll
[2012/03/11 21:48:21 | 000,092,080 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2012/03/11 21:48:21 | 000,010,672 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\sysferThunk.dll
[2012/03/11 21:48:21 | 000,000,114 | ---- | M] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2012/03/11 21:14:21 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Tina\Desktop\aswMBR.exe
[2012/03/11 20:59:25 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/11 20:43:34 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tina\Desktop\tdsskiller.exe
[2012/03/11 20:31:47 | 000,781,383 | ---- | M] () -- C:\Users\Tina\Desktop\RSIT.exe
[2012/03/04 00:11:05 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/03 17:05:19 | 000,000,104 | ---- | M] () -- C:\Users\Tina\Desktop\Computer - Shortcut.lnk
[2012/03/03 16:54:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/03 16:54:19 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/03 16:54:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/03 16:54:19 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/03 16:32:49 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe
[2012/03/03 16:30:51 | 015,125,536 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Tina\Desktop\SUPERAntiSpyware.exe
[2012/03/03 16:29:46 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tina\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/03 16:29:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\TFC.exe
[2012/03/03 16:26:33 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Tina\Desktop\dds.com
[2012/03/03 16:25:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tina\Desktop\HijackThis.exe
[2012/03/03 00:49:14 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Tina\Desktop\JavaSetup6u31 3MAR12.exe
[2012/03/01 09:00:26 | 000,000,680 | ---- | M] () -- C:\Users\Tina\AppData\Local\d3d9caps.dat
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2012/03/20 11:29:15 | 000,139,264 | ---- | C] () -- C:\Users\Tina\Desktop\SystemLook.exe
[2012/03/18 22:23:10 | 000,108,640 | ---- | C] () -- C:\Users\Tina\Desktop\Letter of Rec- Ruth.pdf
[2012/03/15 15:18:20 | 000,302,592 | ---- | C] () -- C:\Users\Tina\Desktop\wpo2ovhj.exe
[2012/03/14 22:16:35 | 001,219,072 | ---- | C] () -- C:\Users\Tina\Desktop\roguekiller.exe
[2012/03/14 10:43:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/14 10:43:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/14 10:43:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/14 10:43:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/14 10:43:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/14 10:35:22 | 000,080,384 | ---- | C] () -- C:\Users\Tina\Desktop\MBRCheck.exe
[2012/03/11 21:49:58 | 002,465,436 | ---- | C] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Cat.DB
[2012/03/11 21:49:56 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/03/11 21:49:56 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/03/11 21:48:21 | 000,000,114 | ---- | C] () -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\isolate.ini
[2012/03/11 20:31:46 | 000,781,383 | ---- | C] () -- C:\Users\Tina\Desktop\RSIT.exe
[2012/03/04 00:11:05 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/03 17:05:19 | 000,000,104 | ---- | C] () -- C:\Users\Tina\Desktop\Computer - Shortcut.lnk
[2011/12/28 11:12:19 | 000,043,286 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\UserTile.png
[2011/12/23 13:54:42 | 000,270,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/18 13:39:53 | 000,000,680 | ---- | C] () -- C:\Users\Tina\AppData\Local\d3d9caps.dat
[2011/08/03 23:57:34 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/08/03 23:57:33 | 000,138,056 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\PnkBstrK.sys
[2011/08/03 23:57:00 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/08/03 23:56:57 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/08/03 23:56:55 | 003,360,624 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/06/14 13:42:09 | 000,011,849 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\SmarThruOptions.xml
[2011/06/14 13:41:55 | 000,036,864 | ---- | C] () -- C:\Windows\System32\SvcMan.exe
[2011/06/14 13:40:56 | 000,000,124 | ---- | C] () -- C:\Windows\Readiris.ini
[2011/06/14 13:40:52 | 000,023,040 | ---- | C] () -- C:\Windows\System32\irisco32.dll
[2011/06/14 13:33:44 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/06/14 13:33:32 | 000,113,768 | ---- | C] () -- C:\Windows\Wiainst.exe
[2011/06/14 13:31:04 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst2cl3.dll
[2011/06/14 13:29:40 | 000,274,432 | ---- | C] () -- C:\Windows\System32\SaMinDrv.dll
[2011/06/14 13:29:40 | 000,106,496 | ---- | C] () -- C:\Windows\System32\SaImgFlt.dll
[2011/06/14 13:29:40 | 000,090,112 | ---- | C] () -- C:\Windows\System32\SaSegFlt.dll
[2011/06/14 13:29:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\SaErHdlr.dll
[2011/05/12 21:56:13 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini
[2011/05/12 12:40:33 | 000,070,656 | ---- | C] () -- C:\Windows\System32\dfboottime.exe
[2011/01/26 19:04:25 | 000,000,004 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\62DD48
[2011/01/26 19:04:24 | 000,870,128 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\mcs.rma
[2011/01/06 15:33:40 | 000,000,192 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/06/03 17:23:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010/05/17 19:10:50 | 000,116,842 | ---- | C] () -- C:\Windows\hpqins00.dat
[2010/05/17 18:46:12 | 000,148,946 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/05/17 18:45:58 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/03/14 12:06:38 | 000,014,286 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/31 01:17:53 | 000,005,140 | RH-- | M] () -- C:\dell.sdr
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/01/06 15:33:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/19 22:34:48 | 000,000,742 | -H-- | M] () -- C:\IPH.PH
[2011/01/06 15:33:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/30 22:40:13 | 000,026,927 | ---- | M] () -- C:\newfile.enc
[2008/07/30 22:40:13 | 000,026,927 | ---- | M] () -- C:\newkey
[2012/03/18 20:17:57 | 3524,587,520 | -HS- | M] () -- C:\pagefile.sys
[2012/02/02 11:48:15 | 000,019,466 | ---- | M] () -- C:\SamsungPrinter_Update.log
[2008/07/30 22:42:51 | 000,002,090 | ---- | M] () -- C:\SetWiFiBT.txt
[2012/02/02 11:46:47 | 000,589,824 | ---- | M] (Samsung Printer) -- C:\SP_Connector.exe
[2008/07/30 23:01:03 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/09/02 11:25:28 | 000,000,000 | ---- | M] () -- C:\t1e8.2
[2009/12/29 18:42:58 | 000,000,000 | ---- | M] () -- C:\t1eg.2
[2011/01/02 21:12:39 | 000,000,000 | ---- | M] () -- C:\t1f4.2
[2009/11/22 08:26:27 | 000,000,000 | ---- | M] () -- C:\t1f8.1
[2009/11/22 08:26:27 | 000,000,000 | ---- | M] () -- C:\t1f8.2
[2011/09/18 12:18:00 | 000,000,000 | ---- | M] () -- C:\t1fc.1
[2011/09/18 12:18:00 | 000,000,000 | ---- | M] () -- C:\t1fc.2
[2010/11/28 15:08:43 | 000,000,000 | ---- | M] () -- C:\t1fg.2
[2009/09/25 18:30:40 | 000,000,000 | ---- | M] () -- C:\t1gc.2
[2011/05/30 07:21:42 | 000,000,000 | ---- | M] () -- C:\t1gk.2
[2012/03/11 21:03:03 | 000,088,182 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_11.03.2012_21.00.02_log.txt
[2012/03/12 09:01:12 | 000,084,552 | ---- | M] () -- C:\TDSSKiller.2.7.20.0_12.03.2012_08.59.52_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/06/07 09:39:45 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
[2011/06/22 02:13:15 | 000,024,576 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\system32\spool\prtprocs\w32x86\sst2cpc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg  >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-20 16:36:36

< type C:\Windows\system32\tasks\{3BD76508-8414-4F7A-AEE9-91D07DCDF5F0} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Author>SkypeSetupLight</Author>
</RegistrationInfo>
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Program Files\Skype\Phone\Skype.exe</Command>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<GroupId>S-1-5-32-545</GroupId>
</Principal>
</Principals>
</Task>

< type C:\Windows\system32\tasks\{90923D0B-8C04-40E5-B8D8-497561F9BBA1} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\07C97LLA\winvista_15124.exe" -d C:\Users\Tina\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>FlamingoIsland\Tina</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\system32\tasks\{A441BE70-9E57-40B5-8221-5BAB7E7D6B71} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\22Z3WYCE\InstallRoot_v3.13A[1].exe" -d C:\Users\Tina\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>FlamingoIsland\Tina</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

< type C:\Windows\system32\tasks\{E7C4D141-4E52-4871-8E88-34CC354E8DDA} /c >
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a "C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNTDPWBP\zyngaIE_toolbar[2].exe" -d C:\Users\Tina\Desktop</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>FlamingoIsland\Tina</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>
< End of report >


----------



## Was343 (Feb 27, 2012)

I just googled some stuff and it doesnt seem to be redirecting anymore either...


----------



## eddie5659 (Mar 19, 2001)

Excellent. Just got in from work, so need a drink and food to wake me up again, and then I'll look through it all


----------



## eddie5659 (Mar 19, 2001)

Sorry, was off for a few days ill, hence the lateness. Let me just read the thread, and I'll reply


----------



## eddie5659 (Mar 19, 2001)

Okay, firstly thanks for the SystemLook logs, very useful 

Now, looking in the new OTL logs, I see a few files I want to check out. Can you do this for me:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file



> *
> C:\t1e8.2
> C:\t1eg.2
> C:\t1f4.2
> ...


Let me know when they're uploaded 

--------------

Also, can you re-run SystemLook, with the following code, and post the new log:


```
:dir
%TEMP%\
:file
C:\Users\Tina\AppData\Roaming\62DD48
:filefind
*systeam.exe
%WINDIR%\SYSTEM32\2.exe
%WINDIR%\SYSTEM32\1.exe
*48571748
*conduit
*MakeMeBabies
*Viewpoint
:folderfind
*conduit
*MakeMeBabies
*Viewpoint
:regfind
*conduit
*MakeMeBabies
*Viewpoint
```
eddie


----------



## Was343 (Feb 27, 2012)

file is posted to thespykiller


----------



## Was343 (Feb 27, 2012)

SystemLook 30.07.11 by jpshortstuff
Log created at 17:16 on 03/04/2012 by Tina
Administrator - Elevation successful
========== dir ==========
C:\Users\Tina\AppData\Local\Temp - Parameters: "(none)"
---Files---
AdobeARM.log --a---- 2695 bytes [21:14 01/04/2012] [22:20 02/04/2012]
DWH27BA.tmp --a---- 0 bytes [01:39 02/04/2012] [01:39 02/04/2012]
DWH3BA8.tmp --a---- 0 bytes [01:39 02/04/2012] [01:39 02/04/2012]
DWHAD6.tmp --a---- 0 bytes [01:39 02/04/2012] [01:39 02/04/2012]
DWHBB73.tmp --a---- 0 bytes [18:51 02/04/2012] [18:51 02/04/2012]
DWHDF29.tmp --a---- 0 bytes [18:51 02/04/2012] [18:51 02/04/2012]
DWHF356.tmp --a---- 0 bytes [18:51 02/04/2012] [18:51 02/04/2012]
hpqddusr.log --a---- 312 bytes [21:15 01/04/2012] [21:15 01/04/2012]
jusched.log --a---- 1998 bytes [21:14 01/04/2012] [02:20 02/04/2012]
list.txt --a---- 2712 bytes [21:15 01/04/2012] [21:15 01/04/2012]
MAR1369.tmp --a---- 1342 bytes [21:15 01/04/2012] [21:15 01/04/2012]
MAR13C8.tmp --a---- 1285 bytes [21:15 01/04/2012] [21:15 01/04/2012]
pool.bin --a---- 256 bytes [14:59 02/04/2012] [14:59 02/04/2012]
wmplog00.sqm --a---- 2642 bytes [15:01 02/04/2012] [15:01 02/04/2012]
wmsetup.log --a---- 406 bytes [15:00 02/04/2012] [15:00 02/04/2012]
~DFAFD5.tmp --a---- 0 bytes [21:57 03/04/2012] [21:57 03/04/2012]
~DFBB31.tmp --a---- 16384 bytes [21:57 03/04/2012] [22:15 03/04/2012]
---Folders---
Adobe d------ [22:20 02/04/2012]
Cookies d--hs-- [21:52 01/04/2012]
History d--hs-- [21:52 01/04/2012]
Low d------ [21:23 29/03/2012]
msohtmlclip d------ [22:17 02/04/2012]
msohtmlclip1 d------ [22:17 02/04/2012]
Temporary Internet Files d--hs-- [21:52 01/04/2012]
VBE d------ [21:49 02/04/2012]
========== file ==========
C:\Users\Tina\AppData\Roaming\62DD48 - File found and opened.
MD5: 230BFBA3CDD85783C6690F105032582F
Created at 00:04 on 27/01/2011
Modified at 03:39 on 01/04/2011
Size: 4 bytes
Attributes: --a----
No version information available.
========== filefind ==========
Searching for "*systeam.exe"
No files found.
Searching for "%WINDIR%\SYSTEM32\2.exe"
No files found.
Searching for "%WINDIR%\SYSTEM32\1.exe"
No files found.
Searching for "*48571748"
No files found.
Searching for "*conduit"
No files found.
Searching for "*MakeMeBabies"
No files found.
Searching for "*Viewpoint"
No files found.
========== folderfind ==========
Searching for "*conduit"
C:\Program Files\Conduit d------ [18:58 09/10/2011]
C:\Program Files\Electronic Arts\The Godfather The Game\godfather_v4\westside_pkwy_v9\world_terrain\westside_pkwy_v9\greenwich_conduit d------ [01:33 15/08/2011]
C:\Users\Tina\AppData\Local\Conduit d------ [18:18 03/06/2010]
C:\Users\Tina\AppData\LocalLow\Conduit d------ [18:58 09/10/2011]
Searching for "*MakeMeBabies"
No folders found.
Searching for "*Viewpoint"
C:\ProgramData\Viewpoint d------ [03:42 27/08/2008]
C:\Users\All Users\Viewpoint d------ [03:42 27/08/2008]
========== regfind ==========
Searching for "*conduit"
No data found.
Searching for "*MakeMeBabies"
No data found.
Searching for "*Viewpoint"
No data found.
-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Thanks for uploading them. Looks like they're the remains of a virus, so lets remove them 

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Files
C:\t1e8.2
C:\t1eg.2
C:\t1f4.2
C:\t1f8.1
C:\t1f8.2
C:\t1fc.1
C:\t1fc.2
C:\t1fg.2
C:\t1gc.2
C:\t1gk.2
C:\Users\All Users\Viewpoint
C:\ProgramData\Viewpoint
C:\Users\Tina\AppData\LocalLow\Conduit
C:\Users\Tina\AppData\Local\Conduit
C:\Program Files\Conduit
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

--------------------

Also, can you upload this file for me, same as before. Same place, just reply to the thread there 

*C:\Users\Tina\AppData\Roaming\62DD48*

Thanks


----------



## Was343 (Feb 27, 2012)

All processes killed
========== FILES ==========
C:\t1e8.2 moved successfully.
C:\t1eg.2 moved successfully.
C:\t1f4.2 moved successfully.
C:\t1f8.1 moved successfully.
C:\t1f8.2 moved successfully.
C:\t1fc.1 moved successfully.
C:\t1fc.2 moved successfully.
C:\t1fg.2 moved successfully.
C:\t1gc.2 moved successfully.
C:\t1gk.2 moved successfully.
C:\Users\All Users\Viewpoint folder moved successfully.
File\Folder C:\ProgramData\Viewpoint not found.
C:\Users\Tina\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\Tina\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\Tina\AppData\LocalLow\Conduit folder moved successfully.
C:\Users\Tina\AppData\Local\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\Tina\AppData\Local\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Users\Tina\AppData\Local\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Users\Tina\AppData\Local\Conduit\Community Alerts folder moved successfully.
C:\Users\Tina\AppData\Local\Conduit folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tina\Desktop\cmd.bat deleted successfully.
C:\Users\Tina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tina
->Temp folder emptied: 54137 bytes
->Temporary Internet Files folder emptied: 7329941 bytes
->Java cache emptied: 4842800 bytes
->FireFox cache emptied: 49121721 bytes
->Flash cache emptied: 494 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tina
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tina
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.35.0 log created on 04102012_101455
Files\Folders moved on Reboot...
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGP9C2PX\si[1].htm moved successfully.
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0PQYOBGM\1042885-redirect-uncontrollable-japanese-asian-media-5[1].htm moved successfully.
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0PQYOBGM\si[1].htm moved successfully.
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Tina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

Also, can you upload this file for me, same as before. Same place, just reply to the thread there

*C:\Users\Tina\AppData\Roaming\62DD48*

-------------------------------------------------
Then, can you run this fix:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the quotebox below into it:



> Reglock::
> [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
> [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]


Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

-------------------------------

Also, can you do this:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:filefind
*conduit
*MakeMeBabies
*Viewpoint
:folderfind
*conduit
*MakeMeBabies
*Viewpoint
:regfind
*conduit
*MakeMeBabies
*Viewpoint
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

eddie


----------



## Was343 (Feb 27, 2012)

*C:\Users\Tina\AppData\Roaming\62DD48 uploaded*


----------



## Was343 (Feb 27, 2012)

Sorry, forgot I didnt post the last stuff

ComboFix 12-04-13.01 - Tina 04/13/2012 16:04:19.3.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3061.1415 [GMT -5:00]
Running from: c:\users\Tina\Desktop\username123.exe
Command switches used :: c:\users\Tina\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))))
.
.
2012-04-13 21:39 . 2012-04-13 21:39 -------- d-----w- c:\users\Tina\AppData\Local\temp
2012-04-13 21:39 . 2012-04-13 21:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-13 21:39 . 2012-04-13 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 20:17 . 2012-04-13 21:00 -------- d-----w- C:\username12310507u
2012-04-13 12:26 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D9D8114-8006-4248-BD8E-565E82D0A6F5}\mpengine.dll
2012-04-10 15:21 . 2012-04-10 16:04 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-01 13:17 . 2012-04-01 13:17 -------- d-----w- c:\program files\Safari
2012-04-01 13:14 . 2012-04-01 13:14 -------- d-----w- c:\program files\iPod
2012-04-01 13:14 . 2012-04-01 13:15 -------- d-----w- c:\program files\iTunes
2012-03-24 00:25 . 2012-03-24 00:25 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-24 00:25 . 2012-03-24 00:25 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-16 08:00 . 2012-03-16 08:00 -------- d-----w- c:\windows\CheckSur
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 16:04 . 2011-06-10 19:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 20:56 . 2012-03-03 21:42 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 02:49 . 2012-03-12 02:49 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-12 02:48 . 2012-03-12 02:48 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-03-12 02:48 . 2012-03-03 21:59 240048 ----a-w- c:\windows\system32\SymVPN.dll
2012-03-12 02:48 . 2012-03-12 02:48 94128 ----a-w- c:\windows\system32\FwsVpn.dll
2012-03-12 02:48 . 2012-03-12 02:48 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-03-12 02:48 . 2012-03-12 02:48 374704 ----a-w- c:\windows\system32\sysfer.dll
2012-03-12 02:48 . 2012-03-12 02:48 10672 ----a-w- c:\windows\system32\sysferThunk.dll
2012-03-03 21:54 . 2011-04-12 12:49 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 14:18 . 2009-10-03 13:47 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 15:45 . 2012-03-13 19:50 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 19:50 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 19:50 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 19:50 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 19:50 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-02 16:46 . 2011-06-28 18:27 589824 ----a-w- C:\SP_Connector.exe
2012-02-02 15:16 . 2012-03-13 19:50 2044416 ----a-w- c:\windows\system32\win32k.sys
2003-03-19 02:20 . 2011-05-13 02:48 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 09:42 . 2011-05-13 02:48 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2012-03-24 00:25 . 2011-12-12 23:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-28 133656]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ dfboottime \??\c:\windows\System32\dfboottime.cfg\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ApproveIt StartUp.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
backup=c:\windows\pss\ApproveIt StartUp.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyExcelKeys]
c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AprvRemoveLegacyWordKeys]
c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\3180 Scan2PC]
2010-11-11 09:46 1998848 ----a-w- c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApproveItForOfficeSetup]
2010-01-26 15:26 155648 ----a-w- c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLX3180_Scan2Pc]
2010-11-11 09:46 1998848 ----a-w- c:\windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-10-27 17:18 1103216 ----a-w- c:\program files\Download Manager\DLM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
2011-01-27 00:08 79872 ----a-w- c:\users\Tina\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:04]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/Ser...eic6yu9oa4y3&scc=1&ltmpl=default&ltmplcache=2
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\px66xfar.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-13 16:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ... 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
Completion time: 2012-04-13 16:42:53
ComboFix-quarantined-files.txt 2012-04-13 21:42
ComboFix2.txt 2012-04-13 21:00
ComboFix3.txt 2012-03-14 17:06
.
Pre-Run: 204,987,531,264 bytes free
Post-Run: 204,926,681,088 bytes free
.
- - End Of File - - 9F16108AAB1D831FEE933AFD53597038


----------



## Was343 (Feb 27, 2012)

I believe I have now posted everything requested. Let me know if I missed something

SystemLook 30.07.11 by jpshortstuff
Log created at 13:02 on 16/04/2012 by Tina
Administrator - Elevation successful
========== filefind ==========
Searching for "*conduit"
No files found.
Searching for "*MakeMeBabies"
No files found.
Searching for "*Viewpoint"
No files found.
========== folderfind ==========
Searching for "*conduit"
C:\Program Files\Electronic Arts\The Godfather The Game\godfather_v4\westside_pkwy_v9\world_terrain\westside_pkwy_v9\greenwich_conduit d------ [01:33 15/08/2011]
C:\_OTL\MovedFiles\04102012_101455\C_Program Files\Conduit d------ [18:58 09/10/2011]
C:\_OTL\MovedFiles\04102012_101455\C_Users\Tina\AppData\Local\Conduit d------ [18:18 03/06/2010]
C:\_OTL\MovedFiles\04102012_101455\C_Users\Tina\AppData\LocalLow\Conduit d------ [18:58 09/10/2011]
Searching for "*MakeMeBabies"
No folders found.
Searching for "*Viewpoint"
C:\_OTL\MovedFiles\04102012_101455\C_Users\All Users\Viewpoint d------ [03:42 27/08/2008]
========== regfind ==========
Searching for "*conduit"
No data found.
Searching for "*MakeMeBabies"
No data found.
Searching for "*Viewpoint"
No data found.
-= EOF =-


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

Okay, just looking at the file you uploaded, and there isn't much in it. Its uploaded okay, just hardly anything in the actual file 

So, we can remove or keep it, its up to you. As its just the one file, if you want to remove it, then use the following:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:Files
C:\Users\Tina\AppData\Roaming\62DD48
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

-----------------

Apart from that, I think we're nearly there. If you can do the following for any leftovers, that would be great 

This is a different tool to OTL. Very similar name, but called OTS 

Download *OTS* to your Desktop and double-click on it to run it 

Make sure you close all other programs and *don't* use the PC while the scan runs. 
Now click the *Run Scan* button on the toolbar. Make sure not to use the PC while the program is running or it will freeze. 
When the scan is complete Notepad will open with the report file loaded in it. 
Click the *Format* menu and make sure that *Wordwrap* is not checked. If it is then click on it to uncheck it. 
Use the Add Reply button and post the information back here in an *attachment*. I will review it when it comes in. The last line is *< End of Report >*, so make sure that is the last line in the attached report.

*Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way*

---------

Please go to *here* to run an online scannner from ESET.

 Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activex control to install
Click *Start*
Make sure that the option *Remove found threats* is *unticked*, and the option *Scan unwanted applications* is *checked*
Click on *Advanced Settings* and ensure these options are ticked:
*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Click *Scan*
Wait for the scan to finish
If any threats were found, click the *'List of found threats' *, then click* Export to text file...*. 
Save it to your desktop, then please copy and paste that log as a reply to this topic.

eddie


----------



## Was343 (Feb 27, 2012)

I will glady remove anything I dont need

All processes killed
========== FILES ==========
C:\Users\Tina\AppData\Roaming\62DD48 moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tina\Desktop\cmd.bat deleted successfully.
C:\Users\Tina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tina
->Temp folder emptied: 497303 bytes
->Temporary Internet Files folder emptied: 8253656 bytes
->Java cache emptied: 3965436 bytes
->FireFox cache emptied: 275677668 bytes
->Flash cache emptied: 1031 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10018840 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 28662 bytes

Total Files Cleaned = 285.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tina
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tina
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.35.0 log created on 04162012_174912
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...


----------



## Was343 (Feb 27, 2012)

OTS


----------



## Was343 (Feb 27, 2012)

ESET found no threats, and there was no log file to post.


----------



## eddie5659 (Mar 19, 2001)

Excellent, the OTS log was clear as well 

How's the computer running now? Has the initial problem stopped?

If so, we'll remove the tools we've used, but I'll wait for your reply first 

Also, to see what updates you need, can you run this:

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

eddie


----------



## Was343 (Feb 27, 2012)

Yes. All the problems have ceased.


----------



## Was343 (Feb 27, 2012)

Results of screen317's Security Check version 0.99.32 
Windows Vista Service Pack 2 x86 (UAC is enabled) 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Disabled! 
Symantec Endpoint Protection 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
SUPERAntiSpyware 
CCleaner 
Java(TM) 6 Update 31 
Adobe Flash Player 11.2.202.233 
Adobe Reader X (10.1.3) 
Mozilla Firefox (11.0.) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Norton ccSvcHst.exe 
Malwarebytes' Anti-Malware mbamservice.exe 
*``````````End of Log````````````*


----------



## eddie5659 (Mar 19, 2001)

Excellent :up:

*Any questions about the following, just ask  *

We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*
JavaRa
SystemLook
RogueKiller
RSIT
TDSSKiller
aswMBR
MBRCheck
GooredFix 
sfp.zip
*

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall, either use *Microsoft Windows Firewall* which is good, or a free one available for personal use.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## Was343 (Feb 27, 2012)

Is the malawarebytes program worth buying? it seemed to do a pretty good job when I first downloaded it.


----------



## eddie5659 (Mar 19, 2001)

I have the free version, but yes, buying it is worth it as it does more:

This is all about the two, and you can see what the Pro does diferently to the free 

http://www.malwarebytes.org/products


----------

