Jump to content

Recommended Posts

ok the first problem is i have a search hijacker that's redirecting everything

now here's where my frustration sets in i noticed things weren't running properly so i decided to perform a search with malwarware bytes during the scanning process the program shuts down, then i perform a scan with esmisoft hi-jack free and i get the same result, then i run a scan with esmisoft anti malware but once again it closes on me. when i try to re-open the program this box comes up ''windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access them''

Link to post
Share on other sites

my other problems include a random blue screen and then my computer restarts... i decided to try combofix when but when i open the program it closes in a few moments & then this error box comes up ''you cannot rename combofix as (combofix1) please use another name, preferable made up of alphanumeric characters

then i decide to try tdsskiller finally a program running for me!! the scan returned two threats detected one says hidden file the other unsigned file

heres what it says on my screen:Hidden file unsigned file

service: dc153229 service: dfsc

service type: kernel driver (0x1) service type: file driver system (0x2)

service start: demand (0x3) service start: system (0x1)

file: c:\windows2570196444:602590566.exe file: c:\windows\system32\drivers\dfsc.sys

md5:8f2bb1827cac01aee6a16e30a1260199 md5: 50bb02d78b8a2d6ec66b03beaec2105

i rebooted and everything yet when i reopen tdsskiller threats are still found... thank you i'll googole about rkill

Link to post
Share on other sites

after rebooting with tdsskiller heres a log i did

if i delete all of the registrys where pptp is located will it be fixed?

************************************************************************************

ISeeYouXP v2.0 Beta 14

ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude

ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan

------------------------------------------------------------------------------------

**** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! ****

**** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. ****

************************************************************************************

Windows/Browser/Java Versions:

Microsoftr Windows VistaT Home Basic

Version: 6.0.6001

Service Pack: 1.0

Windows Directory: C:\Windows

Sun Microsystems Java Runtime

Version: 1.6.0_17

Boot State: Normal boot

Scan done at 9:09:19.82, Mon 10/10/2011

------------------------------------------------------------------------------------

ISeeYouXP installation folder and files

"C:\ISeeYouXP\"

bootst~1.vbs May 28 2007 359 "bootstate.vbs"

change.log Jun 8 2008 5012 "change.log"

chodefix.bat Apr 18 2007 5387 "chodefix.bat"

fixchode.reg Apr 18 2007 528 "fixChode.reg"

fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat"

getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"

grep.exe Dec 24 2004 160768 "grep.exe"

hideit.bat Oct 17 2007 1072 "HideIT.bat"

ieinfo.vbs May 28 2007 514 "ieinfo.vbs"

iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat"

iesecu~1.vbs Nov 8 2007 2399 "IESecurityZones.vbs"

iseeyo~1.bat Jun 8 2008 211377 "ISeeYouXP.bat"

libico~1.dll Mar 16 2004 898048 "libiconv2.dll"

libintl3.dll Oct 9 2004 101888 "libintl3.dll"

locate.com Jan 14 2005 11254 "locate.com"

md5sum.exe Aug 5 2007 49152 "md5sum.exe"

msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat"

osinfo.vbs May 28 2007 598 "osinfo.vbs"

pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT"

pcre.dll Nov 14 2004 183313 "pcre.dll"

pv.exe Mar 3 2006 73728 "pv.exe"

regedi~1.bat Mar 30 2007 650 "RegEditFix.bat"

regfix.bat Apr 18 2007 145 "Regfix.bat"

servic~1.vbs May 28 2007 672 "servicesinfo.vbs"

showit.bat Oct 17 2007 1013 "ShowIT.bat"

swreg.exe Apr 5 2007 139776 "swreg.exe"

system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat"

taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat"

28 items found: 28 files, 0 directories.

Total of file sizes: 1,856,092 bytes 1.77 M

3 Dir(s) 8,315,469,824 bytes free

------------------------------------------------------------------------------------

System Environment Variables

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\senator perkins\AppData\Roaming

asl.log=Destination=file;OnFirstLog=command,environment

CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=SENATORPERKI-PC

ComSpec=C:\Windows\system32\cmd.exe

DFSTRACINGON=FALSE

errcode=0

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\senator perkins

LOCALAPPDATA=C:\Users\senator perkins\AppData\Local

LOGONSERVER=\\SENATORPERKI-PC

MSWorksProductCode={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

NUMBER_OF_PROCESSORS=1

OnlineServices=Online Services

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PCBRAND=Pavilion

Platform=HPD

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 127 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=7f02

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\SENATO~1\AppData\Local\Temp

TMP=C:\Users\SENATO~1\AppData\Local\Temp

TRACE_FORMAT_SEARCH_PATH=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

USERDOMAIN=senatorperki-PC

USERNAME=senator perkins

USERPROFILE=C:\Users\senator perkins

windir=C:\Windows

------------------------------------------------------------------------------------

Showing any Pocket Killbox backup files

"C:\!KillBox\"

bk23567.dat Aug 14 2010 1 "bk23567.dat"

1 item found: 1 file (1 H/S), 0 directories.

Total of file sizes: 1 byte 0.00 K

------------------------------------------------------------------------------------

Displaying BOOT.INI:

------------------------------------------------------------------------------------

Displaying SYSTEM.INI:

; for 16-bit app support

[386Enh]

woafont=dosapp.fon

EGA80WOA.FON=EGA80WOA.FON

EGA40WOA.FON=EGA40WOA.FON

CGA80WOA.FON=CGA80WOA.FON

CGA40WOA.FON=CGA40WOA.FON

[drivers]

wave=mmdrv.dll

timer=timer.drv

[mci]

------------------------------------------------------------------------------------

Displaying WIN.INI:

; for 16-bit app support

[fonts]

[extensions]

[mci extensions]

[files]

[Mail]

MAPI=1

CMCDLLNAME32=mapi32.dll

CMC=1

MAPIX=1

MAPIXVER=1.0.0.1

OLEMessaging=1

[MCI Extensions.BAK]

m2v=MPEGVideo

mod=MPEGVideo

------------------------------------------------------------------------------------

Displaying AUTOEXEC.BAT:

REM Dummy file for NTVDMPATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625

------------------------------------------------------------------------------------

Displaying CONFIG.SYS:

FILES=40

------------------------------------------------------------------------------------

Displaying Running Processes:

------------------------------------------------------------------------------------

Displaying Windows Services:

Name: a2AntiMalware

Display Name: Emsisoft Anti-Malware 6.0 - Service

Description: Scans the PC for unwanted software and provides protection from malicious code

Path Name: "C:\Program Files\Emsisoft Anti-Malware\a2service.exe"

Start Mode: Auto

State: Stopped

Name: AeLookupSvc

Display Name: Application Experience

Description: Processes application compatibility cache requests for applications as they are launched

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: ALG

Display Name: Application Layer Gateway Service

Description: Provides support for 3rd party protocol plug-ins for Internet Connection Sharing

Path Name: C:\Windows\System32\alg.exe

Start Mode: Manual

State: Stopped

Name: Appinfo

Display Name: Application Information

Description: Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Manual

State: Stopped

Name: Apple Mobile Device

Display Name: Apple Mobile Device

Description: Provides the interface to Apple mobile devices.

Path Name: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

Start Mode: Auto

State: Stopped

Name: AudioEndpointBuilder

Display Name: Windows Audio Endpoint Builder

Description: Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start

Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: Audiosrv

Display Name: Windows Audio

Description: Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Auto

State: Running

Name: Automatic LiveUpdate Scheduler

Display Name: Automatic LiveUpdate Scheduler

Description: Manages the scheduling of Automatic LiveUpdate sessions

Path Name: "c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"

Start Mode: Disabled

State: Stopped

Name: BFE

Display Name: Base Filtering Engine

Description: The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

Start Mode: Auto

State: Running

Name: BITS

Display Name: Background Intelligent Transfer Service

Description: Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: Bonjour Service

Display Name: Bonjour Service

Description: Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.

Path Name: "C:\Program Files\Bonjour\mDNSResponder.exe"

Start Mode: Auto

State: Stopped

Name: Browser

Display Name: Computer Browser

Description: Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Auto

State: Stopped

Name: ccEvtMgr

Display Name: Symantec Event Manager

Description: Event propagation and logging service

Path Name: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

Start Mode: Auto

State: Stopped

Name: ccSetMgr

Display Name: Symantec Settings Manager

Description: Settings storage and management service

Path Name: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

Start Mode: Auto

State: Stopped

Name: CertPropSvc

Display Name: Certificate Propagation

Description: Propagates certificates from smart cards.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Manual

State: Stopped

Name: clr_optimization_v2.0.50727_32

Display Name: Microsoft .NET Framework NGEN v2.0.50727_X86

Description: Microsoft .NET Framework NGEN

Path Name: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Start Mode: Manual

State: Stopped

Name: CLTNetCnService

Display Name: Symantec Lic NetConnect service

Description: Symantec Lic NetConnect Service

Path Name: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

Start Mode: Auto

State: Stopped

Name: comHost

Display Name: COM Host

Description: COM aggregation host service

Path Name: "c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"

Start Mode: Manual

State: Stopped

Name: COMSysApp

Display Name: COM+ System Application

Description: Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Start Mode: Manual

State: Stopped

Name: CryptSvc

Display Name: Cryptographic Services

Description: Provides four management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k NetworkService

Start Mode: Auto

State: Running

Name: DcomLaunch

Display Name: DCOM Server Process Launcher

Description: Provides launch functionality for DCOM services.

Path Name: C:\Windows\system32\svchost.exe -k DcomLaunch

Start Mode: Auto

State: Running

Name: DFSR

Display Name: DFS Replication

Description: Enables you to synchronize folders on multiple servers across local or wide area network (WAN) network connections. This service uses the Remote Differential Compression (RDC) protocol to update only the portions of files that have changed since the last replication.

Path Name: C:\Windows\system32\DFSR.exe

Start Mode: Manual

State: Stopped

Name: Dhcp

Display Name: DHCP Client

Description: Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Auto

State: Running

Name: Dnscache

Display Name: DNS Client

Description: The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k NetworkService

Start Mode: Auto

State: Running

Name: dot3svc

Display Name: Wired AutoConfig

Description: This service performs IEEE 802.1X authentication on Ethernet interfaces

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Manual

State: Stopped

Name: DPS

Display Name: Diagnostic Policy Service

Description: The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

Start Mode: Auto

State: Running

Name: EapHost

Display Name: Extensible Authentication Protocol

Description: The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Manual

State: Running

Name: EMDMgmt

Display Name: ReadyBoost

Description: Provides support for improving system performance using ReadyBoost.

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: Eventlog

Display Name: Windows Event Log

Description: This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Auto

State: Running

Name: EventSystem

Display Name: COM+ Event System

Description: Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Auto

State: Running

Name: fdPHost

Display Name: Function Discovery Provider Host

Description: Host process for Function Discovery providers.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Manual

State: Stopped

Name: FDResPub

Display Name: Function Discovery Resource Publication

Description: Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Auto

State: Running

Name: FontCache3.0.0.0

Display Name: Windows Presentation Foundation Font Cache 3.0.0.0

Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.

Path Name: C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

Start Mode: Manual

State: Stopped

Name: GameConsoleService

Display Name: GameConsoleService

Description: GameConsole management services

Path Name: "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe"

Start Mode: Manual

State: Stopped

Name: gpsvc

Display Name: Group Policy Client

Description: The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is stopped or disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is stopped or disabled.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: gupdate

Display Name: Google Update Service (gupdate)

Description: Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

Path Name: C:\Program Files\Google\Update\GoogleUpdate.exe /svc

Start Mode: Auto

State: Stopped

Name: gupdatem

Display Name: Google Update Service (gupdatem)

Description: Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

Path Name: C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc

Start Mode: Manual

State: Stopped

Name: hidserv

Display Name: Human Interface Device Access

Description: Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: hkmsvc

Display Name: Health Key and Certificate Management

Description: Provides X.509 certificate and key management services for the Network Access Protection Agent (NAPAgent). Enforcement technologies that use X.509 certificates may not function properly without this service

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Manual

State: Stopped

Name: idsvc

Display Name: Windows CardSpace

Description: Securely enables the creation, management, and disclosure of digital identities.

Path Name: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"

Start Mode: Manual

State: Stopped

Name: IKEEXT

Display Name: IKE and AuthIP IPsec Keying Modules

Description: The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: IPBusEnum

Display Name: PnP-X IP Bus Enumerator

Description: The PnP-X bus enumerator service manages the virtual network bus. It discovers network connected devices using the SSDP/WS discovery protocols and gives them presence in PnP. If this service is stopped or disabled, presence of NCD devices will not be maintained in PnP. All pnpx based scenarios will stop functioning.

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Manual

State: Stopped

Name: iphlpsvc

Display Name: IP Helper

Description: Provides automatic IPv6 connectivity over an IPv4 network. If this service is stopped, the machine will only have IPv6 connectivity if it is connected to a native IPv6 network.

Path Name: C:\Windows\System32\svchost.exe -k NetSvcs

Start Mode: Auto

State: Running

Name: KeyIso

Display Name: CNG Key Isolation

Description: The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.

Path Name: C:\Windows\system32\lsass.exe

Start Mode: Manual

State: Running

Name: KtmRm

Display Name: KtmRm for Distributed Transaction Coordinator

Description: Coordinates transactions between MSDTC and the Kernel Transaction Manager (KTM).

Path Name: C:\Windows\System32\svchost.exe -k NetworkService

Start Mode: Auto

State: Running

Name: LanmanServer

Display Name: Server

Description: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: LanmanWorkstation

Display Name: Workstation

Description: Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\svchost.exe -k LocalService

Start Mode: Auto

State: Running

Name: LightScribeService

Display Name: LightScribeService Direct Disc Labeling Service

Description: Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work.

Path Name: "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"

Start Mode: Auto

State: Running

Name: LiveUpdate

Display Name: LiveUpdate

Description: LiveUpdate Core Engine

Path Name: "c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE"

Start Mode: Manual

State: Stopped

Name: LiveUpdate Notice

Display Name: LiveUpdate Notice

Description: Manages Norton product notices

Path Name: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon

Start Mode: Auto

State: Stopped

Name: lltdsvc

Display Name: Link-Layer Topology Discovery Mapper

Description: Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.

Path Name: C:\Windows\System32\svchost.exe -k LocalService

Start Mode: Manual

State: Stopped

Name: lmhosts

Display Name: TCP/IP NetBIOS Helper

Description: Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Auto

State: Running

Name: Microsoft Office Groove Audit Service

Display Name: Microsoft Office Groove Audit Service

Description:

Path Name: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"

Start Mode: Manual

State: Stopped

Name: MMCSS

Display Name: Multimedia Class Scheduler

Description: Enables relative prioritization of work based on system-wide task priorities. This is intended mainly for multimedia applications. If this service is stopped, individual tasks resort to their default priority.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: MpsSvc

Display Name: Windows Firewall

Description: Windows Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.

Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

Start Mode: Auto

State: Running

Name: MSDTC

Display Name: Distributed Transaction Coordinator

Description: Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\msdtc.exe

Start Mode: Manual

State: Stopped

Name: MSiSCSI

Display Name: Microsoft iSCSI Initiator Service

Description: Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Manual

State: Stopped

Name: msiserver

Display Name: Windows Installer

Description: Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\msiexec /V

Start Mode: Manual

State: Stopped

Name: napagent

Display Name: Network Access Protection Agent

Description: Enables Network Access Protection (NAP) functionality on client computers

Path Name: C:\Windows\System32\svchost.exe -k NetworkService

Start Mode: Manual

State: Stopped

Name: Netlogon

Display Name: Netlogon

Description: Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\lsass.exe

Start Mode: Manual

State: Stopped

Name: Netman

Display Name: Network Connections

Description: Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.

Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Manual

State: Running

Name: netprofm

Display Name: Network List Service

Description: Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.

Path Name: C:\Windows\System32\svchost.exe -k LocalService

Start Mode: Auto

State: Running

Name: NetTcpPortSharing

Display Name: Net.Tcp Port Sharing Service

Description: Provides ability to share TCP ports over the net.tcp protocol.

Path Name: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"

Start Mode: Disabled

State: Stopped

Name: NlaSvc

Display Name: Network Location Awareness

Description: Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\svchost.exe -k NetworkService

Start Mode: Auto

State: Running

Name: nsi

Display Name: Network Store Interface Service

Description: This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Auto

State: Running

Name: OAcat

Display Name: Online Armor Helper Service

Description:

Path Name: "C:\Program Files\Tall Emu\Online Armor\OAcat.exe"

Start Mode: Auto

State: Running

Name: odserv

Display Name: Microsoft Office Diagnostics Service

Description: Run portions of Microsoft Office Diagnostics.

Path Name: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"

Start Mode: Manual

State: Stopped

Name: ose

Display Name: Office Source Engine

Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.

Path Name: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

Start Mode: Manual

State: Stopped

Name: p2pimsvc

Display Name: Peer Networking Identity Manager

Description: Provides Identity service for Peer Networking

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Manual

State: Stopped

Name: p2psvc

Display Name: Peer Networking Grouping

Description: Provides Peer Networking Grouping services

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Manual

State: Stopped

Name: PcaSvc

Display Name: Program Compatibility Assistant Service

Description: Provides support for the Program Compatibility Assistant. If this service is stopped, the Program Compatibility Assistant will not function properly. If this service is disabled, any services that depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: pla

Display Name: Performance Logs & Alerts

Description: Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

Start Mode: Manual

State: Stopped

Name: PlugPlay

Display Name: Plug and Play

Description: Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.

Path Name: C:\Windows\system32\svchost.exe -k DcomLaunch

Start Mode: Auto

State: Running

Name: PNRPAutoReg

Display Name: PNRP Machine Name Publication Service

Description: This service publishes a machine name using the Peer Name Resolution Protocol. Configuration is managed via the netsh context 'p2p pnrp peer'

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Manual

State: Stopped

Name: PNRPsvc

Display Name: Peer Name Resolution Protocol

Description: Enables Serverless Peer Name Resolution over the Internet. If disabled, some Peer to Peer and Collaborative applications, such as Windows Meetings, may not function

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Manual

State: Stopped

Name: PolicyAgent

Display Name: IPsec Policy Agent

Description: Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool "netsh ipsec". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Firewall is not available when this service is stopped.

Path Name: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

Start Mode: Auto

State: Running

Name: ProfSvc

Display Name: User Profile Service

Description: This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully logon or logoff, applications may have problems getting to users' data, and components registered to receive profile event notifications will not receive them.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: ProtectedStorage

Display Name: Protected Storage

Description: Provides protected storage for sensitive data, such as passwords, to prevent access by unauthorized services, processes, or users.

Path Name: C:\Windows\system32\lsass.exe

Start Mode: Manual

State: Stopped

Name: QWAVE

Display Name: Quality Windows Audio Video Experience

Description: Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Manual

State: Stopped

Name: RasAuto

Display Name: Remote Access Auto Connection Manager

Description: Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Manual

State: Stopped

Name: RasMan

Display Name: Remote Access Connection Manager

Description: Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Manual

State: Running

Name: RemoteAccess

Display Name: Routing and Remote Access

Description: Offers routing services to businesses in local area and wide area network environments.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Disabled

State: Stopped

Name: RemoteRegistry

Display Name: Remote Registry

Description: Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k regsvc

Start Mode: Manual

State: Stopped

Name: RpcLocator

Display Name: Remote Procedure Call (RPC) Locator

Description: Manages the RPC name service database.

Path Name: C:\Windows\system32\locator.exe

Start Mode: Manual

State: Stopped

Name: RpcSs

Display Name: Remote Procedure Call (RPC)

Description: Serves as the endpoint mapper and COM Service Control Manager. If this service is stopped or disabled, programs using COM or Remote Procedure Call (RPC) services will not function properly.

Path Name: C:\Windows\system32\svchost.exe -k rpcss

Start Mode: Auto

State: Running

Name: SamSs

Display Name: Security Accounts Manager

Description: The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.

Path Name: C:\Windows\system32\lsass.exe

Start Mode: Auto

State: Running

Name: SCardSvr

Display Name: Smart Card

Description: Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Manual

State: Stopped

Name: Schedule

Display Name: Task Scheduler

Description: Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: SCPolicySvc

Display Name: Smart Card Removal Policy

Description: Allows the system to be configured to lock the user desktop upon smart card removal.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Manual

State: Stopped

Name: SDRSVC

Display Name: Windows Backup

Description: Provides Windows Backup and Restore capabilities.

Path Name: C:\Windows\system32\svchost.exe -k SDRSVC

Start Mode: Manual

State: Stopped

Name: seclogon

Display Name: Secondary Logon

Description: Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: SENS

Display Name: System Event Notification Service

Description: Monitors system events and notifies subscribers to COM+ Event System of these events.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: SessionEnv

Display Name: Terminal Services Configuration

Description: Terminal Services Configuration service (TSCS) is responsible for all Terminal Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, TS themes, and TS certificates.

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Manual

State: Stopped

Name: SharedAccess

Display Name: Internet Connection Sharing (ICS)

Description: Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Disabled

State: Stopped

Name: ShellHWDetection

Display Name: Shell Hardware Detection

Description: Provides notifications for AutoPlay hardware events.

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: slsvc

Display Name: Software Licensing

Description: Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a reduced function mode.

Path Name: C:\Windows\system32\SLsvc.exe

Start Mode: Auto

State: Running

Name: SLUINotify

Display Name: SL UI Notification Service

Description: Provides Software Licensing activation and notification

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Manual

State: Stopped

Name: SNMPTRAP

Display Name: SNMP Trap

Description: Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\snmptrap.exe

Start Mode: Manual

State: Stopped

Name: Spooler

Display Name: Print Spooler

Description: Loads files to memory for later printing

Path Name: C:\Windows\System32\spoolsv.exe

Start Mode: Auto

State: Running

Name: SSDPSRV

Display Name: SSDP Discovery

Description: Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Manual

State: Running

Name: SstpSvc

Display Name: Secure Socket Tunneling Protocol Service

Description: Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Manual

State: Running

Name: stisvc

Display Name: Windows Image Acquisition (WIA)

Description: Provides image acquisition services for scanners and cameras

Path Name: C:\Windows\system32\svchost.exe -k imgsvc

Start Mode: Auto

State: Running

Name: SvcOnlineArmor

Display Name: Online Armor

Description:

Path Name: C:\Program Files\Tall Emu\Online Armor\oasrv.exe

Start Mode: Manual

State: Stopped

Name: swprv

Display Name: Microsoft Software Shadow Copy Provider

Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\svchost.exe -k swprv

Start Mode: Manual

State: Stopped

Name: Symantec Core LC

Display Name: Symantec Core LC

Description: Symantec Core LC

Path Name: C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Start Mode: Manual

State: Stopped

Name: SysMain

Display Name: Superfetch

Description: Maintains and improves system performance over time.

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: TabletInputService

Display Name: Tablet PC Input Service

Description: Enables Tablet PC pen and ink functionality

Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: TapiSrv

Display Name: Telephony

Description: Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.

Path Name: C:\Windows\System32\svchost.exe -k NetworkService

Start Mode: Manual

State: Running

Name: TBS

Display Name: TPM Base Services

Description: Enables access to the Trusted Platform Module (TPM), which provides hardware-based cryptographic services to system components and applications. If this service is stopped or disabled, applications will be unable to use keys protected by the TPM.

Path Name: C:\Windows\System32\svchost.exe -k LocalService

Start Mode: Auto

State: Stopped

Name: TermService

Display Name: Terminal Services

Description: Allows users to connect interactively to a remote computer. Remote Desktop and Terminal Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.

Path Name: C:\Windows\System32\svchost.exe -k NetworkService

Start Mode: Auto

State: Running

Name: Themes

Display Name: Themes

Description: Provides user experience theme management.

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: THREADORDER

Display Name: Thread Ordering Server

Description: Provides ordered execution for a group of threads within a specific period of time.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Manual

State: Stopped

Name: TrkWks

Display Name: Distributed Link Tracking Client

Description: Maintains links between NTFS files within a computer or across computers in a network.

Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: TrustedInstaller

Display Name: Windows Modules Installer

Description: Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.

Path Name: C:\Windows\servicing\TrustedInstaller.exe

Start Mode: Manual

State: Running

Name: UI0Detect

Display Name: Interactive Services Detection

Description: Enables user notification of user input for interactive services, which enables access to dialogs created by interactive services when they appear. If this service is stopped, notifications of new interactive service dialogs will no longer function and there may no longer be access to interactive service dialogs. If this service is disabled, both notifications of and access to new interactive service dialogs will no longer function.

Path Name: C:\Windows\system32\UI0Detect.exe

Start Mode: Manual

State: Stopped

Name: upnphost

Display Name: UPnP Device Host

Description: Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Auto

State: Running

Name: UxSms

Display Name: Desktop Window Manager Session Manager

Description: Provides Desktop Window Manager startup and maintenance services

Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: vds

Display Name: Virtual Disk

Description: Provides management services for disks, volumes, file systems, and storage arrays.

Path Name: C:\Windows\System32\vds.exe

Start Mode: Manual

State: Stopped

Name: Viewpoint Manager Service

Display Name: Viewpoint Manager Service

Description: Ensures Viewpoint 3D and Rich Media Technologies are up to date

Path Name: "C:\Program Files\Viewpoint\Common\ViewpointService.exe"

Start Mode: Auto

State: Running

Name: VSS

Display Name: Volume Shadow Copy

Description: Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\vssvc.exe

Start Mode: Manual

State: Stopped

Name: W32Time

Display Name: Windows Time

Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Auto

State: Running

Name: wcncsvc

Display Name: Windows Connect Now - Config Registrar

Description: Act as a Registrar, issues network credential to Enrollee. If this service is disabled, the Windows Connect Now - Config Registrar will not function properly.

Path Name: C:\Windows\System32\svchost.exe -k LocalService

Start Mode: Manual

State: Stopped

Name: WcsPlugInService

Display Name: Windows Color System

Description: The WcsPlugInService service hosts third-party Windows Color System color device model and gamut map model plug-in modules. These plug-in modules are vendor-specific extensions to the Windows Color System baseline color device and gamut map models. Stopping or disabling the WcsPlugInService service will disable this extensibility feature, and the Windows Color System will use its baseline model processing rather than the vendor's desired processing. This might result in inaccurate color rendering.

Path Name: C:\Windows\system32\svchost.exe -k wcssvc

Start Mode: Manual

State: Stopped

Name: WdiServiceHost

Display Name: Diagnostic Service Host

Description: The Diagnostic Service Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\svchost.exe -k wdisvc

Start Mode: Manual

State: Stopped

Name: WdiSystemHost

Display Name: Diagnostic System Host

Description: The Diagnostic System Host service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, some diagnostics will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Manual

State: Running

Name: WebClient

Display Name: WebClient

Description: Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Auto

State: Running

Name: Wecsvc

Display Name: Windows Event Collector

Description: This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.

Path Name: C:\Windows\system32\svchost.exe -k NetworkService

Start Mode: Manual

State: Stopped

Name: wercplsupport

Display Name: Problem Reports and Solutions Control Panel Support

Description: This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.

Path Name: C:\Windows\System32\svchost.exe -k netsvcs

Start Mode: Manual

State: Stopped

Name: WerSvc

Display Name: Windows Error Reporting Service

Description: Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.

Path Name: C:\Windows\System32\svchost.exe -k WerSvcGroup

Start Mode: Auto

State: Running

Name: WinDefend

Display Name: Windows Defender

Description: Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions.

Path Name: C:\Windows\System32\svchost.exe -k secsvcs

Start Mode: Auto

State: Running

Name: WinHttpAutoProxySvc

Display Name: WinHTTP Web Proxy Auto-Discovery Service

Description: WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.

Path Name: C:\Windows\system32\svchost.exe -k LocalService

Start Mode: Manual

State: Running

Name: Winmgmt

Display Name: Windows Management Instrumentation

Description: Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: WinRM

Display Name: Windows Remote Management (WS-Management)

Description: Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.

Path Name: C:\Windows\System32\svchost.exe -k NetworkService

Start Mode: Manual

State: Stopped

Name: Wlansvc

Display Name: WLAN AutoConfig

Description: This service enumerates WLAN adapters, manages WLAN connections and profiles.

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: wmiApSrv

Display Name: WMI Performance Adapter

Description: Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.

Path Name: C:\Windows\system32\wbem\WmiApSrv.exe

Start Mode: Manual

State: Stopped

Name: WMPNetworkSvc

Display Name: Windows Media Player Network Sharing Service

Description: Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play

Path Name: "C:\Program Files\Windows Media Player\wmpnetwk.exe"

Start Mode: Manual

State: Running

Name: WPCSvc

Display Name: Parental Controls

Description: This service enables Windows Parental Controls on the system. If this service is not running, Parental controls will not work.

Path Name: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Manual

State: Stopped

Name: WPDBusEnum

Display Name: Portable Device Enumerator Service

Description: Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Name: wscsvc

Display Name: Security Center

Description: Monitors system security settings and configurations.

Path Name: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

Start Mode: Auto

State: Running

Name: WSearch

Display Name: Windows Search

Description: Provides content indexing and property caching for file, email and other content (via extensibility APIs). The service responds to file and email notifications to index modified content. If the service is stopped or disabled, the Explorer will not be able to display virtual folder views of items, and search in the Explorer will fall back to item-by-item slow search.

Path Name: C:\Windows\system32\SearchIndexer.exe /Embedding

Start Mode: Auto

State: Running

Name: wuauserv

Display Name: Windows Update

Description: Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.

Path Name: C:\Windows\system32\svchost.exe -k netsvcs

Start Mode: Auto

State: Running

Name: wudfsvc

Display Name: Windows Driver Foundation - User-mode Driver Framework

Description: Manages user-mode driver host processes

Path Name: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

Start Mode: Auto

State: Running

Link to post
Share on other sites

continuation of the log

------------------------------------------------------------------------------------

Displaying LOG for Microsoft Windows Malicious Software Removal Tool:

*** Microsoft Windows MRT Log NOT Found! ****

----------------------------------------------------------------------------

Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys

if Hidden = 0 then Hidden Files and Folders are not shown

if SuperHidden = 1 is the desired default value.

if ShowSuperHidden = 0 then System Files are not shown

if HideFileExt = 1 then File Extension are not shown

We want their values to be (from top to bottom) 1,1,1,0

----------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced

Hidden REG_DWORD 1 (0x1)

SuperHidden REG_DWORD 1 (0x1)

ShowSuperHidden REG_DWORD 1 (0x1)

HideFileExt REG_DWORD 0 (0x0)

************************************************************************************

Examining Select Windows Registry Keys

------------------------------------------------------------------------------------

--------------------------------------------------------------------------

Items Found in ZoneMap\Domains:

--------------------------------------------------------------------------

Error: Key: software\microsoft\windows\currentversion\internet settings\zonemap\domains does not exist!

----------------------------------------------------------------------------

Current User ZoneMap ProtocolDefaults

----------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults

<NO NAME> REG_SZ

http REG_DWORD 3 (0x3)

https REG_DWORD 3 (0x3)

ftp REG_DWORD 3 (0x3)

file REG_DWORD 3 (0x3)

@ivt REG_DWORD 1 (0x1)

shell REG_DWORD 0 (0x0)

----------------------------------------------------------------------------

Default URL Prefix Keys

----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix

<NO NAME> REG_SZ http://

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes

ftp REG_SZ ftp://

home REG_SZ http://

mosaic REG_SZ http://

www REG_SZ http://

--------------------------------------------------------------------------

Startup Items Disabled via MSCONFIG:

--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk

path REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk

backup REG_SZ C:\Windows\pss\Snapfish Media Detector.lnk.CommonStartup

location REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

backupExtension REG_SZ .CommonStartup

command REG_SZ C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE

item REG_SZ Snapfish Media Detector

YEAR REG_DWORD 2009 (0x7d9)

MONTH REG_DWORD 3 (0x3)

DAY REG_DWORD 31 (0x1f)

HOUR REG_DWORD 18 (0x12)

MINUTE REG_DWORD 9 (0x9)

SECOND REG_DWORD 37 (0x25)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ Adobe Reader Speed Launcher

hkey REG_SZ HKLM

command REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

inimapping REG_SZ 0

YEAR REG_DWORD 2010 (0x7da)

MONTH REG_DWORD 8 (0x8)

DAY REG_DWORD 1 (0x1)

HOUR REG_DWORD 9 (0x9)

MINUTE REG_DWORD 54 (0x36)

SECOND REG_DWORD 48 (0x30)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ Aim6

hkey REG_SZ HKCU

command REG_SZ "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

inimapping REG_SZ 0

YEAR REG_DWORD 2009 (0x7d9)

MONTH REG_DWORD 5 (0x5)

DAY REG_DWORD 25 (0x19)

HOUR REG_DWORD 10 (0xa)

MINUTE REG_DWORD 21 (0x15)

SECOND REG_DWORD 21 (0x15)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ ccApp

hkey REG_SZ HKLM

command REG_SZ "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

inimapping REG_SZ 0

YEAR REG_DWORD 2009 (0x7d9)

MONTH REG_DWORD 3 (0x3)

DAY REG_DWORD 31 (0x1f)

HOUR REG_DWORD 18 (0x12)

MINUTE REG_DWORD 9 (0x9)

SECOND REG_DWORD 37 (0x25)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ DPService

hkey REG_SZ HKLM

command REG_SZ "C:\Program Files\HP\DVDPlay\DPService.exe"

inimapping REG_SZ 0

YEAR REG_DWORD 2009 (0x7d9)

MONTH REG_DWORD 3 (0x3)

DAY REG_DWORD 31 (0x1f)

HOUR REG_DWORD 18 (0x12)

MINUTE REG_DWORD 9 (0x9)

SECOND REG_DWORD 37 (0x25)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ HP Health Check Scheduler

hkey REG_SZ HKLM

command REG_SZ [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

inimapping REG_SZ 0

YEAR REG_DWORD 2009 (0x7d9)

MONTH REG_DWORD 3 (0x3)

DAY REG_DWORD 31 (0x1f)

HOUR REG_DWORD 18 (0x12)

MINUTE REG_DWORD 9 (0x9)

SECOND REG_DWORD 37 (0x25)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ HP Software Update

hkey REG_SZ HKLM

command REG_SZ c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

inimapping REG_SZ 0

YEAR REG_DWORD 2009 (0x7d9)

MONTH REG_DWORD 3 (0x3)

DAY REG_DWORD 31 (0x1f)

HOUR REG_DWORD 18 (0x12)

MINUTE REG_DWORD 9 (0x9)

SECOND REG_DWORD 37 (0x25)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ HPAdvisor

hkey REG_SZ HKCU

command REG_SZ C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

inimapping REG_SZ 0

YEAR REG_DWORD 2009 (0x7d9)

MONTH REG_DWORD 3 (0x3)

DAY REG_DWORD 31 (0x1f)

HOUR REG_DWORD 18 (0x12)

MINUTE REG_DWORD 9 (0x9)

SECOND REG_DWORD 37 (0x25)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ isCfgWiz

hkey REG_SZ HKLM

command REG_SZ "c:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT

inimapping REG_SZ 0

YEAR REG_DWORD 2009 (0x7d9)

MONTH REG_DWORD 3 (0x3)

DAY REG_DWORD 31 (0x1f)

HOUR REG_DWORD 18 (0x12)

MINUTE REG_DWORD 9 (0x9)

SECOND REG_DWORD 37 (0x25)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ iTunesHelper

hkey REG_SZ HKLM

command REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

inimapping REG_SZ 0

YEAR REG_DWORD 2011 (0x7db)

MONTH REG_DWORD 7 (0x7)

DAY REG_DWORD 21 (0x15)

HOUR REG_DWORD 0 (0x0)

MINUTE REG_DWORD 34 (0x22)

SECOND REG_DWORD 36 (0x24)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ QuickTime Task

hkey REG_SZ HKLM

command REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime

inimapping REG_SZ 0

YEAR REG_DWORD 2011 (0x7db)

MONTH REG_DWORD 7 (0x7)

DAY REG_DWORD 21 (0x15)

HOUR REG_DWORD 0 (0x0)

MINUTE REG_DWORD 34 (0x22)

SECOND REG_DWORD 36 (0x24)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

key REG_SZ SOFTWARE\Microsoft\Windows\CurrentVersion\Run

item REG_SZ TkBellExe

hkey REG_SZ HKLM

command REG_SZ "C:\Program Files\real\realplayer\update\realsched.exe" -osboot

inimapping REG_SZ 0

YEAR REG_DWORD 2011 (0x7db)

MONTH REG_DWORD 7 (0x7)

DAY REG_DWORD 21 (0x15)

HOUR REG_DWORD 0 (0x0)

MINUTE REG_DWORD 34 (0x22)

SECOND REG_DWORD 36 (0x24)

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\state

startup REG_DWORD 2 (0x2)

services REG_DWORD 0 (0x0)

--------------------------------------------------------------------------

Select AutoRun Registry Keys:

--------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run

NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

SunJavaUpdateSched REG_SZ "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

<NO NAME> REG_SZ

GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime

iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

CanonMyPrinter REG_SZ C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

CanonSolutionMenuEx REG_SZ C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

emsisoft anti-malware REG_SZ "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex

HKEY_USERS\.default\software\microsoft\windows\currentversion\run

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run

HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run

Sidebar REG_EXPAND_SZ %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

WindowsWelcomeCenter REG_SZ rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run

Sidebar REG_EXPAND_SZ %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

WindowsWelcomeCenter REG_SZ rundll32.exe oobefldr.dll,ShowWelcomeCenter

--------------------------------------------------------------------------

Shared Task Scheduler Registry Items:

--------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler

{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

--------------------------------------------------------------------------

Scheduled Tasks:

--------------------------------------------------------------------------

Volume in drive C is HP

Volume Serial Number is BA4C-B81C

Directory of C:\Windows\tasks

09/21/2011 06:02 PM <DIR> .

09/21/2011 06:02 PM <DIR> ..

10/10/2011 08:59 AM 900 GoogleUpdateTaskMachineCore.job

10/10/2011 03:21 AM 904 GoogleUpdateTaskMachineUA.job

10/10/2011 08:58 AM 6 SA.DAT

10/10/2011 03:37 AM 32,624 SCHEDLGU.TXT

4 File(s) 34,434 bytes

Total Files Listed:

4 File(s) 34,434 bytes

2 Dir(s) 8,314,920,960 bytes free

A C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

A C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

A H C:\Windows\tasks\SA.DAT

A C:\Windows\tasks\SCHEDLGU.TXT

----------------------------------------------------------------------------

ShellExecuteHooks Registry Keys

----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} REG_SZ Groove GFS Stub Execution Hook

----------------------------------------------------------------------------

ShellServiceObjectDelayLoad Registry Keys

----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload

WebCheck REG_SZ {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

----------------------------------------------------------------------------

ModuleUsage Registry Keys:

----------------------------------------------------------------------------

Error: Key: software\microsoft\windows\currentversion\moduleusage does not exist!

----------------------------------------------------------------------------

BHO Registry Keys:

----------------------------------------------------------------------------

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer

<NO NAME> REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}

<NO NAME> REG_SZ AskBar BHO

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}

<NO NAME> REG_SZ NCO 2.0 IE BHO

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}

<NO NAME> REG_SZ Symantec Intrusion Prevention

NoExplorer REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

<NO NAME> REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

NoExplorer REG_DWORD 1 (0x1)

--------------------------------------------------------------------------

Select Policy Keys:

--------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

disableregistrytools REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system

ConsentPromptBehaviorAdmin REG_DWORD 0 (0x0)

ConsentPromptBehaviorUser REG_DWORD 1 (0x1)

EnableInstallerDetection REG_DWORD 1 (0x1)

EnableLUA REG_DWORD 0 (0x0)

EnableSecureUIAPaths REG_DWORD 1 (0x1)

EnableVirtualization REG_DWORD 1 (0x1)

PromptOnSecureDesktop REG_DWORD 1 (0x1)

ValidateAdminCodeSignatures REG_DWORD 0 (0x0)

dontdisplaylastusername REG_DWORD 0 (0x0)

legalnoticecaption REG_SZ

legalnoticetext REG_SZ

scforceoption REG_DWORD 0 (0x0)

shutdownwithoutlogon REG_DWORD 1 (0x1)

undockwithoutlogon REG_DWORD 1 (0x1)

FilterAdministratorToken REG_DWORD 0 (0x0)

EnableUIADesktopToggle REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI

Error: Key: .default\software\microsoft\windows\currentversion\policies does not exist!

Error: Key: s-1-5-18\software\microsoft\windows\currentversion\policies\explorer does not exist!

************************************************************************************

Checking File System for suspicious Files

--------------------------------------------------------------------------

Items in the Root Directory:

--------------------------------------------------------------------------

Locating all files created in C:\

"C:\"

!KILLBOX Aug 14 2010 "!KillBox"

$RECYCLE.BIN Nov 2 2006 "$Recycle.Bin"

2F1153~1 Jun 16 2011 "2f11532bfee0b36cf704e5a929b289f4"

autoexec.bat Aug 14 2008 74 "autoexec.bat"

BOOT Aug 14 2008 "Boot"

bootmgr Jan 20 2008 333203 "bootmgr"

bootsect.bak Aug 14 2008 8192 "BOOTSECT.BAK"

CONFIG.MSI Apr 2 2009 "Config.Msi"

config.sys Sep 18 2006 10 "config.sys"

DOCUME~1 Mar 31 2009 "Documents and Settings"

FOUND.000 May 6 2009 "found.000"

FOUND.001 Jun 17 2009 "found.001"

FOUND.002 Dec 28 2009 "found.002"

FOUND.003 Jul 31 2010 "found.003"

FOUND.004 Jan 9 2011 "found.004"

FOUND.005 May 13 2011 "found.005"

FOUND.006 Jun 20 2011 "found.006"

haxfix.exe Apr 23 2011 537850 "HaxFix.exe"

hiberfil.sys Oct 10 2011 937857024 "hiberfil.sys"

HP Aug 14 2008 "hp"

io.sys Aug 15 2010 0 "IO.SYS"

iph.ph May 24 2009 361 "IPH.PH"

ISEEYO~1 Aug 15 2010 "ISeeYouXP"

msdos.sys Aug 15 2010 0 "MSDOS.SYS"

MSOCACHE Apr 9 2009 "MSOCache"

OUTPUT~1 Sep 14 2009 "OutputFolder"

pagefile.sys Oct 10 2011 1251745792 "pagefile.sys"

PERFLOGS Jan 20 2008 "PerfLogs"

PROGRA~1 Nov 2 2006 "Program Files"

PROGRA~2 Nov 2 2006 "ProgramData"

QOOBOX Oct 10 2011 "Qoobox"

SYSTEM~1 Mar 31 2009 "System Volume Information"

tdeeb0~1.txt Oct 10 2011 74682 "TDSSKiller.2.6.7.0_10.10.2011_03.25.28_log.txt"

tdfefb~1.txt Oct 10 2011 0 "TDSSKiller.2.6.7.0_10.10.2011_03.15.29_log.txt"

tdsski~1.txt Oct 10 2011 75562 "TDSSKiller.2.6.6.0_10.10.2011_01.59.54_log.txt"

tdsski~2.txt Oct 10 2011 73356 "TDSSKiller.2.6.6.0_10.10.2011_02.29.19_log.txt"

tdsski~3.txt Oct 10 2011 75500 "TDSSKiller.2.6.6.0_10.10.2011_02.51.21_log.txt"

tdsski~4.txt Oct 10 2011 346 "TDSSKiller.2.6.6.0_10.10.2011_03.14.59_log.txt"

USERS Nov 2 2006 "Users"

WINDOWS Nov 2 2006 "WINDOWS"

40 items found: 16 files (7 H/S), 24 directories (15 H/S).

Total of file sizes: 2,190,781,952 bytes 2.04 G

Link to post
Share on other sites

final part of the log

--------------------------------------------------------------------------

Locating all Backup files on C:

--------------------------------------------------------------------------

Locating all *.BAK* files

"C:\"

bootsect.bak Aug 14 2008 8192 "BOOTSECT.BAK"

"C:\ProgramData\OnlineArmor\"

licens~1.bak Jul 14 2009 806 "license.dat.bak"

"C:\WINDOWS\SMINST\"

rcdcini.bak Aug 14 2008 5330 "RCDCINI.bak"

"C:\Program Files\Tall Emu\Online Armor\"

fwdata~1.bak Jul 14 2009 23996 "fwdata.dat.bak"

oacach~1.bak Jul 14 2009 366 "oacached.dat.bak"

oadriver.bak Jul 13 2009 0 "OADriver.bak"

server~1.bak Jul 14 2009 434455 "server.dat.bak"

taskma~1.bak Oct 10 2011 241 "taskman.dat.bak"

"C:\ProgramData\Symantec\Common Client\"

settings.bak Sep 16 2011 850188 "settings.BAK"

{212e6~1.bak Aug 14 2008 212 "{212E6D5B-762A-4176-ACA7-D0761AC7D1F8}.BAK"

{3541e~1.bak Aug 14 2008 132 "{3541E0AD-6CF2-4055-87A2-60F468EA2A37}.BAK"

"C:\ProgramData\Symantec\IDS\"

idssettg.bak Aug 14 2008 6468 "IDSSettg.BAK"

"C:\ProgramData\Symantec\SymNetDrv\"

firewall.bak Sep 14 2011 17500 "Firewall.BAK"

persist.bak Aug 14 2008 13644 "Persist.BAK"

"C:\Users\All Users\OnlineArmor\"

licens~1.bak Jul 14 2009 806 "license.dat.bak"

"C:\WINDOWS\Debug\UserMode\"

chkacc.bak Oct 10 2011 0 "ChkAcc.bak"

"C:\Program Files\AskBarDis\bar\Settings\"

config~1.bak Jun 12 2008 0 "config.dat.bak"

"C:\Program Files\Vuze\plugins\azemp\"

azmpla~1.bak Mar 17 2009 7114736 "azmplay.exe.bak"

cp1250~1.bak Mar 17 2009 106464 "cp1250-a.raw.bak"

cp1250~2.bak Mar 17 2009 106464 "cp1250-b.raw.bak"

fontde~1.bak Mar 17 2009 6696 "font.desc.bak"

osd-mp~1.bak Mar 17 2009 8864 "osd-mplayer-a.raw.bak"

osd-mp~2.bak Mar 17 2009 8864 "osd-mplayer-b.raw.bak"

"C:\Program Files\Vuze\plugins\azupdater\"

plugin~1.bak Oct 19 2009 193 "plugin.properties.bak"

update~1.bak Mar 6 2010 21659 "Updater.jar.bak"

"C:\Program Files\Vuze\plugins\azupnpav\"

plugin~1.bak May 14 2009 148 "plugin.properties.bak"

"C:\ProgramData\Microsoft\OFFICE\DATA\"

opa12.bak Oct 18 2002 8200 "OPA12.BAK"

"C:\Users\All Users\Symantec\Common Client\"

settings.bak Sep 16 2011 850188 "settings.BAK"

{212e6~1.bak Aug 14 2008 212 "{212E6D5B-762A-4176-ACA7-D0761AC7D1F8}.BAK"

{3541e~1.bak Aug 14 2008 132 "{3541E0AD-6CF2-4055-87A2-60F468EA2A37}.BAK"

"C:\Users\All Users\Symantec\IDS\"

idssettg.bak Aug 14 2008 6468 "IDSSettg.BAK"

"C:\Users\All Users\Symantec\SymNetDrv\"

firewall.bak Sep 14 2011 17500 "Firewall.BAK"

persist.bak Aug 14 2008 13644 "Persist.BAK"

"C:\Users\All Users\Microsoft\OFFICE\DATA\"

opa12.bak Oct 18 2002 8200 "OPA12.BAK"

"C:\Users\senator perkins\AppData\Roaming\Azureus\"

azureu~1.bak Aug 18 2011 10875 "azureus.config.bak"

azureu~2.bak Aug 18 2011 185 "azureus.statistics.bak"

banips~1.bak Aug 18 2011 196 "banips.config.bak"

device~1.bak Aug 18 2011 4293 "devices.config.bak"

downlo~1.bak Aug 18 2011 58199 "downloads.config.bak"

metase~1.bak Jul 22 2011 5567 "metasearch.config.bak"

sideba~1.bak Aug 18 2011 70 "sidebarauto.config.bak"

subscr~1.bak Aug 18 2011 30926 "subscriptions.config.bak"

tables~1.bak Aug 18 2011 7569 "tables.config.bak"

vuzeac~1.bak Aug 18 2011 2438 "VuzeActivities.config.bak"

"C:\Users\senator perkins\AppData\Roaming\FrostWire\"

fileurns.bak Feb 5 2010 6126 "fileurns.bak"

"C:\Users\senator perkins\AppData\Roaming\OnlineArmor\"

client~1.bak Jul 14 2009 689 "client.dat.bak"

"C:\Users\senator perkins\AppData\Roaming\Azureus\active\"

00be9d~1.bak Aug 18 2011 197662 "00BE9DDD339488F504B7C92DB1D859D6644F7FD7.dat.bak"

020c90~1.bak Aug 18 2011 96474 "020C90121D720341BDD2C7691983C19EE1CBBF13.dat.bak"

0a6cab~1.bak Aug 18 2011 35489 "0A6CAB6C47EC3C84FF88330890BA6B1B43A60B54.dat.bak"

0ab43b~1.bak Jul 22 2011 98828 "0AB43B8D1A8795C4A32DB5321073480F5B713AF6.dat.bak"

0b9024~1.bak Aug 18 2011 39255 "0B90241BF938C23ED7B0301186B8F7E7BB43E17A.dat.bak"

16b456~1.bak Jul 22 2011 228075 "16B4560BEB05397C0EEB35487A997CAF789243EA.dat.bak"

1bf4bf~1.bak Jul 22 2011 59446 "1BF4BFB396234FDD97AF9C05FBA5D357401C3290.dat.bak"

1dc906~1.bak Jul 22 2011 120677 "1DC906C83F3323B78D7394EDC0246BD1016C68AA.dat.bak"

2183e4~1.bak Aug 18 2011 52818 "2183E42D3F36A0479CB68BE8169F953782346B2D.dat.bak"

21b9c6~1.bak Jul 22 2011 55848 "21B9C660C0D20B16D070CD3BD2374A33A18B22D3.dat.bak"

240c18~1.bak Jul 22 2011 60003 "240C1872BCE164C49279D4D64C16CF8A39763D09.dat.bak"

249b72~1.bak Aug 18 2011 50057 "249B726BA7D47897DB5DD3EF8A0FCF6E721E6157.dat.bak"

251d33~1.bak Jul 22 2011 23324 "251D33548111FE7E2100D992C7F783F08E7D0C1D.dat.bak"

25475e~1.bak Jul 22 2011 50077 "25475E8B303D479CABD3056BD83356FFF8EF7A3E.dat.bak"

255fb7~1.bak Jul 22 2011 74591 "255FB7A67AE7492BE3588B4F6053D4237F596E4C.dat.bak"

284b5a~1.bak Jul 22 2011 39082 "284B5A0A96D46006AE13CC141C4477E5E4A63C51.dat.bak"

28a21c~1.bak Jul 22 2011 62446 "28A21C0648EAE66AD30E427C586EC9333452418D.dat.bak"

2abe95~1.bak Jul 22 2011 346160 "2ABE95CB779384CC7AE0ADCCCC02F8F39339D5CC.dat.bak"

2c0994~1.bak Jul 22 2011 33148 "2C0994D7E82DC37DD9D946F885FE4F8CE5924E53.dat.bak"

2f382c~1.bak Jul 22 2011 59478 "2F382C5A6F7927053B6915CF9A4C56666D3D28B9.dat.bak"

325f23~1.bak Aug 18 2011 171842 "325F2332A19B0D85F427A2E14942B262BA74B384.dat.bak"

339632~1.bak Jul 22 2011 26116 "339632896FA6F945BD2C4F46DBFD047193DE55C9.dat.bak"

340e9b~1.bak Aug 18 2011 86785 "340E9B1AE7749C53968F13419F26FA752CB74A34.dat.bak"

34902c~1.bak Jul 22 2011 22660 "34902CAB3382A4628BA32BC8B9960858108990C8.dat.bak"

3672e4~1.bak Aug 18 2011 16646 "3672E428DFE497D9DC10B054D2A49EF9F4CE010B.dat.bak"

3984aa~1.bak Jul 22 2011 74988 "3984AA4EBAD8F3C0F6CCDAE37B6E15B0F6F9B4FB.dat.bak"

3b8415~1.bak Aug 18 2011 154592 "3B8415412A0C844FDFE848860D72C0E33C256C06.dat.bak"

3e243e~1.bak Jul 22 2011 34528 "3E243E49F10CFBE95851A6A0DBB496D5A846F44F.dat.bak"

3e3531~1.bak Jul 22 2011 48031 "3E3531092147CE02CC9DF535958BC5310D309EB3.dat.bak"

42882c~1.bak Jul 22 2011 48555 "42882C71EC13ECE42DCEEA8A0230DCF64AFC934C.dat.bak"

43db02~1.bak Jul 22 2011 77940 "43DB02502B1852D1635ED3FC57BEFF661F72CF45.dat.bak"

4f7687~1.bak Jul 22 2011 32384 "4F768775D9AC90A8EE98C9C6A5FBB810B5886B05.dat.bak"

56aeed~1.bak Aug 18 2011 69346 "56AEED8C2D0ED39A4E513241A2418011F5579206.dat.bak"

588cfc~1.bak Jul 22 2011 81471 "588CFC62C0D4F7DB7753EAEE765F68B6A451D122.dat.bak"

5c0e5a~1.bak Jul 22 2011 51453 "5C0E5A5BC93154FA77A1FA2BCCA3333223FE514C.dat.bak"

5c4b90~1.bak Jul 22 2011 55201 "5C4B90AA5A3BDCB4EE1B375D8CBF49BBE815F093.dat.bak"

61e171~1.bak Jul 22 2011 14997 "61E171417207729ADBC4F1D9F53A0A0863C86AAC.dat.bak"

6305fb~1.bak Jul 22 2011 18391 "6305FB4EFA4EFA74B52D3029349F5FB221F546F6.dat.bak"

63a58c~1.bak Aug 18 2011 17359 "63A58C120054DC6643CC8986DB8BC3A564879640.dat.bak"

6b273f~1.bak Jul 22 2011 192119 "6B273F9DC5CD5DBBD01079E7DA7A7CDDABE3A7EE.dat.bak"

6b4a2a~1.bak Aug 18 2011 41586 "6B4A2A6C1863D52A77377351563C539E1BE987CE.dat.bak"

6e72b7~1.bak Jul 22 2011 39141 "6E72B76A21C5501DBF33E4837B7DB5886050C260.dat.bak"

6fb7f1~1.bak Aug 18 2011 18793 "6FB7F1AE36A6CCFD7DFA6ACC12DA60E26C9D14AB.dat.bak"

7a7da3~1.bak Aug 18 2011 41284 "7A7DA3260C3983F22C82014BCEC333F1FD190458.dat.bak"

8490e5~1.bak Jul 22 2011 26835 "8490E55A0B385009599C483FCF1F619A7773336D.dat.bak"

8a6e52~1.bak Jul 22 2011 80282 "8A6E52FDF2EEBD364B1A41319C7485561794261F.dat.bak"

91b900~1.bak Aug 18 2011 47060 "91B90054239EC6FD1C9758A73BAD3DA9C8632BCC.dat.bak"

959cba~1.bak Aug 18 2011 18468 "959CBA04227B1A1C345DB2993C6F1242D381EEC7.dat.bak"

98941d~1.bak Jul 22 2011 57923 "98941D22BB361C050AE2EE0D7203BDDFDADD5F51.dat.bak"

99ba22~1.bak Jul 22 2011 32132 "99BA22D7466738A55B6D5EE5D1D45A983150AF9B.dat.bak"

9f139a~1.bak Jul 22 2011 44026 "9F139A5C9F46497E831BB6507B26308B2194597E.dat.bak"

a49887~1.bak Jul 22 2011 30028 "A4988712E7F47BDCA4DEDEA29AA9D05E4D61E09F.dat.bak"

a5c344~1.bak Jul 22 2011 37030 "A5C344CB36DF1A43193C9C9C1F46DFC011E2EE8F.dat.bak"

a7286c~1.bak Jul 22 2011 50007 "A7286C3A69FAFAA2D430352D9ED2F8F6CA719432.dat.bak"

b12740~1.bak Jul 22 2011 81683 "B127403B5720B3B5E0CF011E0B87118A51831662.dat.bak"

b16cb3~1.bak Jul 22 2011 76222 "B16CB371DF2DB1190174B87FF66DFC4432E2EDA4.dat.bak"

b1af3c~1.bak Jul 22 2011 14779 "B1AF3C1DEDF931B7968F88867F807840698000D9.dat.bak"

b3d9cf~1.bak Jul 22 2011 53221 "B3D9CFE881D56AFDF5EB78F803230CE057EFF715.dat.bak"

bc6cb1~1.bak Aug 18 2011 40795 "BC6CB11BD56023F59B47934B86F489BA9B973FCD.dat.bak"

c44773~1.bak Jul 22 2011 23332 "C44773E62B3FFCDE1495FA579A46E316F0E63537.dat.bak"

cb6c56~1.bak Aug 18 2011 31748 "CB6C5631EADADB9229AC8FC9BB86B1E9CA47E0B4.dat.bak"

cf9169~1.bak Jul 22 2011 45426 "CF916918B4871210D29FA332989CF69A3F207544.dat.bak"

d22fbb~1.bak Aug 18 2011 39327 "D22FBB22DF96309D5D08F846DAE36488682B409C.dat.bak"

d3f17a~1.bak Jul 22 2011 250379 "D3F17ABA5DBB43D2913B5282C98511CE500953CF.dat.bak"

d42b42~1.bak Nov 23 2010 244748 "D42B426EA71F4FC4E5F72278F2D69556B4DEBBC1.dat.bak"

d4efdf~1.bak Nov 23 2010 39006 "D4EFDF32EA910970D178C8AECF12E24C0FAB275C.dat.bak"

d6123b~1.bak Aug 18 2011 48097 "D6123BE30679B60E122610679521F06533E4484A.dat.bak"

d9497f~1.bak Jul 22 2011 45633 "D9497F5128B2ED96DE4CDFDDE05A67B595CE44A3.dat.bak"

daf230~1.bak Aug 18 2011 227151 "DAF23050B52DF70C547B88710305B8C4C493BE7B.dat.bak"

dbca80~1.bak Jul 22 2011 52302 "DBCA804F702433D72278F1276B0390E45D8BD70E.dat.bak"

dc0cb8~1.bak Aug 18 2011 44220 "DC0CB8C030856A0AB8301D6A97BB1C3B6C904D40.dat.bak"

e65e77~1.bak Jul 22 2011 29530 "E65E7727C8C779DD69851651B768FEC293611BCF.dat.bak"

ea5f8e~1.bak Jul 22 2011 6728 "EA5F8E40DE587F51254FB957CB8146A240CA66BF.dat.bak"

eb6954~1.bak Nov 23 2010 41929 "EB6954081658AFE5F97B18887395B90C9D0FD497.dat.bak"

ef07b3~1.bak Aug 18 2011 79217 "EF07B399666A0BDBA7362BF5B1111E639F94AC2A.dat.bak"

f1db38~1.bak Jul 22 2011 39323 "F1DB38223CFCA71565FE1AD6848DD60D7B565CBD.dat.bak"

f57076~1.bak Jul 22 2011 116202 "F57076FA0C60FAE20558E22C510B19A86B3492CE.dat.bak"

f7437a~1.bak Jul 22 2011 61963 "F7437A36CB2ECC12E540E76D59FDAABC2ACFA062.dat.bak"

f790ba~1.bak Jul 22 2011 95222 "F790BA878D9FF7C30245626BA28E8C6D897050D9.dat.bak"

fc7eb6~1.bak Jul 22 2011 58157 "FC7EB60C03A5457651270E0A77F700E736FB6616.dat.bak"

"C:\hp\bin\Python\Lib\site-packages\win32\scripts\"

regset~1.bak Oct 23 2005 18479 "regsetup.py.bak"

"C:\hp\bin\Python\Lib\site-packages\win32\Demos\service\"

pipete~1.bak Mar 12 2003 5381 "pipeTestService.py.bak"

pipete~2.bak Sep 2 1999 3649 "pipeTestServiceClient.py.bak"

"C:\Users\senator perkins\AppData\Local\Google\Chrome\User Data\Default\"

bookma~1.bak Jul 21 2011 505 "Bookmarks.bak"

"C:\Users\senator perkins\AppData\Roaming\Mozilla\Firefox\Profiles\2g0za29i.default\"

cookie~1.bak Jul 12 2011 1048576 "cookies.sqlite.bak"

sessio~1.bak Oct 10 2011 18107 "sessionstore.bak"

132 items found: 132 files (1 H/S), 0 directories.

Total of file sizes: 16,392,075 bytes 15.63 M

--------------------------------------------------------------------------

Locating all copies of Internet Explorer on C:

--------------------------------------------------------------------------

Locating all copies of Internet Explorer

"C:\Program Files\Internet Explorer\"

iexplore.exe Apr 21 2011 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18639_none_2f4a9e431a0ea795\"

iexplore.exe Apr 21 2011 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22816_none_2fe6dbee331ec09f\"

iexplore.exe Dec 20 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22857_none_2fbc9c88333e49ba\"

iexplore.exe Feb 18 2011 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18498_none_2f08baa51a403b96\"

iexplore.exe Jun 28 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22784_none_2f992a0033595461\"

iexplore.exe Oct 21 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18444_none_2f3ac9191a1b4a85\"

iexplore.exe Mar 9 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18470_none_2f16582d1a3738fc\"

iexplore.exe May 4 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22905_none_2ff0ad763317887e\"

iexplore.exe Apr 21 2011 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\"

iexplore.exe Mar 9 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18602_none_2f640c0119fca261\"

iexplore.exe Feb 18 2011 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21242_none_2ddbfecc361459f2\"

iexplore.exe Mar 9 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22760_none_2faac8b0334cb723\"

iexplore.exe Sep 9 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\"

iexplore.exe Aug 14 2008 625664 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\"

iexplore.exe Aug 14 2008 625664 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18542_none_2f38ca6b1a1d14fe\"

iexplore.exe Oct 20 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18565_none_2f262b711a2a98e5\"

iexplore.exe Dec 20 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22653_none_2fb897943341ea10\"

iexplore.exe Mar 11 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18527_none_2f536bb51a085bcf\"

iexplore.exe Sep 8 2010 634648 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\"

iexplore.exe Jan 20 2008 625664 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22685_none_2f9a286433587091\"

iexplore.exe May 4 2010 634656 "iexplore.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22720_none_2fd60860332c475f\"

iexplore.exe Jun 28 2010 634656 "iexplore.exe"

"C:\WINDOWS\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\"

iexplore.exe Apr 11 2009 636080 "iexplore.exe"

23 items found: 23 files, 0 directories.

Total of file sizes: 14,571,400 bytes 13.89 M

--------------------------------------------------------------------------

Locating all copies of beep.sy_ on C:

--------------------------------------------------------------------------

Locating all copies of Internet Explorer

No matches found.

--------------------------------------------------------------------------

Locating all copies of beep.sys on C:

--------------------------------------------------------------------------

Locating all copies of Internet Explorer

"C:\WINDOWS\System32\drivers\"

beep.sys Jan 20 2008 6144 "beep.sys"

"C:\WINDOWS\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\"

beep.sys Jan 20 2008 6144 "beep.sys"

2 items found: 2 files, 0 directories.

Total of file sizes: 12,288 bytes 12.00 K

--------------------------------------------------------------------------

Locating all copies of Windows Explorer on C:

--------------------------------------------------------------------------

Locating all copies of Windows Explorer

"C:\WINDOWS\"

explorer.exe Oct 29 2008 2927104 "explorer.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\"

explorer.exe Jan 20 2008 2927104 "explorer.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\"

explorer.exe Oct 27 2008 2923520 "explorer.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\"

explorer.exe Oct 29 2008 2927104 "explorer.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\"

explorer.exe Oct 29 2008 2923520 "explorer.exe"

"C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\"

explorer.exe Oct 29 2008 2927616 "explorer.exe"

"C:\WINDOWS\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\"

explorer.exe Apr 11 2009 2926592 "explorer.exe"

7 items found: 7 files, 0 directories.

Total of file sizes: 20,482,560 bytes 19.53 M

--------------------------------------------------------------------------

Items in C:\Users:

--------------------------------------------------------------------------

Listing contents of C:\Users

"C:\Users\"

ALLUSE~1 Mar 31 2009 "All Users"

DEFAULT Nov 2 2006 "Default"

DEFAUL~1 Mar 31 2009 "Default User"

desktop.ini Jan 20 2008 174 "desktop.ini"

PUBLIC Nov 2 2006 "Public"

SENATO~1 Mar 31 2009 "senator perkins"

6 items found: 1 file (1 H/S), 5 directories (3 H/S).

Total of file sizes: 174 bytes 0.17 K

--------------------------------------------------------------------------

Items in C:\Users\senator perkins\AppData:

--------------------------------------------------------------------------

Listing contents of C:\Users\senator perkins\AppData

No matches found.

--------------------------------------------------------------------------

Desktop Items:

--------------------------------------------------------------------------

Locating all files created in C:\Users\senator perkins\Desktop within the last 90 days.

"C:\Users\senator perkins\Desktop\"

hijack~1.lnk Oct 9 2011 1876 "HijackThis.lnk"

1 item found: 1 file, 0 directories.

Total of file sizes: 1,876 bytes 1.83 K

Locating all files created in C:\Users\Public\Desktop within the last 90 days.

"C:\Users\Public\Desktop\"

canonm~1.lnk Sep 27 2011 2137 "Canon MG5200 series On-screen Manual.lnk"

canons~1.lnk Sep 27 2011 1858 "Canon Solution Menu EX.lnk"

ccleaner.lnk Jul 21 2011 806 "CCleaner.lnk"

emsiso~2.lnk Oct 7 2011 890 "Emsisoft Anti-Malware.lnk"

google~1.lnk Oct 5 2011 1973 "Google Chrome.lnk"

itunes.lnk Sep 2 2011 1666 "iTunes.lnk"

malwar~1.lnk Oct 9 2011 908 "Malwarebytes' Anti-Malware.lnk"

mozill~1.lnk Oct 9 2011 848 "Mozilla Firefox.lnk"

8 items found: 8 files, 0 directories.

Total of file sizes: 11,086 bytes 10.82 K

--------------------------------------------------------------------------

Start Menu Items:

--------------------------------------------------------------------------

Locating all files created in "C:\Users\senator perkins\AppData\Roaming\Microsoft\Windows\Start Menu" within the last 90 days.

No matches found.

Locating all files created in "C:\ProgramData\Microsoft\Windows\Start Menu" within the last 90 days.

No matches found.

--------------------------------------------------------------------------

C:\Users\senator perkins\AppData\Local\Temp :

--------------------------------------------------------------------------

Locating all files created in C:\Users\senator perkins\AppData\Local\Temp within the last 90 days.

No matches found.

--------------------------------------------------------------------------

Items in Templates Folder:

--------------------------------------------------------------------------

Locating all files created in C:\Users\senator perkins\AppData\Roaming\Microsoft\Windows\Templates

No matches found.

--------------------------------------------------------------------------

Items in Program Files:

--------------------------------------------------------------------------

Locating all files created in C:\Program Files\ within the last 90 days.

"C:\Program Files\"

APPLES~1 Jul 28 2011 "Apple Software Update"

BONJOUR Aug 14 2011 "Bonjour"

CANON Sep 27 2011 "Canon"

CANONBJ Sep 27 2011 "CanonBJ"

EMSISO~2 Oct 7 2011 "Emsisoft Anti-Malware"

GOOGLE Jul 21 2011 "Google"

IPOD Sep 2 2011 "iPod"

ITUNES Sep 2 2011 "iTunes"

QUICKT~1 Sep 2 2011 "QuickTime"

ROBLOX Jul 23 2011 "Roblox"

TRENDM~1 Oct 9 2011 "Trend Micro"

11 items found: 0 files, 11 directories (1 H/S).

Locating all files created in C:\Program Files\Common Files\ within the last 90 days.

"C:\Program Files\Common Files\"

CANON Sep 27 2011 "CANON"

1 item found: 0 files, 1 directory.

Locating all files created in C:\Program Files\Common Files\Microsoft Shared\Web Folders within the last 90 days.

No matches found.

--------------------------------------------------------------------------

Items in the Windows Directory:

--------------------------------------------------------------------------

Locating all files created in C:\Windows\ within the last 90 days.

"C:\WINDOWS\"

257019~1 Oct 10 2011 0 "2570196444"

HAXFIX Oct 10 2011 "HaxFix"

memory.dmp Oct 10 2011 160750765 "MEMORY.DMP"

SUN Sep 20 2011 "Sun"

window~1.log Oct 10 2011 1655026 "WindowsUpdate.log"

{2521b~1 Oct 8 2011 0 "{2521BB91-29B1-4d7e-9137-AC9875D77735}"

6 items found: 4 files (1 H/S), 2 directories.

Total of file sizes: 162,405,791 bytes 154.88 M

--------------------------------------------------------------------------

C:\Windows\Downloaded Program Files:

--------------------------------------------------------------------------

Locating all files created in C:\Windows\Downloaded Program Files\ within the last 90 days.

No matches found.

--------------------------------------------------------------------------

C:\Windows\system:

--------------------------------------------------------------------------

Locating all files created in C:\Windows\system within the last 90 days.

No matches found.

--------------------------------------------------------------------------

C:\Windows\system32:

--------------------------------------------------------------------------

Locating all files created in C:\Windows\system32 within the last 90 days.

"C:\WINDOWS\System32\"

7b296f~1.c74 Oct 10 2011 3616 "7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0"

7b296f~2.c74 Oct 10 2011 3616 "7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0"

CANONI~1 Sep 27 2011 "CanonIJ Uninstaller Information"

c_62220.nl_ Oct 10 2011 48016 "c_62220.nl_"

dns-sd.exe Jul 12 2011 83816 "dns-sd.exe"

dnssd.dll Jul 12 2011 73064 "dnssd.dll"

flashp~1.cpl Sep 28 2011 404640 "FlashPlayerCPLApp.cpl"

fntcache.dat Oct 10 2011 1751872 "FNTCACHE.DAT"

perfc009.dat Sep 27 2011 101988 "perfc009.dat"

perfh009.dat Sep 27 2011 598350 "perfh009.dat"

perfst~1.ini Sep 27 2011 694964 "PerfStringBackup.INI"

STRING Sep 27 2011 "STRING"

12 items found: 10 files (3 H/S), 2 directories (1 H/S).

Total of file sizes: 3,763,942 bytes 3.59 M

--------------------------------------------------------------------------

C:\Windows\system32\com:

--------------------------------------------------------------------------

Locating all files created in C:\Windows\system32\com within the last 90 days.

No matches found.

--------------------------------------------------------------------------

C:\Windows\system32\drivers:

--------------------------------------------------------------------------

Locating all files created in C:\Windows\system32\drivers within the last 90 days.

"C:\WINDOWS\System32\drivers\"

kbdclass.sys Oct 10 2011 35384 "kbdclass.sys"

mbam.sys Aug 31 2011 22216 "mbam.sys"

mbamsw~1.sys Oct 9 2011 41272 "mbamswissarmy.sys"

3 items found: 3 files, 0 directories.

Total of file sizes: 98,872 bytes 96.55 K

--------------------------------------------------------------------------

C:\Windows\system32\drivers\etc:

--------------------------------------------------------------------------

Locating all files created in C:\Windows\system32\drivers\etc within the last 90 days.

No matches found.

--------------------------------------------------------------------------

C:\Windows\TEMP:

--------------------------------------------------------------------------

Locating all files created in C:\Windows\TEMP within the last 90 days.

"C:\WINDOWS\Temp\"

mpcmdrun.log Oct 10 2011 1656 "MpCmdRun.log"

tmp000~1 Oct 9 2011 524288 "TMP00000001DBE8D9998CD80BA6"

tmp000~2 Oct 9 2011 524288 "TMP0000001C57C4323B87AB4529"

tmp000~3 Oct 10 2011 524288 "TMP0000002AAEC0BC0655DD9EFE"

tmp000~4 Oct 10 2011 524288 "TMP0000002C740E5210C89BF20F"

{e9c1e~1.tlb Oct 10 2011 4216 "{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb"

6 items found: 6 files, 0 directories.

Total of file sizes: 2,103,024 bytes 2.00 M

************************************************************************************

Checking for .COM files to Delete. They will only print if deleted!

Locating .COM files in the C:\Windows\System32 folder

"C:\WINDOWS\System32\"

chcp.com Nov 2 2006 11776 "chcp.com"

command.com Nov 2 2006 50648 "COMMAND.COM"

diskcomp.com Nov 2 2006 13824 "diskcomp.com"

diskcopy.com Nov 2 2006 11264 "diskcopy.com"

edit.com Sep 18 2006 69886 "edit.com"

format.com Nov 2 2006 35328 "format.com"

graftabl.com Jan 20 2008 56320 "graftabl.com"

graphics.com Nov 2 2006 19694 "GRAPHICS.COM"

kb16.com Nov 2 2006 14710 "KB16.COM"

loadfix.com Nov 2 2006 1131 "LOADFIX.COM"

locate.com Jan 14 2005 11254 "locate.com"

mode.com Nov 2 2006 25088 "mode.com"

more.com Nov 2 2006 20992 "more.com"

tree.com Nov 2 2006 16384 "tree.com"

win.com Nov 2 2006 6656 "win.com"

15 items found: 15 files, 0 directories.

Total of file sizes: 364,955 bytes 356.40 K

************************************************************************************

Miscellaneous Malware Detections:

------------------------------------------------------------------------------------

**** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****

**** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****

**** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****

**** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****

**** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****

**** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****

**** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****

**** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****

**** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****

**** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****

**** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****

**** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****

**** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****

**** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****

**** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****

**** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****

**** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****

**** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****

**** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****

**** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****

**** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****

**** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****

**** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****

**** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****

**** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****

**** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****

**** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****

**** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****

**** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****

**** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****

**** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****

**** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****

**** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****

**** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****

**** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****

**** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****

**** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****

**** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****

**** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****

**** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****

**** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****

**** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****

**** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****

**** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****

**** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****

**** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****

**** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****

**** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****

**** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****

**** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****

**** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****

**** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****

**** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****

**** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****

**** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****

**** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****

**** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****

**** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****

**** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****

**** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****

**** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****

**** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****

**** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****

**** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****

**** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****

**** W32/Almanahe.a Worm NOT FOUND by this tool! ****

**** msctl32.dll SpamBot NOT FOUND by this tool! ****

**** KeyLogger NOT FOUND by this tool! ****

--------------------------------------------------------------------------

CHECKING FOR BOT-TYPE WORMS:

--------------------------------------------------------------------------

**** W32/Sdbot Worm NOT FOUND by this tool! ****

--------------------------------------------------------------------------

CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS:

--------------------------------------------------------------------------

**** i386p.* Stealthing Agent NOT FOUND by this tool! ****

**** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! ****

**** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! ****

**** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! ****

**** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! ****

**** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! ****

--------------------------------------------------------------------------

CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS:

--------------------------------------------------------------------------

**** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****

**** CmdService adware NOT FOUND by this tool! ****

**** Network_Monitor adware NOT FOUND by this tool! ****

**** Trojan.Peacomm NOT FOUND by this tool! ****

**** Trojan.Peacomm windev NOT FOUND by this tool! ****

**** AVPE Haxdoor NOT FOUND by this tool! ****

**** MEMLOW Haxdoor NOT FOUND by this tool! ****

**** VDMT Haxdoor NOT FOUND by this tool! ****

**** YCSVGA Haxdoor NOT FOUND by this tool! ****

**** PPTP Haxdoor FOUND by this tool! ****

CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport

HKEY_LOCAL_MACHINE\system\ControlSet001\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper

LocDescription REG_SZ @netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol

AllowPPTPWeakCrypto REG_DWORD 0 (0x0)

DisableStatefulPPTP REG_DWORD 0 (0x0)

RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|Name=@FirewallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|Name=@FirewallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

DisableStatefulPPTP REG_DWORD 0 (0x0)

RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|Name=@FirewallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|Name=@FirewallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

HKEY_LOCAL_MACHINE\system\ControlSet003\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper

LocDescription REG_SZ @netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol

AllowPPTPWeakCrypto REG_DWORD 0 (0x0)

DisableStatefulPPTP REG_DWORD 0 (0x0)

RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|Name=@FirewallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|Name=@FirewallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

DisableStatefulPPTP REG_DWORD 0 (0x0)

RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|Name=@FirewallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|Name=@FirewallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\NetDiagFx\Microsoft\HostDLLs\RasHelperClass\HelperClasses\CPPTPDiagHelper

LocDescription REG_SZ @netrast.inf,%pptp-dispname%;Point to Point Tunneling Protocol

AllowPPTPWeakCrypto REG_DWORD 0 (0x0)

DisableStatefulPPTP REG_DWORD 0 (0x0)

RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|Name=@FirewallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|Name=@FirewallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

DisableStatefulPPTP REG_DWORD 0 (0x0)

RRAS-PPTP-Out-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=1723|App=System|Name=@FirewallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

RRAS-PPTP-In-TCP REG_SZ v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=1723|App=System|Name=@FirewallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|Edge=FALSE|

**** DVB Haxdoor NOT FOUND by this tool! ****

**** YVBB Haxdoor NOT FOUND by this tool! ****

**** YVPP Haxdoor NOT FOUND by this tool! ****

**** NKGFS Haxdoor NOT FOUND by this tool! ****

**** XMSK Haxdoor NOT FOUND by this tool! ****

**** AVPX Haxdoor NOT FOUND by this tool! ****

**** MMXF Haxdoor NOT FOUND by this tool! ****

**** DP1112 Vundo Rootkit NOT FOUND by this tool! ****

**** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****

**** I386P Rootkit Driver NOT FOUND by this tool! ****

**** ERSSDD Rootkit NOT FOUND by this tool! ****

**** GencTurK RootKit NOT FOUND by this tool! ****

**** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****

**** W32/Almanahe.sys NOT FOUND by this tool! ****

************************************************************************************

Dumping HKLM Uninstall Programs list

DisplayName REG_SZ

DisplayName REG_SZ Update for Microsoft Office 2007 (KB2508958)

DisplayName REG_SZ Active@ ISO Burner

DisplayName REG_SZ Adobe Flash Player 10 Plugin

DisplayName REG_SZ Adobe Flash Player ActiveX

DisplayName REG_SZ Adobe Reader 8.2.3

DisplayName REG_SZ AIM 6

DisplayName REG_SZ AppCore

DisplayName REG_SZ Apple Application Support

DisplayName REG_SZ Apple Mobile Device Support

DisplayName REG_SZ Apple Software Update

DisplayName REG_SZ Ask Toolbar

DisplayName REG_SZ AutoUpdate

DisplayName REG_SZ AviSynth 2.5

DisplayName REG_SZ BitTorrent

DisplayName REG_SZ Boilsoft Video Splitter 5.16

DisplayName REG_SZ Bonjour

DisplayName REG_SZ Canon Easy-PhotoPrint EX

DisplayName REG_SZ Canon MG5200 series MP Drivers

DisplayName REG_SZ Canon MG5200 series User Registration

DisplayName REG_SZ Canon MP Navigator EX 4.0

DisplayName REG_SZ Canon My Printer

DisplayName REG_SZ Canon Solution Menu EX

DisplayName REG_SZ ccCommon

DisplayName REG_SZ CCleaner

DisplayName REG_SZ Compatibility Pack for the 2007 Office system

DisplayName REG_SZ Component Framework

DisplayName REG_SZ CyberLink DVD Suite Deluxe

DisplayName REG_SZ CyberLink PowerDirector

DisplayName REG_SZ CyberLink PowerDirector

DisplayName REG_SZ DivX Codec

DisplayName REG_SZ DivX Converter

DisplayName REG_SZ DivX Converter

DisplayName REG_SZ DivX Player

DisplayName REG_SZ DivX Version Checker

DisplayName REG_SZ DVD Play

DisplayName REG_SZ Emsisoft Anti-Malware

DisplayName REG_SZ Emsisoft HiJackFree 4.0

DisplayName REG_SZ EO Video 1.36

DisplayName REG_SZ FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108

DisplayName REG_SZ GIMP 2.6.11

DisplayName REG_SZ Google Chrome

DisplayName REG_SZ Google Update Helper

DisplayName REG_SZ Hardware Diagnostic Tools

DisplayName REG_SZ Hewlett-Packard Active Check for Health Check

DisplayName REG_SZ Hewlett-Packard Asset Agent for Health Check

DisplayName REG_SZ HijackThis 2.0.2

DisplayName REG_SZ Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

DisplayName REG_SZ Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

DisplayName REG_SZ HP Active Support Library

DisplayName REG_SZ HP Customer Experience Enhancements

DisplayName REG_SZ HP Customer Feedback

DisplayName REG_SZ HP Total Care Advisor

DisplayName REG_SZ HP Update

DisplayName REG_SZ HPTCSSetup

DisplayName REG_SZ iTunes

DisplayName REG_SZ Java Auto Updater

DisplayName REG_SZ Java 6 Update 17

DisplayName REG_SZ Java SE Runtime Environment 6 Update 1

DisplayName REG_SZ LabelPrint

DisplayName REG_SZ LightScribe System Software 1.12.37.1

DisplayName REG_SZ LightScribeTemplateLabeler

DisplayName REG_SZ LiveUpdate (Symantec Corporation)

DisplayName REG_SZ LiveUpdate (Symantec Corporation)

DisplayName REG_SZ Malwarebytes' Anti-Malware version 1.51.2.1300

DisplayName REG_SZ Mass Effect 2 Suicide Mission Survival Calculator version 1.16

DisplayName REG_SZ Microsoft .NET Framework 3.5 SP1

DisplayName REG_SZ Microsoft .NET Framework 3.5 SP1

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office Access MUI (English) 2007

DisplayName REG_SZ Microsoft Office Access Setup Metadata MUI (English) 2007

DisplayName REG_SZ Microsoft Office Enterprise 2007

DisplayName REG_SZ Microsoft Office Enterprise 2007

DisplayName REG_SZ Microsoft Office Excel MUI (English) 2007

DisplayName REG_SZ Microsoft Office Groove MUI (English) 2007

DisplayName REG_SZ Microsoft Office Groove Setup Metadata MUI (English) 2007

DisplayName REG_SZ Microsoft Office Home and Student 60 day trial

DisplayName REG_SZ Microsoft Office InfoPath MUI (English) 2007

DisplayName REG_SZ Microsoft Office OneNote MUI (English) 2007

DisplayName REG_SZ Microsoft Office Outlook MUI (English) 2007

DisplayName REG_SZ Microsoft Office PowerPoint MUI (English) 2007

DisplayName REG_SZ Microsoft Office PowerPoint Viewer 2007 (English)

DisplayName REG_SZ Microsoft Office Proof (English) 2007

DisplayName REG_SZ Microsoft Office Proof (French) 2007

DisplayName REG_SZ Microsoft Office Proof (Spanish) 2007

DisplayName REG_SZ Microsoft Office Proofing (English) 2007

DisplayName REG_SZ Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

DisplayName REG_SZ Microsoft Office Publisher MUI (English) 2007

DisplayName REG_SZ Microsoft Office Shared MUI (English) 2007

DisplayName REG_SZ Microsoft Office Shared Setup Metadata MUI (English) 2007

DisplayName REG_SZ Microsoft Office Word MUI (English) 2007

DisplayName REG_SZ Microsoft VC9 runtime libraries

DisplayName REG_SZ Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

DisplayName REG_SZ Microsoft Visual C++ 2005 Redistributable

DisplayName REG_SZ Microsoft Works

DisplayName REG_SZ Mozilla Firefox 7.0.1 (x86 en-US)

DisplayName REG_SZ MSXML 4.0 SP2 (KB954430)

DisplayName REG_SZ MSXML 4.0 SP2 (KB973688)

DisplayName REG_SZ muvee autoProducer 6.1

DisplayName REG_SZ My HP Games

DisplayName REG_SZ Norton AntiVirus

DisplayName REG_SZ Norton AntiVirus Help

DisplayName REG_SZ Norton Confidential Core

DisplayName REG_SZ Norton Internet Security

DisplayName REG_SZ Norton Internet Security (Symantec Corporation)

DisplayName REG_SZ Norton Protection Center

DisplayName REG_SZ NVIDIA Drivers

DisplayName REG_SZ Online Armor 3.5

DisplayName REG_SZ Power2Go

DisplayName REG_SZ Python 2.5

DisplayName REG_SZ QuickTime

DisplayName REG_SZ RealNetworks - Microsoft Visual C++ 2008 Runtime

DisplayName REG_SZ RealPlayer

DisplayName REG_SZ Realtek High Definition Audio Driver

DisplayName REG_SZ RealUpgrade 1.1

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB2288621)

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB2288931)

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB2345043)

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB2553074)

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB2553089)

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB2553090)

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB2584063)

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB969559)

DisplayName REG_SZ Security Update for 2007 Microsoft Office System (KB976321)

DisplayName REG_SZ Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

DisplayName REG_SZ Security Update for Microsoft Office Access 2007 (KB979440)

DisplayName REG_SZ Security Update for Microsoft Office Access 2007 (KB979440)

DisplayName REG_SZ Security Update for Microsoft Office Excel 2007 (KB2553073)

DisplayName REG_SZ Security Update for Microsoft Office Groove 2007 (KB2552997)

DisplayName REG_SZ Security Update for Microsoft Office InfoPath 2007 (KB2510061)

DisplayName REG_SZ Security Update for Microsoft Office InfoPath 2007 (KB979441)

DisplayName REG_SZ Security Update for Microsoft Office InfoPath 2007 (KB979441)

DisplayName REG_SZ Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

DisplayName REG_SZ Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

DisplayName REG_SZ Security Update for Microsoft Office Publisher 2007 (KB2284697)

DisplayName REG_SZ Security Update for Microsoft Office system 2007 (972581)

DisplayName REG_SZ Security Update for Microsoft Office system 2007 (KB974234)

DisplayName REG_SZ Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

DisplayName REG_SZ Security Update for Microsoft Office Word 2007 (KB2344993)

DisplayName REG_SZ Snapfish Picture Mover

DisplayName REG_SZ SPBBC 32bit

DisplayName REG_SZ Spybot - Search & Destroy

DisplayName REG_SZ Symantec Real Time Storage Protection Component

DisplayName REG_SZ SymNet

DisplayName REG_SZ Ulead GIF Animator 5 ESD

DisplayName REG_SZ Update for 2007 Microsoft Office System (KB967642)

DisplayName REG_SZ Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

DisplayName REG_SZ Update for Microsoft Office 2007 System (KB2539530)

DisplayName REG_SZ Update for Microsoft Office OneNote 2007 (KB980729)

DisplayName REG_SZ Update for Microsoft Office Outlook 2007 (KB2583910)

DisplayName REG_SZ Update for Outlook 2007 Junk Email Filter (KB2553110)

DisplayName REG_SZ VC80CRTRedist - 8.0.50727.762

DisplayName REG_SZ Videora iPod touch Converter 5.04

DisplayName REG_SZ Vuze

DisplayName REG_SZ WinRAR archiver

DisplayName REG_SZ Yahoo! Toolbar

ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1

ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1

ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1

ParentDisplayName REG_SZ Microsoft .NET Framework 3.5 SP1

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

ParentDisplayName REG_SZ Microsoft Office Enterprise 2007

PsuedoDisplayName REG_SZ LiveUpdate 3.3 (Symantec Corporation)

WildTangentUninstallDisplayName REG_SZ Amazing Adventures The Lost Tomb

WildTangentUninstallDisplayName REG_SZ Bejeweled 2 Deluxe

WildTangentUninstallDisplayName REG_SZ Belle's Beauty Boutique

WildTangentUninstallDisplayName REG_SZ Blackhawk Striker 2

WildTangentUninstallDisplayName REG_SZ Blasterball 3

WildTangentUninstallDisplayName REG_SZ Boggle

WildTangentUninstallDisplayName REG_SZ Build-a-lot

WildTangentUninstallDisplayName REG_SZ Chuzzle Deluxe

WildTangentUninstallDisplayName REG_SZ Crystal Maze

WildTangentUninstallDisplayName REG_SZ Diner Dash Hometown Hero

WildTangentUninstallDisplayName REG_SZ Family Feud

WildTangentUninstallDisplayName REG_SZ FATE

WildTangentUninstallDisplayName REG_SZ Jewel Quest Solitaire 2

WildTangentUninstallDisplayName REG_SZ Luxor 3

WildTangentUninstallDisplayName REG_SZ Mah Jong Quest

WildTangentUninstallDisplayName REG_SZ My HP Game Console

WildTangentUninstallDisplayName REG_SZ Mystery P.I. - The Lottery Ticket

WildTangentUninstallDisplayName REG_SZ Paradise Pet Salon

WildTangentUninstallDisplayName REG_SZ Penguins!

WildTangentUninstallDisplayName REG_SZ Pirateville

WildTangentUninstallDisplayName REG_SZ Plant Tycoon

WildTangentUninstallDisplayName REG_SZ Poker Superstars 2

WildTangentUninstallDisplayName REG_SZ Polar Bowler

WildTangentUninstallDisplayName REG_SZ Polar Golfer

WildTangentUninstallDisplayName REG_SZ Supercow

WildTangentUninstallDisplayName REG_SZ Tradewinds

WildTangentUninstallDisplayName REG_SZ Virtual Villagers - A New Home

WildTangentUninstallDisplayName REG_SZ Wedding Dash

WildTangentUninstallDisplayName REG_SZ Zuma Deluxe

#####################################################################################################

-- All DONE! :)

~ ShadowPuterDude ~

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future please don't attach any logs, and don't use spoiler or code tags. Thank you.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

thank you

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17

Run by senator perkins at 17:58:21 on 2011-10-11

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.255 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Online Armor Firewall *Disabled* {803A20E9-13BD-79B3-717A-353FCB758BFB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\2570196444:602590566.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Tall Emu\Online Armor\OAcat.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\WerFault.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com?o=13735&l=dir

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.5\CoIEPlg.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [<NO NAME>]

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon

mRun: [emsisoft anti-malware] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

TCP: Interfaces\{F576BB41-3412-4D34-864F-FDA19F2E5525} : DhcpNameServer = 192.168.1.1 68.237.161.12

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\senator perkins\appdata\roaming\mozilla\firefox\profiles\2g0za29i.default\

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

.

============= SERVICES / DRIVERS ===============

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2011-10-7 17904]

R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2011-10-7 34768]

R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2011-10-7 11776]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-6-13 198224]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-6-13 31824]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2009-6-13 361672]

R3 OAnet;OnlineArmor Service;c:\windows\system32\drivers\OAnet.sys [2009-6-13 30800]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-10-7 3070944]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-21 136176]

S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-6 149864]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-21 136176]

S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20071204.002\IDSvix86.sys [2008-8-14 180272]

S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2008-8-14 493568]

.

=============== Created Last 30 ================

.

2011-10-11 08:32:49 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbce5bcc-436d-4a5b-882e-3363deb81f96}\offreg.dll

2011-10-11 08:32:38 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bbce5bcc-436d-4a5b-882e-3363deb81f96}\mpengine.dll

2011-10-11 08:32:12 -------- d-----w- C:\667de2dfd6d961d0fe98dc1fe3dee0

2011-10-11 05:31:43 -------- d-----w- c:\users\senator perkins\appdata\roaming\SUPERAntiSpyware.com

2011-10-11 05:30:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-10-11 05:30:53 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-10 07:10:27 48016 --sha-w- c:\windows\system32\c_62220.nl_

2011-10-10 06:25:12 537850 ----a-w- C:\HaxFix.exe

2011-10-10 06:25:11 -------- d-----w- c:\windows\HaxFix

2011-10-09 22:35:47 -------- d-----w- c:\program files\Trend Micro

2011-10-09 20:38:16 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-09 02:54:10 -------- d-sh--w- c:\users\senator perkins\appdata\local\dc153299

2011-10-07 04:53:52 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2011-09-28 00:23:17 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-09-28 00:23:17 -------- d--h--w- c:\programdata\CanonEPP

2011-09-28 00:03:57 -------- d-----w- c:\programdata\CanonIJMSetup

2011-09-28 00:00:24 -------- d-----w- c:\program files\common files\CANON

2011-09-28 00:00:06 -------- d-----w- c:\programdata\CanonIJWSpt

2011-09-27 23:54:11 73216 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPPAE.DLL

2011-09-27 23:54:11 27648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPDAE.DLL

2011-09-27 23:52:51 307200 ----a-w- c:\windows\system32\CNC5200L.dll

2011-09-27 23:52:50 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-09-27 23:52:50 1335296 ----a-w- c:\windows\system32\CNC5200C.dll

2011-09-27 23:52:50 114688 ----a-w- c:\windows\system32\CNC5200I.dll

2011-09-27 23:52:50 106496 ----a-w- c:\windows\system32\CNC5200U.dll

2011-09-27 23:51:08 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL

2011-09-27 23:50:56 94208 ----a-w- c:\windows\system32\CNC5200O.dll

2011-09-27 23:50:54 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL

2011-09-27 23:50:29 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-09-27 23:50:29 -------- d-----w- c:\windows\system32\STRING

2011-09-27 23:49:38 -------- d-----w- c:\program files\Canon

.

==================== Find3M ====================

.

2011-10-10 07:37:55 35384 ----a-w- c:\windows\system32\drivers\kbdclass.sys

2011-09-28 13:08:08 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 18:00:21.48 ===============

Link to post
Share on other sites

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 8/14/2008 9:31:12 PM

System Uptime: 10/18/2011 11:14:45 PM (0 hours ago)

.

Motherboard: OEM_MB | | IVY8

Processor: AMD Sempron Processor LE-1300 | Socket AM2 | 1800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 7.702 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 1.341 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0004

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #3

PNP Device ID: ROOT\*ISATAP\0004

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: USB Wireless 802.11 b/g Adaptor

Device ID: USB\VID_15A9&PID_0004\5&B4BAB2F&0&7

Manufacturer: Lite-On

Name: USB Wireless 802.11 b/g Adaptor

PNP Device ID: USB\VID_15A9&PID_0004\5&B4BAB2F&0&7

Service: netr73

.

Class GUID:

Description:

Device ID: ROOT\LEGACY_BEEP\XX_DC153299_XX

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_BEEP\XX_DC153299_XX

Service: dc153299

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Active@ ISO Burner

Adobe Flash Player 11 Plugin

Adobe Flash Player ActiveX

Adobe Reader 8.2.3

AIM 6

AppCore

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

AutoUpdate

AviSynth 2.5

BitTorrent

Boilsoft Video Splitter 5.16

Bonjour

Canon Easy-PhotoPrint EX

Canon MG5200 series MP Drivers

Canon MG5200 series User Registration

Canon MP Navigator EX 4.0

Canon My Printer

Canon Solution Menu EX

ccCommon

CCleaner

Compatibility Pack for the 2007 Office system

Component Framework

CyberLink DVD Suite Deluxe

CyberLink PowerDirector

DivX Codec

DivX Converter

DivX Player

DivX Version Checker

DVD Play

Emsisoft Anti-Malware

Emsisoft HiJackFree 4.0

FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108

GIMP 2.6.11

Google Chrome

Google Update Helper

Hardware Diagnostic Tools

Hewlett-Packard Active Check for Health Check

Hewlett-Packard Asset Agent for Health Check

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Customer Feedback

HP Total Care Advisor

HP Update

HPTCSSetup

iTunes

Java Auto Updater

Java 6 Update 17

Java SE Runtime Environment 6 Update 1

LabelPrint

LightScribe System Software 1.12.37.1

LightScribeTemplateLabeler

LiveUpdate (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.2.1300

Mass Effect 2 Suicide Mission Survival Calculator version 1.16

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 60 day trial

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mozilla Firefox 7.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

My HP Games

Norton AntiVirus

Norton AntiVirus Help

Norton Confidential Core

Norton Internet Security

Norton Internet Security (Symantec Corporation)

Norton Protection Center

NVIDIA Drivers

Online Armor 3.5

Power2Go

Python 2.5

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Snapfish Picture Mover

SPBBC 32bit

Spybot - Search & Destroy

SUPERAntiSpyware

Symantec Real Time Storage Protection Component

SymNet

Ulead GIF Animator 5 ESD

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Outlook 2007 Junk Email Filter (KB2553110)

VC80CRTRedist - 8.0.50727.762

Videora iPod touch Converter 5.04

Vuze

WinRAR archiver

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

23525270 DfsC i8042prt pbbfoxnj suf

12848494 DfsC pbbfoxnj suf

12848494 DfsC pbbfoxnj suf

12848494 DfsC pbbfoxnj suf

12848494 DfsC pbbfoxnj suf

12848494 DfsC pbbfoxnj suf

12848494 DfsC pbbfoxnj suf

12848494 DfsC pbbfoxnj suf

12848494 DfsC pbbfoxnj suf

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

12848494

10/18/2011 7:37:11 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

10/18/2011 7:22:13 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/18/2011 6:27:59 PM, Error: EventLog [6008] - The previous system shutdown at 1:19:15 AM on 10/18/2011 was unexpected.

10/18/2011 12:37:29 AM, Error: EventLog [6008] - The previous system shutdown at 12:35:21 AM on 10/18/2011 was unexpected.

10/18/2011 12:15:29 AM, Error: EventLog [6008] - The previous system shutdown at 12:14:00 AM on 10/18/2011 was unexpected.

10/18/2011 11:17:46 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.

10/18/2011 11:16:56 PM, Error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the file specified.

10/18/2011 11:16:56 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The system cannot find the file specified.

10/18/2011 11:16:56 PM, Error: Service Control Manager [7000] - The Online Armor Helper Service service failed to start due to the following error: The system cannot find the file specified.

10/18/2011 11:16:56 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the file specified.

10/18/2011 11:16:56 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.

10/18/2011 11:15:08 PM, Error: EventLog [6008] - The previous system shutdown at 11:13:09 PM on 10/18/2011 was unexpected.

10/17/2011 8:51:08 PM, Error: EventLog [6008] - The previous system shutdown at 8:49:19 PM on 10/17/2011 was unexpected.

10/17/2011 6:57:43 AM, Error: EventLog [6008] - The previous system shutdown at 6:56:52 AM on 10/17/2011 was unexpected.

10/17/2011 6:44:49 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).

10/17/2011 6:43:57 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/17/2011 6:43:32 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/17/2011 6:43:32 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

10/17/2011 6:42:00 AM, Error: EventLog [6008] - The previous system shutdown at 12:32:39 AM on 10/17/2011 was unexpected.

10/17/2011 3:33:10 PM, Error: EventLog [6008] - The previous system shutdown at 3:28:23 PM on 10/17/2011 was unexpected.

10/17/2011 2:11:33 PM, Error: EventLog [6008] - The previous system shutdown at 2:08:17 PM on 10/17/2011 was unexpected.

10/17/2011 12:24:47 AM, Error: EventLog [6008] - The previous system shutdown at 12:22:59 AM on 10/17/2011 was unexpected.

10/17/2011 11:10:27 AM, Error: EventLog [6008] - The previous system shutdown at 8:04:33 AM on 10/17/2011 was unexpected.

10/17/2011 1:55:25 PM, Error: EventLog [6008] - The previous system shutdown at 12:15:18 PM on 10/17/2011 was unexpected.

10/16/2011 7:07:01 PM, Error: EventLog [6008] - The previous system shutdown at 7:05:58 PM on 10/16/2011 was unexpected.

10/16/2011 2:12:19 AM, Error: EventLog [6008] - The previous system shutdown at 2:10:31 AM on 10/16/2011 was unexpected.

10/16/2011 2:08:59 PM, Error: EventLog [6008] - The previous system shutdown at 2:07:12 PM on 10/16/2011 was unexpected.

10/16/2011 2:01:21 PM, Error: EventLog [6008] - The previous system shutdown at 12:32:55 PM on 10/16/2011 was unexpected.

10/16/2011 12:04:47 AM, Error: EventLog [6008] - The previous system shutdown at 12:02:47 AM on 10/16/2011 was unexpected.

10/16/2011 11:25:04 AM, Error: EventLog [6008] - The previous system shutdown at 11:23:50 AM on 10/16/2011 was unexpected.

10/16/2011 10:42:59 AM, Error: EventLog [6008] - The previous system shutdown at 10:41:26 AM on 10/16/2011 was unexpected.

10/16/2011 10:17:37 AM, Error: EventLog [6008] - The previous system shutdown at 2:12:19 AM on 10/16/2011 was unexpected.

10/15/2011 8:19:32 AM, Error: EventLog [6008] - The previous system shutdown at 8:18:16 AM on 10/15/2011 was unexpected.

10/15/2011 7:45:25 AM, Error: EventLog [6008] - The previous system shutdown at 7:43:52 AM on 10/15/2011 was unexpected.

10/15/2011 7:37:02 AM, Error: EventLog [6008] - The previous system shutdown at 2:14:21 AM on 10/15/2011 was unexpected.

10/15/2011 6:31:56 PM, Error: EventLog [6008] - The previous system shutdown at 6:30:50 PM on 10/15/2011 was unexpected.

10/15/2011 4:44:03 PM, Error: EventLog [6008] - The previous system shutdown at 4:42:05 PM on 10/15/2011 was unexpected.

10/15/2011 3:59:15 PM, Error: EventLog [6008] - The previous system shutdown at 1:35:05 PM on 10/15/2011 was unexpected.

10/14/2011 9:09:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

10/14/2011 6:26:40 PM, Error: EventLog [6008] - The previous system shutdown at 6:25:02 PM on 10/14/2011 was unexpected.

10/14/2011 6:08:11 PM, Error: EventLog [6008] - The previous system shutdown at 6:07:13 PM on 10/14/2011 was unexpected.

10/14/2011 3:05:56 AM, Error: EventLog [6008] - The previous system shutdown at 3:04:12 AM on 10/14/2011 was unexpected.

10/14/2011 2:55:59 PM, Error: EventLog [6008] - The previous system shutdown at 2:54:06 PM on 10/14/2011 was unexpected.

10/14/2011 11:50:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

10/14/2011 10:16:04 PM, Error: EventLog [6008] - The previous system shutdown at 10:14:31 PM on 10/14/2011 was unexpected.

10/13/2011 10:39:23 PM, Error: EventLog [6008] - The previous system shutdown at 7:58:09 AM on 10/13/2011 was unexpected.

10/12/2011 11:18:04 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{F576BB41-3412-4D34-864F-FDA19F2E5525} because another computer on the network has the same name. The server could not start.

10/12/2011 11:08:38 PM, Error: EventLog [6008] - The previous system shutdown at 11:07:14 PM on 10/12/2011 was unexpected.

10/12/2011 10:43:46 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume HP.

10/12/2011 10:39:22 PM, Error: EventLog [6008] - The previous system shutdown at 10:37:58 PM on 10/12/2011 was unexpected.

10/12/2011 10:38:55 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

10/11/2011 8:40:00 AM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.

10/11/2011 8:29:57 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

10/11/2011 8:29:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SAS Core Service service to connect.

10/11/2011 8:29:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.

10/11/2011 8:29:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

10/11/2011 8:29:57 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2011 8:29:57 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/11/2011 8:29:57 PM, Error: Service Control Manager [7000] - The Emsisoft Anti-Malware 6.0 - Service service failed to start due to the following error: Access is denied.

10/11/2011 8:29:57 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2011 8:29:57 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/11/2011 8:28:19 PM, Error: EventLog [6008] - The previous system shutdown at 8:26:53 PM on 10/11/2011 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

ComboFix 11-10-18.04 - senator perkins 10/18/2011 19:31:58.1.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.122 [GMT -4:00]

Running from: c:\users\senator perkins\Desktop\ComboFix.exe

FW: Online Armor Firewall *Disabled* {803A20E9-13BD-79B3-717A-353FCB758BFB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\SENATO~1\AppData\Local\Temp\Rar$EX02.713\TDSSKiller.exe

c:\users\SENATO~1\AppData\Local\Temp\SUPERSetup\setup.dll

c:\users\senator perkins\AppData\Local\Temp\Rar$EX02.713\TDSSKiller.exe

c:\users\senator perkins\AppData\Local\Temp\SUPERSetup\setup.dll

c:\users\senator perkins\Documents\~WRD0004.tmp

c:\users\senator perkins\Documents\~WRL0003.tmp

c:\users\senator perkins\Documents\~WRL1840.tmp

c:\windows\$NtUninstallKB4467$\3692376729\@

c:\windows\$NtUninstallKB4467$\3692376729\L\ogejidap

c:\windows\$NtUninstallKB4467$\3692376729\loader.tlb

c:\windows\$NtUninstallKB4467$\3692376729\U\@00000001

c:\windows\$NtUninstallKB4467$\3692376729\U\@000000c0

c:\windows\$NtUninstallKB4467$\3692376729\U\@000000cb

c:\windows\$NtUninstallKB4467$\3692376729\U\@000000cf

c:\windows\$NtUninstallKB4467$\3692376729\U\@80000000

c:\windows\$NtUninstallKB4467$\3692376729\U\@800000c0

c:\windows\$NtUninstallKB4467$\3692376729\U\@800000cb

c:\windows\$NtUninstallKB4467$\3692376729\U\@800000cf

c:\windows\$NtUninstallKB4467$\838462630

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\iun6002.exe

c:\windows\system32\

c:\windows\system32\jucheck.exe

c:\windows\system32\jusched.exe

c:\windows\$NtUninstallKB4467$ . . . . Failed to delete

.

Infected copy of c:\windows\System32\wuauclt.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe

.

c:\program files\SUPERAntiSpyware\SASCORE.EXE . . . is infected!!

c:\program files\SUPERAntiSpyware\SASCORE.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . is infected!!

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Bonjour\mDNSResponder.exe . . . is infected!!

c:\program files\Bonjour\mDNSResponder.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Google\Update\GoogleUpdate.exe . . . is infected!!

c:\program files\Google\Update\GoogleUpdate.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Common Files\LightScribe\LSSrvc.exe . . . is infected!!

c:\program files\Common Files\LightScribe\LSSrvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Tall Emu\Online Armor\OAcat.exe . . . is infected!!

c:\program files\Tall Emu\Online Armor\OAcat.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe . . . is infected!!

c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\program files\Viewpoint\Common\ViewpointService.exe . . . is infected!!

c:\program files\Viewpoint\Common\ViewpointService.exe . . . was deleted!! You should re-install the program it pertains to

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_dc153299

.

.

((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))

.

.

2011-10-19 00:35 . 2011-10-19 00:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-18 23:30 . 2011-10-19 03:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BBCE5BCC-436D-4A5B-882E-3363DEB81F96}\offreg.dll

2011-10-09 22:35 . 2011-10-09 22:35 -------- d-----w- c:\program files\Trend Micro

2011-10-09 20:38 . 2011-10-09 20:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-09 02:54 . 2011-10-09 02:54 -------- d-sh--w- c:\users\senator perkins\AppData\Local\dc153299

2011-10-07 04:53 . 2011-10-07 04:54 -------- d-----w- c:\program files\Emsisoft Anti-Malware

2011-09-28 00:23 . 2011-09-28 00:23 -------- d--h--w- c:\programdata\CanonIJEPPEX2

2011-09-28 00:23 . 2011-09-28 00:23 -------- d--h--w- c:\programdata\CanonEPP

2011-09-28 00:03 . 2011-09-28 00:03 -------- d-----w- c:\programdata\CanonIJMSetup

2011-09-28 00:00 . 2011-09-28 00:00 -------- d-----w- c:\program files\Common Files\CANON

2011-09-28 00:00 . 2011-09-28 00:00 -------- d-----w- c:\programdata\CanonIJWSpt

2011-09-27 23:54 . 2011-09-27 23:54 -------- d--h--w- c:\programdata\CanonBJ

2011-09-27 23:54 . 2010-08-25 09:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL

2011-09-27 23:54 . 2010-08-25 09:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL

2011-09-27 23:53 . 2011-09-27 23:53 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2011-09-27 23:52 . 2010-03-18 23:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll

2011-09-27 23:52 . 2010-03-18 21:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll

2011-09-27 23:52 . 2010-03-18 21:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll

2011-09-27 23:52 . 2010-03-18 21:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll

2011-09-27 23:52 . 2008-08-25 22:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll

2011-09-27 23:51 . 2010-08-25 09:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL

2011-09-27 23:50 . 2010-06-03 15:12 94208 ----a-w- c:\windows\system32\CNC5200O.dll

2011-09-27 23:50 . 2010-03-11 07:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL

2011-09-27 23:50 . 2011-09-27 23:50 -------- d-----w- c:\windows\system32\STRING

2011-09-27 23:50 . 2010-02-05 09:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL

2011-09-27 23:49 . 2011-09-28 00:03 -------- d-----w- c:\program files\Canon

2011-09-20 05:34 . 2011-09-20 05:34 -------- d-----w- c:\windows\Sun

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-14 22:48 . 2008-01-21 02:32 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-10-13 02:40 . 2011-05-15 09:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-31 21:00 . 2010-08-15 05:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-09-29 06:53 . 2011-03-24 06:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 16:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

.

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-14 4611456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-12 8497696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-12 81920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]

"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2011-10-05 3560336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk

backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2008-02-06 12:48 51048 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]

2008-03-11 18:17 90112 ----a-w- c:\program files\HP\DVDPlay\DPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]

2008-04-15 00:58 972128 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]

2008-02-23 10:41 611712 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-05-24 11:40 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R0 12848494;12848494;c:\windows\system32\drivers\14282211.sys [x]

R0 23525270;23525270;c:\windows\system32\drivers\81995286.sys [x]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-10-05 3070944]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2011-05-14 34768]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=13735&l=dir

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1 68.237.161.12

FF - ProfilePath - c:\users\senator perkins\AppData\Roaming\Mozilla\Firefox\Profiles\2g0za29i.default\

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-04156203.sys

SafeBoot-09365366.sys

SafeBoot-12848494.sys

SafeBoot-23525270.sys

MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

AddRemove-EO_Video_1.3 - c:\windows\iun6002.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-18 23:17

Windows 6.0.6001 Service Pack 1 NTFS

.

detected NTDLL code modification:

ZwOpenFile

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]

"ImagePath"="system32\drivers\tsk5B2.tmp"

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2011-10-18 23:26:51 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-19 03:26

.

Pre-Run: 7,866,695,680 bytes free

Post-Run: 8,342,523,904 bytes free

.

- - End Of File - - 9B6E87606541EF55FF664841A3A6DAD2

Link to post
Share on other sites

  • Staff

Hi,

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis and/or Ask Toolbar to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

Microsoft Security Essentials (what I use)

AntiVir

avast!.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=221d7bedb4b4b1428e3d7c802f0d6b56

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-27 10:28:08

# local_time=2011-10-27 06:28:08 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=6.0.6001 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 1418496 1418496 0 0

# compatibility_mode=3586 16764926 60 14 100013369 117525023 0 0

# compatibility_mode=5892 16776573 100 100 34070 156312215 0 0

# compatibility_mode=6401 16777214 66 85 0 77872133 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9730 16764926 40 8 816451 26387671 0 0

# scanned=180586

# found=17

# cleaned=16

# scan_time=6635

C:\Program Files\Common Files\Symantec Shared\PIF\{96E26A03-A25A-400b-B9B4-564C9BD00F46}\pifCrawl.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Common Files\LightScribe\LSSrvc.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Common Files\SYMANT~1\CCPD-LC\symlcsvc.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Google\Update\GoogleUpdate.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASCORE.EXE.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Tall Emu\Online Armor\OAcat.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Program Files\Viewpoint\Common\ViewpointService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Users\senator perkins\AppData\Local\dc153299\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\WINDOWS\System32\wuauclt.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Users\senator perkins\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\2b3ffbdd-35388964 a variant of Win32/Kryptik.TSJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\senator perkins\Downloads\SkipScreen-Setup.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\System32\c_62220.nl_ a variant of Win32/Sirefef.CR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\System32\drivers\netbios.sys a variant of Win32/Rootkit.Kryptik.DM trojan (unable to clean) 00000000000000000000000000000000 I

C:\WINDOWS\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys a variant of Win32/Rootkit.Kryptik.DY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.0.6001.18000_none_59e1b82a6b1f4ec0\netbios.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.24

Windows Vista Service Pack 1 x86 (UAC is disabled!)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

Norton AntiVirus

Norton AntiVirus Help

Norton Internet Security (Symantec Corporation)

Norton Internet Security

Online Armor 3.5

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 17

Java SE Runtime Environment 6 Update 1

Out of date Java installed!

Adobe Flash Player 11.0.1.152

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Emsisoft Anti-Malware a2guard.exe

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Grab a fresh copy of ComboFix, run it, and post its log.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    netbios.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.