Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

AVG cant get rid of Crypt.AQLW

Started by ds5000 , Feb 29 2012 09:38 PM

This topic is locked

41 replies to this topic

#1 ds5000

Member

Members
54 posts

Posted 29 February 2012 - 09:38 PM

I think this started when I did an update for my graphics card... After I did that, AVG came up saying it had found a trojan horse Crypt.AQLW, they've all had a "dll" extension SNMPTRAP.dll, dmprimer.dll, symdns.dll, SQTECH9080.dll.. and so on. After a few days, the warnings have become less. It went down from maybe 10 to 12 warnings in around 4 hours to today i only got 2 warnings so far, in about 4 hours. Ive noticed nothing different as far as the operation of the computer, only those warning that happen once in a while... Only thing, when i ran GMER scan... i got a blue screen and a reboot. Thats the only time ive seen anything major happen so far.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by dave at 20:13:17 on 2012-02-29
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3583.1990 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\WinTV\TVServer\CAPTUR~4.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uInternet Settings,ProxyServer = http=127.0.0.1:63253
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WebCamRT.exe]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Lvlciejlrxc] c:\users\dave\appdata\local\temp\spoolsv.exe
uRun: [LvlciejlqZ] c:\users\dave\appdata\local\temp\msmgm.exe
uRun: [Lvlciejlkc] c:\users\dave\appdata\local\temp\cmd.exe
uRun: [Lvlciejlpsc] c:\users\dave\appdata\local\temp\taskmgr.exe
uRun: [LvlciejlqW] c:\users\dave\appdata\local\temp\drweb.exe
uRun: [LvlciejlsPc] c:\users\dave\appdata\local\temp\nvsvc32.exe
uRun: [Lvlciejlqc] c:\users\dave\appdata\local\temp\win.exe
uRun: [Lvlciejlupc] c:\users\dave\appdata\local\temp\sysedit.exe
uRun: [Lvlciejlotc] c:\users\dave\appdata\local\temp\hexdump.exe
uRun: [LvlciejlZM] c:\users\dave\appdata\local\temp\ij65h.exe
uRun: [Lvlciejlsxf] c:\users\dave\appdata\local\temp\ktvmutnr.exe
uRun: [ZortamMp3MediaStudio] c:\program files\zortam mp3 media studio\zmmspro.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [QCDriverInstaller] c:\progra~1\common~1\logitech\qcdriv~2\Lqdsw.exe /addrun /l 1033 /LaunchAtStart
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cleanhdm.lnk - c:\users\dave\appdata\local\cleanhdm.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wintvr~1.lnk - c:\program files\wintv\wintv7\WinTVTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4901C0FD-75B4-45C5-9A63-7040FBC94EDE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C00EA25D-0200-4776-A720-B4304DE736D0} : DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\z3rqwx71.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\z3rqwx71.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\z3rqwx71.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\dave\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\dave\appdata\roaming\mozilla\plugins\npatgpc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2011-7-7 87368]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2010-11-26 602624]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-4-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-21 2348352]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-12-16 1153368]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-27 246600]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2010-11-26 28928]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2010-11-26 1217920]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2010-11-26 1220224]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2009-6-10 530944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 iksysflt;Macformatservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-21 1025352]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2011-4-4 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
.
=============== Created Last 30 ================
.
2012-02-22 03:17:21 -------- d-----w- c:\users\dave\appdata\roaming\NVIDIA
2012-02-22 03:16:05 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-22 03:16:05 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 03:16:05 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 03:16:05 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 03:16:05 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 03:16:05 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 03:16:05 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 03:16:05 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-22 03:16:05 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-16 04:54:10 -------- d-----w- c:\users\dave\appdata\roaming\AVG2012
2012-02-16 04:42:52 -------- d-----w- c:\users\dave\appdata\roaming\Malwarebytes
2012-02-05 21:06:06 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-03 20:05:08 -------- d-----w- c:\users\dave\appdata\local\CrossLoop
2012-02-02 02:43:29 -------- d-----w- C:\Winx
.
==================== Find3M ====================
.
2012-02-10 04:13:00 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13:00 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02:06 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00:44 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00:26 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00:26 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00:26 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 20:13:44.59 ===============

Attached Files

Attach.txt 28.71K 0 downloads
ark.txt 10.08K 2 downloads

BC Ads
BleepingComputer.com

#2 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 01 March 2012 - 02:44 AM

Hi ds5000!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
- Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.
- Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:

NEXT:

One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.

I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

NEXT:

Disable SpyBot TeaTimer
We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.

Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
If prompted with a legal dialog, accept the warning.
Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press
Click on
Click on
Uncheck this checkbox:
Close/Exit Spybot Search and Destroy

NEXT:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

NEXT:

Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

NEXT:

Running OTL

We need to create a New FULL OTL Report

Please download OTL from here if you have not done so already:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"

Copy and Paste the following code into the Posted Image

textbox.

msconfig
safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
tdx.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 ds5000

Member

Members
54 posts

Posted 01 March 2012 - 10:10 PM

1.
thank you for such a fast reply... im sorry but i dont get from work late during the day, so i will update this thread later in the evening hours... ive decided to repair the infected computer but discontinue its use on any online payment use, or access any personal accounts. thanks for those links, they really helped in making my decision.

2.
20:45:34.0601 5088 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
20:45:35.0099 5088 ============================================================
20:45:35.0099 5088 Current date / time: 2012/03/01 20:45:35.0099
20:45:35.0099 5088 SystemInfo:
20:45:35.0099 5088
20:45:35.0100 5088 OS Version: 6.1.7600 ServicePack: 0.0
20:45:35.0100 5088 Product type: Workstation
20:45:35.0100 5088 ComputerName: DAVE-PC
20:45:35.0100 5088 UserName: dave
20:45:35.0100 5088 Windows directory: C:\Windows
20:45:35.0100 5088 System windows directory: C:\Windows
20:45:35.0100 5088 Processor architecture: Intel x86
20:45:35.0100 5088 Number of processors: 4
20:45:35.0100 5088 Page size: 0x1000
20:45:35.0100 5088 Boot type: Normal boot
20:45:35.0100 5088 ============================================================
20:45:36.0327 5088 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x540BE, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
20:45:36.0329 5088 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:45:36.0353 5088 \Device\Harddisk0\DR0:
20:45:36.0353 5088 MBR used
20:45:36.0353 5088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:45:36.0353 5088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000
20:45:36.0353 5088 \Device\Harddisk1\DR1:
20:45:36.0354 5088 MBR used
20:45:36.0354 5088 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
20:45:36.0391 5088 Initialize success
20:45:36.0391 5088 ============================================================
20:46:00.0955 1296 ============================================================
20:46:00.0955 1296 Scan started
20:46:00.0955 1296 Mode: Manual; SigCheck; TDLFS;
20:46:00.0955 1296 ============================================================
20:46:03.0106 1296 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:46:03.0189 1296 1394ohci - ok
20:46:03.0231 1296 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:46:03.0246 1296 ACPI - ok
20:46:03.0273 1296 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:46:03.0323 1296 AcpiPmi - ok
20:46:03.0442 1296 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:46:03.0461 1296 adp94xx - ok
20:46:03.0491 1296 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:46:03.0507 1296 adpahci - ok
20:46:03.0541 1296 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:46:03.0553 1296 adpu320 - ok
20:46:03.0616 1296 AFD (9db8a27a008ab72213051eab90c6babb) C:\Windows\system32\drivers\afd.sys
20:46:03.0622 1296 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: 9db8a27a008ab72213051eab90c6babb, Fake md5: ddc040fdb01ef1712a6b13e52afb104c
20:46:03.0623 1296 AFD ( Virus.Win32.ZAccess.k ) - infected
20:46:03.0623 1296 AFD - detected Virus.Win32.ZAccess.k (0)
20:46:03.0644 1296 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:46:03.0655 1296 agp440 - ok
20:46:03.0696 1296 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:46:03.0708 1296 aic78xx - ok
20:46:03.0749 1296 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:46:03.0758 1296 aliide - ok
20:46:03.0775 1296 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:46:03.0785 1296 amdagp - ok
20:46:03.0859 1296 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:46:03.0876 1296 amdide - ok
20:46:03.0888 1296 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:46:03.0911 1296 AmdK8 - ok
20:46:03.0926 1296 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:46:03.0953 1296 AmdPPM - ok
20:46:03.0986 1296 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
20:46:03.0997 1296 amdsata - ok
20:46:04.0027 1296 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:46:04.0040 1296 amdsbs - ok
20:46:04.0071 1296 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
20:46:04.0081 1296 amdxata - ok
20:46:04.0131 1296 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:46:04.0240 1296 AppID - ok
20:46:04.0285 1296 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:46:04.0296 1296 arc - ok
20:46:04.0329 1296 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:46:04.0340 1296 arcsas - ok
20:46:04.0383 1296 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:46:04.0531 1296 AsyncMac - ok
20:46:04.0550 1296 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:46:04.0559 1296 atapi - ok
20:46:04.0657 1296 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:46:05.0744 1296 AVGIDSDriver - ok
20:46:05.0779 1296 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:46:05.0791 1296 AVGIDSEH - ok
20:46:05.0807 1296 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:46:05.0818 1296 AVGIDSFilter - ok
20:46:05.0859 1296 AVGIDSShim (dadca567891033dcf2ec4a3f9da46ae4) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
20:46:05.0870 1296 AVGIDSShim - ok
20:46:05.0898 1296 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
20:46:05.0913 1296 Avgldx86 - ok
20:46:05.0951 1296 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
20:46:05.0965 1296 Avgmfx86 - ok
20:46:05.0999 1296 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
20:46:06.0012 1296 Avgrkx86 - ok
20:46:06.0038 1296 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
20:46:06.0053 1296 Avgtdix - ok
20:46:06.0114 1296 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:46:06.0170 1296 b06bdrv - ok
20:46:06.0203 1296 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:46:06.0234 1296 b57nd60x - ok
20:46:06.0276 1296 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:46:06.0312 1296 Beep - ok
20:46:06.0327 1296 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:46:06.0339 1296 blbdrive - ok
20:46:06.0395 1296 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
20:46:06.0421 1296 bowser - ok
20:46:06.0436 1296 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:46:06.0458 1296 BrFiltLo - ok
20:46:06.0470 1296 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:46:06.0491 1296 BrFiltUp - ok
20:46:06.0514 1296 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:46:06.0542 1296 Brserid - ok
20:46:06.0562 1296 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:46:06.0584 1296 BrSerWdm - ok
20:46:06.0597 1296 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:46:06.0610 1296 BrUsbMdm - ok
20:46:06.0634 1296 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:46:06.0661 1296 BrUsbSer - ok
20:46:06.0716 1296 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
20:46:06.0759 1296 BTCFilterService - ok
20:46:06.0774 1296 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:46:06.0802 1296 BTHMODEM - ok
20:46:06.0832 1296 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:46:06.0858 1296 cdfs - ok
20:46:06.0902 1296 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:46:06.0921 1296 cdrom - ok
20:46:06.0955 1296 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:46:06.0969 1296 circlass - ok
20:46:07.0014 1296 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:46:07.0028 1296 CLFS - ok
20:46:07.0044 1296 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:46:07.0055 1296 CmBatt - ok
20:46:07.0064 1296 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:46:07.0074 1296 cmdide - ok
20:46:07.0097 1296 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
20:46:07.0126 1296 CNG - ok
20:46:07.0146 1296 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:46:07.0155 1296 Compbatt - ok
20:46:07.0183 1296 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:46:07.0209 1296 CompositeBus - ok
20:46:07.0262 1296 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:46:07.0279 1296 crcdisk - ok
20:46:07.0302 1296 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
20:46:07.0326 1296 CSC - ok
20:46:07.0406 1296 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
20:46:07.0440 1296 DfsC - ok
20:46:07.0459 1296 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:46:07.0496 1296 discache - ok
20:46:07.0508 1296 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:46:07.0518 1296 Disk - ok
20:46:07.0548 1296 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:46:07.0570 1296 drmkaud - ok
20:46:07.0619 1296 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
20:46:07.0638 1296 DXGKrnl - ok
20:46:07.0726 1296 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:46:07.0819 1296 ebdrv - ok
20:46:07.0882 1296 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:46:07.0900 1296 elxstor - ok
20:46:07.0916 1296 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:46:07.0934 1296 ErrDev - ok
20:46:07.0968 1296 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:46:07.0994 1296 exfat - ok
20:46:08.0014 1296 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:46:08.0047 1296 fastfat - ok
20:46:08.0063 1296 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:46:08.0076 1296 fdc - ok
20:46:08.0093 1296 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:46:08.0103 1296 FileInfo - ok
20:46:08.0124 1296 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:46:08.0149 1296 Filetrace - ok
20:46:08.0190 1296 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:46:08.0214 1296 flpydisk - ok
20:46:08.0237 1296 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:46:08.0249 1296 FltMgr - ok
20:46:08.0276 1296 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:46:08.0286 1296 FsDepends - ok
20:46:08.0293 1296 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:46:08.0303 1296 Fs_Rec - ok
20:46:08.0325 1296 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
20:46:08.0339 1296 fvevol - ok
20:46:08.0361 1296 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:46:08.0372 1296 gagp30kx - ok
20:46:08.0430 1296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:46:08.0436 1296 GEARAspiWDM - ok
20:46:08.0565 1296 hcw72ADFilter (da1f19058c5420959cc59888f4e608eb) C:\Windows\system32\DRIVERS\hcw72ADFilter.sys
20:46:08.0588 1296 hcw72ADFilter - ok
20:46:08.0628 1296 hcw72ATV (6ca0bd5e8a841145fec608565c3a1c80) C:\Windows\system32\DRIVERS\hcw72ATV.sys
20:46:08.0667 1296 hcw72ATV - ok
20:46:08.0744 1296 hcw72DTV (2c1571c8a0bc1101081631dbf4efcf1e) C:\Windows\system32\DRIVERS\hcw72DTV.sys
20:46:08.0795 1296 hcw72DTV - ok
20:46:08.0803 1296 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:46:08.0823 1296 hcw85cir - ok
20:46:08.0846 1296 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
20:46:08.0871 1296 HdAudAddService - ok
20:46:08.0891 1296 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:46:08.0913 1296 HDAudBus - ok
20:46:08.0929 1296 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:46:08.0942 1296 HidBatt - ok
20:46:08.0981 1296 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:46:09.0008 1296 HidBth - ok
20:46:09.0033 1296 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:46:09.0047 1296 HidIr - ok
20:46:09.0076 1296 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:46:09.0088 1296 HidUsb - ok
20:46:09.0123 1296 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:46:09.0134 1296 HpSAMD - ok
20:46:09.0164 1296 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:46:09.0203 1296 HTTP - ok
20:46:09.0217 1296 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:46:09.0226 1296 hwpolicy - ok
20:46:09.0249 1296 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:46:09.0262 1296 i8042prt - ok
20:46:09.0297 1296 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
20:46:09.0311 1296 iaStorV - ok
20:46:09.0420 1296 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:46:09.0551 1296 igfx - ok
20:46:09.0576 1296 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:46:09.0586 1296 iirsp - ok
20:46:09.0639 1296 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:46:09.0648 1296 intelide - ok
20:46:09.0673 1296 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:46:09.0690 1296 intelppm - ok
20:46:09.0749 1296 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:46:09.0784 1296 IpFilterDriver - ok
20:46:09.0806 1296 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:46:09.0820 1296 IPMIDRV - ok
20:46:09.0841 1296 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:46:09.0868 1296 IPNAT - ok
20:46:09.0897 1296 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:46:09.0940 1296 IRENUM - ok
20:46:09.0955 1296 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:46:09.0966 1296 isapnp - ok
20:46:09.0982 1296 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:46:09.0995 1296 iScsiPrt - ok
20:46:10.0034 1296 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:46:10.0044 1296 kbdclass - ok
20:46:10.0064 1296 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:46:10.0076 1296 kbdhid - ok
20:46:10.0122 1296 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
20:46:10.0133 1296 KSecDD - ok
20:46:10.0152 1296 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
20:46:10.0162 1296 KSecPkg - ok
20:46:10.0197 1296 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:46:10.0235 1296 lltdio - ok
20:46:10.0280 1296 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:46:10.0291 1296 LSI_FC - ok
20:46:10.0322 1296 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:46:10.0333 1296 LSI_SAS - ok
20:46:10.0363 1296 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:46:10.0374 1296 LSI_SAS2 - ok
20:46:10.0409 1296 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:46:10.0420 1296 LSI_SCSI - ok
20:46:10.0465 1296 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:46:10.0502 1296 luafv - ok
20:46:10.0571 1296 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\DRIVERS\LVUSBSta.sys
20:46:10.0601 1296 LVUSBSta - ok
20:46:10.0662 1296 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:46:10.0673 1296 megasas - ok
20:46:10.0713 1296 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:46:10.0727 1296 MegaSR - ok
20:46:10.0775 1296 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:46:10.0810 1296 Modem - ok
20:46:10.0876 1296 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:46:10.0895 1296 monitor - ok
20:46:10.0935 1296 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\Windows\system32\Drivers\motoandroid.sys
20:46:10.0975 1296 motandroidusb - ok
20:46:11.0017 1296 motccgp (f4ea1193a52c8fe4b8a135e210abe546) C:\Windows\system32\DRIVERS\motccgp.sys
20:46:11.0063 1296 motccgp - ok
20:46:11.0096 1296 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
20:46:11.0114 1296 motccgpfl - ok
20:46:11.0149 1296 motmodem (69814acd50a9d6d28296050ef6215d46) C:\Windows\system32\DRIVERS\motmodem.sys
20:46:11.0189 1296 motmodem - ok
20:46:11.0198 1296 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
20:46:11.0229 1296 MotoSwitchService - ok
20:46:11.0246 1296 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
20:46:11.0274 1296 Motousbnet - ok
20:46:11.0296 1296 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:46:11.0305 1296 mouclass - ok
20:46:11.0323 1296 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:46:11.0336 1296 mouhid - ok
20:46:11.0352 1296 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:46:11.0363 1296 mountmgr - ok
20:46:11.0381 1296 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:46:11.0393 1296 mpio - ok
20:46:11.0402 1296 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:46:11.0428 1296 mpsdrv - ok
20:46:11.0456 1296 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:46:11.0472 1296 MRxDAV - ok
20:46:11.0480 1296 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:46:11.0566 1296 mrxsmb - ok
20:46:11.0584 1296 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:46:11.0612 1296 mrxsmb10 - ok
20:46:11.0624 1296 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:46:11.0651 1296 mrxsmb20 - ok
20:46:11.0662 1296 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:46:11.0673 1296 msahci - ok
20:46:11.0696 1296 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:46:11.0708 1296 msdsm - ok
20:46:11.0761 1296 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:46:11.0785 1296 Msfs - ok
20:46:11.0800 1296 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:46:11.0832 1296 mshidkmdf - ok
20:46:11.0850 1296 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:46:11.0859 1296 msisadrv - ok
20:46:11.0881 1296 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:46:11.0906 1296 MSKSSRV - ok
20:46:11.0921 1296 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:46:11.0946 1296 MSPCLOCK - ok
20:46:11.0955 1296 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:46:11.0981 1296 MSPQM - ok
20:46:12.0000 1296 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:46:12.0011 1296 MsRPC - ok
20:46:12.0029 1296 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:46:12.0038 1296 mssmbios - ok
20:46:12.0045 1296 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:46:12.0076 1296 MSTEE - ok
20:46:12.0090 1296 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:46:12.0102 1296 MTConfig - ok
20:46:12.0152 1296 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
20:46:12.0183 1296 MTsensor - ok
20:46:12.0202 1296 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:46:12.0212 1296 Mup - ok
20:46:12.0235 1296 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:46:12.0262 1296 NativeWifiP - ok
20:46:12.0298 1296 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:46:12.0319 1296 NDIS - ok
20:46:12.0340 1296 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:46:12.0365 1296 NdisCap - ok
20:46:12.0392 1296 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:46:12.0416 1296 NdisTapi - ok
20:46:12.0429 1296 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:46:12.0455 1296 Ndisuio - ok
20:46:12.0471 1296 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:46:12.0498 1296 NdisWan - ok
20:46:12.0512 1296 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:46:12.0538 1296 NDProxy - ok
20:46:12.0545 1296 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:46:12.0571 1296 NetBIOS - ok
20:46:12.0587 1296 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:46:12.0614 1296 NetBT - ok
20:46:12.0658 1296 netr28 (652881f65b35564575255a0e05e23c55) C:\Windows\system32\DRIVERS\netr28.sys
20:46:12.0689 1296 netr28 - ok
20:46:12.0720 1296 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:46:12.0730 1296 nfrd960 - ok
20:46:12.0757 1296 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:46:12.0783 1296 Npfs - ok
20:46:12.0831 1296 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:46:12.0868 1296 nsiproxy - ok
20:46:12.0908 1296 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
20:46:12.0952 1296 Ntfs - ok
20:46:12.0960 1296 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:46:12.0985 1296 Null - ok
20:46:13.0252 1296 nvlddmkm (f452e6ad3eda2852f44be492e283c40f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:46:13.0414 1296 nvlddmkm - ok
20:46:13.0447 1296 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
20:46:13.0459 1296 nvraid - ok
20:46:13.0477 1296 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
20:46:13.0489 1296 nvstor - ok
20:46:13.0550 1296 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:46:13.0561 1296 nv_agp - ok
20:46:13.0580 1296 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:46:13.0604 1296 ohci1394 - ok
20:46:13.0629 1296 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:46:13.0641 1296 Parport - ok
20:46:13.0656 1296 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:46:13.0665 1296 partmgr - ok
20:46:13.0682 1296 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:46:13.0694 1296 Parvdm - ok
20:46:13.0709 1296 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:46:13.0720 1296 pci - ok
20:46:13.0757 1296 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:46:13.0766 1296 pciide - ok
20:46:13.0785 1296 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:46:13.0797 1296 pcmcia - ok
20:46:13.0817 1296 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:46:13.0827 1296 pcw - ok
20:46:13.0847 1296 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:46:13.0885 1296 PEAUTH - ok
20:46:13.0976 1296 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\Windows\system32\DRIVERS\LV561AV.SYS
20:46:13.0988 1296 PID_0928 - ok
20:46:14.0022 1296 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:46:14.0053 1296 PptpMiniport - ok
20:46:14.0068 1296 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:46:14.0081 1296 Processor - ok
20:46:14.0101 1296 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:46:14.0126 1296 Psched - ok
20:46:14.0186 1296 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:46:14.0233 1296 ql2300 - ok
20:46:14.0248 1296 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:46:14.0259 1296 ql40xx - ok
20:46:14.0277 1296 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:46:14.0292 1296 QWAVEdrv - ok
20:46:14.0305 1296 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:46:14.0331 1296 RasAcd - ok
20:46:14.0352 1296 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:46:14.0378 1296 RasAgileVpn - ok
20:46:14.0402 1296 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:46:14.0430 1296 Rasl2tp - ok
20:46:14.0459 1296 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:46:14.0495 1296 RasPppoe - ok
20:46:14.0508 1296 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:46:14.0546 1296 RasSstp - ok
20:46:14.0570 1296 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:46:14.0597 1296 rdbss - ok
20:46:14.0609 1296 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:46:14.0622 1296 rdpbus - ok
20:46:14.0635 1296 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:46:14.0667 1296 RDPCDD - ok
20:46:14.0701 1296 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
20:46:14.0755 1296 RDPDR - ok
20:46:14.0792 1296 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:46:14.0817 1296 RDPENCDD - ok
20:46:14.0835 1296 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:46:14.0862 1296 RDPREFMP - ok
20:46:14.0887 1296 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
20:46:14.0914 1296 RDPWD - ok
20:46:14.0939 1296 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:46:14.0952 1296 rdyboost - ok
20:46:15.0004 1296 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:46:15.0040 1296 rspndr - ok
20:46:15.0074 1296 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:46:15.0088 1296 RTL8167 - ok
20:46:15.0100 1296 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
20:46:15.0121 1296 s3cap - ok
20:46:15.0183 1296 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:46:15.0194 1296 sbp2port - ok
20:46:15.0229 1296 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:46:15.0271 1296 scfilter - ok
20:46:15.0327 1296 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:46:15.0358 1296 secdrv - ok
20:46:15.0379 1296 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:46:15.0391 1296 Serenum - ok
20:46:15.0399 1296 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:46:15.0423 1296 Serial - ok
20:46:15.0439 1296 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:46:15.0452 1296 sermouse - ok
20:46:15.0495 1296 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:46:15.0517 1296 sffdisk - ok
20:46:15.0535 1296 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:46:15.0561 1296 sffp_mmc - ok
20:46:15.0581 1296 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:46:15.0598 1296 sffp_sd - ok
20:46:15.0618 1296 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:46:15.0630 1296 sfloppy - ok
20:46:15.0665 1296 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:46:15.0682 1296 sisagp - ok
20:46:15.0709 1296 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:46:15.0719 1296 SiSRaid2 - ok
20:46:15.0733 1296 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:46:15.0744 1296 SiSRaid4 - ok
20:46:15.0777 1296 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:46:15.0802 1296 Smb - ok
20:46:15.0842 1296 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:46:15.0851 1296 spldr - ok
20:46:15.0879 1296 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
20:46:15.0907 1296 srv - ok
20:46:15.0930 1296 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
20:46:15.0958 1296 srv2 - ok
20:46:15.0973 1296 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
20:46:15.0998 1296 srvnet - ok
20:46:16.0020 1296 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:46:16.0030 1296 stexstor - ok
20:46:16.0051 1296 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
20:46:16.0060 1296 storflt - ok
20:46:16.0068 1296 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
20:46:16.0078 1296 storvsc - ok
20:46:16.0090 1296 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:46:16.0099 1296 swenum - ok
20:46:16.0168 1296 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
20:46:16.0212 1296 Tcpip - ok
20:46:16.0234 1296 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
20:46:16.0261 1296 TCPIP6 - ok
20:46:16.0281 1296 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:46:16.0315 1296 tcpipreg - ok
20:46:16.0332 1296 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:46:16.0358 1296 TDPIPE - ok
20:46:16.0379 1296 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
20:46:16.0403 1296 TDTCP - ok
20:46:16.0423 1296 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:46:16.0449 1296 tdx - ok
20:46:16.0467 1296 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:46:16.0488 1296 TermDD - ok
20:46:16.0555 1296 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:46:16.0580 1296 tssecsrv - ok
20:46:16.0608 1296 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:46:16.0634 1296 tunnel - ok
20:46:16.0669 1296 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:46:16.0679 1296 uagp35 - ok
20:46:16.0710 1296 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
20:46:16.0738 1296 udfs - ok
20:46:16.0777 1296 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:46:16.0788 1296 uliagpkx - ok
20:46:16.0814 1296 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:46:16.0827 1296 umbus - ok
20:46:16.0907 1296 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:46:16.0929 1296 UmPass - ok
20:46:16.0968 1296 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
20:46:17.0006 1296 USBAAPL - ok
20:46:17.0057 1296 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
20:46:17.0079 1296 usbaudio - ok
20:46:17.0087 1296 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
20:46:17.0101 1296 usbccgp - ok
20:46:17.0128 1296 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:46:17.0151 1296 usbcir - ok
20:46:17.0158 1296 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
20:46:17.0221 1296 usbehci - ok
20:46:17.0243 1296 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
20:46:17.0259 1296 usbhub - ok
20:46:17.0274 1296 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
20:46:17.0286 1296 usbohci - ok
20:46:17.0306 1296 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:46:17.0320 1296 usbprint - ok
20:46:17.0359 1296 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
20:46:17.0373 1296 usbscan - ok
20:46:17.0388 1296 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:46:17.0401 1296 USBSTOR - ok
20:46:17.0424 1296 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
20:46:17.0442 1296 usbuhci - ok
20:46:17.0466 1296 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:46:17.0476 1296 vdrvroot - ok
20:46:17.0495 1296 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:46:17.0508 1296 vga - ok
20:46:17.0516 1296 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:46:17.0542 1296 VgaSave - ok
20:46:17.0565 1296 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:46:17.0577 1296 vhdmp - ok
20:46:17.0595 1296 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:46:17.0605 1296 viaagp - ok
20:46:17.0628 1296 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:46:17.0654 1296 ViaC7 - ok
20:46:17.0667 1296 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:46:17.0677 1296 viaide - ok
20:46:17.0697 1296 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
20:46:17.0710 1296 vmbus - ok
20:46:17.0727 1296 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
20:46:17.0740 1296 VMBusHID - ok
20:46:17.0797 1296 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:46:17.0807 1296 volmgr - ok
20:46:17.0828 1296 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:46:17.0842 1296 volmgrx - ok
20:46:17.0863 1296 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:46:17.0876 1296 volsnap - ok
20:46:17.0903 1296 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:46:17.0915 1296 vsmraid - ok
20:46:17.0950 1296 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
20:46:17.0976 1296 vwifibus - ok
20:46:17.0993 1296 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
20:46:18.0008 1296 vwififlt - ok
20:46:18.0025 1296 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
20:46:18.0040 1296 vwifimp - ok
20:46:18.0065 1296 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:46:18.0078 1296 WacomPen - ok
20:46:18.0103 1296 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:46:18.0136 1296 WANARP - ok
20:46:18.0139 1296 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:46:18.0164 1296 Wanarpv6 - ok
20:46:18.0198 1296 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:46:18.0208 1296 Wd - ok
20:46:18.0235 1296 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:46:18.0251 1296 Wdf01000 - ok
20:46:18.0298 1296 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:46:18.0323 1296 WfpLwf - ok
20:46:18.0336 1296 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:46:18.0346 1296 WIMMount - ok
20:46:18.0434 1296 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
20:46:18.0463 1296 WinUsb - ok
20:46:18.0511 1296 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:46:18.0540 1296 WmiAcpi - ok
20:46:18.0565 1296 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:46:18.0591 1296 ws2ifsl - ok
20:46:18.0625 1296 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:46:18.0650 1296 WudfPf - ok
20:46:18.0672 1296 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:46:18.0704 1296 WUDFRd - ok
20:46:18.0775 1296 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:46:18.0853 1296 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:46:18.0853 1296 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:46:18.0858 1296 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
20:46:19.0149 1296 \Device\Harddisk1\DR1 - ok
20:46:19.0153 1296 Boot (0x1200) (6af5a51ae321d2dde022567547ce3edf) \Device\Harddisk0\DR0\Partition0
20:46:19.0154 1296 \Device\Harddisk0\DR0\Partition0 - ok
20:46:19.0183 1296 Boot (0x1200) (112b36e8a5b45b79622a752f02d15fcb) \Device\Harddisk0\DR0\Partition1
20:46:19.0184 1296 \Device\Harddisk0\DR0\Partition1 - ok
20:46:19.0187 1296 Boot (0x1200) (28d1b3f2a46ee167d2f9f66a26c92689) \Device\Harddisk1\DR1\Partition0
20:46:19.0189 1296 \Device\Harddisk1\DR1\Partition0 - ok
20:46:19.0190 1296 ============================================================
20:46:19.0190 1296 Scan finished
20:46:19.0190 1296 ============================================================
20:46:19.0203 0616 Detected object count: 2
20:46:19.0203 0616 Actual detected object count: 2
20:47:00.0280 0616 AFD ( Virus.Win32.ZAccess.k ) - skipped by user
20:47:00.0280 0616 AFD ( Virus.Win32.ZAccess.k ) - User select action: Skip
20:47:00.0280 0616 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:47:00.0280 0616 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:48:30.0437 3380 Deinitialize success

3.
Farbar Service Scanner Version: 01-03-2012
Ran by dave (administrator) on 01-03-2012 at 20:49:13
Running from "C:\Installation\Virus Programs"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
IE proxy is enabled.
ProxyServer: http=127.0.0.1:63253

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-13 17:53] - [2009-07-13 19:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 17:54] - [2009-07-13 19:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 17:23] - [2009-07-13 19:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 17:24] - [2009-07-13 19:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 18:15] - [2009-07-13 19:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 17:30] - [2009-07-13 19:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

4.
OTL logfile created on: 3/1/2012 8:51:15 PM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Installation\Virus Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 66.28% Memory free
7.00 Gb Paging File | 5.45 Gb Available in Paging File | 77.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.54 Gb Total Space | 346.04 Gb Free Space | 49.54% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 20:50:10 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Installation\Virus Programs\OTL.exe
PRC - [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/09 22:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/09 21:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/09 21:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/27 20:09:49 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/07 15:11:30 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/29 18:28:20 | 000,083,456 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010/03/29 18:13:00 | 000,310,272 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenUSB.exe
PRC - [2010/03/19 14:03:26 | 000,117,344 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\Ir.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/21 21:08:16 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/18 13:59:45 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/03/29 18:28:10 | 000,022,528 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2009/07/13 22:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/13 22:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/13 22:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/13 22:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/13 22:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.DLL
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (yukonwxp)
SRV - File not found [Auto | Stopped] -- -- (WUSB54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (wmi)
SRV - File not found [Auto | Stopped] -- -- (WmaCDriverV32)
SRV - File not found [Auto | Stopped] -- -- (UpdateCenterService)
SRV - File not found [Auto | Stopped] -- -- (ufdsvc)
SRV - File not found [Auto | Stopped] -- -- (U81xmdfl)
SRV - File not found [Auto | Stopped] -- -- (tosrfnds)
SRV - File not found [Auto | Stopped] -- -- (tosrfcom)
SRV - File not found [Auto | Stopped] -- -- (tavsvc)
SRV - File not found [Auto | Stopped] -- -- (szserver)
SRV - File not found [Auto | Stopped] -- -- (syslogd)
SRV - File not found [Auto | Stopped] -- -- (srvdpi)
SRV - File not found [Auto | Stopped] -- -- (SPFDRV)
SRV - File not found [Auto | Stopped] -- -- (speakerphone)
SRV - File not found [Auto | Stopped] -- -- (SerTVOutCtlr)
SRV - File not found [Auto | Stopped] -- -- (se45obex)
SRV - File not found [Auto | Stopped] -- -- (sbhooksvc)
SRV - File not found [Auto | Stopped] -- -- (s616mdm)
SRV - File not found [Auto | Stopped] -- -- (RMSvc)
SRV - File not found [Auto | Stopped] -- -- (raysat3_4_6_18server)
SRV - File not found [Auto | Stopped] -- -- (ql2100)
SRV - File not found [Auto | Stopped] -- -- (purgeieservice)
SRV - File not found [Auto | Stopped] -- -- (pcandis5)
SRV - File not found [Auto | Stopped] -- -- (omniusbl)
SRV - File not found [Auto | Stopped] -- -- (merakcontrol)
SRV - File not found [Auto | Stopped] -- -- (lxct_device)
SRV - File not found [Auto | Stopped] -- -- (LwUsbHid)
SRV - File not found [Auto | Stopped] -- -- (kpfwsvc)
SRV - File not found [Auto | Stopped] -- -- (klblmain)
SRV - File not found [Auto | Stopped] -- -- (iksysflt)
SRV - File not found [Auto | Stopped] -- -- (haspnt)
SRV - File not found [Auto | Stopped] -- -- (genmcmn)
SRV - File not found [Auto | Stopped] -- -- (GBFSHook)
SRV - File not found [Auto | Stopped] -- -- (framework)
SRV - File not found [Auto | Stopped] -- -- (elservice)
SRV - File not found [Auto | Stopped] -- -- (EKECioCtl)
SRV - File not found [Auto | Stopped] -- -- (Dell1100_FUService)
SRV - File not found [Auto | Stopped] -- -- (dbustrcm)
SRV - File not found [Auto | Stopped] -- -- (dbmang)
SRV - File not found [Auto | Stopped] -- -- (dbmanagerscheduler)
SRV - File not found [Auto | Stopped] -- -- (cwafreportscheduler)
SRV - File not found [Auto | Stopped] -- -- (cwafeventrouter)
SRV - File not found [Auto | Stopped] -- -- (cqmgserv)
SRV - File not found [Auto | Stopped] -- -- (cimnotify)
SRV - File not found [Auto | Stopped] -- -- (cfosspeeds)
SRV - File not found [Auto | Stopped] -- -- (cdrbsdrv)
SRV - File not found [Auto | Stopped] -- -- (CAMFLT)
SRV - File not found [Auto | Stopped] -- -- (bb-run)
SRV - File not found [Auto | Stopped] -- -- (ATMsg)
SRV - File not found [Auto | Stopped] -- -- (ANC)
SRV - File not found [Auto | Stopped] -- -- (aeclienthostservice)
SRV - File not found [Auto | Stopped] -- -- ({6080a529-897e-4629-a488-aba0c29b635e})
SRV - [2012/02/09 22:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/27 20:09:49 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/01 08:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 15:11:30 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - [2012/02/09 22:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 00:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/04/04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/11 09:16:26 | 001,220,224 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw72DTV.sys -- (hcw72DTV)
DRV - [2010/01/11 09:10:30 | 001,217,920 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw72ATV.sys -- (hcw72ATV)
DRV - [2010/01/11 09:08:50 | 000,028,928 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw72ADFilter.sys -- (hcw72ADFilter)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/10 12:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56646

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56646

IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 A4 A7 80 10 AF CC 01 [binary data]
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\..\SearchScopes,DefaultScope = {0B900095-FD52-447B-805A-F882C91124A9}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{0B900095-FD52-447B-805A-F882C91124A9}: "URL" = http://search.avg.com/route/?d=4e015c2f&v=7.7.26.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C66AC164-B402-4D29-B5C8-3055F263A218}&mid=&lang=en&ds=AVG&pr=fr&d=&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63253

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/22 19:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/22 19:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 19:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/09/16 08:21:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 21:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 22:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B6C6713F-7DDA-46D5-8568-A19CD05F634C}: C:\Users\dave\AppData\Local\{B6C6713F-7DDA-46D5-8568-A19CD05F634C} [2011/06/20 18:46:59 | 000,000,000 | ---D | M]

[2010/09/10 16:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dave\AppData\Roaming\Mozilla\Extensions
[2012/02/15 22:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\extensions
[2012/02/15 22:18:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/12/26 17:33:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/15 22:16:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\extensions\engine@conduit.com
[2011/09/27 20:09:48 | 000,003,674 | ---- | M] () -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\searchplugins\avg-secure-search.xml
[2011/11/27 07:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/31 19:26:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z3RQWX71.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012/02/21 21:08:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/25 13:55:45 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/14 07:57:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/14 07:57:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QCDriverInstaller] C:\Program Files\Common Files\Logitech\QCDriver3\Lqdsw.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlkc] C:\Users\dave\AppData\Local\Temp\cmd.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlotc] C:\Users\dave\AppData\Local\Temp\hexdump.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlpsc] C:\Users\dave\AppData\Local\Temp\taskmgr.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlqc] C:\Users\dave\AppData\Local\Temp\win.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [LvlciejlqW] C:\Users\dave\AppData\Local\Temp\drweb.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [LvlciejlqZ] C:\Users\dave\AppData\Local\Temp\msmgm.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlrxc] C:\Users\dave\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [LvlciejlsPc] C:\Users\dave\AppData\Local\Temp\nvsvc32.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlsxf] C:\Users\dave\AppData\Local\Temp\ktvmutnr.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlupc] C:\Users\dave\AppData\Local\Temp\sysedit.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [LvlciejlZM] C:\Users\dave\AppData\Local\Temp\ij65h.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [WebCamRT.exe] File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [ZortamMp3MediaStudio] C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4901C0FD-75B4-45C5-9A63-7040FBC94EDE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C00EA25D-0200-4776-A720-B4304DE736D0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 01:01:46 | 000,000,113 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing LP)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D09AD51C-61A5-A3EF-5ED9-A01186D757C5} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\Windows\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: dbmang - File not found
NetSvcs: syslogd - File not found
NetSvcs: Dell1100_FUService - File not found
NetSvcs: ANC - File not found
NetSvcs: klblmain - File not found
NetSvcs: lxct_device - File not found
NetSvcs: SerTVOutCtlr - File not found
NetSvcs: framework - File not found
NetSvcs: CAMFLT - File not found
NetSvcs: cimnotify - File not found
NetSvcs: cdrbsdrv - File not found
NetSvcs: dbustrcm - File not found
NetSvcs: GBFSHook - File not found
NetSvcs: bb-run - File not found
NetSvcs: raysat3_4_6_18server - File not found
NetSvcs: srvdpi - File not found
NetSvcs: pcandis5 - File not found
NetSvcs: purgeieservice - File not found
NetSvcs: omniusbl - File not found
NetSvcs: WmaCDriverV32 - File not found
NetSvcs: cwafeventrouter - File not found
NetSvcs: szserver - File not found
NetSvcs: iksysflt - File not found
NetSvcs: ql2100 - File not found
NetSvcs: speakerphone - File not found
NetSvcs: tosrfnds - File not found
NetSvcs: LwUsbHid - File not found
NetSvcs: genmcmn - File not found
NetSvcs: wmi - File not found
NetSvcs: merakcontrol - File not found
NetSvcs: elservice - File not found
NetSvcs: sbhooksvc - File not found
NetSvcs: aeclienthostservice - File not found
NetSvcs: RMSvc - File not found
NetSvcs: haspnt - File not found
NetSvcs: {6080a529-897e-4629-a488-aba0c29b635e} - File not found
NetSvcs: tosrfcom - File not found
NetSvcs: ntservice1 - File not found
NetSvcs: UpdateCenterService - File not found
NetSvcs: ufdsvc - File not found
NetSvcs: ATMsg - File not found
NetSvcs: dbmanagerscheduler - File not found
NetSvcs: EKECioCtl - File not found
NetSvcs: cfosspeeds - File not found
NetSvcs: U81xmdfl - File not found
NetSvcs: yukonwxp - File not found
NetSvcs: cqmgserv - File not found
NetSvcs: se45obex - File not found
NetSvcs: tavsvc - File not found
NetSvcs: cwafreportscheduler - File not found
NetSvcs: kpfwsvc - File not found
NetSvcs: SPFDRV - File not found
NetSvcs: WUSB54Gv4SVC - File not found
NetSvcs: s616mdm - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/29 19:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/21 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\NVIDIA
[2012/02/21 21:16:05 | 019,443,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/02/21 21:16:05 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/02/21 21:16:05 | 010,816,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/02/21 21:16:05 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/02/21 21:16:05 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/02/21 21:16:05 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/02/21 21:16:05 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/02/21 21:16:05 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/02/21 21:16:05 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/17 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Apple Computer
[2012/02/17 08:19:55 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Media Player Classic
[2012/02/15 23:34:07 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\DivX
[2012/02/15 22:54:10 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\AVG2012
[2012/02/15 22:42:52 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Malwarebytes
[2012/02/15 22:39:18 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Macromedia
[2012/02/15 22:39:18 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Adobe
[2012/02/03 14:05:08 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\CrossLoop
[2012/02/02 21:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moglue Builder
[2012/02/01 20:43:29 | 000,000,000 | ---D | C] -- C:\Winx

========== Files - Modified Within 30 Days ==========

[2012/03/01 20:46:29 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 20:46:29 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/01 20:45:04 | 090,531,853 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/01 20:41:24 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/01 20:41:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/01 20:41:20 | 2817,875,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/29 19:43:40 | 324,243,706 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 19:24:50 | 000,000,000 | ---- | M] () -- C:\Users\dave\defogger_reenable
[2012/02/25 17:00:11 | 000,169,484 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/24 13:34:33 | 000,093,184 | ---- | M] () -- C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 22:53:58 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/15 22:44:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 22:13:00 | 019,443,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/02/09 22:13:00 | 017,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/02/09 22:13:00 | 015,009,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/02/09 22:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/02/09 22:13:00 | 005,892,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/02/09 22:13:00 | 002,517,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/02/09 22:13:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/02/09 22:13:00 | 002,301,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/02/09 22:13:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/02/09 22:13:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/02/09 22:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/09 22:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/09 21:02:06 | 003,881,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/02/09 21:00:44 | 002,719,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/02/09 21:00:26 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/02/09 21:00:26 | 000,062,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/02/04 07:51:17 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 07:51:17 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/03 18:38:00 | 000,001,994 | ---- | M] () -- C:\Users\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/03 12:40:20 | 000,000,000 | -H-- | M] () -- C:\Users\dave\Documents\Default.rdp
[2012/02/02 21:17:52 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Moglue Builder.lnk

========== Files Created - No Company Name ==========

[2012/02/29 19:43:40 | 324,243,706 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/29 19:24:50 | 000,000,000 | ---- | C] () -- C:\Users\dave\defogger_reenable
[2012/02/15 22:44:07 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/05 15:06:06 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/03 12:40:20 | 000,000,000 | -H-- | C] () -- C:\Users\dave\Documents\Default.rdp
[2012/02/02 21:17:52 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Moglue Builder.lnk
[2012/01/09 23:04:27 | 000,001,388 | -HS- | C] () -- C:\Users\dave\AppData\Local\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst
[2012/01/09 23:04:27 | 000,001,388 | -HS- | C] () -- C:\ProgramData\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst
[2011/12/30 15:02:11 | 000,001,258 | -HS- | C] () -- C:\Users\dave\AppData\Local\510alf85j208rl31w5ddh7h067038j78y0568
[2011/12/30 15:02:11 | 000,001,258 | -HS- | C] () -- C:\ProgramData\510alf85j208rl31w5ddh7h067038j78y0568
[2011/12/26 23:17:59 | 000,001,602 | -HS- | C] () -- C:\Users\dave\AppData\Local\v5sidvgcsw364rjv
[2011/12/26 23:17:59 | 000,001,602 | -HS- | C] () -- C:\ProgramData\v5sidvgcsw364rjv
[2011/12/14 00:14:22 | 000,001,428 | -HS- | C] () -- C:\Users\dave\AppData\Local\373333b5c671e602x768x2lfo8c5
[2011/12/14 00:14:22 | 000,001,428 | -HS- | C] () -- C:\ProgramData\373333b5c671e602x768x2lfo8c5
[2011/09/23 08:58:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/09/23 08:58:01 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/23 08:58:01 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/23 08:58:01 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/04 23:04:24 | 000,004,254 | -HS- | C] () -- C:\Users\dave\AppData\Local\75pg32uc86hns2rqtr4c
[2011/08/04 23:04:24 | 000,001,594 | -HS- | C] () -- C:\ProgramData\75pg32uc86hns2rqtr4c
[2011/07/23 13:36:45 | 000,011,630 | ---- | C] () -- C:\Users\dave\AppData\Local\15ho16v480qtjopuusb031qp2362v1q
[2011/07/23 13:36:45 | 000,001,202 | -HS- | C] () -- C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q
[2011/06/27 19:23:44 | 000,001,076 | -HS- | C] () -- C:\ProgramData\s72yyrm12762
[2011/06/20 18:47:00 | 000,000,120 | ---- | C] () -- C:\Users\dave\AppData\Local\Ndazeribecid.dat
[2011/06/20 18:47:00 | 000,000,000 | ---- | C] () -- C:\Users\dave\AppData\Local\Yjozoxiyalogujag.bin
[2011/06/20 18:45:32 | 000,011,902 | -HS- | C] () -- C:\ProgramData\0q5iqr748w574vw7220xkngbul7571d42p55l34k2m2
[2011/06/10 23:14:43 | 000,001,410 | -HS- | C] () -- C:\Users\dave\AppData\Local\hsxwqk4es7wxe43q32mkfjs22vh5nr11s54nd7rbj3
[2011/06/10 23:14:43 | 000,001,410 | -HS- | C] () -- C:\ProgramData\hsxwqk4es7wxe43q32mkfjs22vh5nr11s54nd7rbj3
[2011/06/10 20:41:34 | 000,093,184 | ---- | C] () -- C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 20:36:33 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/25 10:34:47 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2011/02/25 10:33:47 | 000,000,792 | ---- | C] () -- C:\Windows\_delis32.ini
[2010/12/28 21:13:47 | 000,000,017 | ---- | C] () -- C:\Users\dave\AppData\Local\resmon.resmoncfg
[2010/11/27 15:56:48 | 000,001,456 | ---- | C] () -- C:\Users\dave\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/26 21:07:31 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/11/26 18:54:29 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/11/26 18:54:14 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/26 18:54:14 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/26 18:53:46 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2010/11/26 18:53:08 | 000,003,540 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/08/07 17:13:38 | 000,043,640 | ---- | C] () -- C:\Windows\PhotoModelerPro5.ini

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/02/09 22:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvlddmkm.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: TDX.SYS >
[2009/07/13 17:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\System32\drivers\tdx.sys
[2009/07/13 17:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/01 21:04:07 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/01 21:04:07 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: iexplore.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB12706$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 1152 bytes -> C:\Users\dave\AppData\Local\FnRnIVbr0A4UL:qPnN3uy48w37plvjHYoR2L1wC

< End of report >

OTL Extras logfile created on: 3/1/2012 8:51:15 PM - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Installation\Virus Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 66.28% Memory free
7.00 Gb Paging File | 5.45 Gb Available in Paging File | 77.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.54 Gb Total Space | 346.04 Gb Free Space | 49.54% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{27263813-8BDE-4CD2-84D3-02536743428A}_is1" = Attribute Changer 6.20
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{332B1B33-D0EE-4A0A-AB2F-12BF56BCE1C3}" = FaceGen Modeller 3.1
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{6E637484-7ED6-4AA5-BEDC-FD821F64D372}_is1" = Moyea Video4Web Converter version 2.3.0.8
"{82B0940F-A8ED-4F74-935A-CF6AF8530769}" = FaceGen Modeller 3.4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BFCA7375-81A2-44F8-BFC1-0DC5A3D23405}" = TurboTax 2010 wutiper
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{FCB64554-BF51-495E-B13A-2B1F0A430B6C}_is1" = Moglue Builder version 1.0.1
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Anime Studio Pro_is1" = Anime Studio Pro 5.5
"Any Video Converter_is1" = Any Video Converter 3.1.7
"ASP700_is1" = Anime Studio Pro 7.0
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"CINEMA 4D Release 10" = CINEMA 4D Release 10
"DivX Setup.divx.com" = DivX Setup
"ffdshow_is1" = ffdshow v1.1.3949 [2011-07-25]
"Free Audio Converter_is1" = Free Audio Converter version 2.2.11
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5
"Free Video Dub_is1" = Free Video Dub version 1.8
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.0
"GonVisor_is1" = GonVisor 1.72
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"IsoBuster_is1" = IsoBuster 2.8
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MiPony" = MiPony 1.5.3
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP3 Folder Structure Maker0.9" = MP3 Folder Structure Maker
"Mp3tag" = Mp3tag v2.49
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Photo To Color Sketch_is1" = Photo To Color Sketch 6.51
"PhotoModeler Pro 5" = PhotoModeler Pro 5
"Power Sound Editor Free" = Power Sound Editor Free
"Swiff Player_is1" = Swiff Player 1.7
"TurboTax 2010" = TurboTax 2010
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinZip" = WinZip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = WebEx
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2012 8:49:18 PM | Computer Name = dave-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 2/17/2012 9:55:02 AM | Computer Name = dave-PC | Source = RasClient | ID = 20227
Description =

Error - 2/17/2012 2:45:20 PM | Computer Name = dave-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 2/21/2012 11:20:12 PM | Computer Name = dave-PC | Source = Windows Backup | ID = 4104
Description =

Error - 2/24/2012 12:09:51 PM | Computer Name = dave-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 10.0.2.4428 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 38c Start
Time: 01ccf30e5dcceed2 Termination Time: 60000 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: b995487b-5f01-11e1-8fc1-00248cebeeb5

Error - 2/24/2012 1:32:16 PM | Computer Name = dave-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

Error - 2/25/2012 10:51:44 PM | Computer Name = dave-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 2/27/2012 11:32:35 PM | Computer Name = dave-PC | Source = Windows Backup | ID = 4104
Description =

Error - 2/28/2012 11:19:05 PM | Computer Name = dave-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 2/29/2012 9:55:28 PM | Computer Name = dave-PC | Source = SDWinSec.exe | ID = 0
Description =

[ Media Center Events ]
Error - 11/29/2010 12:43:42 AM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 10:43:42 PM - Error connecting to the internet. 10:43:42 PM - Unable
to contact server..

Error - 11/29/2010 12:43:59 AM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 10:43:47 PM - Error connecting to the internet. 10:43:47 PM - Unable
to contact server..

Error - 11/29/2010 11:37:34 PM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 9:37:34 PM - Error connecting to the internet. 9:37:34 PM - Unable
to contact server..

Error - 11/29/2010 11:37:52 PM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 9:37:39 PM - Error connecting to the internet. 9:37:39 PM - Unable
to contact server..

Error - 12/1/2010 11:26:42 PM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 9:26:42 PM - Error connecting to the internet. 9:26:42 PM - Unable
to contact server..

Error - 12/1/2010 11:27:00 PM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 9:26:47 PM - Error connecting to the internet. 9:26:47 PM - Unable
to contact server..

Error - 12/2/2010 12:27:04 AM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 10:27:04 PM - Error connecting to the internet. 10:27:04 PM - Unable
to contact server..

Error - 12/2/2010 12:27:15 AM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 10:27:09 PM - Error connecting to the internet. 10:27:09 PM - Unable
to contact server..

Error - 12/2/2010 1:27:20 AM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 11:27:20 PM - Error connecting to the internet. 11:27:20 PM - Unable
to contact server..

Error - 12/2/2010 1:27:32 AM | Computer Name = dave-PC | Source = MCUpdate | ID = 0
Description = 11:27:25 PM - Error connecting to the internet. 11:27:25 PM - Unable
to contact server..

[ System Events ]
Error - 3/1/2012 10:41:24 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The SE26bus service terminated with the following error: %%126

Error - 3/1/2012 10:41:24 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The Nsynas32 service terminated with the following error: %%126

Error - 3/1/2012 10:41:28 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The Agnwifi service terminated with the following error: %%126

Error - 3/1/2012 10:41:28 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The NPPTNT service terminated with the following error: %%126

Error - 3/1/2012 10:41:28 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The L8042pr2 service terminated with the following error: %%126

Error - 3/1/2012 10:41:28 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The Uiusys service terminated with the following error: %%126

Error - 3/1/2012 10:41:28 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The Aha154x service terminated with the following error: %%126

Error - 3/1/2012 10:41:30 PM | Computer Name = dave-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 3/1/2012 10:42:26 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The Regmon701 service terminated with the following error: %%5

Error - 3/1/2012 10:57:25 PM | Computer Name = dave-PC | Source = Service Control Manager | ID = 7023
Description = The Vxsvc service terminated with the following error: %%5

< End of report >

5.
computer is running fine... ive had two warnings of that crypt trojan horse only...

#4 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 02 March 2012 - 03:09 AM

Hi ds5000,

thank you for such a fast reply... im sorry but i dont get from work late during the day, so i will update this thread later in the evening hours... ive decided to repair the infected computer but discontinue its use on any online payment use, or access any personal accounts. thanks for those links, they really helped in making my decision.

Not a problem, don't worry about replying in the evenings, that shouldn't be an issue. I tend to respond to my users in the middle of the night/ early morning.

I'm also glad that those links were helpful to you.

We'll be fixing some things in the registry a little later in this post, but before we even proceed with that we are going to want to create a back-up of your registry, so that in the event something goes wrong we have a way to get back undo it.

ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

Please download ERUNT...by Lars Hederer. Save it to your desktop.
Double-click erunt-setup-exe to start the install process. Follow the install prompts.
Use the default install settings...
say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK ... Then click on "YES" to create the folder.

Run:

Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
- System registry.
- Current user registry.
Next click on "OK"... at the prompt... reply "Yes".
After a short duration the Registry backup is complete! pop-up message will appear.
Now click on "OK". A registry backup has now been created.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

NEXT:

I'm including a fix to this post titled fix.bat

fix.bat 4.28K 3 downloads

Please download it to your Desktop.

Right click on your desktop, and choose .
Press Yes if prompted by User Account Control.

A black window should appear, this is normal, it's going to be running through some fixes to remove some malicious things.

It should automatically open up the log file (lookatme.txt) after it finishes running. Please provide it for me to review in your next reply.

NEXT:

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56646
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56646
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56646
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:56646
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63253
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 1152 bytes -> C:\Users\dave\AppData\Local\FnRnIVbr0A4UL:qPnN3uy48w37plvjHYoR2L1wC
:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
[EMPTYJAVA]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

OTL Custom Scan

We need to create a new OTL Report

Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.

In the

box Cope & Paste the following:

netsvcs
"%WinDir%\$NtUninstallKB*$." /30
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
/md5start
volsnap.sys
atapi.sys
afd.sys
tdx.sys
/md5stop

Push the button.
One report will open, copy and paste it in a reply here:
OTL.txt <-- Will be opened

#5 ds5000

Member

Members
54 posts

Posted 02 March 2012 - 02:33 PM

Here's the lookatme.txt

1.

ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
ERROR: The system was unable to find the specified registry key or value.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
The system cannot find the file specified.
A duplicate file name exists, or the file
cannot be found.
C:\Users\dave\AppData\Local\15ho16v480q.vir
C:\Users\dave\AppData\Local\Ndazeribecid.vir
C:\Users\dave\AppData\Local\Yjozoxiyalogujag.vir
3 file(s) moved.
A duplicate file name exists, or the file
cannot be found.

After the OTL fix... this popped up:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\Users\dave\AppData\Local\FnRnIVbr0A4UL:qPnN3uy48w37plvjHYoR2L1wC deleted successfully.
========== FILES ==========
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?
C:\Installation\Virus Programs\cmd.bat deleted successfully.
C:\Installation\Virus Programs\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Installation\Virus Programs\cmd.bat deleted successfully.
C:\Installation\Virus Programs\cmd.txt deleted successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: dave
->Temp folder emptied: 6810490 bytes
->Temporary Internet Files folder emptied: 87730040 bytes
->Java cache emptied: 11779 bytes
->FireFox cache emptied: 231747325 bytes
->Flash cache emptied: 6922 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-DAVE-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 3758368 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6835188 bytes
RecycleBin emptied: 82197213959 bytes

Total Files Cleaned = 78,711.00 mb

[EMPTYFLASH]

User: All Users

User: dave
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Mcx1-DAVE-PC

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: dave
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Mcx1-DAVE-PC

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.34.0 log created on 03022012_131111

Files\Folders moved on Reboot...
C:\Windows\temp\JETAEB5.tmp moved successfully.

Registry entries deleted on Reboot...

2.OTL scan:

OTL logfile created on: 3/2/2012 1:19:36 PM - Run 2
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Installation\Virus Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 68.05% Memory free
7.00 Gb Paging File | 5.77 Gb Available in Paging File | 82.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.54 Gb Total Space | 382.59 Gb Free Space | 54.77% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 39.66 Gb Free Space | 4.26% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/01 20:50:10 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Installation\Virus Programs\OTL.exe
PRC - [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/09 22:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/09 21:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/09 21:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/27 20:09:49 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/07 15:11:30 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/29 18:28:20 | 000,083,456 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Program Files\WinTV\WinTV7\WinTVTray.exe
PRC - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010/03/29 18:13:00 | 000,310,272 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\TVServer\CaptureGenUSB.exe
PRC - [2010/03/19 14:03:26 | 000,117,344 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\Ir.exe
PRC - [2009/07/13 19:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/21 21:08:16 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/03/29 18:28:10 | 000,022,528 | ---- | M] () -- C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
MOD - [2009/07/13 22:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/13 22:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/13 22:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/13 22:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/13 22:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009/07/13 19:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (yukonwxp)
SRV - File not found [Auto | Stopped] -- -- (WUSB54Gv4SVC)
SRV - File not found [Auto | Stopped] -- -- (wmi)
SRV - File not found [Auto | Stopped] -- -- (WmaCDriverV32)
SRV - File not found [Auto | Stopped] -- -- (UpdateCenterService)
SRV - File not found [Auto | Stopped] -- -- (ufdsvc)
SRV - File not found [Auto | Stopped] -- -- (U81xmdfl)
SRV - File not found [Auto | Stopped] -- -- (tosrfnds)
SRV - File not found [Auto | Stopped] -- -- (tosrfcom)
SRV - File not found [Auto | Stopped] -- -- (tavsvc)
SRV - File not found [Auto | Stopped] -- -- (szserver)
SRV - File not found [Auto | Stopped] -- -- (syslogd)
SRV - File not found [Auto | Stopped] -- -- (srvdpi)
SRV - File not found [Auto | Stopped] -- -- (SPFDRV)
SRV - File not found [Auto | Stopped] -- -- (speakerphone)
SRV - File not found [Auto | Stopped] -- -- (SerTVOutCtlr)
SRV - File not found [Auto | Stopped] -- -- (se45obex)
SRV - File not found [Auto | Stopped] -- -- (sbhooksvc)
SRV - File not found [Auto | Stopped] -- -- (s616mdm)
SRV - File not found [Auto | Stopped] -- -- (RMSvc)
SRV - File not found [Auto | Stopped] -- -- (raysat3_4_6_18server)
SRV - File not found [Auto | Stopped] -- -- (ql2100)
SRV - File not found [Auto | Stopped] -- -- (purgeieservice)
SRV - File not found [Auto | Stopped] -- -- (procexp100)
SRV - File not found [Auto | Stopped] -- -- (pcandis5)
SRV - File not found [Auto | Stopped] -- -- (omniusbl)
SRV - File not found [Auto | Stopped] -- -- (NTSIM)
SRV - File not found [Auto | Stopped] -- -- (mssql$pinnaclesys)
SRV - File not found [Auto | Stopped] -- -- (merakcontrol)
SRV - File not found [Auto | Stopped] -- -- (lxct_device)
SRV - File not found [Auto | Stopped] -- -- (LwUsbHid)
SRV - File not found [Auto | Stopped] -- -- (kpfwsvc)
SRV - File not found [Auto | Stopped] -- -- (klblmain)
SRV - File not found [Auto | Stopped] -- -- (iksysflt)
SRV - File not found [Auto | Stopped] -- -- (haspnt)
SRV - File not found [Auto | Stopped] -- -- (genmcmn)
SRV - File not found [Auto | Stopped] -- -- (GBFSHook)
SRV - File not found [Auto | Stopped] -- -- (framework)
SRV - File not found [Auto | Stopped] -- -- (elservice)
SRV - File not found [Auto | Stopped] -- -- (EKECioCtl)
SRV - File not found [Auto | Stopped] -- -- (dsncservice)
SRV - File not found [Auto | Stopped] -- -- (Dell1100_FUService)
SRV - File not found [Auto | Stopped] -- -- (dbustrcm)
SRV - File not found [Auto | Stopped] -- -- (dbmang)
SRV - File not found [Auto | Stopped] -- -- (dbmanagerscheduler)
SRV - File not found [Auto | Stopped] -- -- (cwafreportscheduler)
SRV - File not found [Auto | Stopped] -- -- (cwafeventrouter)
SRV - File not found [Auto | Stopped] -- -- (cqmgserv)
SRV - File not found [Auto | Stopped] -- -- (cimnotify)
SRV - File not found [Auto | Stopped] -- -- (cfosspeeds)
SRV - File not found [Auto | Stopped] -- -- (cdrbsdrv)
SRV - File not found [Auto | Stopped] -- -- (CAMFLT)
SRV - File not found [Auto | Stopped] -- -- (bb-run)
SRV - File not found [Auto | Stopped] -- -- (ATMsg)
SRV - File not found [Auto | Stopped] -- -- (ANC)
SRV - File not found [Auto | Stopped] -- -- (aeclienthostservice)
SRV - File not found [Auto | Stopped] -- -- (advantage)
SRV - File not found [Auto | Stopped] -- -- ({6080a529-897e-4629-a488-aba0c29b635e})
SRV - [2012/02/09 22:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/27 20:09:49 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/01 08:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 15:11:30 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - [2012/02/09 22:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 00:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/04/04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/01/11 09:16:26 | 001,220,224 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw72DTV.sys -- (hcw72DTV)
DRV - [2010/01/11 09:10:30 | 001,217,920 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw72ATV.sys -- (hcw72ATV)
DRV - [2010/01/11 09:08:50 | 000,028,928 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw72ADFilter.sys -- (hcw72ADFilter)
DRV - [2009/07/13 19:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 19:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 19:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 17:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 17:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/10 12:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2005/01/31 10:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2005/01/31 10:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 56 A4 A7 80 10 AF CC 01 [binary data]
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\..\SearchScopes,DefaultScope = {0B900095-FD52-447B-805A-F882C91124A9}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{0B900095-FD52-447B-805A-F882C91124A9}: "URL" = http://search.avg.com/route/?d=4e015c2f&v=7.7.26.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={C66AC164-B402-4D29-B5C8-3055F263A218}&mid=&lang=en&ds=AVG&pr=fr&d=&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
IE - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/22 19:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/22 19:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 19:26:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/09/16 08:21:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 21:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/15 22:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B6C6713F-7DDA-46D5-8568-A19CD05F634C}: C:\Users\dave\AppData\Local\{B6C6713F-7DDA-46D5-8568-A19CD05F634C} [2011/06/20 18:46:59 | 000,000,000 | ---D | M]

[2010/09/10 16:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dave\AppData\Roaming\Mozilla\Extensions
[2012/02/15 22:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\extensions
[2012/02/15 22:18:55 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/12/26 17:33:14 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/15 22:16:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\extensions\engine@conduit.com
[2011/09/27 20:09:48 | 000,003,674 | ---- | M] () -- C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\searchplugins\avg-secure-search.xml
[2011/11/27 07:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/31 19:26:20 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z3RQWX71.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012/02/21 21:08:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/25 13:55:45 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/14 07:57:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/14 07:57:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/02 13:11:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QCDriverInstaller] C:\Program Files\Common Files\Logitech\QCDriver3\Lqdsw.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlkc] C:\Users\dave\AppData\Local\Temp\cmd.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlotc] C:\Users\dave\AppData\Local\Temp\hexdump.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlpsc] C:\Users\dave\AppData\Local\Temp\taskmgr.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlqc] C:\Users\dave\AppData\Local\Temp\win.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [LvlciejlqW] C:\Users\dave\AppData\Local\Temp\drweb.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [LvlciejlqZ] C:\Users\dave\AppData\Local\Temp\msmgm.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlrxc] C:\Users\dave\AppData\Local\Temp\spoolsv.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [LvlciejlsPc] C:\Users\dave\AppData\Local\Temp\nvsvc32.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlsxf] C:\Users\dave\AppData\Local\Temp\ktvmutnr.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [Lvlciejlupc] C:\Users\dave\AppData\Local\Temp\sysedit.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [LvlciejlZM] C:\Users\dave\AppData\Local\Temp\ij65h.exe File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [WebCamRT.exe] File not found
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..\Run: [ZortamMp3MediaStudio] C:\Program Files\Zortam Mp3 Media Studio\zmmspro.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4901C0FD-75B4-45C5-9A63-7040FBC94EDE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C00EA25D-0200-4776-A720-B4304DE736D0}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/12/15 01:01:46 | 000,000,113 | ---- | M] () - E:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2712488530-1322185873-1327626398-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: dbmang - File not found
NetSvcs: syslogd - File not found
NetSvcs: Dell1100_FUService - File not found
NetSvcs: ANC - File not found
NetSvcs: klblmain - File not found
NetSvcs: lxct_device - File not found
NetSvcs: SerTVOutCtlr - File not found
NetSvcs: framework - File not found
NetSvcs: CAMFLT - File not found
NetSvcs: cimnotify - File not found
NetSvcs: cdrbsdrv - File not found
NetSvcs: dbustrcm - File not found
NetSvcs: GBFSHook - File not found
NetSvcs: bb-run - File not found
NetSvcs: raysat3_4_6_18server - File not found
NetSvcs: srvdpi - File not found
NetSvcs: pcandis5 - File not found
NetSvcs: purgeieservice - File not found
NetSvcs: omniusbl - File not found
NetSvcs: WmaCDriverV32 - File not found
NetSvcs: cwafeventrouter - File not found
NetSvcs: szserver - File not found
NetSvcs: iksysflt - File not found
NetSvcs: ql2100 - File not found
NetSvcs: speakerphone - File not found
NetSvcs: tosrfnds - File not found
NetSvcs: LwUsbHid - File not found
NetSvcs: genmcmn - File not found
NetSvcs: advantage - File not found
NetSvcs: NTSIM - File not found
NetSvcs: mssql$pinnaclesys - File not found
NetSvcs: dsncservice - File not found
NetSvcs: procexp100 - File not found
NetSvcs: wmi - File not found
NetSvcs: merakcontrol - File not found
NetSvcs: elservice - File not found
NetSvcs: sbhooksvc - File not found
NetSvcs: aeclienthostservice - File not found
NetSvcs: RMSvc - File not found
NetSvcs: haspnt - File not found
NetSvcs: {6080a529-897e-4629-a488-aba0c29b635e} - File not found
NetSvcs: tosrfcom - File not found
NetSvcs: ntservice1 - File not found
NetSvcs: UpdateCenterService - File not found
NetSvcs: ufdsvc - File not found
NetSvcs: ATMsg - File not found
NetSvcs: dbmanagerscheduler - File not found
NetSvcs: EKECioCtl - File not found
NetSvcs: cfosspeeds - File not found
NetSvcs: U81xmdfl - File not found
NetSvcs: yukonwxp - File not found
NetSvcs: cqmgserv - File not found
NetSvcs: se45obex - File not found
NetSvcs: tavsvc - File not found
NetSvcs: cwafreportscheduler - File not found
NetSvcs: kpfwsvc - File not found
NetSvcs: SPFDRV - File not found
NetSvcs: WUSB54Gv4SVC - File not found
NetSvcs: s616mdm - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 13:11:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/02 13:08:40 | 000,000,000 | ---D | C] -- C:\Bad Files
[2012/03/02 13:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/03/02 13:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/29 19:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/21 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\NVIDIA
[2012/02/21 21:16:05 | 019,443,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/02/21 21:16:05 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/02/21 21:16:05 | 010,816,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/02/21 21:16:05 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/02/21 21:16:05 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/02/21 21:16:05 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/02/21 21:16:05 | 001,000,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/02/21 21:16:05 | 000,881,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/02/21 21:16:05 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/17 14:31:14 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Apple Computer
[2012/02/17 08:19:55 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Media Player Classic
[2012/02/15 23:34:07 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\DivX
[2012/02/15 22:54:10 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\AVG2012
[2012/02/15 22:42:52 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Malwarebytes
[2012/02/15 22:39:18 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Macromedia
[2012/02/15 22:39:18 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Roaming\Adobe
[2012/02/03 14:05:08 | 000,000,000 | ---D | C] -- C:\Users\dave\AppData\Local\CrossLoop
[2012/02/02 21:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moglue Builder
[2012/02/01 20:43:29 | 000,000,000 | ---D | C] -- C:\Winx

========== Files - Modified Within 30 Days ==========

[2012/03/02 13:21:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 13:21:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 13:16:14 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/02 13:16:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 13:16:08 | 2817,875,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/02 13:11:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/03/02 13:03:11 | 090,586,608 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/02 13:02:12 | 000,000,898 | ---- | M] () -- C:\Users\dave\Desktop\NTREGOPT.lnk
[2012/03/02 13:02:12 | 000,000,879 | ---- | M] () -- C:\Users\dave\Desktop\ERUNT.lnk
[2012/02/29 19:43:40 | 324,243,706 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 19:24:50 | 000,000,000 | ---- | M] () -- C:\Users\dave\defogger_reenable
[2012/02/25 17:00:11 | 000,169,484 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/24 13:34:33 | 000,093,184 | ---- | M] () -- C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/15 22:53:58 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/02/15 22:44:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 22:13:00 | 019,443,520 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2012/02/09 22:13:00 | 017,543,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2012/02/09 22:13:00 | 015,009,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2012/02/09 22:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2012/02/09 22:13:00 | 005,892,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2012/02/09 22:13:00 | 002,517,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2012/02/09 22:13:00 | 002,437,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2012/02/09 22:13:00 | 002,301,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2012/02/09 22:13:00 | 001,000,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2012/02/09 22:13:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2012/02/09 22:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/09 22:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/09 21:02:06 | 003,881,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2012/02/09 21:00:44 | 002,719,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2012/02/09 21:00:26 | 000,108,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2012/02/09 21:00:26 | 000,062,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2012/02/04 07:51:17 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 07:51:17 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/03 18:38:00 | 000,001,994 | ---- | M] () -- C:\Users\dave\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/03 12:40:20 | 000,000,000 | -H-- | M] () -- C:\Users\dave\Documents\Default.rdp
[2012/02/02 21:17:52 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\Moglue Builder.lnk

========== Files Created - No Company Name ==========

[2012/03/02 13:02:12 | 000,000,898 | ---- | C] () -- C:\Users\dave\Desktop\NTREGOPT.lnk
[2012/03/02 13:02:12 | 000,000,879 | ---- | C] () -- C:\Users\dave\Desktop\ERUNT.lnk
[2012/02/29 19:43:40 | 324,243,706 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/29 19:24:50 | 000,000,000 | ---- | C] () -- C:\Users\dave\defogger_reenable
[2012/02/15 22:44:07 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/05 15:06:06 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/02/03 12:40:20 | 000,000,000 | -H-- | C] () -- C:\Users\dave\Documents\Default.rdp
[2012/02/02 21:17:52 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\Moglue Builder.lnk
[2012/01/09 23:04:27 | 000,001,388 | -HS- | C] () -- C:\Users\dave\AppData\Local\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst
[2012/01/09 23:04:27 | 000,001,388 | -HS- | C] () -- C:\ProgramData\21juy61aha1224gursi88rlkuu5mp68jeb6v60s3u11qst
[2011/12/30 15:02:11 | 000,001,258 | -HS- | C] () -- C:\Users\dave\AppData\Local\510alf85j208rl31w5ddh7h067038j78y0568
[2011/12/30 15:02:11 | 000,001,258 | -HS- | C] () -- C:\ProgramData\510alf85j208rl31w5ddh7h067038j78y0568
[2011/12/26 23:17:59 | 000,001,602 | -HS- | C] () -- C:\Users\dave\AppData\Local\v5sidvgcsw364rjv
[2011/12/26 23:17:59 | 000,001,602 | -HS- | C] () -- C:\ProgramData\v5sidvgcsw364rjv
[2011/12/14 00:14:22 | 000,001,428 | -HS- | C] () -- C:\Users\dave\AppData\Local\373333b5c671e602x768x2lfo8c5
[2011/12/14 00:14:22 | 000,001,428 | -HS- | C] () -- C:\ProgramData\373333b5c671e602x768x2lfo8c5
[2011/09/23 08:58:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/09/23 08:58:01 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/23 08:58:01 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/23 08:58:01 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/08/04 23:04:24 | 000,004,254 | -HS- | C] () -- C:\Users\dave\AppData\Local\75pg32uc86hns2rqtr4c
[2011/08/04 23:04:24 | 000,001,594 | -HS- | C] () -- C:\ProgramData\75pg32uc86hns2rqtr4c
[2011/07/23 13:36:45 | 000,001,202 | -HS- | C] () -- C:\ProgramData\15ho16v480qtjopuusb031qp2362v1q
[2011/06/27 19:23:44 | 000,001,076 | -HS- | C] () -- C:\ProgramData\s72yyrm12762
[2011/06/20 18:45:32 | 000,011,902 | -HS- | C] () -- C:\ProgramData\0q5iqr748w574vw7220xkngbul7571d42p55l34k2m2
[2011/06/10 23:14:43 | 000,001,410 | -HS- | C] () -- C:\Users\dave\AppData\Local\hsxwqk4es7wxe43q32mkfjs22vh5nr11s54nd7rbj3
[2011/06/10 23:14:43 | 000,001,410 | -HS- | C] () -- C:\ProgramData\hsxwqk4es7wxe43q32mkfjs22vh5nr11s54nd7rbj3
[2011/06/10 20:41:34 | 000,093,184 | ---- | C] () -- C:\Users\dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 20:36:33 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/02/25 10:34:47 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI
[2011/02/25 10:33:47 | 000,000,792 | ---- | C] () -- C:\Windows\_delis32.ini
[2010/12/28 21:13:47 | 000,000,017 | ---- | C] () -- C:\Users\dave\AppData\Local\resmon.resmoncfg
[2010/11/27 15:56:48 | 000,001,456 | ---- | C] () -- C:\Users\dave\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/11/26 21:07:31 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/11/26 18:54:29 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini
[2010/11/26 18:54:14 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/11/26 18:54:14 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/26 18:53:46 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe
[2010/11/26 18:53:08 | 000,003,540 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010/08/07 17:13:38 | 000,043,640 | ---- | C] () -- C:\Windows\PhotoModelerPro5.ini

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/02/09 22:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvlddmkm.sys

< MD5 for: AFD.SYS >
[2009/07/13 17:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\System32\drivers\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: TDX.SYS >
[2009/07/13 17:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\System32\drivers\tdx.sys
[2009/07/13 17:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB12706$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

#6 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 03 March 2012 - 08:18 AM

Hi ds5000!

Thanks for posting those log files.

Please run this tool for me:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

#7 ds5000

Member

Members
54 posts

Posted 05 March 2012 - 08:47 AM

ok... i disabled AVG Antivirus and ran the combofix, then it said it still detected it... so i uninstalled AVG. ran combofix again, and gave me a report. the thing is the computer wont connect to the internet anymore. i remember, when running combofix, a dialog box opened saying that that would happen. to be able to connect again, i cant remember if it said to run the combofix once or twice again, or reboot the computer once or twice again, and that would take care of the lost internet connection. i did both but still, when i try to connect it says ip not recognized. i even tried rebooting the modem... still nothing. anyways, since i ran the combox three times i got three reports, this was the last one... let me know if you need me to post any of the other two.

ComboFix 12-03-02.01 - dave 03/04/2012 23:08:36.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3583.853 [GMT -6:00]
Running from: c:\users\dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 05:25 . 2012-03-05 05:25 -------- d-----w- c:\users\dave\AppData\Local\temp
2012-03-05 05:25 . 2012-03-05 05:25 -------- d-----w- c:\users\Mcx1-DAVE-PC\AppData\Local\temp
2012-03-05 05:25 . 2012-03-05 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 03:16 . 2012-03-05 03:16 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-05 03:16 . 2012-03-05 03:16 -------- d-----w- c:\program files\AVG Secure Search
2012-03-02 19:11 . 2012-03-02 19:11 -------- d-----w- C:\_OTL
2012-03-02 19:08 . 2012-03-02 19:08 -------- d-----w- C:\Bad Files
2012-03-02 19:02 . 2012-03-02 19:02 -------- d-----w- c:\program files\ERUNT
2012-02-22 03:17 . 2012-02-22 03:17 -------- d-----w- c:\users\dave\AppData\Roaming\NVIDIA
2012-02-22 03:17 . 2012-02-29 03:04 -------- d-----w- c:\users\UpdatusUser
2012-02-22 03:16 . 2012-02-10 04:13 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-22 03:16 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 03:16 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 03:16 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 03:16 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 03:16 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 03:16 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 03:16 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-22 03:16 . 2012-02-10 04:13 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-17 20:31 . 2012-02-29 04:25 -------- d-----w- c:\users\dave\AppData\Roaming\Apple Computer
2012-02-17 14:19 . 2012-02-17 14:19 -------- d-----w- c:\users\dave\AppData\Roaming\Media Player Classic
2012-02-16 05:34 . 2012-02-16 05:34 -------- d-----w- c:\users\dave\AppData\Roaming\DivX
2012-02-16 04:54 . 2012-02-16 04:54 -------- d-----w- c:\users\dave\AppData\Roaming\AVG2012
2012-02-16 04:42 . 2012-02-16 04:42 -------- d-----w- c:\users\dave\AppData\Roaming\Malwarebytes
2012-02-05 21:06 . 2012-03-04 18:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:13 . 2011-06-02 03:30 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-06-02 03:30 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-06-02 03:30 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-06-02 03:30 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-06-02 03:30 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2011-06-02 03:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-10 21:24 . 2011-04-20 04:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 03:08 . 2011-05-16 04:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_03.47.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\RASMBMGR.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\RASL2TP.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\IPSEC.BIN
+ 2010-08-07 21:20 . 2012-03-05 04:23 47136 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2012-03-05 03:29 . 2012-03-05 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-05 05:07 . 2012-03-05 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-05 03:29 . 2012-03-05 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-05 05:07 . 2012-03-05 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-05 04:56 . 2012-03-05 05:06 131072 c:\windows\tracing\VPNIKE.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 262144 c:\windows\tracing\RASSSTP.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 131072 c:\windows\tracing\AGILEVPN.BIN
- 2010-08-07 21:05 . 2012-03-05 03:38 376832 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-07 21:05 . 2012-03-05 04:59 376832 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:47 . 2012-03-05 03:28 250080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-03-05 05:06 250080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-09 05:06 . 2012-03-05 03:28 708532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-12288.dat
+ 2011-09-09 05:06 . 2012-03-05 05:06 708532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-12288.dat
+ 2012-03-05 04:56 . 2012-03-05 05:06 2818048 c:\windows\tracing\RASPPTP.BIN
- 2010-08-07 21:05 . 2012-03-05 03:38 3997696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-07 21:05 . 2012-03-05 04:59 3997696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-03-05 04:59 1884160 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-03-05 03:38 1884160 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-14 23:54 . 2012-03-05 03:28 1316348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-8192.dat
+ 2011-01-14 23:54 . 2012-03-05 04:20 1316348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-05 03:16 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-05 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"QCDriverInstaller"="c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [2002-12-11 638976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-05 939872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2010-11-26 117344]
cleanhdm.lnk - c:\users\dave\AppData\Local\cleanhdm.exe [N/A]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2010-11-26 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-07-07 87368]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-03-05 909152]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-01-11 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-01-11 1217920]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-01-11 1220224]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
dbmang
syslogd
Dell1100_FUService
ANC
klblmain
lxct_device
SerTVOutCtlr
CAMFLT
cimnotify
cdrbsdrv
dbustrcm
GBFSHook
bb-run
raysat3_4_6_18server
srvdpi
pcandis5
purgeieservice
omniusbl
WmaCDriverV32
cwafeventrouter
szserver
iksysflt
ql2100
speakerphone
tosrfnds
LwUsbHid
genmcmn
advantage
NTSIM
se58mdfl
nfsds
ZSMC211
se58mdm
vxd
X4HSX32
mssql$pinnaclesys
dsncservice
procexp100
wmi
merakcontrol
elservice
sbhooksvc
aeclienthostservice
RMSvc
haspnt
{6080a529-897e-4629-a488-aba0c29b635e}
tosrfcom
ntservice1
UpdateCenterService
ufdsvc
ATMsg
dbmanagerscheduler
EKECioCtl
cfosspeeds
U81xmdfl
wscsvc
yukonwxp
cqmgserv
se45obex
tavsvc
cwafreportscheduler
kpfwsvc
SPFDRV
WUSB54Gv4SVC
s616mdm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
Trusted Zone: intuit.com\ttlc
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-04 23:29:23
ComboFix-quarantined-files.txt 2012-03-05 05:29
ComboFix2.txt 2012-03-05 04:54
ComboFix3.txt 2012-03-05 04:18
.
Pre-Run: 408,395,661,312 bytes free
Post-Run: 408,436,105,216 bytes free
.
- - End Of File - - 147EACAB27CB19209D65517958B05F03

#8 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 06 March 2012 - 01:18 AM

Hi!

Sorry to hear your experiencing issues connecting to the internet after running ComboFix, usually another run with ComboFix will bring back the internet, but in some cases, it doesn't work, don't worry, we have other methods to try to get you back up and connected to the internet.

I would like to see the 2 other ComboFix reports, if you wouldn't mind posting those for me, it'd be greatly appreciated.

Lets see if the following restores your internet connection:
Press the Windows Logo in the bottom left corner of your screen.
In the Posted Image

box, enter command and right click on Command Prompt and select Run as Administrator.

Copy/Paste the following bolded text into the command window followed by ENTER.

NETSH WINSOCK RESET CATALOG
netsh int ip reset

Please reboot your computer after running the above command and see if your internet is restored.

#9 ds5000

Member

Members
54 posts

Posted 06 March 2012 - 08:49 AM

i tried the "reset catalog" command twice, although i had to type it in... it did say it reset it. but no, no internet... i did a troubleshoot... and it kept saying "local area connection" doesnt have valid IP configuration"... ive rebooted the modem a couple a times, and restarted a new connection from scratch and nothing... anyways here are last reports from combofix that ive done. thanks.

1.
ComboFix 12-03-02.01 - dave 03/05/2012 20:05:20.5.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3583.1412 [GMT -6:00]
Running from: c:\users\dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 02:23 . 2012-03-06 02:23 -------- d-----w- c:\users\dave\AppData\Local\temp
2012-03-06 02:23 . 2012-03-06 02:23 -------- d-----w- c:\users\Mcx1-DAVE-PC\AppData\Local\temp
2012-03-06 02:23 . 2012-03-06 02:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 01:15 . 2012-03-06 01:15 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-03-05 06:01 . 2012-03-05 06:01 -------- d-----w- c:\windows\system32\Intuit
2012-03-05 03:16 . 2012-03-05 05:37 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-05 03:16 . 2012-03-05 03:16 -------- d-----w- c:\program files\AVG Secure Search
2012-03-02 19:11 . 2012-03-02 19:11 -------- d-----w- C:\_OTL
2012-03-02 19:08 . 2012-03-02 19:08 -------- d-----w- C:\Bad Files
2012-03-02 19:02 . 2012-03-02 19:02 -------- d-----w- c:\program files\ERUNT
2012-02-22 03:17 . 2012-02-22 03:17 -------- d-----w- c:\users\dave\AppData\Roaming\NVIDIA
2012-02-22 03:17 . 2012-02-29 03:04 -------- d-----w- c:\users\UpdatusUser
2012-02-22 03:16 . 2012-02-10 04:13 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-22 03:16 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 03:16 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 03:16 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 03:16 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 03:16 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 03:16 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 03:16 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-22 03:16 . 2012-02-10 04:13 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-17 20:31 . 2012-02-29 04:25 -------- d-----w- c:\users\dave\AppData\Roaming\Apple Computer
2012-02-17 14:19 . 2012-02-17 14:19 -------- d-----w- c:\users\dave\AppData\Roaming\Media Player Classic
2012-02-16 05:34 . 2012-02-16 05:34 -------- d-----w- c:\users\dave\AppData\Roaming\DivX
2012-02-16 04:54 . 2012-02-16 04:54 -------- d-----w- c:\users\dave\AppData\Roaming\AVG2012
2012-02-16 04:42 . 2012-02-16 04:42 -------- d-----w- c:\users\dave\AppData\Roaming\Malwarebytes
2012-02-05 21:06 . 2012-03-04 18:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:13 . 2011-06-02 03:30 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-06-02 03:30 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-06-02 03:30 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-06-02 03:30 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-06-02 03:30 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2011-06-02 03:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-10 21:24 . 2011-04-20 04:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 03:08 . 2011-05-16 04:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_03.47.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\RASMBMGR.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\RASL2TP.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\IPSEC.BIN
+ 2010-08-07 21:20 . 2012-03-06 01:54 47486 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2012-03-05 03:29 . 2012-03-05 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 01:52 . 2012-03-06 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-05 03:29 . 2012-03-05 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-06 01:52 . 2012-03-06 02:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-05 04:56 . 2012-03-05 05:06 131072 c:\windows\tracing\VPNIKE.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 262144 c:\windows\tracing\RASSSTP.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 131072 c:\windows\tracing\AGILEVPN.BIN
+ 2009-07-14 02:05 . 2012-03-06 01:09 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-03-04 18:13 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-03-04 18:13 103496 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2012-03-06 01:09 103496 c:\windows\System32\perfc009.dat
+ 2010-08-07 21:05 . 2012-03-06 01:07 376832 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-07 21:05 . 2012-03-05 03:38 376832 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:47 . 2012-03-06 01:51 250080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-03-05 03:28 250080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-09 05:06 . 2012-03-05 05:44 708532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-12288.dat
- 2011-09-09 05:06 . 2012-03-05 03:28 708532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-12288.dat
+ 2012-03-05 04:56 . 2012-03-05 05:06 2818048 c:\windows\tracing\RASPPTP.BIN
- 2010-08-07 21:05 . 2012-03-05 03:38 3997696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-07 21:05 . 2012-03-06 01:07 3997696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2012-03-05 03:38 1884160 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-03-06 01:07 1884160 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-14 23:54 . 2012-03-05 03:28 1316348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-8192.dat
+ 2011-01-14 23:54 . 2012-03-06 01:25 1316348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-05 03:16 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-05 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"QCDriverInstaller"="c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [2002-12-11 638976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-05 939872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2010-11-26 117344]
cleanhdm.lnk - c:\users\dave\AppData\Local\cleanhdm.exe [N/A]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2010-11-26 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-07-07 87368]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-03-05 909152]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-01-11 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-01-11 1217920]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-01-11 1220224]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
dbmang
syslogd
Dell1100_FUService
ANC
klblmain
lxct_device
SerTVOutCtlr
CAMFLT
cimnotify
cdrbsdrv
dbustrcm
GBFSHook
bb-run
raysat3_4_6_18server
srvdpi
pcandis5
purgeieservice
omniusbl
WmaCDriverV32
cwafeventrouter
szserver
iksysflt
ql2100
speakerphone
tosrfnds
LwUsbHid
genmcmn
advantage
NTSIM
se58mdfl
nfsds
ZSMC211
se58mdm
vxd
X4HSX32
mssql$pinnaclesys
dsncservice
procexp100
wmi
merakcontrol
elservice
sbhooksvc
aeclienthostservice
RMSvc
haspnt
{6080a529-897e-4629-a488-aba0c29b635e}
tosrfcom
ntservice1
UpdateCenterService
ufdsvc
ATMsg
dbmanagerscheduler
EKECioCtl
cfosspeeds
U81xmdfl
wscsvc
yukonwxp
cqmgserv
se45obex
tavsvc
cwafreportscheduler
kpfwsvc
SPFDRV
WUSB54Gv4SVC
s616mdm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
Trusted Zone: intuit.com\ttlc
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-05 20:27:18
ComboFix-quarantined-files.txt 2012-03-06 02:27
ComboFix2.txt 2012-03-06 01:49
ComboFix3.txt 2012-03-05 05:29
ComboFix4.txt 2012-03-05 04:54
ComboFix5.txt 2012-03-06 01:56
.
Pre-Run: 413,148,143,616 bytes free
Post-Run: 412,829,827,072 bytes free
.
- - End Of File - - BE263E338BE3DE6EACBCC10A0EB56D2F

2.
ComboFix 12-03-02.01 - dave 03/05/2012 19:28:06.4.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3583.1249 [GMT -6:00]
Running from: c:\users\dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dave\AppData\Local\{B6C6713F-7DDA-46D5-8568-A19CD05F634C}
c:\users\dave\AppData\Local\{B6C6713F-7DDA-46D5-8568-A19CD05F634C}\chrome.manifest
c:\users\dave\AppData\Local\{B6C6713F-7DDA-46D5-8568-A19CD05F634C}\chrome\content\_cfg.js
c:\users\dave\AppData\Local\{B6C6713F-7DDA-46D5-8568-A19CD05F634C}\chrome\content\overlay.xul
c:\users\dave\AppData\Local\{B6C6713F-7DDA-46D5-8568-A19CD05F634C}\install.rdf
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 01:46 . 2012-03-06 01:46 -------- d-----w- c:\users\dave\AppData\Local\temp
2012-03-06 01:46 . 2012-03-06 01:46 -------- d-----w- c:\users\Mcx1-DAVE-PC\AppData\Local\temp
2012-03-06 01:46 . 2012-03-06 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 01:15 . 2012-03-06 01:15 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2012-03-05 06:01 . 2012-03-05 06:01 -------- d-----w- c:\windows\system32\Intuit
2012-03-05 03:16 . 2012-03-05 05:37 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-05 03:16 . 2012-03-05 03:16 -------- d-----w- c:\program files\AVG Secure Search
2012-03-02 19:11 . 2012-03-02 19:11 -------- d-----w- C:\_OTL
2012-03-02 19:08 . 2012-03-02 19:08 -------- d-----w- C:\Bad Files
2012-03-02 19:02 . 2012-03-02 19:02 -------- d-----w- c:\program files\ERUNT
2012-02-22 03:17 . 2012-02-22 03:17 -------- d-----w- c:\users\dave\AppData\Roaming\NVIDIA
2012-02-22 03:17 . 2012-02-29 03:04 -------- d-----w- c:\users\UpdatusUser
2012-02-22 03:16 . 2012-02-10 04:13 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-22 03:16 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 03:16 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 03:16 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 03:16 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 03:16 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 03:16 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 03:16 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-22 03:16 . 2012-02-10 04:13 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-17 20:31 . 2012-02-29 04:25 -------- d-----w- c:\users\dave\AppData\Roaming\Apple Computer
2012-02-17 14:19 . 2012-02-17 14:19 -------- d-----w- c:\users\dave\AppData\Roaming\Media Player Classic
2012-02-16 05:34 . 2012-02-16 05:34 -------- d-----w- c:\users\dave\AppData\Roaming\DivX
2012-02-16 04:54 . 2012-02-16 04:54 -------- d-----w- c:\users\dave\AppData\Roaming\AVG2012
2012-02-16 04:42 . 2012-02-16 04:42 -------- d-----w- c:\users\dave\AppData\Roaming\Malwarebytes
2012-02-05 21:06 . 2012-03-04 18:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:13 . 2011-06-02 03:30 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-06-02 03:30 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-06-02 03:30 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-06-02 03:30 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-06-02 03:30 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2011-06-02 03:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-10 21:24 . 2011-04-20 04:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 03:08 . 2011-05-16 04:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_03.47.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\RASMBMGR.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\RASL2TP.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\IPSEC.BIN
+ 2010-08-07 21:20 . 2012-03-06 01:28 47438 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2012-03-05 03:29 . 2012-03-05 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-06 01:26 . 2012-03-06 01:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-05 03:29 . 2012-03-05 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-06 01:26 . 2012-03-06 01:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-05 04:56 . 2012-03-05 05:06 131072 c:\windows\tracing\VPNIKE.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 262144 c:\windows\tracing\RASSSTP.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 131072 c:\windows\tracing\AGILEVPN.BIN
+ 2009-07-14 02:05 . 2012-03-06 01:09 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-03-04 18:13 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-03-04 18:13 103496 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2012-03-06 01:09 103496 c:\windows\System32\perfc009.dat
+ 2010-08-07 21:05 . 2012-03-06 01:07 376832 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-07 21:05 . 2012-03-05 03:38 376832 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:47 . 2012-03-06 01:25 250080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-03-05 03:28 250080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-09 05:06 . 2012-03-05 05:44 708532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-12288.dat
- 2011-09-09 05:06 . 2012-03-05 03:28 708532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-12288.dat
+ 2012-03-05 04:56 . 2012-03-05 05:06 2818048 c:\windows\tracing\RASPPTP.BIN
- 2010-08-07 21:05 . 2012-03-05 03:38 3997696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-07 21:05 . 2012-03-06 01:07 3997696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2012-03-05 03:38 1884160 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-03-06 01:07 1884160 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-14 23:54 . 2012-03-05 03:28 1316348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-8192.dat
+ 2011-01-14 23:54 . 2012-03-06 01:25 1316348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-05 03:16 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-05 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"QCDriverInstaller"="c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [2002-12-11 638976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-05 939872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2010-11-26 117344]
cleanhdm.lnk - c:\users\dave\AppData\Local\cleanhdm.exe [N/A]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2010-11-26 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-07-07 87368]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-03-05 909152]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-01-11 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-01-11 1217920]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-01-11 1220224]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
dbmang
syslogd
Dell1100_FUService
ANC
klblmain
lxct_device
SerTVOutCtlr
CAMFLT
cimnotify
cdrbsdrv
dbustrcm
GBFSHook
bb-run
raysat3_4_6_18server
srvdpi
pcandis5
purgeieservice
omniusbl
WmaCDriverV32
cwafeventrouter
szserver
iksysflt
ql2100
speakerphone
tosrfnds
LwUsbHid
genmcmn
advantage
NTSIM
se58mdfl
nfsds
ZSMC211
se58mdm
vxd
X4HSX32
mssql$pinnaclesys
dsncservice
procexp100
wmi
merakcontrol
elservice
sbhooksvc
aeclienthostservice
RMSvc
haspnt
{6080a529-897e-4629-a488-aba0c29b635e}
tosrfcom
ntservice1
UpdateCenterService
ufdsvc
ATMsg
dbmanagerscheduler
EKECioCtl
cfosspeeds
U81xmdfl
wscsvc
yukonwxp
cqmgserv
se45obex
tavsvc
cwafreportscheduler
kpfwsvc
SPFDRV
WUSB54Gv4SVC
s616mdm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
Trusted Zone: intuit.com\ttlc
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-05 19:49:48
ComboFix-quarantined-files.txt 2012-03-06 01:49
ComboFix2.txt 2012-03-05 05:29
ComboFix3.txt 2012-03-05 04:54
ComboFix4.txt 2012-03-05 04:18
.
Pre-Run: 413,529,800,704 bytes free
Post-Run: 413,098,721,280 bytes free
.
- - End Of File - - 90F6742FDE5805EF64B48DC71BA27652

3.
ComboFix 12-03-02.01 - dave 03/04/2012 23:08:36.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3583.853 [GMT -6:00]
Running from: c:\users\dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 05:25 . 2012-03-05 05:25 -------- d-----w- c:\users\dave\AppData\Local\temp
2012-03-05 05:25 . 2012-03-05 05:25 -------- d-----w- c:\users\Mcx1-DAVE-PC\AppData\Local\temp
2012-03-05 05:25 . 2012-03-05 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 03:16 . 2012-03-05 03:16 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-05 03:16 . 2012-03-05 03:16 -------- d-----w- c:\program files\AVG Secure Search
2012-03-02 19:11 . 2012-03-02 19:11 -------- d-----w- C:\_OTL
2012-03-02 19:08 . 2012-03-02 19:08 -------- d-----w- C:\Bad Files
2012-03-02 19:02 . 2012-03-02 19:02 -------- d-----w- c:\program files\ERUNT
2012-02-22 03:17 . 2012-02-22 03:17 -------- d-----w- c:\users\dave\AppData\Roaming\NVIDIA
2012-02-22 03:17 . 2012-02-29 03:04 -------- d-----w- c:\users\UpdatusUser
2012-02-22 03:16 . 2012-02-10 04:13 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-22 03:16 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 03:16 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 03:16 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 03:16 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 03:16 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 03:16 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 03:16 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-22 03:16 . 2012-02-10 04:13 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-17 20:31 . 2012-02-29 04:25 -------- d-----w- c:\users\dave\AppData\Roaming\Apple Computer
2012-02-17 14:19 . 2012-02-17 14:19 -------- d-----w- c:\users\dave\AppData\Roaming\Media Player Classic
2012-02-16 05:34 . 2012-02-16 05:34 -------- d-----w- c:\users\dave\AppData\Roaming\DivX
2012-02-16 04:54 . 2012-02-16 04:54 -------- d-----w- c:\users\dave\AppData\Roaming\AVG2012
2012-02-16 04:42 . 2012-02-16 04:42 -------- d-----w- c:\users\dave\AppData\Roaming\Malwarebytes
2012-02-05 21:06 . 2012-03-04 18:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:13 . 2011-06-02 03:30 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-06-02 03:30 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-06-02 03:30 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-06-02 03:30 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-06-02 03:30 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2011-06-02 03:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-10 21:24 . 2011-04-20 04:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 03:08 . 2011-05-16 04:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_03.47.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\RASMBMGR.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\RASL2TP.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 65536 c:\windows\tracing\IPSEC.BIN
+ 2010-08-07 21:20 . 2012-03-05 04:23 47136 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2012-03-05 03:29 . 2012-03-05 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-05 05:07 . 2012-03-05 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-05 03:29 . 2012-03-05 03:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-05 05:07 . 2012-03-05 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-05 04:56 . 2012-03-05 05:06 131072 c:\windows\tracing\VPNIKE.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 262144 c:\windows\tracing\RASSSTP.BIN
+ 2012-03-05 04:56 . 2012-03-05 05:06 131072 c:\windows\tracing\AGILEVPN.BIN
- 2010-08-07 21:05 . 2012-03-05 03:38 376832 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-07 21:05 . 2012-03-05 04:59 376832 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:47 . 2012-03-05 03:28 250080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-03-05 05:06 250080 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-09 05:06 . 2012-03-05 03:28 708532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-12288.dat
+ 2011-09-09 05:06 . 2012-03-05 05:06 708532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-12288.dat
+ 2012-03-05 04:56 . 2012-03-05 05:06 2818048 c:\windows\tracing\RASPPTP.BIN
- 2010-08-07 21:05 . 2012-03-05 03:38 3997696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-07 21:05 . 2012-03-05 04:59 3997696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-03-05 04:59 1884160 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-03-05 03:38 1884160 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-14 23:54 . 2012-03-05 03:28 1316348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-8192.dat
+ 2011-01-14 23:54 . 2012-03-05 04:20 1316348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2712488530-1322185873-1327626398-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-05 03:16 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-05 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"QCDriverInstaller"="c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [2002-12-11 638976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-05 939872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2010-11-26 117344]
cleanhdm.lnk - c:\users\dave\AppData\Local\cleanhdm.exe [N/A]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2010-11-26 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-07-07 87368]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-03-05 909152]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-01-11 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-01-11 1217920]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-01-11 1220224]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
dbmang
syslogd
Dell1100_FUService
ANC
klblmain
lxct_device
SerTVOutCtlr
CAMFLT
cimnotify
cdrbsdrv
dbustrcm
GBFSHook
bb-run
raysat3_4_6_18server
srvdpi
pcandis5
purgeieservice
omniusbl
WmaCDriverV32
cwafeventrouter
szserver
iksysflt
ql2100
speakerphone
tosrfnds
LwUsbHid
genmcmn
advantage
NTSIM
se58mdfl
nfsds
ZSMC211
se58mdm
vxd
X4HSX32
mssql$pinnaclesys
dsncservice
procexp100
wmi
merakcontrol
elservice
sbhooksvc
aeclienthostservice
RMSvc
haspnt
{6080a529-897e-4629-a488-aba0c29b635e}
tosrfcom
ntservice1
UpdateCenterService
ufdsvc
ATMsg
dbmanagerscheduler
EKECioCtl
cfosspeeds
U81xmdfl
wscsvc
yukonwxp
cqmgserv
se45obex
tavsvc
cwafreportscheduler
kpfwsvc
SPFDRV
WUSB54Gv4SVC
s616mdm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
Trusted Zone: intuit.com\ttlc
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-04 23:29:23
ComboFix-quarantined-files.txt 2012-03-05 05:29
ComboFix2.txt 2012-03-05 04:54
ComboFix3.txt 2012-03-05 04:18
.
Pre-Run: 408,395,661,312 bytes free
Post-Run: 408,436,105,216 bytes free
.
- - End Of File - - 147EACAB27CB19209D65517958B05F03

4.
ComboFix 12-03-02.01 - dave 03/04/2012 22:38:36.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3583.783 [GMT -6:00]
Running from: c:\users\dave\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 04:52 . 2012-03-05 04:52 -------- d-----w- c:\users\Mcx1-DAVE-PC\AppData\Local\temp
2012-03-05 04:52 . 2012-03-05 04:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 04:52 . 2012-03-05 04:52 -------- d-----w- c:\users\dave\AppData\Local\temp
2012-03-05 03:16 . 2012-03-05 03:16 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-05 03:16 . 2012-03-05 03:16 -------- d-----w- c:\program files\AVG Secure Search
2012-03-02 19:11 . 2012-03-02 19:11 -------- d-----w- C:\_OTL
2012-03-02 19:08 . 2012-03-02 19:08 -------- d-----w- C:\Bad Files
2012-03-02 19:02 . 2012-03-02 19:02 -------- d-----w- c:\program files\ERUNT
2012-02-22 03:17 . 2012-02-22 03:17 -------- d-----w- c:\users\dave\AppData\Roaming\NVIDIA
2012-02-22 03:17 . 2012-02-29 03:04 -------- d-----w- c:\users\UpdatusUser
2012-02-22 03:16 . 2012-02-10 04:13 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-22 03:16 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 03:16 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 03:16 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 03:16 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 03:16 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 03:16 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 03:16 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-22 03:16 . 2012-02-10 04:13 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-17 20:31 . 2012-02-29 04:25 -------- d-----w- c:\users\dave\AppData\Roaming\Apple Computer
2012-02-17 14:19 . 2012-02-17 14:19 -------- d-----w- c:\users\dave\AppData\Roaming\Media Player Classic
2012-02-16 05:34 . 2012-02-16 05:34 -------- d-----w- c:\users\dave\AppData\Roaming\DivX
2012-02-16 04:54 . 2012-02-16 04:54 -------- d-----w- c:\users\dave\AppData\Roaming\AVG2012
2012-02-16 04:42 . 2012-02-16 04:42 -------- d-----w- c:\users\dave\AppData\Roaming\Malwarebytes
2012-02-05 21:06 . 2012-03-04 18:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:13 . 2011-06-02 03:30 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-06-02 03:30 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-06-02 03:30 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-06-02 03:30 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-06-02 03:30 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-10 03:00 . 2011-06-02 03:30 108352 ----a-w- c:\windows\system32\nvmctray.dll
2011-12-10 21:24 . 2011-04-20 04:39 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 03:08 . 2011-05-16 04:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-05 03:16 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-03-05 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"QCDriverInstaller"="c:\progra~1\COMMON~1\Logitech\QCDRIV~2\Lqdsw.exe" [2002-12-11 638976]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-05 939872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2010-11-26 117344]
cleanhdm.lnk - c:\users\dave\AppData\Local\cleanhdm.exe [N/A]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2010-11-26 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 13:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 20480]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [2011-07-07 87368]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-03-05 909152]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-01-11 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-01-11 1217920]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-01-11 1220224]
S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2009-07-13 530944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
dbmang
syslogd
Dell1100_FUService
ANC
klblmain
lxct_device
SerTVOutCtlr
CAMFLT
cimnotify
cdrbsdrv
dbustrcm
GBFSHook
bb-run
raysat3_4_6_18server
srvdpi
pcandis5
purgeieservice
omniusbl
WmaCDriverV32
cwafeventrouter
szserver
iksysflt
ql2100
speakerphone
tosrfnds
LwUsbHid
genmcmn
advantage
NTSIM
se58mdfl
nfsds
ZSMC211
se58mdm
vxd
X4HSX32
mssql$pinnaclesys
dsncservice
procexp100
wmi
merakcontrol
elservice
sbhooksvc
aeclienthostservice
RMSvc
haspnt
{6080a529-897e-4629-a488-aba0c29b635e}
tosrfcom
ntservice1
UpdateCenterService
ufdsvc
ATMsg
dbmanagerscheduler
EKECioCtl
cfosspeeds
U81xmdfl
wscsvc
yukonwxp
cqmgserv
se45obex
tavsvc
cwafreportscheduler
kpfwsvc
SPFDRV
WUSB54Gv4SVC
s616mdm
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
Trusted Zone: intuit.com\ttlc
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\z3rqwx71.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-04 22:54:08
ComboFix-quarantined-files.txt 2012-03-05 04:54
ComboFix2.txt 2012-03-05 04:18
.
Pre-Run: 408,519,962,624 bytes free
Post-Run: 408,388,005,888 bytes free
.
- - End Of File - - E9BA78DC8B0932C759F213DF83D2FC93

#10 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 07 March 2012 - 01:50 AM

Hi ds5000!

Sorry to hear that running those 2 commands didn't restore your internet connection.

Would you be able to download these two tools on another computer and transfer them over to the computer with no internet access via USB drive?

They should provide me with additional information that should hopefully narrow down where the issues with the internet are.

Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

NEXT:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#11 ds5000

Member

Members
54 posts

Posted 07 March 2012 - 11:38 PM

one thing ive noticed is my cursor swirls like if somthing is trying to run and then quickly shut down... if i use the mouse to pull down a menu, it cancels it as if the escape key is pressed... very odd... heres the report logs...

Farbar Service Scanner Version: 01-03-2012
Ran by dave (administrator) on 07-03-2012 at 21:41:20
Running from "C:\Installation\Virus Programs\From 750"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Defender:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2009-07-13 17:12] - [2009-07-13 17:12] - 0338944 ____A () 9DB8A27A008AB72213051EAB90C6BABB

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-13 17:53] - [2009-07-13 19:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 17:54] - [2009-07-13 19:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 17:23] - [2009-07-13 19:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 17:24] - [2009-07-13 19:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 18:15] - [2009-07-13 19:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 17:30] - [2009-07-13 19:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

MiniToolBox by Farbar Version: 18-01-2012
Ran by dave (administrator) on 07-03-2012 at 21:44:26
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
add address name="Wireless Network Connection 2" address=192.168.137.1

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : dave-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-22-43-64-CE-BB
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 00-22-43-64-CE-BA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-24-8C-EB-EE-B5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::568:2e3:668a:b31%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.11.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 234890380
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-EF-82-6B-00-24-8C-EB-EE-B5
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{96B76D36-73F6-4327-9018-E6828396A9EB}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4901C0FD-75B4-45C5-9A63-7040FBC94EDE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...00 22 43 64 ce bb ......Microsoft Virtual WiFi Miniport Adapter
12...00 22 43 64 ce ba ......802.11n Wireless LAN Card
11...00 24 8c eb ee b5 ......Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.11.49 276
169.254.11.49 255.255.255.255 On-link 169.254.11.49 276
169.254.255.255 255.255.255.255 On-link 169.254.11.49 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.11.49 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.11.49 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::568:2e3:668a:b31/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/07/2012 09:44:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1c3c
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1d10
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x920
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x540
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0xa3c
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1d10
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1cac
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x434
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1d24
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

Error: (03/07/2012 09:44:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Faulting module name: MotoHelperService.exe, version: 2.0.51.0, time stamp: 0x4db7299c
Exception code: 0xc0000005
Fault offset: 0x000054df
Faulting process id: 0x1c10
Faulting application start time: 0xMotoHelperService.exe0
Faulting application path: MotoHelperService.exe1
Faulting module path: MotoHelperService.exe2
Report Id: MotoHelperService.exe3

System errors:
=============
Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error:
%%1068

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error:
%%1068

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error:
%%22

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%22

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:
%%22

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error:
%%22

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The srvnet service failed to start due to the following error:
%%22

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error:
%%1068

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1068

Error: (03/07/2012 09:44:45 PM) (Source: Service Control Manager) (User: )
Description: The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (03/07/2012 09:44:45 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df1c3c01ccfcddcd5cc926C:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe0b0bb566-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:43 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df1d1001ccfcddccaf04b2C:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe0a5df0f2-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:42 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df92001ccfcddcc01403eC:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe09b02c7e-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:41 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df54001ccfcddcb537bcaC:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe0902680a-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:40 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054dfa3c01ccfcddcaa5b756C:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe0854a396-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:39 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df1d1001ccfcddc9f7f2e2C:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe07a6df22-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:38 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df1cac01ccfcddc94a2e6eC:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe06f91aae-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:37 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df43401ccfcddc89a0899C:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe0648f4da-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:35 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df1d2401ccfcddc7ec4425C:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe059b3066-68d1-11e1-99ad-00248cebeeb5

Error: (03/07/2012 09:44:34 PM) (Source: Application Error)(User: )
Description: MotoHelperService.exe2.0.51.04db7299cMotoHelperService.exe2.0.51.04db7299cc0000005000054df1c1001ccfcddc73e7fb1C:\Program Files\Motorola\MotoHelper\MotoHelperService.exeC:\Program Files\Motorola\MotoHelper\MotoHelperService.exe04ed6bf2-68d1-11e1-99ad-00248cebeeb5

=========================== Installed Programs ============================

Moyea Video4Web Converter version 2.3.0.8
µTorrent (Version: 3.0.0)
7-Zip 4.65
Adobe After Effects 7.0 (Version: 7.0.0.244)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9.3.4 (Version: 9.3.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Anime Studio Pro 5.5
Anime Studio Pro 7.0 (Version: 7.0)
Any Video Converter 3.1.7
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.2.120)
Attribute Changer 6.20 (Version: 6.20)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2114)
AVG 2012 (Version: 2012.0.1913)
AviSynth 2.5
Bonjour (Version: 2.0.3.0)
CINEMA 4D Release 10
DivX Setup (Version: 2.2.1.2)
ERUNT 1.1j
FaceGen Modeller 3.1 (Version: 1.0.0)
FaceGen Modeller 3.4 (Version: 3.4.0)
ffdshow v1.1.3949 [2011-07-25] (Version: 1.1.3949.0)
Free Audio Converter version 2.2.11
Free Audio Dub version 1.7.9.908
Free DVD Video Converter version 1.5
Free Video Dub version 1.8
Free Video to iPod Converter version 4.0
GonVisor 1.72
Hauppauge WinTV 7 (Version: 7.0.28096)
Hauppauge WinTV Infrared Remote (Version: 2.66.28078)
Internet TV for Windows Media Center (Version: 4.2.2.0)
IsoBuster 2.8 (Version: 2.8)
iTunes (Version: 10.0.0.68)
Java Auto Updater (Version: 2.1.5.1)
Java™ 6 Update 22 (Version: 6.0.220)
Java™ 7 (Version: 7.0.0)
Java™ SE Development Kit 7 (Version: 1.7.0.0)
JDownloader (Version: 0.89)
K-Lite Codec Pack 7.7.0 (Full) (Version: 7.7.0)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ Run Time Lib Setup (Version: 1.0.0)
MiPony 1.5.3 (Version: 1.5.3)
Moglue Builder version 1.0.1 (Version: 1.0.1)
MotoHelper 2.0.51 Driver 5.2.0 (Version: 2.0.51)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.5.2091.0)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MP3 Folder Structure Maker (Version: 0.9)
Mp3tag v2.49 (Version: v2.49)
NVIDIA 3D Vision Controller Driver (Version: 275.33)
NVIDIA 3D Vision Controller Driver 295.73 (Version: 295.73)
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA Update 1.7.11 (Version: 1.7.11)
NVIDIA Update Components (Version: 1.7.11)
Photo To Color Sketch 6.51
PhotoModeler Pro 5
PlayReady PC Runtime x86 (Version: 1.3.0)
Power Sound Editor Free
QuickTime (Version: 7.67.75.0)
Spybot - Search & Destroy (Version: 1.6.2)
Swiff Player 1.7 (Version: 1.7)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4227)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0483)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0214)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2010 wutiper (Version: 010.000.1131)
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.11 (Version: 1.1.11)
WebEx
WinZip (Version: 11.0 (7313))
ZBrush3 (Version: 3.00.0000)

========================= Devices: ================================

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

========================= Memory info: ===================================

Percentage of memory in use: 71%
Total physical RAM: 3583.12 MB
Available physical RAM: 1024.68 MB
Total Pagefile: 7164.51 MB
Available Pagefile: 4454.92 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.01 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:698.54 GB) (Free:384.51 GB) NTFS
3 Drive e: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:0 GB) NTFS
4 Drive f: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:176.88 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator dave Guest
Mcx1-DAVE-PC UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#12 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 08 March 2012 - 01:27 AM

Hi!

It looks like your afd.sys file maybe patched which can explain for the issues with the connection.

Please try and get me the results of this scan below:

OTL Custom Scan

We need to create a new OTL Report

Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Click on the NONE button at the top.

In the

box Cope & Paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
"%WinDir%\$NtUninstallKB*$."
C:\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.sys
atapi.sys
explorer.exe
winlogon.exe
wininit.exe
tdx.sys
afd.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

Push the button.
One report will open, copy and paste it in a reply here:
OTL.txt <-- Will be opened

Edited by SweetTech, 08 March 2012 - 01:45 AM.

#13 ds5000

Member

Members
54 posts

Posted 08 March 2012 - 11:40 PM

OTL logfile created on: 3/8/2012 10:29:27 PM - Run 3
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Installation\Virus Programs
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 27.02% Memory free
7.00 Gb Paging File | 4.21 Gb Available in Paging File | 60.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.54 Gb Total Space | 384.07 Gb Free Space | 54.98% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 176.88 Gb Free Space | 37.98% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing LP)
MsConfig - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D09AD51C-61A5-A3EF-5ED9-A01186D757C5} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\Windows\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: dbmang - File not found
NetSvcs: syslogd - File not found
NetSvcs: Dell1100_FUService - File not found
NetSvcs: ANC - File not found
NetSvcs: klblmain - File not found
NetSvcs: lxct_device - File not found
NetSvcs: SerTVOutCtlr - File not found
NetSvcs: CAMFLT - File not found
NetSvcs: cimnotify - File not found
NetSvcs: cdrbsdrv - File not found
NetSvcs: dbustrcm - File not found
NetSvcs: GBFSHook - File not found
NetSvcs: bb-run - File not found
NetSvcs: raysat3_4_6_18server - File not found
NetSvcs: srvdpi - File not found
NetSvcs: pcandis5 - File not found
NetSvcs: purgeieservice - File not found
NetSvcs: omniusbl - File not found
NetSvcs: WmaCDriverV32 - File not found
NetSvcs: cwafeventrouter - File not found
NetSvcs: szserver - File not found
NetSvcs: iksysflt - File not found
NetSvcs: ql2100 - File not found
NetSvcs: speakerphone - File not found
NetSvcs: tosrfnds - File not found
NetSvcs: LwUsbHid - File not found
NetSvcs: genmcmn - File not found
NetSvcs: advantage - File not found
NetSvcs: NTSIM - File not found
NetSvcs: se58mdfl - File not found
NetSvcs: nfsds - File not found
NetSvcs: ZSMC211 - File not found
NetSvcs: se58mdm - File not found
NetSvcs: vxd - File not found
NetSvcs: X4HSX32 - File not found
NetSvcs: mssql$pinnaclesys - File not found
NetSvcs: dsncservice - File not found
NetSvcs: procexp100 - File not found
NetSvcs: wmi - File not found
NetSvcs: merakcontrol - File not found
NetSvcs: elservice - File not found
NetSvcs: sbhooksvc - File not found
NetSvcs: aeclienthostservice - File not found
NetSvcs: RMSvc - File not found
NetSvcs: haspnt - File not found
NetSvcs: {6080a529-897e-4629-a488-aba0c29b635e} - File not found
NetSvcs: tosrfcom - File not found
NetSvcs: ntservice1 - File not found
NetSvcs: UpdateCenterService - File not found
NetSvcs: ufdsvc - File not found
NetSvcs: ATMsg - File not found
NetSvcs: dbmanagerscheduler - File not found
NetSvcs: EKECioCtl - File not found
NetSvcs: cfosspeeds - File not found
NetSvcs: U81xmdfl - File not found
NetSvcs: yukonwxp - File not found
NetSvcs: cqmgserv - File not found
NetSvcs: se45obex - File not found
NetSvcs: tavsvc - File not found
NetSvcs: cwafreportscheduler - File not found
NetSvcs: kpfwsvc - File not found
NetSvcs: SPFDRV - File not found
NetSvcs: WUSB54Gv4SVC - File not found
NetSvcs: s616mdm - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." >
[2012/03/04 21:22:07 | 000,000,000 | ---D | M] -- C:\Windows\$NtUninstallKB12706$

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2012/02/09 22:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvlddmkm.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AFD.SYS >
[2009/07/13 17:12:38 | 000,338,944 | ---- | M] () MD5=9DB8A27A008AB72213051EAB90C6BABB -- C:\Windows\System32\drivers\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 19:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\ERDNT\cache\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\SoftwareDistribution\Download\c1f17c80c3b916714e96cf873d95fd6d\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: TDX.SYS >
[2009/07/13 17:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\ERDNT\cache\tdx.sys
[2009/07/13 17:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\System32\drivers\tdx.sys
[2009/07/13 17:12:11 | 000,074,240 | ---- | M] (Microsoft Corporation) MD5=CB39E896A2A83702D1737BFD402B3542 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009/07/13 19:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 00:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/27 23:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\SoftwareDistribution\Download\b23c9e49177e4877c3c32ef3b38f35ad\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009/07/13 19:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/01 21:04:07 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/01 21:04:07 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/21 21:08:16 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/21 21:08:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/01 21:04:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/09/01 21:04:07 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/09/01 21:04:07 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >