Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus/rootkit bogging down computer


  • This topic is locked This topic is locked
27 replies to this topic

#1 atomic_teaspoon

atomic_teaspoon

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 19 December 2011 - 01:23 PM

I have dealt with ping.exe virus before. After some frustration, the compbination of Rkill and a fresh reinstall of malwarebyes anti-malware got rid of it. A month and a half later, something more heinous came up. At first, it prevented most EXE files from running. I got around that. Now it's just the anti-virus programs can't seem to find every hiding place. AVG finds that windows/system32/drivers/afd.sys is infected, but can't do anything about it. I have ran malwarebytes anti malware and AVG anti-virus.

DDS LOG
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by General at 18:18:58 on 2011-12-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1049 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
uRun: [Google Update] "c:\documents and settings\general\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\general\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228708850859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{25989577-BC70-4723-B0F1-EACB5FBDD630} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\general\application data\mozilla\firefox\profiles\7e6ds3dc.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\general\application data\mozilla\firefox\profiles\7e6ds3dc.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\general\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\general\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\byond\bin\npbyond.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(extentions.y2layers.installId, 4d7120e0-c9d4-4088-b017-2f59618784cb
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-16 366152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-10 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-16 22216]
S2 gupdate1c9cdc31539311a;Google Update Service (gupdate1c9cdc31539311a);c:\program files\google\update\GoogleUpdate.exe [2009-5-5 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-5 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
.
=============== Created Last 30 ================
.
2011-12-18 00:47:38 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
2011-12-18 00:47:28 -------- d-----w- c:\program files\Security Task Manager
2011-12-17 01:58:17 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-17 01:58:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-11 07:46:44 -------- d-----w- c:\program files\common files\Software Update Utility
2011-12-10 03:09:31 -------- d-----w- c:\documents and settings\general\application data\EleFun Games
2011-12-10 02:22:46 -------- d-----w- c:\program files\fearforsale
2011-12-02 01:50:50 -------- d-----w- c:\documents and settings\general\local settings\application data\www.dvbportal.de
2011-11-27 15:25:48 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-11-27 15:25:48 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-11-27 15:25:48 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-11-27 15:25:48 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-11-27 15:25:48 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-11-27 15:25:48 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-11-27 15:25:46 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-11-27 15:25:45 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-11-26 00:24:53 -------- d-----w- c:\program files\Thief2
2011-11-25 06:12:02 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-11-25 06:12:01 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-11-25 06:11:59 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-11-25 06:11:46 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-11-25 06:11:42 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-11-25 06:11:42 194320 ----a-w- c:\windows\system32\qcut.dll
2011-11-25 06:11:42 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-11-25 06:11:42 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-11-25 06:11:41 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-11-25 06:11:41 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-11-25 05:57:31 -------- d-----w- c:\program files\thiefgold
2011-11-24 22:50:27 1641109 ----a-w- c:\windows\WANEUninstaller.exe
2011-11-24 22:46:40 -------- d-----w- c:\program files\Worms Armageddon - New Edition
2011-11-24 21:21:42 -------- d-----w- c:\program files\Thief - Deadly Shadows
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 14:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 18:20:14.89 ===============


GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-19 00:07:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 ST3160023AS rev.8.12
Running: gmer.exe; Driver: C:\DOCUME~1\General\LOCALS~1\Temp\uwliaaod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAE0AEF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAE0AEFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAE0AF080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAE0AF11C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB9A24000, 0x1A9158, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9907F80]
? C:\DOCUME~1\General\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[600] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[600] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[600] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[600] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F9000A
.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FA000A
.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F8000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02AA000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02AB000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3032] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02A9000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B08E2000-B08FC000 (106496 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xCB 0xAE 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x27 0x3D 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x16 0xB5 0x2E 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x32 0x97 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7F 0xB2 0xBE 0xC9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x00 0xF8 0x9F 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x45 0xCB 0xAE 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x94 0x27 0x3D 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x16 0xB5 0x2E 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x32 0x97 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7F 0xB2 0xBE 0xC9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x00 0xF8 0x9F 0xC5 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB48362$\3890633484 0 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\bckfg.tmp 1000 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\keywords 196 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\L 0 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\L\eyowbrvh 138496 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\lsflt7.ver 5176 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\U 0 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB48362$\3890633484\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB48362$\952788502 0 bytes

---- EOF - GMER 1.0.15 ----


Let me know if any more info is needed. Not posting this from my computer. For some reason, this site keeps timing out when I press the button to post. Maybe that's another matter entirely.

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:21 PM

Posted 20 December 2011 - 03:41 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

It looks like you're infected with an infection called ZAccess.

Please yield the following warning:


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:


Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:




Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 atomic_teaspoon

atomic_teaspoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 21 December 2011 - 10:11 AM

Thanks a lot for the reply. I will be employing these methods when I get home from work and I will post the results. I appreciate your time being put into this.

#4 atomic_teaspoon

atomic_teaspoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 21 December 2011 - 07:51 PM

TDSSkiller found 2 threats, but made no suggestion for removal. at the screen that showed the threats, I selected continue and the start scan window appeared again. There was no prompt to restart.

16:39:36.0328 3012 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
16:39:36.0796 3012 ============================================================
16:39:36.0796 3012 Current date / time: 2011/12/21 16:39:36.0796
16:39:36.0796 3012 SystemInfo:
16:39:36.0796 3012
16:39:36.0796 3012 OS Version: 5.1.2600 ServicePack: 3.0
16:39:36.0796 3012 Product type: Workstation
16:39:36.0796 3012 ComputerName: BIGMACHINE
16:39:36.0796 3012 UserName: General
16:39:36.0796 3012 Windows directory: C:\WINDOWS
16:39:36.0796 3012 System windows directory: C:\WINDOWS
16:39:36.0796 3012 Processor architecture: Intel x86
16:39:36.0796 3012 Number of processors: 2
16:39:36.0796 3012 Page size: 0x1000
16:39:36.0796 3012 Boot type: Normal boot
16:39:36.0796 3012 ============================================================
16:39:44.0484 3012 Initialize success
16:40:00.0921 2988 ============================================================
16:40:00.0921 2988 Scan started
16:40:00.0921 2988 Mode: Manual; SigCheck; TDLFS;
16:40:00.0921 2988 ============================================================
16:40:03.0671 2988 Abiosdsk - ok
16:40:03.0718 2988 abp480n5 - ok
16:40:03.0812 2988 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:40:05.0687 2988 ACPI - ok
16:40:05.0765 2988 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:40:05.0984 2988 ACPIEC - ok
16:40:06.0000 2988 adpu160m - ok
16:40:06.0031 2988 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:40:06.0250 2988 aec - ok
16:40:06.0296 2988 AFD (5bad59b17ae49f55bbf8f84fbed0bf9c) C:\WINDOWS\System32\drivers\afd.sys
16:40:06.0578 2988 AFD ( UnsignedFile.Multi.Generic ) - warning
16:40:06.0578 2988 AFD - detected UnsignedFile.Multi.Generic (1)
16:40:06.0640 2988 Aha154x - ok
16:40:06.0656 2988 aic78u2 - ok
16:40:06.0671 2988 aic78xx - ok
16:40:06.0703 2988 AliIde - ok
16:40:06.0718 2988 amsint - ok
16:40:06.0734 2988 asc - ok
16:40:06.0750 2988 asc3350p - ok
16:40:06.0765 2988 asc3550 - ok
16:40:06.0875 2988 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:40:07.0078 2988 AsyncMac - ok
16:40:07.0125 2988 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:40:07.0312 2988 atapi - ok
16:40:07.0343 2988 Atdisk - ok
16:40:07.0500 2988 ati2mtag (067fca861588b18399555412a456de12) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:40:07.0828 2988 ati2mtag - ok
16:40:07.0890 2988 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:40:08.0093 2988 Atmarpc - ok
16:40:08.0171 2988 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:40:08.0375 2988 audstub - ok
16:40:08.0437 2988 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:40:09.0156 2988 AVGIDSDriver - ok
16:40:09.0453 2988 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:40:09.0468 2988 AVGIDSEH - ok
16:40:09.0640 2988 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:40:09.0656 2988 AVGIDSFilter - ok
16:40:09.0765 2988 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:40:09.0796 2988 AVGIDSShim - ok
16:40:09.0890 2988 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:40:09.0906 2988 Avgldx86 - ok
16:40:09.0968 2988 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:40:10.0000 2988 Avgmfx86 - ok
16:40:10.0078 2988 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:40:10.0093 2988 Avgrkx86 - ok
16:40:10.0140 2988 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:40:10.0171 2988 Avgtdix - ok
16:40:10.0250 2988 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:40:10.0312 2988 b57w2k - ok
16:40:10.0421 2988 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:40:10.0640 2988 Beep - ok
16:40:10.0703 2988 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:40:10.0921 2988 cbidf2k - ok
16:40:10.0937 2988 cd20xrnt - ok
16:40:10.0953 2988 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:40:11.0140 2988 Cdaudio - ok
16:40:11.0187 2988 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:40:11.0390 2988 Cdfs - ok
16:40:11.0421 2988 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:40:11.0625 2988 Cdrom - ok
16:40:11.0625 2988 Changer - ok
16:40:11.0656 2988 CmdIde - ok
16:40:11.0703 2988 Cpqarray - ok
16:40:11.0750 2988 dac2w2k - ok
16:40:11.0765 2988 dac960nt - ok
16:40:11.0828 2988 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:40:12.0031 2988 Disk - ok
16:40:12.0078 2988 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:40:12.0328 2988 dmboot - ok
16:40:12.0343 2988 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:40:12.0531 2988 dmio - ok
16:40:12.0562 2988 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:40:12.0750 2988 dmload - ok
16:40:12.0796 2988 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:40:13.0000 2988 DMusic - ok
16:40:13.0015 2988 dpti2o - ok
16:40:13.0062 2988 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:40:13.0234 2988 drmkaud - ok
16:40:13.0250 2988 EagleNT - ok
16:40:13.0296 2988 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:40:13.0500 2988 Fastfat - ok
16:40:13.0531 2988 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:40:13.0718 2988 Fdc - ok
16:40:13.0750 2988 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:40:13.0953 2988 Fips - ok
16:40:13.0984 2988 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:40:14.0171 2988 Flpydisk - ok
16:40:14.0203 2988 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:40:14.0421 2988 FltMgr - ok
16:40:14.0453 2988 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:40:14.0640 2988 Fs_Rec - ok
16:40:14.0671 2988 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:40:14.0859 2988 Ftdisk - ok
16:40:14.0890 2988 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:40:15.0078 2988 Gpc - ok
16:40:15.0109 2988 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
16:40:15.0265 2988 grmnusb ( UnsignedFile.Multi.Generic ) - warning
16:40:15.0265 2988 grmnusb - detected UnsignedFile.Multi.Generic (1)
16:40:15.0359 2988 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:40:15.0656 2988 hidusb - ok
16:40:15.0671 2988 hpn - ok
16:40:15.0718 2988 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:40:15.0765 2988 HPZid412 - ok
16:40:15.0781 2988 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:40:15.0843 2988 HPZipr12 - ok
16:40:15.0859 2988 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:40:15.0921 2988 HPZius12 - ok
16:40:16.0000 2988 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:40:16.0062 2988 HTTP - ok
16:40:16.0078 2988 i2omgmt - ok
16:40:16.0093 2988 i2omp - ok
16:40:16.0140 2988 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:40:16.0343 2988 i8042prt - ok
16:40:16.0359 2988 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:40:16.0546 2988 Imapi - ok
16:40:16.0562 2988 ini910u - ok
16:40:16.0578 2988 IntelIde - ok
16:40:16.0609 2988 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:40:16.0796 2988 intelppm - ok
16:40:16.0828 2988 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:40:17.0031 2988 ip6fw - ok
16:40:17.0078 2988 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:40:17.0265 2988 IpFilterDriver - ok
16:40:17.0296 2988 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:40:17.0812 2988 IpInIp - ok
16:40:17.0828 2988 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:40:18.0031 2988 IpNat - ok
16:40:18.0109 2988 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:40:18.0312 2988 IPSec - ok
16:40:18.0359 2988 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:40:18.0562 2988 IRENUM - ok
16:40:18.0609 2988 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:40:18.0781 2988 isapnp - ok
16:40:18.0812 2988 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:40:19.0015 2988 Kbdclass - ok
16:40:19.0046 2988 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:40:19.0250 2988 kbdhid - ok
16:40:19.0296 2988 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:40:19.0500 2988 kmixer - ok
16:40:19.0531 2988 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:40:19.0640 2988 KSecDD - ok
16:40:19.0656 2988 lbrtfdc - ok
16:40:19.0718 2988 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
16:40:19.0734 2988 MBAMProtector - ok
16:40:19.0796 2988 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:40:20.0000 2988 mnmdd - ok
16:40:20.0046 2988 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:40:20.0234 2988 Modem - ok
16:40:20.0265 2988 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:40:20.0484 2988 Mouclass - ok
16:40:20.0500 2988 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:40:20.0687 2988 mouhid - ok
16:40:20.0718 2988 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:40:20.0906 2988 MountMgr - ok
16:40:20.0921 2988 mraid35x - ok
16:40:20.0937 2988 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:40:21.0156 2988 MRxDAV - ok
16:40:21.0187 2988 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:40:21.0265 2988 MRxSmb - ok
16:40:21.0312 2988 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:40:21.0500 2988 Msfs - ok
16:40:21.0546 2988 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:40:21.0750 2988 MSKSSRV - ok
16:40:21.0765 2988 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:40:21.0953 2988 MSPCLOCK - ok
16:40:21.0968 2988 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:40:22.0171 2988 MSPQM - ok
16:40:22.0203 2988 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:40:22.0390 2988 mssmbios - ok
16:40:22.0421 2988 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:40:22.0484 2988 Mup - ok
16:40:22.0515 2988 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:40:22.0718 2988 NDIS - ok
16:40:22.0765 2988 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:40:23.0000 2988 NdisTapi - ok
16:40:23.0078 2988 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:40:23.0265 2988 Ndisuio - ok
16:40:23.0312 2988 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:40:23.0500 2988 NdisWan - ok
16:40:23.0546 2988 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:40:23.0609 2988 NDProxy - ok
16:40:23.0640 2988 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:40:23.0828 2988 NetBIOS - ok
16:40:23.0859 2988 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:40:24.0062 2988 NetBT - ok
16:40:24.0093 2988 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:40:24.0281 2988 Npfs - ok
16:40:24.0328 2988 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:40:24.0562 2988 Ntfs - ok
16:40:24.0609 2988 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:40:24.0796 2988 Null - ok
16:40:24.0828 2988 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:40:25.0015 2988 NwlnkFlt - ok
16:40:25.0046 2988 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:40:25.0234 2988 NwlnkFwd - ok
16:40:25.0296 2988 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:40:25.0484 2988 Parport - ok
16:40:25.0515 2988 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:40:25.0703 2988 PartMgr - ok
16:40:25.0734 2988 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:40:25.0937 2988 ParVdm - ok
16:40:25.0953 2988 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:40:26.0140 2988 PCI - ok
16:40:26.0156 2988 PCIDump - ok
16:40:26.0187 2988 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:40:26.0375 2988 PCIIde - ok
16:40:26.0406 2988 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:40:26.0609 2988 Pcmcia - ok
16:40:26.0625 2988 PDCOMP - ok
16:40:26.0640 2988 PDFRAME - ok
16:40:26.0656 2988 PDRELI - ok
16:40:26.0687 2988 PDRFRAME - ok
16:40:26.0703 2988 perc2 - ok
16:40:26.0718 2988 perc2hib - ok
16:40:26.0796 2988 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
16:40:26.0812 2988 Point32 - ok
16:40:26.0859 2988 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:40:27.0062 2988 PptpMiniport - ok
16:40:27.0078 2988 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:40:27.0281 2988 Processor - ok
16:40:27.0296 2988 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:40:27.0500 2988 PSched - ok
16:40:27.0515 2988 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:40:27.0718 2988 Ptilink - ok
16:40:27.0750 2988 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:40:27.0781 2988 PxHelp20 - ok
16:40:27.0796 2988 ql1080 - ok
16:40:27.0812 2988 Ql10wnt - ok
16:40:27.0828 2988 ql12160 - ok
16:40:27.0843 2988 ql1240 - ok
16:40:27.0859 2988 ql1280 - ok
16:40:27.0890 2988 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:40:28.0078 2988 RasAcd - ok
16:40:28.0140 2988 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:40:28.0343 2988 Rasl2tp - ok
16:40:28.0390 2988 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:40:28.0578 2988 RasPppoe - ok
16:40:28.0609 2988 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:40:28.0812 2988 Raspti - ok
16:40:28.0828 2988 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:40:29.0031 2988 Rdbss - ok
16:40:29.0062 2988 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:40:29.0250 2988 RDPCDD - ok
16:40:29.0296 2988 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:40:29.0500 2988 rdpdr - ok
16:40:29.0546 2988 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:40:29.0609 2988 RDPWD - ok
16:40:29.0640 2988 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:40:29.0843 2988 redbook - ok
16:40:29.0921 2988 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:40:30.0109 2988 Secdrv - ok
16:40:30.0187 2988 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:40:30.0265 2988 senfilt - ok
16:40:30.0296 2988 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:40:30.0484 2988 serenum - ok
16:40:30.0500 2988 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:40:30.0687 2988 Serial - ok
16:40:30.0734 2988 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:40:30.0921 2988 Sfloppy - ok
16:40:30.0953 2988 Simbad - ok
16:40:31.0000 2988 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
16:40:31.0031 2988 smwdm - ok
16:40:31.0062 2988 Sparrow - ok
16:40:31.0078 2988 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:40:31.0281 2988 splitter - ok
16:40:31.0343 2988 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
16:40:31.0390 2988 sptd - ok
16:40:31.0437 2988 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:40:31.0625 2988 sr - ok
16:40:31.0687 2988 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:40:31.0734 2988 Srv - ok
16:40:31.0781 2988 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:40:31.0968 2988 swenum - ok
16:40:32.0062 2988 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:40:32.0265 2988 swmidi - ok
16:40:32.0281 2988 symc810 - ok
16:40:32.0296 2988 symc8xx - ok
16:40:32.0312 2988 sym_hi - ok
16:40:32.0343 2988 sym_u3 - ok
16:40:32.0359 2988 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:40:32.0546 2988 sysaudio - ok
16:40:32.0625 2988 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:40:32.0750 2988 Tcpip - ok
16:40:32.0796 2988 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:40:32.0984 2988 TDPIPE - ok
16:40:33.0015 2988 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:40:33.0203 2988 TDTCP - ok
16:40:33.0234 2988 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:40:33.0437 2988 TermDD - ok
16:40:33.0453 2988 TosIde - ok
16:40:33.0515 2988 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:40:33.0687 2988 Udfs - ok
16:40:33.0703 2988 ultra - ok
16:40:33.0750 2988 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:40:33.0968 2988 Update - ok
16:40:34.0015 2988 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:40:34.0218 2988 usbaudio - ok
16:40:34.0250 2988 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:40:34.0453 2988 usbccgp - ok
16:40:34.0500 2988 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:40:34.0671 2988 usbehci - ok
16:40:34.0703 2988 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:40:34.0906 2988 usbhub - ok
16:40:34.0937 2988 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:40:35.0125 2988 usbprint - ok
16:40:35.0171 2988 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:40:35.0359 2988 usbscan - ok
16:40:35.0406 2988 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:40:35.0593 2988 USBSTOR - ok
16:40:35.0640 2988 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:40:35.0828 2988 usbuhci - ok
16:40:35.0875 2988 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:40:36.0078 2988 VgaSave - ok
16:40:36.0093 2988 ViaIde - ok
16:40:36.0125 2988 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:40:36.0343 2988 VolSnap - ok
16:40:36.0390 2988 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:40:36.0578 2988 Wanarp - ok
16:40:36.0640 2988 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:40:36.0671 2988 Wdf01000 - ok
16:40:36.0687 2988 WDICA - ok
16:40:36.0718 2988 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:40:36.0921 2988 wdmaud - ok
16:40:37.0031 2988 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:40:37.0125 2988 WpdUsb - ok
16:40:37.0171 2988 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:40:37.0203 2988 WudfPf - ok
16:40:37.0234 2988 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:40:37.0296 2988 WudfRd - ok
16:40:37.0343 2988 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys
16:40:37.0406 2988 xusb20 - ok
16:40:37.0453 2988 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
16:40:37.0468 2988 xusb21 - ok
16:40:37.0500 2988 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:40:37.0671 2988 \Device\Harddisk0\DR0 - ok
16:40:37.0687 2988 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR2
16:40:38.0171 2988 \Device\Harddisk1\DR2 - ok
16:40:38.0171 2988 Boot (0x1200) (1d090a2f87b71bdf02c495308feb5e8f) \Device\Harddisk0\DR0\Partition0
16:40:38.0171 2988 \Device\Harddisk0\DR0\Partition0 - ok
16:40:38.0218 2988 Boot (0x1200) (16f37f36305aed3b638dd06755109c56) \Device\Harddisk1\DR2\Partition0
16:40:38.0218 2988 \Device\Harddisk1\DR2\Partition0 - ok
16:40:38.0218 2988 ============================================================
16:40:38.0218 2988 Scan finished
16:40:38.0218 2988 ============================================================
16:40:38.0328 3332 Detected object count: 2
16:40:38.0328 3332 Actual detected object count: 2
16:41:56.0718 3332 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
16:41:56.0718 3332 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:41:56.0718 3332 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
16:41:56.0718 3332 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:44:53.0609 1688 ============================================================
16:44:53.0609 1688 Scan started
16:44:53.0609 1688 Mode: Manual; SigCheck; TDLFS;
16:44:53.0609 1688 ============================================================
16:44:54.0953 1688 Abiosdsk - ok
16:44:54.0968 1688 abp480n5 - ok
16:44:55.0015 1688 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:44:55.0328 1688 ACPI - ok
16:44:55.0359 1688 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:44:55.0546 1688 ACPIEC - ok
16:44:55.0562 1688 adpu160m - ok
16:44:55.0593 1688 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:44:55.0796 1688 aec - ok
16:44:55.0828 1688 AFD (5bad59b17ae49f55bbf8f84fbed0bf9c) C:\WINDOWS\System32\drivers\afd.sys
16:44:55.0859 1688 AFD ( UnsignedFile.Multi.Generic ) - warning
16:44:55.0859 1688 AFD - detected UnsignedFile.Multi.Generic (1)
16:44:55.0875 1688 Aha154x - ok
16:44:55.0890 1688 aic78u2 - ok
16:44:55.0906 1688 aic78xx - ok
16:44:55.0921 1688 AliIde - ok
16:44:55.0937 1688 amsint - ok
16:44:55.0953 1688 asc - ok
16:44:55.0968 1688 asc3350p - ok
16:44:55.0984 1688 asc3550 - ok
16:44:56.0031 1688 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:44:56.0234 1688 AsyncMac - ok
16:44:56.0265 1688 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:44:56.0453 1688 atapi - ok
16:44:56.0468 1688 Atdisk - ok
16:44:56.0609 1688 ati2mtag (067fca861588b18399555412a456de12) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:44:56.0781 1688 ati2mtag - ok
16:44:56.0796 1688 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:44:57.0000 1688 Atmarpc - ok
16:44:57.0046 1688 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:44:57.0218 1688 audstub - ok
16:44:57.0265 1688 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:44:57.0281 1688 AVGIDSDriver - ok
16:44:57.0312 1688 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:44:57.0343 1688 AVGIDSEH - ok
16:44:57.0359 1688 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:44:57.0375 1688 AVGIDSFilter - ok
16:44:57.0421 1688 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:44:57.0437 1688 AVGIDSShim - ok
16:44:57.0515 1688 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:44:57.0562 1688 Avgldx86 - ok
16:44:57.0593 1688 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:44:57.0625 1688 Avgmfx86 - ok
16:44:57.0640 1688 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:44:57.0656 1688 Avgrkx86 - ok
16:44:57.0687 1688 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:44:57.0718 1688 Avgtdix - ok
16:44:57.0750 1688 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:44:57.0796 1688 b57w2k - ok
16:44:57.0843 1688 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:44:58.0031 1688 Beep - ok
16:44:58.0078 1688 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:44:58.0265 1688 cbidf2k - ok
16:44:58.0281 1688 cd20xrnt - ok
16:44:58.0328 1688 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:44:58.0500 1688 Cdaudio - ok
16:44:58.0546 1688 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:44:58.0750 1688 Cdfs - ok
16:44:58.0781 1688 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:44:58.0968 1688 Cdrom - ok
16:44:58.0984 1688 Changer - ok
16:44:59.0000 1688 CmdIde - ok
16:44:59.0015 1688 Cpqarray - ok
16:44:59.0031 1688 dac2w2k - ok
16:44:59.0046 1688 dac960nt - ok
16:44:59.0078 1688 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:44:59.0250 1688 Disk - ok
16:44:59.0296 1688 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:44:59.0515 1688 dmboot - ok
16:44:59.0531 1688 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:44:59.0718 1688 dmio - ok
16:44:59.0750 1688 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:44:59.0921 1688 dmload - ok
16:44:59.0953 1688 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:45:00.0156 1688 DMusic - ok
16:45:00.0171 1688 dpti2o - ok
16:45:00.0203 1688 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:45:00.0375 1688 drmkaud - ok
16:45:00.0390 1688 EagleNT - ok
16:45:00.0437 1688 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:45:00.0640 1688 Fastfat - ok
16:45:00.0671 1688 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:45:00.0859 1688 Fdc - ok
16:45:00.0890 1688 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:45:01.0078 1688 Fips - ok
16:45:01.0109 1688 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:45:01.0296 1688 Flpydisk - ok
16:45:01.0328 1688 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:45:01.0515 1688 FltMgr - ok
16:45:01.0531 1688 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:45:01.0718 1688 Fs_Rec - ok
16:45:01.0734 1688 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:45:01.0906 1688 Ftdisk - ok
16:45:01.0937 1688 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:45:02.0125 1688 Gpc - ok
16:45:02.0156 1688 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
16:45:02.0171 1688 grmnusb ( UnsignedFile.Multi.Generic ) - warning
16:45:02.0171 1688 grmnusb - detected UnsignedFile.Multi.Generic (1)
16:45:02.0203 1688 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:45:02.0406 1688 hidusb - ok
16:45:02.0421 1688 hpn - ok
16:45:02.0453 1688 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:45:02.0484 1688 HPZid412 - ok
16:45:02.0515 1688 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:45:02.0546 1688 HPZipr12 - ok
16:45:02.0593 1688 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:45:02.0625 1688 HPZius12 - ok
16:45:02.0671 1688 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:45:02.0703 1688 HTTP - ok
16:45:02.0718 1688 i2omgmt - ok
16:45:02.0734 1688 i2omp - ok
16:45:02.0765 1688 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:45:02.0968 1688 i8042prt - ok
16:45:02.0984 1688 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:45:03.0171 1688 Imapi - ok
16:45:03.0187 1688 ini910u - ok
16:45:03.0203 1688 IntelIde - ok
16:45:03.0265 1688 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:45:03.0437 1688 intelppm - ok
16:45:03.0453 1688 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:45:03.0656 1688 ip6fw - ok
16:45:03.0703 1688 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:45:03.0875 1688 IpFilterDriver - ok
16:45:03.0906 1688 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:45:04.0109 1688 IpInIp - ok
16:45:04.0125 1688 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:45:04.0312 1688 IpNat - ok
16:45:04.0343 1688 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:45:04.0546 1688 IPSec - ok
16:45:04.0578 1688 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:45:04.0765 1688 IRENUM - ok
16:45:04.0796 1688 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:45:04.0984 1688 isapnp - ok
16:45:05.0000 1688 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:45:05.0187 1688 Kbdclass - ok
16:45:05.0234 1688 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:45:05.0421 1688 kbdhid - ok
16:45:05.0453 1688 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:45:05.0640 1688 kmixer - ok
16:45:05.0671 1688 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:45:05.0703 1688 KSecDD - ok
16:45:05.0718 1688 lbrtfdc - ok
16:45:05.0750 1688 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
16:45:05.0781 1688 MBAMProtector - ok
16:45:05.0828 1688 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:45:06.0000 1688 mnmdd - ok
16:45:06.0046 1688 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:45:06.0250 1688 Modem - ok
16:45:06.0281 1688 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:45:06.0468 1688 Mouclass - ok
16:45:06.0500 1688 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:45:06.0687 1688 mouhid - ok
16:45:06.0734 1688 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:45:06.0921 1688 MountMgr - ok
16:45:06.0937 1688 mraid35x - ok
16:45:06.0953 1688 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:45:07.0140 1688 MRxDAV - ok
16:45:07.0187 1688 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:45:07.0234 1688 MRxSmb - ok
16:45:07.0281 1688 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:45:07.0468 1688 Msfs - ok
16:45:07.0500 1688 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:45:07.0687 1688 MSKSSRV - ok
16:45:07.0703 1688 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:45:07.0890 1688 MSPCLOCK - ok
16:45:07.0921 1688 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:45:08.0109 1688 MSPQM - ok
16:45:08.0140 1688 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:45:08.0328 1688 mssmbios - ok
16:45:08.0359 1688 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:45:08.0406 1688 Mup - ok
16:45:08.0437 1688 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:45:08.0640 1688 NDIS - ok
16:45:08.0671 1688 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:45:08.0703 1688 NdisTapi - ok
16:45:08.0734 1688 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:45:08.0937 1688 Ndisuio - ok
16:45:08.0953 1688 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:45:09.0140 1688 NdisWan - ok
16:45:09.0171 1688 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:45:09.0203 1688 NDProxy - ok
16:45:09.0218 1688 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:45:09.0406 1688 NetBIOS - ok
16:45:09.0437 1688 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:45:09.0625 1688 NetBT - ok
16:45:09.0656 1688 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:45:09.0843 1688 Npfs - ok
16:45:09.0890 1688 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:45:10.0078 1688 Ntfs - ok
16:45:10.0109 1688 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:45:10.0296 1688 Null - ok
16:45:10.0328 1688 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:45:10.0515 1688 NwlnkFlt - ok
16:45:10.0531 1688 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:45:10.0718 1688 NwlnkFwd - ok
16:45:10.0765 1688 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:45:10.0953 1688 Parport - ok
16:45:10.0984 1688 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:45:11.0171 1688 PartMgr - ok
16:45:11.0203 1688 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:45:11.0390 1688 ParVdm - ok
16:45:11.0406 1688 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:45:11.0546 1688 PCI - ok
16:45:11.0703 1688 PCIDump - ok
16:45:11.0734 1688 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:45:11.0937 1688 PCIIde - ok
16:45:11.0968 1688 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:45:12.0156 1688 Pcmcia - ok
16:45:12.0171 1688 PDCOMP - ok
16:45:12.0187 1688 PDFRAME - ok
16:45:12.0203 1688 PDRELI - ok
16:45:12.0218 1688 PDRFRAME - ok
16:45:12.0234 1688 perc2 - ok
16:45:12.0234 1688 perc2hib - ok
16:45:12.0281 1688 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
16:45:12.0312 1688 Point32 - ok
16:45:12.0328 1688 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:45:12.0531 1688 PptpMiniport - ok
16:45:12.0546 1688 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:45:12.0750 1688 Processor - ok
16:45:12.0765 1688 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:45:12.0953 1688 PSched - ok
16:45:12.0953 1688 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:45:13.0156 1688 Ptilink - ok
16:45:13.0203 1688 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:45:13.0218 1688 PxHelp20 - ok
16:45:13.0234 1688 ql1080 - ok
16:45:13.0250 1688 Ql10wnt - ok
16:45:13.0265 1688 ql12160 - ok
16:45:13.0281 1688 ql1240 - ok
16:45:13.0296 1688 ql1280 - ok
16:45:13.0328 1688 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:45:13.0500 1688 RasAcd - ok
16:45:13.0531 1688 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:45:13.0734 1688 Rasl2tp - ok
16:45:13.0750 1688 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:45:13.0921 1688 RasPppoe - ok
16:45:13.0968 1688 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:45:14.0156 1688 Raspti - ok
16:45:14.0187 1688 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:45:14.0390 1688 Rdbss - ok
16:45:14.0406 1688 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:45:14.0593 1688 RDPCDD - ok
16:45:14.0609 1688 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:45:14.0812 1688 rdpdr - ok
16:45:14.0875 1688 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:45:14.0906 1688 RDPWD - ok
16:45:14.0937 1688 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:45:15.0125 1688 redbook - ok
16:45:15.0187 1688 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:45:15.0390 1688 Secdrv - ok
16:45:15.0437 1688 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:45:15.0500 1688 senfilt - ok
16:45:15.0531 1688 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:45:15.0703 1688 serenum - ok
16:45:15.0718 1688 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:45:15.0906 1688 Serial - ok
16:45:15.0953 1688 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:45:16.0140 1688 Sfloppy - ok
16:45:16.0156 1688 Simbad - ok
16:45:16.0203 1688 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
16:45:16.0234 1688 smwdm - ok
16:45:16.0250 1688 Sparrow - ok
16:45:16.0265 1688 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:45:16.0468 1688 splitter - ok
16:45:16.0515 1688 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
16:45:16.0546 1688 sptd - ok
16:45:16.0593 1688 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:45:16.0781 1688 sr - ok
16:45:16.0843 1688 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:45:16.0875 1688 Srv - ok
16:45:16.0906 1688 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:45:17.0109 1688 swenum - ok
16:45:17.0140 1688 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:45:17.0343 1688 swmidi - ok
16:45:17.0359 1688 symc810 - ok
16:45:17.0375 1688 symc8xx - ok
16:45:17.0390 1688 sym_hi - ok
16:45:17.0406 1688 sym_u3 - ok
16:45:17.0437 1688 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:45:17.0640 1688 sysaudio - ok
16:45:17.0687 1688 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:45:17.0718 1688 Tcpip - ok
16:45:17.0765 1688 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:45:17.0953 1688 TDPIPE - ok
16:45:17.0984 1688 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:45:18.0171 1688 TDTCP - ok
16:45:18.0187 1688 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:45:18.0375 1688 TermDD - ok
16:45:18.0406 1688 TosIde - ok
16:45:18.0437 1688 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:45:18.0625 1688 Udfs - ok
16:45:18.0640 1688 ultra - ok
16:45:18.0671 1688 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:45:18.0875 1688 Update - ok
16:45:18.0921 1688 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:45:19.0109 1688 usbaudio - ok
16:45:19.0156 1688 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:45:19.0359 1688 usbccgp - ok
16:45:19.0406 1688 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:45:19.0593 1688 usbehci - ok
16:45:19.0609 1688 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:45:19.0828 1688 usbhub - ok
16:45:19.0859 1688 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:45:20.0046 1688 usbprint - ok
16:45:20.0093 1688 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:45:20.0281 1688 usbscan - ok
16:45:20.0296 1688 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:45:20.0500 1688 USBSTOR - ok
16:45:20.0531 1688 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:45:20.0718 1688 usbuhci - ok
16:45:20.0734 1688 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:45:20.0921 1688 VgaSave - ok
16:45:20.0937 1688 ViaIde - ok
16:45:20.0984 1688 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:45:21.0171 1688 VolSnap - ok
16:45:21.0218 1688 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:45:21.0406 1688 Wanarp - ok
16:45:21.0453 1688 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:45:21.0484 1688 Wdf01000 - ok
16:45:21.0500 1688 WDICA - ok
16:45:21.0531 1688 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:45:21.0734 1688 wdmaud - ok
16:45:21.0812 1688 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:45:21.0843 1688 WpdUsb - ok
16:45:21.0890 1688 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:45:21.0921 1688 WudfPf - ok
16:45:21.0968 1688 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:45:22.0000 1688 WudfRd - ok
16:45:22.0046 1688 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys
16:45:22.0078 1688 xusb20 - ok
16:45:22.0125 1688 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
16:45:22.0171 1688 xusb21 - ok
16:45:22.0218 1688 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:45:22.0406 1688 \Device\Harddisk0\DR0 - ok
16:45:22.0406 1688 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR2
16:45:22.0562 1688 \Device\Harddisk1\DR2 - ok
16:45:22.0578 1688 Boot (0x1200) (1d090a2f87b71bdf02c495308feb5e8f) \Device\Harddisk0\DR0\Partition0
16:45:22.0578 1688 \Device\Harddisk0\DR0\Partition0 - ok
16:45:22.0578 1688 Boot (0x1200) (16f37f36305aed3b638dd06755109c56) \Device\Harddisk1\DR2\Partition0
16:45:22.0578 1688 \Device\Harddisk1\DR2\Partition0 - ok
16:45:22.0578 1688 ============================================================
16:45:22.0578 1688 Scan finished
16:45:22.0578 1688 ============================================================
16:45:22.0593 2956 Detected object count: 2
16:45:22.0593 2956 Actual detected object count: 2
16:45:28.0453 2956 AFD ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:28.0453 2956 AFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:45:28.0453 2956 grmnusb ( UnsignedFile.Multi.Generic ) - skipped by user
16:45:28.0453 2956 grmnusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:46:12.0687 1100 ============================================================
16:46:12.0687 1100 Scan started
16:46:12.0687 1100 Mode: Manual; SigCheck; TDLFS;
16:46:12.0687 1100 ============================================================
16:46:14.0812 1100 Abiosdsk - ok
16:46:14.0828 1100 abp480n5 - ok
16:46:14.0890 1100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:46:15.0078 1100 ACPI - ok
16:46:15.0125 1100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:46:15.0312 1100 ACPIEC - ok
16:46:15.0328 1100 adpu160m - ok
16:46:15.0375 1100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:46:15.0546 1100 aec - ok
16:46:15.0578 1100 AFD (5bad59b17ae49f55bbf8f84fbed0bf9c) C:\WINDOWS\System32\drivers\afd.sys
16:46:15.0625 1100 AFD ( UnsignedFile.Multi.Generic ) - warning
16:46:15.0625 1100 AFD - detected UnsignedFile.Multi.Generic (1)
16:46:15.0625 1100 Aha154x - ok
16:46:15.0640 1100 aic78u2 - ok
16:46:15.0656 1100 aic78xx - ok
16:46:15.0671 1100 AliIde - ok
16:46:15.0687 1100 amsint - ok
16:46:15.0703 1100 asc - ok
16:46:15.0718 1100 asc3350p - ok
16:46:15.0734 1100 asc3550 - ok
16:46:15.0781 1100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:46:15.0968 1100 AsyncMac - ok
16:46:15.0984 1100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:46:16.0187 1100 atapi - ok
16:46:16.0187 1100 Atdisk - ok
16:46:16.0312 1100 ati2mtag (067fca861588b18399555412a456de12) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:46:16.0484 1100 ati2mtag - ok
16:46:16.0515 1100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:46:16.0703 1100 Atmarpc - ok
16:46:16.0750 1100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:46:16.0937 1100 audstub - ok
16:46:16.0984 1100 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:46:17.0000 1100 AVGIDSDriver - ok
16:46:17.0031 1100 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:46:17.0046 1100 AVGIDSEH - ok
16:46:17.0078 1100 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:46:17.0093 1100 AVGIDSFilter - ok
16:46:17.0125 1100 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:46:17.0140 1100 AVGIDSShim - ok
16:46:17.0187 1100 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:46:17.0203 1100 Avgldx86 - ok
16:46:17.0234 1100 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:46:17.0250 1100 Avgmfx86 - ok
16:46:17.0265 1100 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:46:17.0296 1100 Avgrkx86 - ok
16:46:17.0343 1100 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:46:17.0375 1100 Avgtdix - ok
16:46:17.0421 1100 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
16:46:17.0484 1100 b57w2k - ok
16:46:17.0531 1100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:46:17.0718 1100 Beep - ok
16:46:17.0750 1100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:46:17.0937 1100 cbidf2k - ok
16:46:17.0937 1100 cd20xrnt - ok
16:46:17.0968 1100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:46:18.0140 1100 Cdaudio - ok
16:46:18.0187 1100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:46:18.0375 1100 Cdfs - ok
16:46:18.0406 1100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:46:18.0625 1100 Cdrom - ok
16:46:18.0640 1100 Changer - ok
16:46:18.0656 1100 CmdIde - ok
16:46:18.0687 1100 Cpqarray - ok
16:46:18.0703 1100 dac2w2k - ok
16:46:18.0703 1100 dac960nt - ok
16:46:18.0734 1100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:46:18.0906 1100 Disk - ok
16:46:18.0953 1100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:46:19.0140 1100 dmboot - ok
16:46:19.0156 1100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:46:19.0343 1100 dmio - ok
16:46:19.0359 1100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:46:19.0546 1100 dmload - ok
16:46:19.0578 1100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:46:19.0781 1100 DMusic - ok
16:46:19.0796 1100 dpti2o - ok
16:46:19.0828 1100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:46:20.0000 1100 drmkaud - ok
16:46:20.0015 1100 EagleNT - ok
16:46:20.0078 1100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:46:20.0281 1100 Fastfat - ok
16:46:20.0312 1100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:46:20.0500 1100 Fdc - ok
16:46:20.0531 1100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:46:20.0703 1100 Fips - ok
16:46:20.0734 1100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:46:20.0921 1100 Flpydisk - ok
16:46:20.0953 1100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:46:21.0140 1100 FltMgr - ok
16:46:21.0156 1100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:46:21.0343 1100 Fs_Rec - ok
16:46:21.0359 1100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:46:21.0531 1100 Ftdisk - ok
16:46:21.0562 1100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:46:21.0750 1100 Gpc - ok
16:46:21.0781 1100 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys
16:46:21.0796 1100 grmnusb ( UnsignedFile.Multi.Generic ) - warning
16:46:21.0796 1100 grmnusb - detected UnsignedFile.Multi.Generic (1)
16:46:21.0843 1100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:46:22.0031 1100 hidusb - ok
16:46:22.0046 1100 hpn - ok
16:46:22.0093 1100 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:46:22.0109 1100 HPZid412 - ok
16:46:22.0140 1100 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:46:22.0171 1100 HPZipr12 - ok
16:46:22.0187 1100 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:46:22.0218 1100 HPZius12 - ok
16:46:22.0265 1100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:46:22.0296 1100 HTTP - ok
16:46:22.0312 1100 i2omgmt - ok
16:46:22.0328 1100 i2omp - ok
16:46:22.0375 1100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:46:22.0562 1100 i8042prt - ok
16:46:22.0578 1100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:46:22.0750 1100 Imapi - ok
16:46:22.0781 1100 ini910u - ok
16:46:22.0796 1100 IntelIde - ok
16:46:22.0828 1100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:46:23.0015 1100 intelppm - ok
16:46:23.0046 1100 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:46:23.0250 1100 ip6fw - ok
16:46:23.0281 1100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:46:23.0468 1100 IpFilterDriver - ok
16:46:23.0500 1100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:46:23.0687 1100 IpInIp - ok
16:46:23.0703 1100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:46:23.0906 1100 IpNat - ok
16:46:23.0921 1100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:46:24.0093 1100 IPSec - ok
16:46:24.0125 1100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:46:24.0312 1100 IRENUM - ok
16:46:24.0328 1100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:46:24.0515 1100 isapnp - ok
16:46:24.0546 1100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:46:24.0750 1100 Kbdclass - ok
16:46:24.0765 1100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:46:24.0953 1100 kbdhid - ok
16:46:25.0000 1100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:46:25.0187 1100 kmixer - ok
16:46:25.0234 1100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:46:25.0250 1100 KSecDD - ok
16:46:25.0265 1100 lbrtfdc - ok
16:46:25.0312 1100 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
16:46:25.0328 1100 MBAMProtector - ok
16:46:25.0375 1100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:46:25.0562 1100 mnmdd - ok
16:46:25.0593 1100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:46:25.0796 1100 Modem - ok
16:46:25.0812 1100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:46:26.0015 1100 Mouclass - ok
16:46:26.0031 1100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:46:26.0218 1100 mouhid - ok
16:46:26.0234 1100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:46:26.0406 1100 MountMgr - ok
16:46:26.0421 1100 mraid35x - ok
16:46:26.0437 1100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:46:26.0625 1100 MRxDAV - ok
16:46:26.0671 1100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:46:26.0703 1100 MRxSmb - ok
16:46:26.0718 1100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:46:26.0906 1100 Msfs - ok
16:46:26.0953 1100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:46:27.0140 1100 MSKSSRV - ok
16:46:27.0171 1100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:46:27.0359 1100 MSPCLOCK - ok
16:46:27.0390 1100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:46:27.0593 1100 MSPQM - ok
16:46:27.0625 1100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:46:27.0796 1100 mssmbios - ok
16:46:27.0828 1100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:46:27.0859 1100 Mup - ok
16:46:27.0906 1100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:46:28.0109 1100 NDIS - ok
16:46:28.0140 1100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:46:28.0171 1100 NdisTapi - ok
16:46:28.0187 1100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:46:28.0390 1100 Ndisuio - ok
16:46:28.0390 1100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:46:28.0578 1100 NdisWan - ok
16:46:28.0609 1100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:46:28.0640 1100 NDProxy - ok
16:46:28.0671 1100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:46:28.0859 1100 NetBIOS - ok
16:46:28.0890 1100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:46:29.0078 1100 NetBT - ok
16:46:29.0125 1100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:46:29.0312 1100 Npfs - ok
16:46:29.0343 1100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:46:29.0562 1100 Ntfs - ok
16:46:29.0593 1100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:46:29.0765 1100 Null - ok
16:46:29.0796 1100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:46:29.0953 1100 NwlnkFlt - ok
16:46:29.0984 1100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:46:30.0140 1100 NwlnkFwd - ok
16:46:30.0171 1100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:46:30.0359 1100 Parport - ok
16:46:30.0390 1100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:46:30.0578 1100 PartMgr - ok
16:46:30.0734 1100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:46:30.0906 1100 ParVdm - ok
16:46:31.0468 1100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:46:32.0484 1100 PCI - ok
16:46:32.0734 1100 PCIDump - ok
16:46:32.0968 1100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:46:33.0125 1100 PCIIde - ok
16:46:33.0187 1100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:46:33.0375 1100 Pcmcia - ok
16:46:33.0390 1100 PDCOMP - ok
16:46:33.0406 1100 PDFRAME - ok
16:46:33.0421 1100 PDRELI - ok
16:46:33.0437 1100 PDRFRAME - ok
16:46:33.0437 1100 perc2 - ok
16:46:33.0453 1100 perc2hib - ok
16:46:33.0515 1100 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
16:46:33.0531 1100 Point32 - ok
16:46:33.0562 1100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:46:33.0765 1100 PptpMiniport - ok
16:46:33.0781 1100 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:46:33.0968 1100 Processor - ok
16:46:33.0984 1100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:46:34.0187 1100 PSched - ok
16:46:34.0203 1100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:46:34.0390 1100 Ptilink - ok
16:46:34.0406 1100 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:46:34.0421 1100 PxHelp20 - ok
16:46:34.0437 1100 ql1080 - ok
16:46:34.0453 1100 Ql10wnt - ok
16:46:34.0468 1100 ql12160 - ok
16:46:34.0484 1100 ql1240 - ok
16:46:34.0500 1100 ql1280 - ok
16:46:34.0515 1100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:46:34.0687 1100 RasAcd - ok
16:46:34.0718 1100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:46:34.0890 1100 Rasl2tp - ok
16:46:34.0906 1100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:46:35.0078 1100 RasPppoe - ok
16:46:35.0109 1100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:46:35.0296 1100 Raspti - ok
16:46:35.0312 1100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:46:35.0515 1100 Rdbss - ok
16:46:35.0531 1100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:46:35.0718 1100 RDPCDD - ok
16:46:35.0734 1100 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:46:35.0937 1100 rdpdr - ok
16:46:36.0000 1100 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:46:36.0031 1100 RDPWD - ok
16:46:36.0062 1100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:46:36.0203 1100 redbook - ok
16:46:36.0250 1100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:46:36.0406 1100 Secdrv - ok
16:46:36.0468 1100 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:46:36.0515 1100 senfilt - ok
16:46:36.0562 1100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:46:36.0750 1100 serenum - ok
16:46:36.0765 1100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:46:36.0953 1100 Serial - ok
16:46:36.0984 1100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:46:37.0171 1100 Sfloppy - ok
16:46:37.0187 1100 Simbad - ok
16:46:37.0250 1100 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
16:46:37.0265 1100 smwdm - ok
16:46:37.0281 1100 Sparrow - ok
16:46:37.0312 1100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:46:37.0484 1100 splitter - ok
16:46:37.0546 1100 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
16:46:37.0578 1100 sptd - ok
16:46:37.0625 1100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:46:37.0812 1100 sr - ok
16:46:37.0859 1100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:46:37.0890 1100 Srv - ok
16:46:37.0953 1100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:46:38.0140 1100 swenum - ok
16:46:38.0187 1100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:46:38.0343 1100 swmidi - ok
16:46:38.0375 1100 symc810 - ok
16:46:38.0390 1100 symc8xx - ok
16:46:38.0390 1100 sym_hi - ok
16:46:38.0406 1100 sym_u3 - ok
16:46:38.0437 1100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:46:38.0609 1100 sysaudio - ok
16:46:38.0656 1100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:46:38.0703 1100 Tcpip - ok
16:46:38.0734 1100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:46:38.0921 1100 TDPIPE - ok
16:46:38.0953 1100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:46:39.0125 1100 TDTCP - ok
16:46:39.0156 1100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:46:39.0328 1100 TermDD - ok
16:46:39.0359 1100 TosIde - ok
16:46:39.0390 1100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:46:39.0593 1100 Udfs - ok
16:46:39.0609 1100 ultra - ok
16:46:39.0640 1100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:46:39.0843 1100 Update - ok
16:46:39.0875 1100 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:46:40.0078 1100 usbaudio - ok
16:46:40.0109 1100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:46:40.0296 1100 usbccgp - ok
16:46:40.0312 1100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:46:40.0500 1100 usbehci - ok
16:46:40.0546 1100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:46:40.0734 1100 usbhub - ok
16:46:40.0765 1100 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:46:40.0968 1100 usbprint - ok
16:46:41.0015 1100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:46:41.0187 1100 usbscan - ok
16:46:41.0218 1100 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:46:41.0406 1100 USBSTOR - ok
16:46:41.0453 1100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:46:41.0625 1100 usbuhci - ok
16:46:41.0656 1100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:46:41.0859 1100 VgaSave - ok
16:46:41.0875 1100 ViaIde - ok
16:46:41.0906 1100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:46:42.0109 1100 VolSnap - ok
16:46:42.0140 1100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:46:42.0328 1100 Wanarp - ok
16:46:42.0375 1100 Wdf01000 (060e8cb99cc0a6751db5810c042b0d45) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:46:42.0421 1100 Wdf01000 - ok
16:46:42.0421 1100 WDICA - ok
16:46:42.0468 1100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:46:42.0671 1100 wdmaud - ok
16:46:42.0734 1100 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:46:42.0765 1100 WpdUsb - ok
16:46:42.0796 1100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:46:42.0828 1100 WudfPf - ok
16:46:42.0859 1100 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:46:42.0906 1100 WudfRd - ok
16:46:42.0937 1100 xusb20 (c1c30732240de36551f438d5412959be) C:\WINDOWS\system32\DRIVERS\xusb20.sys
16:46:42.0968 1100 xusb20 - ok
16:46:43.0000 1100 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\WINDOWS\system32\DRIVERS\xusb21.sys
16:46:43.0015 1100 xusb21 - ok
16:46:43.0062 1100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:46:43.0234 1100 \Device\Harddisk0\DR0 - ok
16:46:43.0234 1100 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR2
16:46:43.0406 1100 \Device\Harddisk1\DR2 - ok
16:46:43.0406 1100 Boot (0x1200) (1d090a2f87b71bdf02c495308feb5e8f) \Device\Harddisk0\DR0\Partition0
16:46:43.0406 1100 \Device\Harddisk0\DR0\Partition0 - ok
16:46:43.0406 1100 Boot (0x1200) (16f37f36305aed3b638dd06755109c56) \Device\Harddisk1\DR2\Partition0
16:46:43.0406 1100 \Device\Harddisk1\DR2\Partition0 - ok
16:46:43.0421 1100 ============================================================
16:46:43.0421 1100 Scan finished
16:46:43.0421 1100 ============================================================
16:46:43.0421 3492 Detected object count: 2
16:46:43.0421 3492 Actual detected object count: 2

#5 atomic_teaspoon

atomic_teaspoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 21 December 2011 - 08:06 PM

OTL logfile created on: 12/21/2011 4:56:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\General\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.31% Memory free
3.85 Gb Paging File | 2.94 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 16.89 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 8.56 Gb Free Space | 1.84% Space Free | Partition Type: FAT32

Computer Name: BIGMACHINE | User Name: General | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 16:55:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\General\My Documents\Downloads\OTL.exe
PRC - [2011/12/20 06:38:07 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\General\Desktop\tdsskiller.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/10 10:37:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/20 01:28:36 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/17 23:23:46 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/03 07:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/13 16:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 10:37:19 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/01 20:24:01 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/03 07:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM\nssckbi.dll
MOD - [2010/07/17 07:45:20 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 05:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/05/13 16:50:55 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/10/28 19:10:58 | 003,341,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/13 14:48:24 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb20.sys -- (xusb20)
DRV - [2004/09/17 06:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/05/29 14:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111017
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 49 23 61 AB 61 CC 01 [binary data]
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\General\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/16 12:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/16 12:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/13 09:01:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 10:37:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/12 12:47:22 | 000,000,000 | ---D | M]

[2008/12/07 19:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\General\Application Data\Mozilla\Extensions
[2011/12/20 23:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions
[2011/08/25 05:36:20 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 16:41:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/20 23:28:56 | 000,000,000 | ---D | M] (ShopToWin23) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\{cea91efe-0f31-40f8-ab54-7b89290323fa}
[2011/11/12 08:26:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/04 20:24:01 | 000,000,000 | ---D | M] (FDislike) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\fbdislike@doweb.fr
[2011/10/16 20:17:20 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\plugin@yontoo.com
[2011/10/16 20:16:53 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\searchplugins\bing-zugo.xml
[2011/11/10 10:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GENERAL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7E6DS3DC.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2011/11/10 10:37:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/12/31 01:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 10:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/06/28 20:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/08/19 05:35:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/10 10:37:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGACDF&install_date=20111017
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gears.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Poppit = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Yontoo Layers = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-790525478-839522115-1879054147-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-839522115-1879054147-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-790525478-839522115-1879054147-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entrie

OTL logfile created on: 12/21/2011 4:56:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\General\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.31% Memory free
3.85 Gb Paging File | 2.94 Gb Available in Paging File | 76.26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 16.89 Gb Free Space | 11.34% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 8.56 Gb Free Space | 1.84% Space Free | Partition Type: FAT32

Computer Name: BIGMACHINE | User Name: General | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 16:55:09 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\General\My Documents\Downloads\OTL.exe
PRC - [2011/12/20 06:38:07 | 001,577,264 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\General\Desktop\tdsskiller.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/10 10:37:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/20 01:28:36 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/17 23:23:46 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/03 07:43:14 | 004,321,112 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/01/15 04:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/13 16:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/10 10:37:19 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/01 20:24:01 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/03 07:38:52 | 000,176,128 | ---- | M] () -- C:\Program Files\AIM\nssckbi.dll
MOD - [2010/07/17 07:45:20 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/15 04:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 05:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/05/13 16:50:55 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/10/28 19:10:58 | 003,341,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/13 14:48:24 | 000,050,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb20.sys -- (xusb20)
DRV - [2004/09/17 06:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/05/29 14:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z128&install_date=20111017
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CA 49 23 61 AB 61 CC 01 [binary data]
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-790525478-839522115-1879054147-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\General\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\BYOND: C:\Program Files\BYOND\bin\npbyond.dll (BYOND)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/16 12:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/16 12:34:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/13 09:01:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 10:37:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/12 12:47:22 | 000,000,000 | ---D | M]

[2008/12/07 19:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\General\Application Data\Mozilla\Extensions
[2011/12/20 23:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions
[2011/08/25 05:36:20 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 16:41:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/20 23:28:56 | 000,000,000 | ---D | M] (ShopToWin23) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\{cea91efe-0f31-40f8-ab54-7b89290323fa}
[2011/11/12 08:26:46 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/04 20:24:01 | 000,000,000 | ---D | M] (FDislike) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\fbdislike@doweb.fr
[2011/10/16 20:17:20 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\extensions\plugin@yontoo.com
[2011/10/16 20:16:53 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\searchplugins\bing-zugo.xml
[2011/11/10 10:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\GENERAL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\7E6DS3DC.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2011/11/10 10:37:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/12/31 01:05:32 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\mozilla firefox\plugins\npbyond.dll
[2009/11/19 13:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/02/02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/11/12 10:25:00 | 000,076,288 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/19 13:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 09:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/06/28 20:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011/08/19 05:35:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2011/11/10 10:37:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGACDF&install_date=20111017
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\gears.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: BYOND stub plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\General\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: DivX HiQ = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: Poppit = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Yontoo Layers = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\General\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-790525478-839522115-1879054147-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10w_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-839522115-1879054147-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-790525478-839522115-1879054147-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-790525478-839522115-1879054147-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entrie

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:21 PM

Posted 22 December 2011 - 11:20 AM

Hi!

TDSSkiller found 2 threats, but made no suggestion for removal. at the screen that showed the threats, I selected continue and the start scan window appeared again. There was no prompt to restart.

Thanks for that information.

The log file does look interesting.

Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 atomic_teaspoon

atomic_teaspoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 22 December 2011 - 10:21 PM

The computer isn't running slowly like before. Ping.exe isn't popping up anymore. The internet connection has been disabled though. More specifically the connection status is: limited or no connectivity.




ComboFix 11-12-22.04 - General 12/22/2011 17:40:49.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1662 [GMT -8:00]
Running from: c:\documents and settings\General\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\222620n4p360q763c457a6gir7g0
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\searchplugins\bing-zugo.xml
c:\documents and settings\General\Templates\222620n4p360q763c457a6gir7g0
c:\documents and settings\General\WINDOWS
c:\program files\lol
c:\program files\lol\League Of Legends\0x0409.ini
c:\program files\lol\League Of Legends\data1.cab
c:\program files\lol\League Of Legends\data1.hdr
c:\program files\lol\League Of Legends\data2.cab
c:\program files\lol\League Of Legends\ISSetup.dll
c:\program files\lol\League Of Legends\layout.bin
c:\program files\lol\League Of Legends\setup.exe
c:\program files\lol\League Of Legends\setup.ini
c:\program files\lol\League Of Legends\setup.inx
c:\program files\lol\League Of Legends\setup.isn
c:\windows\$NtUninstallKB48362$\3890633484\@
c:\windows\$NtUninstallKB48362$\3890633484\bckfg.tmp
c:\windows\$NtUninstallKB48362$\3890633484\cfg.ini
c:\windows\$NtUninstallKB48362$\3890633484\Desktop.ini
c:\windows\$NtUninstallKB48362$\3890633484\keywords
c:\windows\$NtUninstallKB48362$\3890633484\kwrd.dll
c:\windows\$NtUninstallKB48362$\3890633484\L\eyowbrvh
c:\windows\$NtUninstallKB48362$\3890633484\lsflt7.ver
c:\windows\$NtUninstallKB48362$\3890633484\U\00000001.@
c:\windows\$NtUninstallKB48362$\3890633484\U\00000002.@
c:\windows\$NtUninstallKB48362$\3890633484\U\00000004.@
c:\windows\$NtUninstallKB48362$\3890633484\U\80000000.@
c:\windows\$NtUninstallKB48362$\3890633484\U\80000004.@
c:\windows\$NtUninstallKB48362$\3890633484\U\80000032.@
c:\windows\$NtUninstallKB48362$\952788502
c:\windows\system32\AutoRun.inf
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
F:\Autorun.inf
F:\install.exe
F:\Setup.exe
c:\windows\$NtUninstallKB48362$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-20 10:58 . 2011-12-20 10:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-18 00:47 . 2011-12-18 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-12-18 00:47 . 2011-12-18 00:47 -------- d-----w- c:\program files\Security Task Manager
2011-12-17 10:21 . 2011-12-17 10:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-17 01:58 . 2011-12-17 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 01:58 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 07:46 . 2011-12-11 07:46 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-12-10 03:09 . 2011-12-10 03:09 -------- d-----w- c:\documents and settings\General\Application Data\EleFun Games
2011-12-10 02:22 . 2011-12-10 02:23 -------- d-----w- c:\program files\fearforsale
2011-12-02 01:50 . 2011-12-02 01:50 -------- d-----w- c:\documents and settings\General\Local Settings\Application Data\www.dvbportal.de
2011-11-27 15:25 . 2003-11-11 02:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-27 15:25 . 2003-11-11 02:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-27 15:25 . 2003-11-11 02:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-27 15:25 . 2003-11-11 02:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-27 15:25 . 2003-11-11 02:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-27 15:25 . 2003-11-11 02:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-11-27 15:25 . 2011-11-27 15:25 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-27 15:25 . 2011-11-27 15:25 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-11-26 00:24 . 2011-11-26 16:25 -------- d-----w- c:\program files\Thief2
2011-11-25 06:12 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-11-25 06:12 . 1998-08-20 11:02 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-11-25 06:11 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-11-25 06:11 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-11-25 06:11 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2011-11-25 06:11 . 1998-08-17 09:21 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-11-25 06:11 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-11-25 06:11 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-11-25 06:11 . 2011-11-25 06:11 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-11-25 06:11 . 2011-11-25 06:11 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-11-25 05:57 . 2011-11-25 06:30 -------- d-----w- c:\program files\thiefgold
2011-11-24 22:50 . 2011-11-24 22:50 1641109 ----a-w- c:\windows\WANEUninstaller.exe
2011-11-24 22:46 . 2011-11-24 22:46 -------- d-----w- c:\program files\Worms Armageddon - New Edition
2011-11-24 21:21 . 2011-11-27 15:31 -------- d-----w- c:\program files\Thief - Deadly Shadows
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 10:58 . 2010-03-15 00:50 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-10 14:22 . 2008-12-08 02:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23 . 2011-10-07 14:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 14:21 . 2011-10-04 14:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2008-12-08 04:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 18:37 . 2011-05-14 14:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\BitLord\Downloads\boot_disk(Win.All)\Windows XP Professional Boot Floppies .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\General\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\101035625]
c:\docume~1\General\LOCALS~1\Temp\101035625.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-02-26 23:43 50520 ----a-w- c:\documents and settings\General\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-31 22:08 136176 ----atw- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-09-16 04:47 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 19:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SKMWnVLtgu.exe]
c:\docume~1\General\LOCALS~1\Temp\SKMWnVLtgu.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-19 14:04 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-06-29 04:00 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 01:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\General\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Army Builder\\ArmyBuilder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\dacuban1@yahoo.com\\half-life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"127:TCP"= 127:TCP:192.168.1.100/255.255.255.255:Enabled:xbox
"57896:TCP"= 57896:TCP:Pando Media Booster
"57896:UDP"= 57896:UDP:Pando Media Booster
"58417:TCP"= 58417:TCP:Pando Media Booster
"58417:UDP"= 58417:UDP:Pando Media Booster
"56710:TCP"= 56710:TCP:Pando Media Booster
"56710:UDP"= 56710:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6989:TCP"= 6989:TCP:League of Legends Launcher
"6989:UDP"= 6989:UDP:League of Legends Launcher
"59609:TCP"= 59609:TCP:CharBuilderFull
"59609:UDP"= 59609:UDP:CharBuilderFull
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/16/2011 5:58 PM 366152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2009 5:04 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/16/2011 5:58 PM 22216]
S2 gupdate1c9cdc31539311a;Google Update Service (gupdate1c9cdc31539311a);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2009 12:50 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2009 12:50 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/8/2009 6:34 PM 691696]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 20:49]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 20:49]
.
2011-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-839522115-1879054147-1003Core.job
- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 22:08]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-839522115-1879054147-1003UA.job
- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 22:08]
.
2011-12-21 c:\windows\Tasks\Norton Security Scan for General.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-17 07:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Runtime\YontooIEClient.dll
Toolbar-Locked - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-Minecraft 1.5 - c:\program files\Minecraft-1.5\uninstall.exe
AddRemove-Total Annihilation - c:\program files\TOTALA\setup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-22 18:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-839522115-1879054147-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bf,5a,55,96,e1,2e,2c,28,fc,60,0f,e8,23,d6,34,89,aa,ac,42,ae,3f,02,44,
6f,ba,e4,ec,ce,05,be,5f,52,e4,8e,9b,8d,dd,0e,1f,22,bb,c9,6b,d5,a7,38,f2,5a,\
"??"=hex:18,fa,13,ba,5d,5f,8a,a2,04,92,bb,f6,8c,a7,b4,a2
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1080)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\AVG\AVG2012\avgnsx.exe
.
**************************************************************************
.
Completion time: 2011-12-22 18:22:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-23 02:22
.
Pre-Run: 18,137,796,608 bytes free
Post-Run: 19,925,819,392 bytes free
.
- - End Of File - - C4DE2A0F1DD1697AD723E496B1025CFE

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:21 PM

Posted 23 December 2011 - 03:16 AM

Hi!

We'll be running ComboFix again, please let me know if your internet connection is restored upon re-running it.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\docume~1\General\LOCALS~1\Temp\SKMWnVLtgu.exe
c:\docume~1\General\LOCALS~1\Temp\101035625.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SKMWnVLtgu.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\101035625]
Folder::
c:\windows\$NtUninstallKB48362$
DirLook::
c:\windows\$NtUninstallKB48362$
c:\documents and settings\General\Local Settings\Application Data\www.dvbportal.de
ClearJavaCache::
RenV::
c:\program files\BitLord\Downloads\boot_disk(Win.All)\Windows XP Professional Boot Floppies .exe

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 atomic_teaspoon

atomic_teaspoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 23 December 2011 - 07:44 PM

After combofix ran for a bit, it hung while displaying
rebooting windows ... please wait
^CTerminate batch job (y/n)?_
I had to reboot. Here is the log.


ComboFix 11-12-22.04 - General 12/23/2011 16:17:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1497 [GMT -8:00]
Running from: c:\documents and settings\General\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\General\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
FILE ::
"c:\docume~1\General\LOCALS~1\Temp\101035625.exe"
"c:\docume~1\General\LOCALS~1\Temp\SKMWnVLtgu.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB48362$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
.
.
2011-12-20 10:58 . 2011-12-20 10:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-18 00:47 . 2011-12-18 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-12-18 00:47 . 2011-12-18 00:47 -------- d-----w- c:\program files\Security Task Manager
2011-12-17 10:21 . 2011-12-17 10:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-17 01:58 . 2011-12-17 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 01:58 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 07:46 . 2011-12-11 07:46 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-12-10 03:09 . 2011-12-10 03:09 -------- d-----w- c:\documents and settings\General\Application Data\EleFun Games
2011-12-10 02:22 . 2011-12-10 02:23 -------- d-----w- c:\program files\fearforsale
2011-12-02 01:50 . 2011-12-02 01:50 -------- d-----w- c:\documents and settings\General\Local Settings\Application Data\www.dvbportal.de
2011-11-27 15:25 . 2003-11-11 02:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2011-11-27 15:25 . 2003-11-11 02:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2011-11-27 15:25 . 2003-11-11 02:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2011-11-27 15:25 . 2003-11-11 02:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2011-11-27 15:25 . 2003-11-11 02:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2011-11-27 15:25 . 2003-11-11 02:10 32768 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-11-27 15:25 . 2011-11-27 15:25 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2011-11-27 15:25 . 2011-11-27 15:25 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2011-11-26 00:24 . 2011-11-26 16:25 -------- d-----w- c:\program files\Thief2
2011-11-25 06:12 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2011-11-25 06:12 . 1998-08-20 11:02 140800 ----a-w- c:\windows\system32\tm20dec.ax
2011-11-25 06:11 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2011-11-25 06:11 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
2011-11-25 06:11 . 1998-09-02 08:02 194320 ----a-w- c:\windows\system32\qcut.dll
2011-11-25 06:11 . 1998-08-17 09:21 5672 ----a-w- c:\windows\system32\quartz.vxd
2011-11-25 06:11 . 1998-08-17 09:21 10240 ----a-w- c:\windows\system32\vidx16.dll
2011-11-25 06:11 . 1998-08-17 09:21 11776 ----a-w- c:\windows\system32\mciqtz.drv
2011-11-25 06:11 . 2011-11-25 06:11 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-11-25 06:11 . 2011-11-25 06:11 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-11-25 05:57 . 2011-11-25 06:30 -------- d-----w- c:\program files\thiefgold
2011-11-24 22:50 . 2011-11-24 22:50 1641109 ----a-w- c:\windows\WANEUninstaller.exe
2011-11-24 22:46 . 2011-11-24 22:46 -------- d-----w- c:\program files\Worms Armageddon - New Edition
2011-11-24 21:21 . 2011-11-27 15:31 -------- d-----w- c:\program files\Thief - Deadly Shadows
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 10:58 . 2010-03-15 00:50 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-10-10 14:22 . 2008-12-08 02:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23 . 2011-10-07 14:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 14:21 . 2011-10-04 14:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2008-12-08 04:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2003-03-31 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2003-03-31 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 18:37 . 2011-05-14 14:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\General\Local Settings\Application Data\www.dvbportal.de ----
.
2011-12-02 01:50 . 2011-12-02 01:52 808 ----a-w- c:\documents and settings\General\Local Settings\Application Data\www.dvbportal.de\mp4muxer.exe_Url_bzywvn4oyagnht0i1c5kzdrscde3crtj\0.9.3.0\user.config
.
---- Directory of c:\windows\$NtUninstallKB48362$ ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-23_02.17.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-24 00:34 . 2011-12-24 00:34 16384 c:\windows\temp\Perflib_Perfdata_5c4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\General\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-02-26 23:43 50520 ----a-w- c:\documents and settings\General\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-31 22:08 136176 ----atw- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-09-16 04:47 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 19:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-19 14:04 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-06-29 04:00 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 01:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\General\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Army Builder\\ArmyBuilder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\dacuban1@yahoo.com\\half-life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"127:TCP"= 127:TCP:192.168.1.100/255.255.255.255:Enabled:xbox
"57896:TCP"= 57896:TCP:Pando Media Booster
"57896:UDP"= 57896:UDP:Pando Media Booster
"58417:TCP"= 58417:TCP:Pando Media Booster
"58417:UDP"= 58417:UDP:Pando Media Booster
"56710:TCP"= 56710:TCP:Pando Media Booster
"56710:UDP"= 56710:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6989:TCP"= 6989:TCP:League of Legends Launcher
"6989:UDP"= 6989:UDP:League of Legends Launcher
"59609:TCP"= 59609:TCP:CharBuilderFull
"59609:UDP"= 59609:UDP:CharBuilderFull
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/16/2011 5:58 PM 366152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2009 5:04 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/16/2011 5:58 PM 22216]
S2 gupdate1c9cdc31539311a;Google Update Service (gupdate1c9cdc31539311a);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2009 12:50 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2009 12:50 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/8/2009 6:34 PM 691696]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 20:49]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 20:49]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-839522115-1879054147-1003Core.job
- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 22:08]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-839522115-1879054147-1003UA.job
- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 22:08]
.
2011-12-21 c:\windows\Tasks\Norton Security Scan for General.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-17 07:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 16:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-839522115-1879054147-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bf,5a,55,96,e1,2e,2c,28,fc,60,0f,e8,23,d6,34,89,aa,ac,42,ae,3f,02,44,
6f,ba,e4,ec,ce,05,be,5f,52,e4,8e,9b,8d,dd,0e,1f,22,bb,c9,6b,d5,a7,38,f2,5a,\
"??"=hex:18,fa,13,ba,5d,5f,8a,a2,04,92,bb,f6,8c,a7,b4,a2
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\AVG\AVG2012\avgnsx.exe
.
**************************************************************************
.
Completion time: 2011-12-23 16:39:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-24 00:39
ComboFix2.txt 2011-12-23 02:23
.
Pre-Run: 20,626,124,800 bytes free
Post-Run: 20,685,012,992 bytes free
.
- - End Of File - - EDED47C620D28F188ED6B90609CF8D97

#10 atomic_teaspoon

atomic_teaspoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 23 December 2011 - 07:46 PM

Also, still no internet connection.

#11 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:21 PM

Posted 28 December 2011 - 01:32 AM

Good Evening!

Apologizes in the delay in responding back to you. I did not intend to make you wait this long for a response, but with the holidays, and then getting sick, it couldn't of been helped. I should be back to posting at more regular intervals now. I hope you are enjoying the holidays!

Thanks for that information regarding that error message you received when running the ComboFix script.

I'd like to have you try and run a command from the command prompt and see if that brings back your internet connection.

Open a command window:

Go to Start > Run type cmd to open a command window:

Copy/Paste the following bolded entry into the command window followed by ENTER.

NETSH WINSOCK RESET CATALOG

Please reboot your computer after running it, and let me know if your internet is restored.

If you're internet access is restored please do the following:

Running GrantPerms

Please download GrantPerms.zip and save it to your desktop.

Unzip the file on the system run GrantPerms.exe
Copy and paste the following in the edit box:

c:\windows\$NtUninstallKB48362$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.


NEXT:



Then I'd like to have you delete the current copy of ComboFix from your desktop, and download a new copy before running the script below.

http://www.forospyware.com/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
c:\windows\$NtUninstallKB48362$

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#12 atomic_teaspoon

atomic_teaspoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 28 December 2011 - 04:05 AM

I entered in the first command mentioned. A message came up saying that the windsock catalog had been successfully resetted and that I need to restart the computer to complete the process. I rebooted the computer and the internet still is not working.

#13 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:21 PM

Posted 29 December 2011 - 01:35 AM

Hi!

I'd like to have you try and run a ComboFix script for me. Do you happen to have a USB device that we maybe able to use to copy the report from the computer with no internet to another computer and post it for me?

If so, please run this utility on the clean computer.

Running Flash Disinfector
Download Flash_Disinfector.exe by sUBs from HERE and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

This is the ComboFix script I'd like for you to run.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
SysRst::
c:/windows/system32/drivers/afd.sys
SRPeek::
c:/windows/system32/drivers/afd.sys

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Edited by SweetTech, 29 December 2011 - 01:48 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#14 atomic_teaspoon

atomic_teaspoon
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 29 December 2011 - 01:05 PM

I deleted the old combofix and downloaded a new copy before running the script. The computer I'm using to reply and download software is a Mac and flash disinfector didn't work for it. I ran it on the infected computer with the flash drive plugged in. Here is the log.

ComboFix 11-12-29.04 - General 12/29/2011 9:06.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1563 [GMT -8:00]
Running from: c:\documents and settings\General\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\General\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))))
.
.
2011-12-20 10:58 . 2011-12-20 10:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-12-18 00:47 . 2011-12-18 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2011-12-18 00:47 . 2011-12-18 00:47 -------- d-----w- c:\program files\Security Task Manager
2011-12-17 10:21 . 2011-12-17 10:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-17 01:58 . 2011-12-17 01:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-17 01:58 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-11 07:46 . 2011-12-11 07:46 -------- d-----w- c:\program files\Common Files\Software Update Utility
2011-12-10 03:09 . 2011-12-10 03:09 -------- d-----w- c:\documents and settings\General\Application Data\EleFun Games
2011-12-10 02:22 . 2011-12-10 02:23 -------- d-----w- c:\program files\fearforsale
2011-12-02 01:50 . 2011-12-02 01:50 -------- d-----w- c:\documents and settings\General\Local Settings\Application Data\www.dvbportal.de
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 10:58 . 2010-03-15 00:50 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-11-25 06:11 . 2011-11-25 06:11 4608 ----a-w- c:\windows\system32\w95inf32.dll
2011-11-25 06:11 . 2011-11-25 06:11 2272 ----a-w- c:\windows\system32\w95inf16.dll
2011-11-24 22:50 . 2011-11-24 22:50 1641109 ----a-w- c:\windows\WANEUninstaller.exe
2011-10-10 14:22 . 2008-12-08 02:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 14:23 . 2011-10-07 14:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 14:21 . 2011-10-04 14:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-11-10 18:37 . 2011-05-14 14:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-23_02.17.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-29 17:19 . 2011-12-29 17:19 16384 c:\windows\temp\Perflib_Perfdata_5c0.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
07/22/2011 03:55 PM 847872 \RP1209\A0120894.dll
.
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
07/22/2011 03:53 PM 471040 \RP1209\A0120893.dll
.
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
03/10/2011 07:29 PM 227984 \RP1209\A0120895.exe
.
12/20/2011 09:01 AM 933888 c:\documents and settings\General\.webrenderer\windows\webrenderer.dll
09/24/2011 05:02 PM 933888 \RP1122\A0109153.dll
12/17/2011 06:03 PM 933888 \RP1208\A0120799.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\10\6bc65f4a-116485fe-n\Decora-SSE.dll
02/04/2009 01:38 PM 57344 \RP1200\A0119473.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\11\4b13650b-11d41b5b-n\jogl.dll
02/04/2009 01:38 PM 315392 \RP1200\A0119479.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\11\4b13650b-11d41b5b-n\jogl_awt.dll
02/04/2009 01:38 PM 20480 \RP1200\A0119480.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\11\4b13650b-11d41b5b-n\jogl_cg.dll
02/04/2009 01:38 PM 114688 \RP1200\A0119481.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-61a1ba37-n\Decora-D3D.dll
03/27/2009 04:06 AM 24064 \RP1200\A0119470.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-3cfb8120-n\decora-d3d.dll
07/24/2009 09:30 AM 12800 \RP1200\A0119496.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-3cfb8120-n\decora-sse.dll
07/24/2009 09:30 AM 61440 \RP1200\A0119497.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-3cfb8120-n\jmc.dll
07/24/2009 09:30 AM 499712 \RP1200\A0119498.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-3cfb8120-n\msvcp71.dll
07/24/2009 09:30 AM 503808 \RP1200\A0119499.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-3cfb8120-n\msvcr71.dll
07/24/2009 09:30 AM 348160 \RP1200\A0119500.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-748d3988-n\jogl.dll
01/29/2011 08:52 PM 315392 \RP1200\A0119493.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-748d3988-n\jogl_awt.dll
01/29/2011 08:52 PM 20480 \RP1200\A0119494.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\16\1791ad0-748d3988-n\jogl_cg.dll
01/29/2011 08:52 PM 114688 \RP1200\A0119495.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\17\6d0ad391-5ab91298-n\decora-d3d.dll
01/22/2010 05:33 PM 12800 \RP1200\A0119468.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\17\6d0ad391-5ab91298-n\decora-sse.dll
01/22/2010 05:33 PM 61440 \RP1200\A0119469.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-5da328a8-n\decora-d3d.dll
09/12/2009 07:41 AM 12800 \RP1200\A0119501.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-5da328a8-n\decora-sse.dll
09/12/2009 07:41 AM 61440 \RP1200\A0119502.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-5da328a8-n\jmc.dll
09/12/2009 07:41 AM 499712 \RP1200\A0119503.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-5da328a8-n\msvcp71.dll
09/12/2009 07:41 AM 503808 \RP1200\A0119504.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\21\14e5d595-5da328a8-n\msvcr71.dll
09/12/2009 07:41 AM 348160 \RP1200\A0119505.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5643482b-n\jmc.dll
03/27/2009 04:06 AM 499712 \RP1200\A0119482.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5643482b-n\msvcp71.dll
03/27/2009 04:06 AM 499712 \RP1200\A0119483.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-5643482b-n\msvcr71.dll
03/27/2009 04:06 AM 348160 \RP1200\A0119484.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\37\2c4a0065-20c2b76c-n\Decora-D3D.dll
03/20/2009 09:33 AM 24064 \RP1200\A0119474.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\37\3976f065-2d896f74-n\Decora-SSE.dll
03/20/2009 09:33 AM 57344 \RP1200\A0119475.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1be2e163-n\jmc.dll
03/20/2009 09:33 AM 499712 \RP1200\A0119485.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1be2e163-n\msvcp71.dll
03/20/2009 09:33 AM 503808 \RP1200\A0119486.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-1be2e163-n\msvcr71.dll
03/20/2009 09:33 AM 348160 \RP1200\A0119487.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-25ecf632-n\gluegen-rt.dll
03/20/2009 09:33 AM 20480 \RP1200\A0119506.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-45d12147-n\decora-d3d.dll
12/18/2009 02:10 PM 12800 \RP1200\A0119507.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-45d12147-n\decora-sse.dll
12/18/2009 02:10 PM 61440 \RP1200\A0119508.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-45d12147-n\jmc.dll
12/18/2009 02:10 PM 499712 \RP1200\A0119509.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-45d12147-n\msvcp71.dll
12/18/2009 02:10 PM 503808 \RP1200\A0119510.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\46\759e98ee-45d12147-n\msvcr71.dll
12/18/2009 02:10 PM 348160 \RP1200\A0119511.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\5\6ffd9785-4c6ff7a9-n\gluegen-rt.dll
01/29/2011 08:52 PM 20480 \RP1200\A0119492.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-241dd479-n\Decora-SSE.dll
03/27/2009 04:06 AM 57344 \RP1200\A0119471.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\53\5e8cbb75-5d237e62-n\Decora-D3D.dll
02/04/2009 01:38 PM 24064 \RP1200\A0119472.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-4078ac40-n\jmc.dll
01/22/2010 05:33 PM 499712 \RP1200\A0119465.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-4078ac40-n\msvcp71.dll
01/22/2010 05:33 PM 503808 \RP1200\A0119466.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\54\1a209876-4078ac40-n\msvcr71.dll
01/22/2010 05:33 PM 348160 \RP1200\A0119467.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\55\35fdae37-63840472-n\jmc.dll
02/04/2009 01:38 PM 499712 \RP1200\A0119488.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\55\35fdae37-63840472-n\msvcp71.dll
02/04/2009 01:38 PM 503808 \RP1200\A0119489.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\55\35fdae37-63840472-n\msvcr71.dll
02/04/2009 01:38 PM 348160 \RP1200\A0119490.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\59\252441bb-4889e2e9-n\gluegen-rt.dll
02/04/2009 01:38 PM 20480 \RP1200\A0119491.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-601cb509-n\jogl.dll
03/20/2009 09:33 AM 315392 \RP1200\A0119476.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-601cb509-n\jogl_awt.dll
03/20/2009 09:33 AM 20480 \RP1200\A0119477.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-601cb509-n\jogl_cg.dll
03/20/2009 09:33 AM 114688 \RP1200\A0119478.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-2e57e9f6-n\decora-d3d.dll
08/14/2009 09:07 AM 12800 \RP1200\A0119512.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-2e57e9f6-n\decora-sse.dll
08/14/2009 09:07 AM 61440 \RP1200\A0119513.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-2e57e9f6-n\jmc.dll
08/14/2009 09:07 AM 499712 \RP1200\A0119514.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-2e57e9f6-n\msvcp71.dll
08/14/2009 09:07 AM 503808 \RP1200\A0119515.dll
.
c:\documents and settings\General\Application Data\Sun\Java\Deployment\cache\6.0\62\6bd546be-2e57e9f6-n\msvcr71.dll
08/14/2009 09:07 AM 348160 \RP1200\A0119516.dll
.
12/10/2011 06:14 PM 61440 c:\documents and settings\General\CCA8.0\othread2.dll
09/27/2011 09:00 AM 61440 \RP1178\A0116861.dll
12/10/2011 06:07 PM 61440 \RP1200\A0119462.dll
.
12/10/2011 06:14 PM 57344 c:\documents and settings\General\CCA8.0\vnchooks.dll
09/27/2011 09:00 AM 57344 \RP1178\A0116860.dll
12/10/2011 06:07 PM 57344 \RP1200\A0119461.dll
.
12/10/2011 06:14 PM 421888 c:\documents and settings\General\CCA8.0\winvnc.exe
09/27/2011 09:00 AM 421888 \RP1178\A0116827.exe
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\avcodec-53.dll
09/14/2011 01:40 AM 2403240 \RP1126\A0109293.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\avformat-53.dll
09/14/2011 01:40 AM 253320 \RP1126\A0109294.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\avutil-51.dll
09/14/2011 01:40 AM 142568 \RP1126\A0109295.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\chrome.dll
09/14/2011 01:40 AM 27575352 \RP1126\A0109292.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\chrome_frame_helper.dll
09/14/2011 01:40 AM 63544 \RP1126\A0109296.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\chrome_frame_helper.exe
09/14/2011 01:40 AM 94776 \RP1126\A0109297.exe
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\chrome_launcher.exe
09/14/2011 01:40 AM 92216 \RP1126\A0109298.exe
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\d3dcompiler_43.dll
09/13/2011 11:17 PM 2106216 \RP1126\A0109299.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\d3dx9_43.dll
09/13/2011 11:17 PM 1998168 \RP1126\A0109300.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\gcswf32.dll
09/13/2011 11:17 PM 6338720 \RP1126\A0109302.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\icudt.dll
09/14/2011 01:40 AM 9848888 \RP1126\A0109303.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Installer\setup.exe
09/17/2011 11:28 AM 1318456 \RP1126\A0109363.exe
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\libegl.dll
09/14/2011 01:40 AM 112184 \RP1126\A0109304.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\libglesv2.dll
09/14/2011 01:40 AM 508984 \RP1126\A0109305.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\am.dll
09/14/2011 01:40 AM 314424 \RP1126\A0109311.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\ar.dll
09/14/2011 01:40 AM 323640 \RP1126\A0109312.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\bg.dll
09/14/2011 01:40 AM 386104 \RP1126\A0109313.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\bn.dll
09/14/2011 01:40 AM 384056 \RP1126\A0109314.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\ca.dll
09/14/2011 01:40 AM 352312 \RP1126\A0109315.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\cs.dll
09/14/2011 01:40 AM 339512 \RP1126\A0109316.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\da.dll
09/14/2011 01:40 AM 327736 \RP1126\A0109317.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\de.dll
09/14/2011 01:40 AM 318008 \RP1126\A0109318.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\el.dll
09/14/2011 01:40 AM 417848 \RP1126\A0109319.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\en-GB.dll
09/14/2011 01:40 AM 309816 \RP1126\A0109320.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\en-US.dll
09/14/2011 01:40 AM 309816 \RP1126\A0109321.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\es-419.dll
09/14/2011 01:40 AM 353336 \RP1126\A0109322.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\es.dll
09/14/2011 01:40 AM 359992 \RP1126\A0109323.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\et.dll
09/14/2011 01:40 AM 314424 \RP1126\A0109324.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\fa.dll
09/14/2011 01:40 AM 339512 \RP1126\A0109325.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\fi.dll
09/14/2011 01:40 AM 325688 \RP1126\A0109326.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\fil.dll
09/14/2011 01:40 AM 362552 \RP1126\A0109327.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\fr.dll
09/14/2011 01:41 AM 364088 \RP1126\A0109328.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\gu.dll
09/14/2011 01:41 AM 373816 \RP1126\A0109329.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\he.dll
09/14/2011 01:41 AM 291384 \RP1126\A0109330.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\hi.dll
09/14/2011 01:41 AM 389688 \RP1126\A0109331.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\hr.dll
09/14/2011 01:41 AM 329784 \RP1126\A0109332.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\hu.dll
09/14/2011 01:41 AM 350264 \RP1126\A0109333.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\id.dll
09/14/2011 01:41 AM 326712 \RP1126\A0109334.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\it.dll
09/14/2011 01:41 AM 348728 \RP1126\A0109335.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\ja.dll
09/14/2011 01:41 AM 248888 \RP1126\A0109336.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\kn.dll
09/14/2011 01:41 AM 405048 \RP1126\A0109337.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\ko.dll
09/14/2011 01:41 AM 230968 \RP1126\A0109338.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\lt.dll
09/14/2011 01:41 AM 336440 \RP1126\A0109339.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\lv.dll
09/14/2011 01:41 AM 333880 \RP1126\A0109340.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\ml.dll
09/14/2011 01:41 AM 470584 \RP1126\A0109341.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\mr.dll
09/14/2011 01:41 AM 377400 \RP1126\A0109342.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\nb.dll
09/14/2011 01:41 AM 325176 \RP1126\A0109343.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\nl.dll
09/14/2011 01:41 AM 347704 \RP1126\A0109344.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\pl.dll
09/14/2011 01:41 AM 352824 \RP1126\A0109345.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\pt-BR.dll
09/14/2011 01:41 AM 340536 \RP1126\A0109346.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\pt-PT.dll
09/14/2011 01:41 AM 348216 \RP1126\A0109347.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\ro.dll
09/14/2011 01:41 AM 355896 \RP1126\A0109348.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\ru.dll
09/14/2011 01:41 AM 376888 \RP1126\A0109349.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\sk.dll
09/14/2011 01:41 AM 350776 \RP1126\A0109350.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\sl.dll
09/14/2011 01:41 AM 325688 \RP1126\A0109351.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\sr.dll
09/14/2011 01:41 AM 363064 \RP1126\A0109352.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\sv.dll
09/14/2011 01:41 AM 323640 \RP1126\A0109353.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\sw.dll
09/14/2011 01:41 AM 297528 \RP1126\A0109354.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\ta.dll
09/14/2011 01:41 AM 431672 \RP1126\A0109355.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\te.dll
09/14/2011 01:41 AM 395320 \RP1126\A0109356.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\th.dll
09/14/2011 01:41 AM 369720 \RP1126\A0109357.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\tr.dll
09/14/2011 01:41 AM 335928 \RP1126\A0109358.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\uk.dll
09/14/2011 01:41 AM 366648 \RP1126\A0109359.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\vi.dll
09/14/2011 01:41 AM 339000 \RP1126\A0109360.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\zh-CN.dll
09/14/2011 01:41 AM 195640 \RP1126\A0109361.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\Locales\zh-TW.dll
09/14/2011 01:41 AM 195128 \RP1126\A0109362.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\nacl64.dll
09/14/2011 01:41 AM 2521144 \RP1126\A0109306.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\nacl64.exe
09/14/2011 01:41 AM 1320504 \RP1126\A0109307.exe
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\npchrome_frame.dll
09/14/2011 01:41 AM 1857592 \RP1126\A0109308.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\pdf.dll
09/14/2011 01:41 AM 3696184 \RP1126\A0109309.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.163\ppgooglenaclpluginchrome.dll
09/14/2011 01:41 AM 412728 \RP1126\A0109310.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\avcodec-53.dll
09/19/2011 07:06 PM 2403240 \RP1130\A0109473.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\avformat-53.dll
09/19/2011 07:06 PM 253320 \RP1130\A0109474.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\avutil-51.dll
09/19/2011 07:06 PM 142568 \RP1130\A0109475.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\chrome.dll
09/19/2011 07:06 PM 27574840 \RP1130\A0109472.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\chrome_frame_helper.dll
09/19/2011 07:06 PM 63544 \RP1130\A0109476.dll
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\chrome_frame_helper.exe
09/19/2011 07:06 PM 94776 \RP1130\A0109477.exe
.
c:\documents and settings\General\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\chrome_launcher.exe
.
C:\System Volu
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\General\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
2009-08-04 08:49 318096 ----a-w- c:\program files\Carbonite\CarbonitePreinstaller.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-02-26 23:43 50520 ----a-w- c:\documents and settings\General\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-31 22:08 136176 ----atw- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-09-16 04:47 2969496 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 19:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-09-19 14:04 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-06-29 04:00 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
2007-09-27 01:05 734264 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Documents and Settings\\General\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Army Builder\\ArmyBuilder.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\dacuban1@yahoo.com\\half-life\\hl.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"127:TCP"= 127:TCP:192.168.1.100/255.255.255.255:Enabled:xbox
"57896:TCP"= 57896:TCP:Pando Media Booster
"57896:UDP"= 57896:UDP:Pando Media Booster
"58417:TCP"= 58417:TCP:Pando Media Booster
"58417:UDP"= 58417:UDP:Pando Media Booster
"56710:TCP"= 56710:TCP:Pando Media Booster
"56710:UDP"= 56710:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6989:TCP"= 6989:TCP:League of Legends Launcher
"6989:UDP"= 6989:UDP:League of Legends Launcher
"59609:TCP"= 59609:TCP:CharBuilderFull
"59609:UDP"= 59609:UDP:CharBuilderFull
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/16/2011 5:58 PM 366152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2009 5:04 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/16/2011 5:58 PM 22216]
S2 gupdate1c9cdc31539311a;Google Update Service (gupdate1c9cdc31539311a);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2009 12:50 PM 133104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/5/2009 12:50 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [10/13/2006 2:48 PM 50048]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/8/2009 6:34 PM 691696]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 20:49]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-05 20:49]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-839522115-1879054147-1003Core.job
- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 22:08]
.
2011-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-839522115-1879054147-1003UA.job
- c:\documents and settings\General\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 22:08]
.
2011-12-25 c:\windows\Tasks\Norton Security Scan for General.job
- c:\progra~1\NORTON~1\NORTON~1\Engine\301~1.8\Nss.exe [2011-01-17 07:47]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\General\Application Data\Mozilla\Firefox\Profiles\7e6ds3dc.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 09:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790525478-839522115-1879054147-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bf,5a,55,96,e1,2e,2c,28,fc,60,0f,e8,23,d6,34,89,aa,ac,42,ae,3f,02,44,
6f,ba,e4,ec,ce,05,be,5f,52,e4,8e,9b,8d,dd,0e,1f,22,bb,c9,6b,d5,a7,38,f2,5a,\
"??"=hex:18,fa,13,ba,5d,5f,8a,a2,04,92,bb,f6,8c,a7,b4,a2
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3252)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
c:\program files\AVG\AVG2012\avgnsx.exe
.
**************************************************************************
.
Completion time: 2011-12-29 09:30:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-29 17:30
ComboFix2.txt 2011-12-24 00:39
ComboFix3.txt 2011-12-23 02:23
.
Pre-Run: 20,569,763,840 bytes free
Post-Run: 20,567,257,088 bytes free
.
- - End Of File - - 1AE35F677C1567258C7BF24E29226F30

#15 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:10:21 PM

Posted 30 December 2011 - 04:02 AM

Hi!

I deleted the old combofix and downloaded a new copy before running the script. The computer I'm using to reply and download software is a Mac and flash disinfector didn't work for it. I ran it on the infected computer with the flash drive plugged in. Here is the log.

Okay. We won't have any issues with that then.

That wasn't showing me what I was hoping to see.

Please run the following:

SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    afd.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users