Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by Trojan horse PSW.Agent.ARMV


  • This topic is locked This topic is locked
15 replies to this topic

#1 bizzlington

bizzlington

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 26 January 2012 - 06:02 PM

My computer is currently affected by what came up in AVG Antivirus as Trojan horse PSW.Agent.ARMV and 31 files are apparently infected by this trojan. It doesn't usually come up when I manually start a scan myself however, on a routine scan started by AVG itself, it came up with 33 files that were removed and healed, and the aforementioned 31 were still infected and access to these files were denied.

I have tried to download trojan scanners and various removal tools however these were of no help as they failed to detect the problem files as part of their scan. This virus affects my browser making it crash and slower to load pages and it also sometimes prevents my iphone syncing with itunes as error messages will come up and sometimes itunes claims to not recognise my phone.

I have made a note of all the files that are infected by the virus so far and if it would be helpful to anyone checking this post, I would only be too happy to write these down. The problem I had is that I thought I would be able to just switch off my system restore, boot my computer in safe mode, and then just manually delete all the infected files and start over. Unfortunately C:\WINDOWS\system32\svchost.exe is part of the path name of 6 instances of the virus, and there is only a single svchost.exe in my system 32 folder and I could not delete it as access was denied.

This is my first time posting in this forum and it's a big shame that it's under these circumstances, but I would be very thankful to anyone here who is able and willing to offer advice and/or solutions to this problem, thank you very much for your time!Attached File  dds.txt   16.26KB   7 downloads

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:08 AM

Posted 29 January 2012 - 09:36 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Next, please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:08 AM

Posted 05 February 2012 - 09:02 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Shannon

#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:08 AM

Posted 15 February 2012 - 12:27 PM

This topic has been re-opened at the request of the person who originally posted.
Shannon

#5 bizzlington

bizzlington
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 15 February 2012 - 07:15 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 4550656 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9E6D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB68AC000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9C66000 C:\WINDOWS\system32\drivers\senfilt.sys 393216 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xB9BBC000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB6A26000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB63D3000 C:\WINDOWS\system32\drivers\xcpip.sys 364544 bytes
0xB56A9000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB9D8B000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 339968 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xBF469000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB69DF000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 290816 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB5069000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB6870000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB9D2D000 C:\WINDOWS\system32\drivers\smwdm.sys 221184 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB5819000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E40000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB4676000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB691C000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6969000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB69B9000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB586E000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB9D09000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9C42000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9CE6000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB537D000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB6947000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9CC6000 C:\WINDOWS\system32\drivers\aeaudio.sys 131072 bytes (Andrea Electronics Corporation, Andrea Audio Noise Cancellation Driver)
0xB5571000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 131072 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB9F11000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9E26000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB67CF000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9F31000 RGRCZ@J@ 98304 bytes
0xB9EFA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9C2B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB627E000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9D63000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB9D77000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB6A7F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB642C000 C:\WINDOWS\system32\drivers\xpsec.sys 77824 bytes
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB6837000 C:\WINDOWS\System32\Drivers\BrSerIf.sys 69632 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB9C1A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA318000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB6737000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA208000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA0F8000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)
0xBA168000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA158000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys 45056 bytes (Silicon Integrated Systems Corp., NDIS 5.1 Miniport Driver for SiS191/SiS190 Ethernet Device)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA1C8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA188000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB5AE2000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB6B9C000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA178000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB6BAC000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA378000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA390000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Firewall intermediate miniport driver)
0xBA338000 avgrkx86.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA398000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA388000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA490000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB5521000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA368000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xBA440000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 20480 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xBA370000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA480000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA488000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA380000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 20480 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xBA478000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA460000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xBA3C8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4BC000 AVGIDSEH.Sys 16384 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xB6AC2000 C:\WINDOWS\System32\Drivers\BrScnUsb.sys 16384 bytes (Brother Industries Ltd., Brother USB Scanner Driver)
0xB9DF6000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB6693000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA59C000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB6ABE000 C:\WINDOWS\System32\Drivers\BrUsbSer.sys 12288 bytes (Brother Industries Ltd., Brother USB Serial Driver )
0xB6AB2000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB6ACA000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB6ABA000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA5A0000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5D8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5E6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5D6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5DA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5DC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5D4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA759000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7AF000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7D5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x89FA4B9E Unknown page with executable code, 1122 bytes
0x89FA5B52 Unknown page with executable code, 1198 bytes
0x89F8FA74 Unknown page with executable code, 1420 bytes
0x89F6098F Unknown page with executable code, 1649 bytes
0x89FA498B Unknown page with executable code, 1653 bytes
0x89F868E2 Unknown page with executable code, 1822 bytes
0x89F8671D Unknown page with executable code, 2275 bytes
0x89FA73FE Unknown page with executable code, 3074 bytes
0x89FA414E Unknown page with executable code, 3762 bytes

Attached Files



#6 bizzlington

bizzlington
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 15 February 2012 - 07:20 PM

OTL.Txt

OTL logfile created on: 15/02/2012 16:21:55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jo Bilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.85% Memory free
3.82 Gb Paging File | 2.69 Gb Available in Paging File | 70.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.35 Gb Total Space | 94.08 Gb Free Space | 32.07% Space Free | Partition Type: NTFS
Drive I: | 298.09 Gb Total Space | 0.81 Gb Free Space | 0.27% Space Free | Partition Type: NTFS

Computer Name: NERVECENTRE | User Name: Jo Bilson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/15 15:50:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jo Bilson\Desktop\OTL.exe
PRC - [2012/02/12 15:33:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/30 17:24:42 | 001,867,480 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/12/27 23:21:18 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/12/27 23:21:08 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/12/06 10:06:50 | 001,088,280 | ---- | M] (Mischel Internet Security) -- C:\Program Files\TrojanHunter 5.5\THGuard.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 04:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/16 14:43:16 | 000,040,960 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2007/04/11 03:05:42 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2005/07/22 20:36:10 | 000,933,888 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/11/19 19:50:26 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 15:33:40 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/07 17:20:44 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Local Settings\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
MOD - [2012/01/03 05:01:59 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3c272cad7afb127e2a2bdb8a5a808512\System.Runtime.Remoting.ni.dll
MOD - [2011/12/30 04:45:04 | 000,133,632 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
MOD - [2011/12/30 04:45:03 | 001,269,760 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
MOD - [2011/12/30 04:44:58 | 002,090,496 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
MOD - [2011/12/27 23:21:18 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/12/23 20:59:22 | 000,625,576 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011/12/23 20:59:22 | 000,493,992 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011/12/23 20:59:22 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011/12/23 20:59:22 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2011/11/15 14:52:56 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/10/13 22:15:14 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 21:58:51 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 21:58:44 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 21:58:27 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 21:58:00 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll
MOD - [2011/10/13 21:57:48 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c2ebcc8d60422f224b4088f3d7a2ac1f\PresentationFramework.Luna.ni.dll
MOD - [2011/10/13 21:57:38 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\054488924fcc579cce9fa0209dafe28b\PresentationFramework.ni.dll
MOD - [2011/10/13 21:56:56 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MOD - [2011/10/13 21:56:29 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MOD - [2011/10/13 19:03:42 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 19:03:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/29 20:49:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/30 17:24:42 | 001,867,480 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2011/03/09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/20 18:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (xpsec)
DRV - File not found [Kernel | On_Demand | Running] -- -- (xcpip)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 03:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 03:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/11/20 11:28:00 | 000,306,816 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009/10/20 18:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 18:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/04/10 19:30:16 | 000,018,304 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/04/10 19:09:08 | 000,321,024 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/12/20 04:00:00 | 000,041,600 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2005/03/01 04:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/14 04:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2003/02/18 15:38:04 | 000,017,504 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80150&lng=en
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.14
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.45
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.17
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80150&language=en&qkw="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/04 18:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 15:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 21:20:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED76C299-85BC-4891-9237-74A140C28832}: C:\PROGRA~1\REBATE~1\Firefox\

[2010/04/14 14:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Extensions
[2012/01/31 18:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions
[2010/04/28 11:25:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 15:45:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/12/30 03:33:30 | 000,000,000 | ---D | M] (KMP Media Toolbar) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\{daf5b34c-1aa3-4c33-ae24-766a370635d2}
[2012/01/31 18:41:22 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\AppGraffiti@AppGraffiti.com
[2012/02/02 12:00:42 | 000,000,000 | ---D | M] ("PandoraTV Toolbar") -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\toolbar@ask.com
[2011/05/06 17:16:47 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\searchplugins\inbox-search.xml
[2012/01/31 18:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JO BILSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NUOPLM51.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JO BILSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NUOPLM51.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012/02/04 18:20:57 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/05/26 17:07:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/12 15:33:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/31 18:41:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/31 18:41:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/31 18:41:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/31 18:41:09 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/31 18:41:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (KMP Media Toolbar) - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\kmpmediatoolbarX.dll ()
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (KMP Media Toolbar) - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\kmpmediatoolbarX.dll ()
O3 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [THGuard] C:\Program Files\TrojanHunter 5.5\THGuard.exe (Mischel Internet Security)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Jo Bilson\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E2CA1A5-A904-4EC8-B27B-51D351678ACE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 18:50:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0df9e0e2-fd16-11de-a6db-001bb9a56292}\Shell\AutoRun\command - "" = J:\RECYCLER\recycld.exe
O33 - MountPoints2\{0df9e0e2-fd16-11de-a6db-001bb9a56292}\Shell\open\command - "" = J:\RECYCLER\recycld.exe
O33 - MountPoints2\{24e9758d-a817-11de-a693-001bb9a56292}\Shell - "" = AutoRun
O33 - MountPoints2\{24e9758d-a817-11de-a693-001bb9a56292}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24e9758d-a817-11de-a693-001bb9a56292}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 15:50:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jo Bilson\Desktop\OTL.exe
[2012/02/15 15:44:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/02/15 04:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\Application Data\GetRightToGo
[2012/02/07 17:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Samsung
[2012/02/07 17:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\Application Data\Samsung
[2012/02/07 17:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\My Documents\samsung
[2012/02/07 16:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2012/02/07 16:54:28 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/02/07 16:53:50 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2012/02/07 16:53:50 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/02/07 16:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/02/07 16:53:49 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/02/07 16:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/02/07 16:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/02/07 16:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Downloaded Installations
[2012/01/26 22:33:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jo Bilson\Start Menu\Programs\Administrative Tools
[2012/01/25 18:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TrojanHunter
[2012/01/25 18:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TrojanHunter
[2012/01/25 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.5
[2012/01/24 04:03:00 | 000,000,000 | ---D | C] -- C:\flashrip
[2012/01/24 04:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2012/01/24 04:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/01/24 04:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlashRip(Basic version)
[2012/01/24 04:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\FlashRip-Basic
[2012/01/23 11:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/01/23 11:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/18 17:20:34 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/01/18 17:19:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/09 12:00:47 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2009/09/22 13:48:08 | 000,017,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Jo Bilson\My Documents\*.tmp files -> C:\Documents and Settings\Jo Bilson\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/15 16:36:07 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/02/15 16:25:29 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{035D9D51-5364-4C72-B1FA-0B54DDA8D929}.job
[2012/02/15 16:00:54 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/15 15:50:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jo Bilson\Desktop\OTL.exe
[2012/02/15 15:45:56 | 089,095,879 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/15 15:37:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/15 15:36:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 15:36:43 | 2113,261,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/15 15:33:53 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/14 17:23:37 | 000,210,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/13 20:30:36 | 000,215,552 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 18:42:26 | 000,621,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/02/10 00:52:52 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Desktop\DVDVideoSoft Free Studio.lnk
[2012/02/10 00:52:49 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Desktop\Free YouTube to MP3 Converter.lnk
[2012/02/07 17:19:16 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/02/07 16:54:42 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/02/04 18:20:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2012/02/01 23:02:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/25 18:19:29 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2012/01/25 18:19:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Application Data\Microsoft\Internet Explorer\Quick Launch\TrojanHunter Scanner.lnk
[2012/01/25 18:19:29 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Desktop\TrojanHunter.lnk
[2012/01/24 04:25:49 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/23 11:55:14 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Jo Bilson\My Documents\*.tmp files -> C:\Documents and Settings\Jo Bilson\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/08 03:36:41 | 000,160,312 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/07 17:19:16 | 000,001,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/02/07 16:54:41 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\Jo Bilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/01/26 22:27:39 | 2113,261,568 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/25 18:19:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Jo Bilson\Application Data\Microsoft\Internet Explorer\Quick Launch\TrojanHunter Scanner.lnk
[2012/01/25 18:19:29 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Jo Bilson\Desktop\TrojanHunter.lnk
[2012/01/25 18:19:22 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2012/01/23 11:55:14 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/28 20:08:41 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011/12/28 20:08:41 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011/12/28 20:08:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011/12/28 20:08:41 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/09/04 13:15:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/07/21 19:44:21 | 000,056,884 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/08 14:07:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/04/14 14:36:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/29 18:07:14 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/12/29 18:07:14 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/12/29 18:07:14 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/12/29 18:07:14 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/12/29 18:07:14 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/12/29 18:07:14 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/12/29 18:07:14 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/12/29 18:07:14 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/12/29 18:07:14 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/12/29 18:07:14 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/12/29 18:07:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/12/29 18:07:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/12/29 18:07:14 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/12/29 18:07:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/12/29 18:07:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/12/29 18:07:14 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/12/29 18:07:14 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/12/29 18:07:14 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/12/29 18:07:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/20 11:28:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/20 11:28:08 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2009/10/20 18:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/22 13:48:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/09/22 13:48:21 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/09/22 13:48:09 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\A2Nusd.dll
[2009/09/22 13:48:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2009/09/22 13:48:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ForgiveMe.exe
[2009/09/22 13:48:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\MKScannerSetting.ini
[2009/09/22 13:40:28 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/22 13:40:28 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/09/22 13:40:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/22 13:39:28 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/09/22 13:39:28 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/09/22 13:39:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2009/09/22 13:39:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/09/22 13:37:50 | 000,027,497 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/19 10:59:56 | 000,215,552 | ---- | C] () -- C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/23 18:52:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/23 18:49:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/23 17:38:56 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/11/23 17:38:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/11/23 17:38:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/11/23 17:38:49 | 000,484,512 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/11/23 17:38:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/11/23 17:38:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/11/23 17:38:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/11/23 17:38:49 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/11/23 17:38:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/11/23 17:38:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/11/23 17:38:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/11/23 17:38:46 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/11/23 17:38:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/11/23 11:42:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/23 11:06:31 | 000,092,426 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/11/23 11:06:21 | 000,208,896 | R--- | C] () -- C:\WINDOWS\Progress.exe
[2007/11/23 11:06:21 | 000,049,152 | R--- | C] () -- C:\WINDOWS\InstFunc.exe
[2007/11/23 11:06:17 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis760.bin
[2007/11/23 11:06:17 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis741.bin
[2007/11/23 11:06:17 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis660.bin
[2007/11/23 11:06:00 | 000,078,609 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/11/23 10:44:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/23 10:43:50 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

< End of report >

Extras.Txt

OTL Extras logfile created on: 15/02/2012 16:21:55 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jo Bilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 35.85% Memory free
3.82 Gb Paging File | 2.69 Gb Available in Paging File | 70.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.35 Gb Total Space | 94.08 Gb Free Space | 32.07% Space Free | Partition Type: NTFS
Drive I: | 298.09 Gb Total Space | 0.81 Gb Free Space | 0.27% Space Free | Partition Type: NTFS

Computer Name: NERVECENTRE | User Name: Jo Bilson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\kmpmediatoolbar\dtUser.exe" = C:\Program Files\kmpmediatoolbar\dtUser.exe:*:Enabled:KMP Media Toolbar DTX Broker -- (Visicom Media Inc.)
"C:\Program Files\PANDORA.TV\PanService\PandoraService.exe" = C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService -- (Pandora.TV)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgam.exe" = C:\Program Files\AVG\AVG10\avgam.exe:*:Enabled:AVG Alert manager -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 30
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A81AB93-6B80-45E1-BE0C-29E4364724DF}_is1" = Satellite Direct v3.24.1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{5313CFF7-E762-4752-BEC0-1E2CB2C685E4}" = uMedia uTV
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{73AA12E1-5FFD-4545-9A28-CE7C318F284E}" = AVG 2011
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79E75FAC-61CB-41F5-82F0-1A0ADFEAB1A8}_is1" = 1.0
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = PandoraTV Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"alotToolbar" = ALOT Toolbar
"AVG" = AVG 2011
"BearPaw 2448TA Plus v1.1" = BearPaw 2448TA Plus v1.1
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DiskAid_is1" = DiskAid 4.64
"e-Life Pal" = e-Life Pal
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 7.2 by MixMeister
"FlashRip (Basic version)_is1" = flashripbasic
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"kmpmediatoolbar" = KMP Media Toolbar
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 10.0.1 (x86 en-GB)" = Mozilla Firefox 10.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SiS VGA Driver" = SiS VGA Utilities
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Soulseek2" = SoulSeek 157 NS 13c
"Sound'Em 1.0" = Sound'Em 1.0
"Spotify" = Spotify
"The KMPlayer" = The KMPlayer (remove only)
"Trojan Remover_is1" = Trojan Remover 6.8.2
"TrojanHunter_is1" = TrojanHunter 5.5
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = PandoraTV Toolbar Updater

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 06/02/2012 19:15:32 | Computer Name = NERVECENTRE | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 06/02/2012 19:16:18 | Computer Name = NERVECENTRE | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 08/02/2012 10:22:30 | Computer Name = NERVECENTRE | Source = Service Control Manager | ID = 7022
Description = The PandoraService service hung on starting.

Error - 09/02/2012 17:00:01 | Computer Name = NERVECENTRE | Source = Service Control Manager | ID = 7022
Description = The PandoraService service hung on starting.

Error - 10/02/2012 10:55:45 | Computer Name = NERVECENTRE | Source = Service Control Manager | ID = 7022
Description = The PandoraService service hung on starting.

Error - 11/02/2012 14:37:12 | Computer Name = NERVECENTRE | Source = Service Control Manager | ID = 7022
Description = The PandoraService service hung on starting.

Error - 11/02/2012 23:45:34 | Computer Name = NERVECENTRE | Source = Service Control Manager | ID = 7022
Description = The PandoraService service hung on starting.

Error - 13/02/2012 16:25:08 | Computer Name = NERVECENTRE | Source = Service Control Manager | ID = 7022
Description = The PandoraService service hung on starting.

Error - 14/02/2012 11:30:09 | Computer Name = NERVECENTRE | Source = Service Control Manager | ID = 7022
Description = The PandoraService service hung on starting.

Error - 15/02/2012 11:40:49 | Computer Name = NERVECENTRE | Source = Service Control Manager | ID = 7022
Description = The PandoraService service hung on starting.


< End of report >

#7 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:08 AM

Posted 16 February 2012 - 10:15 AM

Hi-

Thank you for the logs. Let's see if we can get rid of the infection.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  • If TDSSKiller does not run, try renaming it.

    To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.

  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. C:\TDSSKiller.2.6.21.0_23.07.2011_15.31.43_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Next, download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl


Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your reply, copy in the contents of the TDSSKiller report and the ComboFix report. How is your computer running now?
Shannon

#8 bizzlington

bizzlington
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 16 February 2012 - 07:17 PM

Won't be able to tell for definite until I try syncing my iphone with my computer as the virus seemed to be causing the syncing some problems but my internet browsing seems much improved and i'm almost certain that what you have advised me has fixed everything but I will include the logs anyway. Thanks Shannon for all your help and your timely responses, whatever they are paying you, it's not enough!

TDSS Killer Report

22:07:12.0359 5916 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
22:07:14.0390 5916 ============================================================
22:07:14.0390 5916 Current date / time: 2012/02/16 22:07:14.0390
22:07:14.0390 5916 SystemInfo:
22:07:14.0406 5916
22:07:14.0406 5916 OS Version: 5.1.2600 ServicePack: 3.0
22:07:14.0406 5916 Product type: Workstation
22:07:14.0406 5916 ComputerName: NERVECENTRE
22:07:14.0406 5916 UserName: Jo Bilson
22:07:14.0406 5916 Windows directory: C:\WINDOWS
22:07:14.0406 5916 System windows directory: C:\WINDOWS
22:07:14.0406 5916 Processor architecture: Intel x86
22:07:14.0406 5916 Number of processors: 1
22:07:14.0406 5916 Page size: 0x1000
22:07:14.0406 5916 Boot type: Normal boot
22:07:14.0406 5916 ============================================================
22:07:18.0703 5916 Drive \Device\Harddisk0\DR0 - Size: 0x49BB32C800 (294.92 Gb), SectorSize: 0x200, Cylinders: 0x9664, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:07:18.0734 5916 Drive \Device\Harddisk1\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:07:18.0890 5916 \Device\Harddisk0\DR0:
22:07:18.0921 5916 MBR used
22:07:18.0921 5916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24DD94BF
22:07:18.0921 5916 \Device\Harddisk1\DR2:
22:07:18.0921 5916 MBR used
22:07:18.0921 5916 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
22:07:20.0593 5916 Initialize success
22:07:20.0593 5916 ============================================================
22:07:28.0765 5640 ============================================================
22:07:28.0765 5640 Scan started
22:07:28.0765 5640 Mode: Manual;
22:07:28.0765 5640 ============================================================
22:07:30.0125 5640 Abiosdsk - ok
22:07:30.0187 5640 abp480n5 - ok
22:07:30.0312 5640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:07:30.0406 5640 ACPI - ok
22:07:30.0531 5640 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:07:30.0593 5640 ACPIEC - ok
22:07:30.0656 5640 adpu160m - ok
22:07:31.0140 5640 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
22:07:31.0156 5640 aeaudio - ok
22:07:31.0203 5640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:07:31.0203 5640 aec - ok
22:07:31.0281 5640 AF15BDA (3cd15ebaa1d68bc18ce14a26683bc1ec) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
22:07:31.0296 5640 AF15BDA - ok
22:07:31.0375 5640 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
22:07:31.0390 5640 Afc - ok
22:07:31.0453 5640 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:07:31.0593 5640 AFD - ok
22:07:31.0656 5640 Aha154x - ok
22:07:31.0718 5640 aic78u2 - ok
22:07:31.0781 5640 aic78xx - ok
22:07:31.0890 5640 AliIde - ok
22:07:31.0953 5640 amsint - ok
22:07:32.0015 5640 asc - ok
22:07:32.0093 5640 asc3350p - ok
22:07:32.0156 5640 asc3550 - ok
22:07:32.0296 5640 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:07:32.0296 5640 AsyncMac - ok
22:07:32.0343 5640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:07:32.0343 5640 atapi - ok
22:07:32.0390 5640 Atdisk - ok
22:07:32.0453 5640 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:07:32.0484 5640 Atmarpc - ok
22:07:32.0578 5640 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:07:32.0625 5640 audstub - ok
22:07:32.0718 5640 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
22:07:32.0796 5640 Avgfwdx - ok
22:07:32.0859 5640 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
22:07:32.0890 5640 Avgfwfd - ok
22:07:33.0031 5640 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:07:33.0093 5640 AVGIDSDriver - ok
22:07:33.0203 5640 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:07:33.0203 5640 AVGIDSEH - ok
22:07:33.0250 5640 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:07:33.0296 5640 AVGIDSFilter - ok
22:07:33.0390 5640 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:07:33.0453 5640 AVGIDSShim - ok
22:07:33.0546 5640 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:07:33.0671 5640 Avgldx86 - ok
22:07:33.0718 5640 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:07:33.0828 5640 Avgmfx86 - ok
22:07:33.0890 5640 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:07:33.0953 5640 Avgrkx86 - ok
22:07:34.0031 5640 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:07:34.0140 5640 Avgtdix - ok
22:07:34.0250 5640 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:07:34.0265 5640 Beep - ok
22:07:34.0375 5640 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
22:07:34.0375 5640 BrScnUsb - ok
22:07:34.0453 5640 BrSerIf (c121e10c64318182a6478acae1855ee0) C:\WINDOWS\system32\Drivers\BrSerIf.sys
22:07:34.0546 5640 BrSerIf - ok
22:07:34.0625 5640 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
22:07:34.0703 5640 BrUsbSer - ok
22:07:34.0750 5640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:07:34.0812 5640 cbidf2k - ok
22:07:34.0875 5640 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:07:34.0921 5640 CCDECODE - ok
22:07:34.0968 5640 cd20xrnt - ok
22:07:35.0031 5640 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:07:35.0125 5640 Cdaudio - ok
22:07:35.0171 5640 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:07:35.0203 5640 Cdfs - ok
22:07:35.0234 5640 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:07:35.0265 5640 Cdrom - ok
22:07:35.0296 5640 Changer - ok
22:07:35.0390 5640 CmdIde - ok
22:07:35.0468 5640 Cpqarray - ok
22:07:35.0562 5640 dac2w2k - ok
22:07:35.0609 5640 dac960nt - ok
22:07:35.0734 5640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:07:35.0812 5640 Disk - ok
22:07:35.0968 5640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:07:36.0062 5640 dmboot - ok
22:07:36.0125 5640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:07:36.0234 5640 dmio - ok
22:07:36.0296 5640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:07:36.0296 5640 dmload - ok
22:07:36.0375 5640 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:07:36.0453 5640 DMusic - ok
22:07:36.0546 5640 dpti2o - ok
22:07:36.0593 5640 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:07:36.0625 5640 drmkaud - ok
22:07:36.0671 5640 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:07:36.0750 5640 E100B - ok
22:07:36.0843 5640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:07:36.0859 5640 Fastfat - ok
22:07:36.0968 5640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:07:37.0015 5640 Fdc - ok
22:07:37.0062 5640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:07:37.0125 5640 Fips - ok
22:07:37.0187 5640 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:07:37.0250 5640 Flpydisk - ok
22:07:37.0312 5640 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:07:37.0359 5640 FltMgr - ok
22:07:37.0406 5640 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:07:37.0468 5640 Fs_Rec - ok
22:07:37.0593 5640 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:07:37.0609 5640 Ftdisk - ok
22:07:37.0687 5640 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
22:07:37.0750 5640 gagp30kx - ok
22:07:37.0828 5640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:07:37.0890 5640 GEARAspiWDM - ok
22:07:37.0937 5640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:07:37.0953 5640 Gpc - ok
22:07:38.0000 5640 GT680x (7b90be6811334caa9243b89f3d3fee1a) C:\WINDOWS\system32\Drivers\Gt680x.sys
22:07:38.0031 5640 GT680x - ok
22:07:38.0234 5640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:07:38.0296 5640 HidUsb - ok
22:07:38.0375 5640 hpn - ok
22:07:38.0468 5640 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:07:38.0500 5640 HPZid412 - ok
22:07:38.0546 5640 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:07:38.0593 5640 HPZipr12 - ok
22:07:38.0640 5640 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:07:38.0718 5640 HPZius12 - ok
22:07:38.0796 5640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:07:38.0828 5640 HTTP - ok
22:07:38.0906 5640 i2omgmt - ok
22:07:38.0968 5640 i2omp - ok
22:07:39.0031 5640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:07:39.0031 5640 i8042prt - ok
22:07:39.0093 5640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:07:39.0125 5640 Imapi - ok
22:07:39.0171 5640 ini910u - ok
22:07:39.0265 5640 IntelIde - ok
22:07:39.0343 5640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:07:39.0359 5640 Ip6Fw - ok
22:07:39.0437 5640 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:07:39.0484 5640 IpFilterDriver - ok
22:07:39.0578 5640 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:07:39.0609 5640 IpInIp - ok
22:07:39.0671 5640 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:07:39.0671 5640 IpNat - ok
22:07:39.0734 5640 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:07:39.0734 5640 IPSec - ok
22:07:39.0796 5640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:07:39.0843 5640 IRENUM - ok
22:07:39.0953 5640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:07:39.0984 5640 isapnp - ok
22:07:40.0046 5640 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:07:40.0140 5640 Kbdclass - ok
22:07:40.0187 5640 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:07:40.0250 5640 kbdhid - ok
22:07:40.0312 5640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:07:40.0343 5640 kmixer - ok
22:07:40.0406 5640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:07:40.0515 5640 KSecDD - ok
22:07:40.0640 5640 lbrtfdc - ok
22:07:40.0890 5640 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
22:07:41.0031 5640 MidiSyn - ok
22:07:41.0125 5640 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:07:41.0187 5640 mnmdd - ok
22:07:41.0265 5640 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:07:41.0328 5640 Modem - ok
22:07:41.0406 5640 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:07:41.0484 5640 Mouclass - ok
22:07:41.0625 5640 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:07:41.0656 5640 mouhid - ok
22:07:41.0703 5640 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:07:41.0781 5640 MountMgr - ok
22:07:41.0843 5640 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
22:07:41.0921 5640 MPE - ok
22:07:42.0015 5640 mraid35x - ok
22:07:42.0078 5640 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:07:42.0109 5640 MRxDAV - ok
22:07:42.0203 5640 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:07:42.0328 5640 MRxSmb - ok
22:07:42.0437 5640 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:07:42.0453 5640 Msfs - ok
22:07:42.0546 5640 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:07:42.0546 5640 MSKSSRV - ok
22:07:42.0593 5640 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:07:42.0656 5640 MSPCLOCK - ok
22:07:42.0750 5640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:07:42.0828 5640 MSPQM - ok
22:07:42.0890 5640 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:07:42.0937 5640 mssmbios - ok
22:07:43.0062 5640 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:07:43.0171 5640 MSTEE - ok
22:07:43.0218 5640 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:07:43.0265 5640 Mup - ok
22:07:43.0312 5640 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:07:43.0328 5640 NABTSFEC - ok
22:07:43.0484 5640 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:07:43.0578 5640 NDIS - ok
22:07:43.0671 5640 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:07:43.0750 5640 NdisIP - ok
22:07:43.0828 5640 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:07:43.0921 5640 NdisTapi - ok
22:07:43.0984 5640 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:07:43.0984 5640 Ndisuio - ok
22:07:44.0046 5640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:07:44.0093 5640 NdisWan - ok
22:07:44.0156 5640 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:07:44.0218 5640 NDProxy - ok
22:07:44.0281 5640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:07:44.0375 5640 NetBIOS - ok
22:07:44.0453 5640 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:07:44.0515 5640 NetBT - ok
22:07:44.0703 5640 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
22:07:44.0718 5640 NPF - ok
22:07:44.0734 5640 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:07:44.0765 5640 Npfs - ok
22:07:44.0859 5640 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:07:44.0953 5640 Ntfs - ok
22:07:45.0031 5640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:07:45.0062 5640 Null - ok
22:07:45.0093 5640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:07:45.0093 5640 NwlnkFlt - ok
22:07:45.0171 5640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:07:45.0203 5640 NwlnkFwd - ok
22:07:45.0328 5640 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:07:45.0375 5640 Parport - ok
22:07:45.0421 5640 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:07:45.0500 5640 PartMgr - ok
22:07:45.0593 5640 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:07:45.0687 5640 ParVdm - ok
22:07:45.0734 5640 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:07:45.0796 5640 PCI - ok
22:07:45.0859 5640 PCIDump - ok
22:07:45.0937 5640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:07:46.0000 5640 PCIIde - ok
22:07:46.0062 5640 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
22:07:46.0078 5640 Pcmcia - ok
22:07:46.0140 5640 PDCOMP - ok
22:07:46.0187 5640 PDFRAME - ok
22:07:46.0250 5640 PDRELI - ok
22:07:46.0312 5640 PDRFRAME - ok
22:07:46.0375 5640 perc2 - ok
22:07:46.0484 5640 perc2hib - ok
22:07:46.0703 5640 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:07:46.0718 5640 PptpMiniport - ok
22:07:46.0796 5640 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
22:07:46.0859 5640 Processor - ok
22:07:46.0953 5640 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:07:47.0015 5640 PSched - ok
22:07:47.0078 5640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:07:47.0109 5640 Ptilink - ok
22:07:47.0156 5640 ql1080 - ok
22:07:47.0203 5640 Ql10wnt - ok
22:07:47.0281 5640 ql12160 - ok
22:07:47.0343 5640 ql1240 - ok
22:07:47.0390 5640 ql1280 - ok
22:07:47.0500 5640 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:07:47.0546 5640 RasAcd - ok
22:07:47.0609 5640 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:07:47.0687 5640 Rasl2tp - ok
22:07:47.0765 5640 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:07:47.0796 5640 RasPppoe - ok
22:07:47.0859 5640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:07:47.0921 5640 Raspti - ok
22:07:47.0984 5640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:07:48.0031 5640 Rdbss - ok
22:07:48.0093 5640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:07:48.0125 5640 RDPCDD - ok
22:07:48.0250 5640 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:07:48.0281 5640 RDPWD - ok
22:07:48.0359 5640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:07:48.0359 5640 redbook - ok
22:07:48.0562 5640 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:07:48.0593 5640 Secdrv - ok
22:07:48.0687 5640 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
22:07:48.0781 5640 senfilt - ok
22:07:48.0890 5640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:07:48.0968 5640 serenum - ok
22:07:49.0031 5640 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:07:49.0078 5640 Serial - ok
22:07:49.0203 5640 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
22:07:49.0265 5640 Sfloppy - ok
22:07:49.0375 5640 Simbad - ok
22:07:49.0468 5640 SiS315 (c14863dece98b65195429df2dcc038bc) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
22:07:49.0515 5640 SiS315 - ok
22:07:49.0562 5640 SiSGbeXP (37daa9f59a3ff30a314fd98ee8f47000) C:\WINDOWS\system32\DRIVERS\SiSGbeXP.sys
22:07:49.0593 5640 SiSGbeXP - ok
22:07:49.0656 5640 SiSkp (c29363d5855c4b55012a31ef6436013c) C:\WINDOWS\system32\DRIVERS\srvkp.sys
22:07:49.0718 5640 SiSkp - ok
22:07:49.0781 5640 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:07:49.0890 5640 SLIP - ok
22:07:49.0968 5640 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
22:07:50.0062 5640 smwdm - ok
22:07:50.0203 5640 Sparrow - ok
22:07:50.0250 5640 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:07:50.0265 5640 splitter - ok
22:07:50.0375 5640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:07:50.0437 5640 sr - ok
22:07:50.0531 5640 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:07:50.0640 5640 Srv - ok
22:07:50.0796 5640 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:07:50.0843 5640 streamip - ok
22:07:50.0953 5640 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:07:51.0031 5640 swenum - ok
22:07:51.0078 5640 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:07:51.0156 5640 swmidi - ok
22:07:51.0218 5640 symc810 - ok
22:07:51.0281 5640 symc8xx - ok
22:07:51.0343 5640 sym_hi - ok
22:07:51.0406 5640 sym_u3 - ok
22:07:51.0500 5640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:07:51.0500 5640 sysaudio - ok
22:07:51.0546 5640 tcji - ok
22:07:51.0609 5640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:07:51.0718 5640 Tcpip - ok
22:07:51.0781 5640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:07:51.0781 5640 TDPIPE - ok
22:07:51.0828 5640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:07:51.0843 5640 TDTCP - ok
22:07:51.0906 5640 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:07:51.0906 5640 TermDD - ok
22:07:51.0984 5640 TosIde - ok
22:07:52.0140 5640 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:07:52.0281 5640 Udfs - ok
22:07:52.0343 5640 ultra - ok
22:07:52.0421 5640 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:07:52.0546 5640 Update - ok
22:07:52.0687 5640 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:07:52.0734 5640 USBAAPL - ok
22:07:52.0828 5640 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
22:07:52.0875 5640 usbaudio - ok
22:07:53.0000 5640 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:07:53.0031 5640 usbccgp - ok
22:07:53.0093 5640 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:07:53.0171 5640 usbehci - ok
22:07:53.0234 5640 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:07:53.0312 5640 usbhub - ok
22:07:53.0375 5640 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
22:07:53.0437 5640 usbohci - ok
22:07:53.0515 5640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:07:53.0593 5640 usbprint - ok
22:07:53.0656 5640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:07:53.0718 5640 usbscan - ok
22:07:53.0796 5640 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:07:53.0843 5640 usbstor - ok
22:07:53.0968 5640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:07:53.0968 5640 VgaSave - ok
22:07:54.0000 5640 ViaIde - ok
22:07:54.0078 5640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:07:54.0156 5640 VolSnap - ok
22:07:54.0234 5640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:07:54.0281 5640 Wanarp - ok
22:07:54.0312 5640 WDICA - ok
22:07:54.0359 5640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:07:54.0359 5640 wdmaud - ok
22:07:54.0625 5640 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:07:54.0671 5640 WSTCODEC - ok
22:07:54.0781 5640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:07:54.0828 5640 WudfPf - ok
22:07:54.0906 5640 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:07:54.0984 5640 WudfRd - ok
22:07:55.0078 5640 xcpip - ok
22:07:55.0156 5640 xpsec - ok
22:07:55.0218 5640 zi3geg.sys - ok
22:07:55.0328 5640 MBR (0x1B8) (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
22:07:55.0328 5640 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
22:07:55.0343 5640 \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
22:07:55.0375 5640 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
22:07:55.0406 5640 \Device\Harddisk1\DR2 ( Backdoor.Win32.Sinowal.knf ) - infected
22:07:55.0453 5640 \Device\Harddisk1\DR2 - detected Backdoor.Win32.Sinowal.knf (0)
22:07:55.0484 5640 Boot (0x1200) (4782301db2839a1ba81a74928a1b3814) \Device\Harddisk0\DR0\Partition0
22:07:55.0484 5640 \Device\Harddisk0\DR0\Partition0 - ok
22:07:55.0531 5640 Boot (0x1200) (e08f96b3546c1b3a6f980e54c9e46945) \Device\Harddisk1\DR2\Partition0
22:07:55.0531 5640 \Device\Harddisk1\DR2\Partition0 - ok
22:07:55.0531 5640 ============================================================
22:07:55.0531 5640 Scan finished
22:07:55.0578 5640 ============================================================
22:07:55.0656 0548 Detected object count: 2
22:07:55.0656 0548 Actual detected object count: 2
22:08:27.0828 0548 \Device\Harddisk0\DR0\# - copied to quarantine
22:08:27.0828 0548 \Device\Harddisk0\DR0 - copied to quarantine
22:08:27.0843 0548 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
22:08:27.0875 0548 \Device\Harddisk0\DR0 - ok
22:08:27.0906 0548 \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
22:08:36.0750 0548 \Device\Harddisk1\DR2\# - copied to quarantine
22:08:36.0765 0548 \Device\Harddisk1\DR2 - copied to quarantine
22:08:36.0828 0548 \Device\Harddisk1\DR2 ( Backdoor.Win32.Sinowal.knf ) - cured
22:08:36.0859 0548 \Device\Harddisk1\DR2 - ok
22:08:36.0859 0548 \Device\Harddisk1\DR2 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
22:08:45.0484 3540 Deinitialize success

Combofix Log

c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG10\avgam.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2012-02-16 23:14:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-16 23:14
.
Pre-Run: 98,009,022,464 bytes free
Post-Run: 101,369,569,280 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 18810F3A41273F93CA870D591465CE49

Attached Files



#9 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:08 AM

Posted 17 February 2012 - 07:24 AM

Hi-

It looks like TDSSKiller and ComboFix did a good job on the infections, but, unfortunately, one was a backdoor trojan. A backdoor trojan allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and has been killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still finish cleaning this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide to continue with the cleanup -

Please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Next, get a new OTL scan report.
  • Double click on the Posted Image icon on your desktop.
  • In the Extra Registry Box, check None
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • A report will open, copy and paste it into your reply:
  • OTL.txt <-- Will be the opened report

In your reply, please copy in the MBAM report and the OTL report. How is your computer doing?
Shannon

#10 bizzlington

bizzlington
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 17 February 2012 - 09:32 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.17.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jo Bilson :: NERVECENTRE [administrator]

17/02/2012 19:46:00
mbam-log-2012-02-17 (19-46-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 261625
Time elapsed: 56 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



OTL logfile created on: 18/02/2012 02:19:45 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Jo Bilson\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.97 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.73% Memory free
3.82 Gb Paging File | 2.77 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.35 Gb Total Space | 98.17 Gb Free Space | 33.46% Space Free | Partition Type: NTFS
Drive I: | 298.09 Gb Total Space | 0.02 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive K: | 1397.26 Gb Total Space | 0.30 Gb Free Space | 0.02% Space Free | Partition Type: NTFS

Computer Name: NERVECENTRE | User Name: Jo Bilson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/17 03:02:12 | 000,739,704 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/02/17 01:12:32 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/02/15 15:50:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jo Bilson\Desktop\OTL.exe
PRC - [2012/02/12 15:33:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/03 08:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 20:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/12/19 10:04:22 | 006,980,696 | ---- | M] (KMP Meida co.,Ltd) -- C:\Program Files\The KMPlayer\KMPlayer.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 04:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/16 14:43:16 | 000,040,960 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2007/04/11 03:05:42 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2005/07/22 20:36:10 | 000,933,888 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004/11/19 19:50:26 | 000,069,632 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 03:28:27 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
MOD - [2012/02/17 03:27:03 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c14e58265386feb509cc61bb5e8dd296\System.Runtime.Remoting.ni.dll
MOD - [2012/02/17 03:08:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/17 03:07:53 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/17 03:07:11 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/17 03:06:42 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/02/17 03:06:30 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
MOD - [2012/02/17 03:06:23 | 014,328,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
MOD - [2012/02/17 03:05:25 | 012,215,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
MOD - [2012/02/17 03:04:51 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
MOD - [2012/02/17 03:04:31 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/17 01:12:47 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Local Settings\temp\c06086cf-47b1-4760-b263-4e4271d9922f\CliSecureRT.dll
MOD - [2012/02/17 01:12:32 | 000,507,816 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012/02/17 01:12:32 | 000,021,416 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/02/17 01:12:32 | 000,007,168 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012/02/17 01:12:32 | 000,003,584 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012/02/17 01:12:31 | 000,639,912 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012/02/12 15:33:40 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/15 14:52:56 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/03 15:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/11/03 15:28:36 | 000,386,048 | ---- | M] () -- C:\WINDOWS\system32\qdvd.dll
MOD - [2011/10/13 19:03:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/29 09:13:58 | 004,503,865 | ---- | M] () -- C:\Program Files\The KMPlayer\libcodec.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/12/05 07:42:30 | 000,123,036 | ---- | M] () -- C:\Program Files\The KMPlayer\libmad.dll
MOD - [2008/07/14 02:31:44 | 000,431,616 | ---- | M] () -- C:\Program Files\The KMPlayer\libmplay.dll
MOD - [2008/04/14 00:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 00:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 00:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/10/29 20:49:16 | 000,036,864 | ---- | M] () -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\RawPictureLib.pcp


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/09 18:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/20 18:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/07/12 03:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/07/12 03:33:54 | 000,030,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009/11/20 11:28:00 | 000,306,816 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009/10/20 18:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2008/04/13 18:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/04/10 19:30:16 | 000,018,304 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/04/10 19:09:08 | 000,321,024 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/12/20 04:00:00 | 000,041,600 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)
DRV - [2005/03/01 04:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/14 04:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2003/02/18 15:38:04 | 000,017,504 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80150&lng=en
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.14
FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.45
FF - prefs.js..extensions.enabledItems: {ED76C299-85BC-4891-9237-74A140C28832}:1.0.0.17
FF - prefs.js..keyword.URL: "http://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80150&language=en&qkw="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/04 18:20:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 15:33:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 21:20:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ED76C299-85BC-4891-9237-74A140C28832}: C:\PROGRA~1\REBATE~1\Firefox\

[2010/04/14 14:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Extensions
[2012/02/17 17:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions
[2010/04/28 11:25:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 15:45:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/12/30 03:33:30 | 000,000,000 | ---D | M] (KMP Media Toolbar) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\{daf5b34c-1aa3-4c33-ae24-766a370635d2}
[2012/01/31 18:41:22 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\AppGraffiti@AppGraffiti.com
[2012/02/17 17:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\extensions\staged
[2011/05/06 17:16:47 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Application Data\Mozilla\Firefox\Profiles\nuoplm51.default\searchplugins\inbox-search.xml
[2012/01/31 18:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JO BILSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NUOPLM51.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JO BILSON\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\NUOPLM51.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2012/02/04 18:20:57 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/05/26 17:07:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/12 15:33:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/31 18:41:09 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/31 18:41:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/31 18:41:09 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/31 18:41:09 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/31 18:41:09 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/16 23:03:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (KMP Media Toolbar) - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\kmpmediatoolbarX.dll ()
O3 - HKLM\..\Toolbar: (KMP Media Toolbar) - {daf5b34c-1aa3-4c33-ae24-766a370635d2} - C:\Program Files\kmpmediatoolbar\kmpmediatoolbarX.dll ()
O3 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsubleepa Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-465455710-2586150225-3308839921-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Jo Bilson\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E2CA1A5-A904-4EC8-B27B-51D351678ACE}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/23 18:50:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 17:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/17 17:33:13 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/17 17:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/17 01:25:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/17 01:08:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\System32
[2012/02/16 22:33:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/16 22:28:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/16 22:28:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/16 22:28:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/16 22:28:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/16 22:27:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/16 22:27:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/16 22:20:56 | 004,406,022 | R--- | C] (Swearware) -- C:\Documents and Settings\Jo Bilson\Desktop\ComboFix.exe
[2012/02/16 22:08:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/16 22:06:12 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jo Bilson\Desktop\TDSSKiller.exe
[2012/02/15 15:50:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jo Bilson\Desktop\OTL.exe
[2012/02/15 04:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\Application Data\GetRightToGo
[2012/02/07 17:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Samsung
[2012/02/07 17:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\Application Data\Samsung
[2012/02/07 17:19:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\My Documents\samsung
[2012/02/07 16:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Samsung
[2012/02/07 16:54:28 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012/02/07 16:53:50 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\DIFxAPI.dll
[2012/02/07 16:53:50 | 000,020,032 | ---- | C] (Devguru Co., Ltd) -- C:\WINDOWS\System32\drivers\dgderdrv.sys
[2012/02/07 16:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2012/02/07 16:53:49 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\WINDOWS\System32\dgderapi.dll
[2012/02/07 16:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/02/07 16:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2012/02/07 16:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\Downloaded Installations
[2012/01/26 22:33:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jo Bilson\Start Menu\Programs\Administrative Tools
[2012/01/25 18:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.5
[2012/01/24 04:03:00 | 000,000,000 | ---D | C] -- C:\flashrip
[2012/01/24 04:01:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2012/01/24 04:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/01/24 04:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlashRip(Basic version)
[2012/01/24 04:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\FlashRip-Basic
[2012/01/23 11:55:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/01/23 11:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/09 12:00:47 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2009/09/22 13:48:08 | 000,017,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/18 02:21:10 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{035D9D51-5364-4C72-B1FA-0B54DDA8D929}.job
[2012/02/18 02:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/18 02:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/18 01:28:57 | 000,226,816 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 01:24:43 | 089,309,933 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/17 22:04:38 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/02/17 17:33:15 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 17:04:48 | 000,621,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/02/17 16:59:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/17 16:59:50 | 2113,261,568 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 03:03:53 | 000,484,512 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/17 03:03:53 | 000,087,552 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 23:03:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/16 22:33:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/16 22:21:11 | 004,406,022 | R--- | M] (Swearware) -- C:\Documents and Settings\Jo Bilson\Desktop\ComboFix.exe
[2012/02/16 15:04:42 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 03:32:03 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/16 03:16:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/15 23:02:46 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/15 19:34:16 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jo Bilson\Desktop\TDSSKiller.exe
[2012/02/15 15:50:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jo Bilson\Desktop\OTL.exe
[2012/02/15 15:33:53 | 000,012,688 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/14 17:23:37 | 000,210,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/10 00:52:52 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Desktop\DVDVideoSoft Free Studio.lnk
[2012/02/10 00:52:49 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Desktop\Free YouTube to MP3 Converter.lnk
[2012/02/07 17:19:16 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/02/07 16:54:42 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\Jo Bilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/02/04 18:20:57 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2012/01/25 18:19:29 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2012/01/23 11:55:14 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/17 17:33:15 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/16 22:33:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/16 22:33:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/16 22:28:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/16 22:28:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/16 22:28:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/16 22:28:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/16 22:28:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/16 03:32:03 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/15 15:43:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 15:43:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/08 03:36:41 | 000,628,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/02/07 17:19:16 | 000,001,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Samsung Kies.lnk
[2012/02/07 16:54:41 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\Jo Bilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/01/26 22:27:39 | 2113,261,568 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/25 18:19:22 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2012/01/23 11:55:14 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/12/23 20:58:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/12/23 20:58:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/12/23 20:58:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/12/23 20:58:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/09/04 13:15:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011/07/21 19:44:21 | 000,056,884 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/08 14:07:33 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/04/14 14:36:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/12/29 18:07:14 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/12/29 18:07:14 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/12/29 18:07:14 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/12/29 18:07:14 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/12/29 18:07:14 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/12/29 18:07:14 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/12/29 18:07:14 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/12/29 18:07:14 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/12/29 18:07:14 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/12/29 18:07:14 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/12/29 18:07:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/12/29 18:07:14 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/12/29 18:07:14 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/12/29 18:07:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/12/29 18:07:14 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/12/29 18:07:14 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/12/29 18:07:14 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/12/29 18:07:14 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/12/29 18:07:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/20 11:28:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/11/20 11:28:08 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2009/10/20 18:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/22 13:48:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2009/09/22 13:48:21 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2009/09/22 13:48:09 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\A2Nusd.dll
[2009/09/22 13:48:08 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\MKCoInstaller.dll
[2009/09/22 13:48:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ForgiveMe.exe
[2009/09/22 13:48:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\System32\MKScannerSetting.ini
[2009/09/22 13:40:28 | 000,000,463 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/22 13:40:28 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/09/22 13:40:28 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/22 13:39:28 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/09/22 13:39:28 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/09/22 13:39:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat
[2009/09/22 13:39:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/09/22 13:37:50 | 000,027,497 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/19 10:59:56 | 000,226,816 | ---- | C] () -- C:\Documents and Settings\Jo Bilson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/23 18:52:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/23 18:49:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/23 17:38:56 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/11/23 17:38:50 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/11/23 17:38:49 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/11/23 17:38:49 | 000,484,512 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/11/23 17:38:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/11/23 17:38:49 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/11/23 17:38:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/11/23 17:38:49 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/11/23 17:38:48 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/11/23 17:38:48 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/11/23 17:38:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/11/23 17:38:46 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/11/23 17:38:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/11/23 11:42:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/23 11:06:31 | 000,092,426 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2007/11/23 11:06:21 | 000,208,896 | R--- | C] () -- C:\WINDOWS\Progress.exe
[2007/11/23 11:06:21 | 000,049,152 | R--- | C] () -- C:\WINDOWS\InstFunc.exe
[2007/11/23 11:06:17 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis760.bin
[2007/11/23 11:06:17 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\sis741.bin
[2007/11/23 11:06:17 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\sis660.bin
[2007/11/23 11:06:00 | 000,078,609 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2007/11/23 10:44:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/23 10:43:50 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

< End of report >


Hi Shannon. Computer still seems to be working out fine. Nothing came up in the malware scan and i'm not sure what to make of the OTL report. I will take reformatting into consideration, but as I don't do any personal banking or anything like that on this computer, maybe it will be okay.

#11 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:08 AM

Posted 18 February 2012 - 04:06 PM

Hi-

The scans look good. We are almost finished. I would like to run one more scan just to make sure.

I'd like for you to scan your machine with ESET OnlineScan
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please copy the ESET OnlineScan log (if you get one) into your reply.
Shannon

#12 bizzlington

bizzlington
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 21 February 2012 - 01:33 AM

ESETSCAN

C:\Documents and Settings\Jo Bilson\My Documents\Downloads\SoftonicDownloader_for_kmplayer.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Documents and Settings\Jo Bilson\My Documents\Downloads\SoftonicDownloader_for_soulseek.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined

#13 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:08 AM

Posted 21 February 2012 - 07:20 AM

Hi-

ESET OnlineScan did not uncover anything exciting so it is time to clear off the tools we used and to leave you with some words of advice, but first -

Your logs show that you are using peer-to-peer (P2P) or file-sharing programs like uTorrent.

These programs allow one to share files between users as the name(s) suggest. In today's world, the cyber crime has grown to an enormous business and any means is used to infect personal computers and to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject - Risks of File-Sharing Technology

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

To clear off the tools that we used -

To re-enable your Emulation drivers, double click Defogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger might ask to reboot the machine - click OK

Next, please set your system to hide all 'hidden' files.
  • Click Start, open My Computer, select the Tools menu and click Folder Options.
  • Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.

Next, we will uninstall ComboFix
  • Click on the Start button in your system tray
  • click on Run
  • key in the following in bold type:
    • combofix /Uninstall
  • click on Ok

Then, we should remove the tools we used and we will do that with OTL-
  • Double click on the Posted Image icon on your desktop.
  • Click the "CleanUp" button.
  • Restart your computer when prompted.

If you wish to remove the ESET OnlineScan, you will need to go to Start->Settings->Control Panel->Add Remove Programs.

Please take the time to read below to secure your machine and take the necessary steps to keep it clean.

One of the most common questions found when cleaning Spyware or other Malware is "how did my machine get infected?". There are a variety of reasons, but the most common ones are that you are going to sites that you are not practicing Safe Internet, you are not running the proper security software, and that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.

Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a pop up appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop ups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a pop up that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.

Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period. another recommended, and free, AntiSpyware program is Malwarebytes' Anti-Malware (MBAM).

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update your Java runtimes regularly

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Download the latest version here - http://java.sun.com/javase/downloads/index.jsp. You want to select the JRE version.
Follow this list and your potential for being infected again will reduce dramatically.

Good Luck!!

Shannon

#14 bizzlington

bizzlington
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 23 February 2012 - 10:16 AM

Thank you very much for all your advice you have been most helpful. Couple of questions though, is there anything harmful about keeping the tools that I used to clear this infection on my desktop? I just figure that if I was to get into trouble again and say, I got a virus which affected my internet functionality, then wouldn't it be better to keep the tools so I can quickly use them to get rid of the virus? Also i'm a bit lost on what you mean by reenabling my modulators? And where is the defogging option that you talk about?

#15 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:08 AM

Posted 23 February 2012 - 12:32 PM

Hi-

Defogger - If you had followed the site's preparation guide, you would have installed and run defogger to disable your CD Emulation drivers. Since you didn't follow it, you don't need to do that step. I should have removed that step before I sent the posting.

You do NOT want to keep ComboFix. It can get out-of-date very quickly and it is dangerous to use. OTL - you should uninstall as instructed and download a fresh copy when you wanted to look at the system. You would not want to use it to fix anything on your own. A fresh copy of TDSSKiller and ESET OnlineScan could be downloaded when needed. Keep MBAM, set it up for automatic update, and run it about once a week.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users