Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troubles removing Infections


  • This topic is locked This topic is locked
24 replies to this topic

#1 Vaengence

Vaengence

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 21 February 2012 - 02:35 AM

Ok, to make it as short and simple as possible, I was noticing in the last few days that my browser was constantly stopping access to the internet. I was able to work out that the network itself and indeed access to the internet was all working correctly. I ran my main Anti Virus (AVG INternet Security Business Edition 2012) as well as an online scanner and neither found viruses.

In an attempt to narrow down the issue I disabled the AVG firewall to see if it was a Firewall issue. This immediately fixed the connectivity issue except almost as fast I now started getting AVG Block messages stating it was blocking virus on file open. These won't stop - I was getting at least 2 - 3 a minute and every time a new file name (I assume it was copying itself).

I downloaded and ran MBAM and after 7 hours of scanning (>.>) it detected and removed 14 infections, restarted, removed some files during boot up - except as soon as it logged in, the messages from AVG blocking files are now coming up so fast I cannot close a window before a new one opens. I have now had to revert to starting in Safe Mode where I am right now.

Yesterday while It was scanning, I made the following tests specified by the Board:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by reception at 16:19:04 on 2012-02-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.371 [GMT 9.5:30]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PRTG Network Monitor\PRTG Server.exe
C:\Program Files\PRTG Network Monitor\PRTG Probe.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\PRTG Network Monitor\PRTG Enterprise Console.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Aurora\firefox.exe
C:\Program Files\Aurora\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
uDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: LEAP Research: {d5a20021-2084-4564-9449-bf195c577fbc} - mscoree.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBit2.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ISUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler
uRun: [Akamai NetSession Interface] c:\documents and settings\reception\local settings\application data\akamai\netsession_win.exe
uRun: [Google Update] "c:\documents and settings\reception\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PWRAGD] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [MacDrive 8 application] "c:\program files\mediafour\macdrive 8\MacDrive.exe"
mRun: [Getting started with MacDrive 8] "c:\program files\mediafour\macdrive 8\MDGetStarted.exe" /auto
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\recept~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\recept~1\startm~1\programs\startup\prtgen~1.lnk - c:\program files\prtg network monitor\PRTG Enterprise Console.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289975113680
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: Interfaces\{E103844C-F2F5-4774-9E0C-54BBA058C160} : NameServer = 8.8.8.8,8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\program files\thinkvantage fingerprint software\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\reception\application data\mozilla\firefox\profiles\baqxm4mi.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ce36cc2&v=6.010.006.004&i=26&tp=ab&iy=&ychte=au&lng=en-GB&q=
FF - component: c:\documents and settings\reception\application data\mozilla\firefox\profiles\baqxm4mi.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\reception\application data\mozilla\firefox\profiles\baqxm4mi.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\reception\application data\mozilla\firefox\profiles\baqxm4mi.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\reception\application data\mozilla\firefox\profiles\baqxm4mi.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\adobe\acrobat 10.0\acrobat\browser\wcfirefoxextn\components\WCFirefoxExtn.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\reception\application data\mozilla\firefox\profiles\baqxm4mi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\reception\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-2-20 64512]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2010-2-4 231016]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2010-1-22 29792]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 295248]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-12-7 57800]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2010-1-7 192512]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-20 652360]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-11-17 64064]
R2 PRTGCoreService;PRTG Core Server Service;c:\program files\prtg network monitor\PRTG Server.exe [2012-2-20 4345616]
R2 PRTGProbeService;PRTG Probe Service;c:\program files\prtg network monitor\PRTG Probe.exe [2012-2-20 3835152]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\thinkvantage fingerprint software\smihlp.sys [2009-3-14 12560]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2012-2-9 531328]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-11-10 370504]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-11-25 520192]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-17 909152]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-20 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-20 40776]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2012-2-20 35088]
S2 avgagent;AVG Remote Support Service (AvgAgent);avgagent.exe /srvfsys --> avgagent.exe [?]
S2 avgarcln;SQTECH9080;c:\windows\system32\svchost.exe -k netsvcs [2008-7-22 14336]
S2 clientservice;Thotkey;c:\windows\system32\svchost.exe -k netsvcs [2008-7-22 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-6 136176]
S2 KMNAagent;KMnet Admin Agent Service;c:\program files\kyocera\kmnet admin agent\bin\AgentServiceHost.exe [2011-10-10 22528]
S2 KMnetAdminService;KMnetAdmin Service;c:\program files\kyocera\kmnet admin\bin\kwrapper.exe [2012-2-9 122880]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
S2 MegaCom;MegaCom Driver;c:\windows\system32\drivers\megabatteryX86.sys [2011-2-2 16448]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\bin\pg_ctl.exe [2008-3-17 77824]
S2 snoopfreesvc;Purendis;c:\windows\system32\svchost.exe -k netsvcs [2008-7-22 14336]
S2 vetmsgnt;Sbhooksvc;c:\windows\system32\svchost.exe -k netsvcs [2008-7-22 14336]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-7-29 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-12-14 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-6 136176]
S3 KAPFA;KAPFA;\??\c:\windows\system32\drivers\kapfa.sys --> c:\windows\system32\drivers\KAPFA.SYS [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-2-9 129992]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-3 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZetafaxServer;Zetafax Server;c:\program files\zetafax server\server\SYSMAN.EXE [2010-4-30 198072]
.
=============== Created Last 30 ================
.
2012-02-20 06:46:16 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-20 06:43:25 -------- d-----w- C:\Combo
2012-02-20 06:22:17 96784 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2012-02-20 06:22:17 109072 ----a-w- c:\windows\system32\WPRO_41_2001woem_nm.tmp
2012-02-20 06:04:08 35088 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2012-02-20 06:00:15 -------- d-----w- c:\documents and settings\reception\application data\FixZeroAccess
2012-02-20 05:47:20 -------- d-----w- c:\documents and settings\reception\application data\Malwarebytes
2012-02-20 05:46:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-20 05:46:30 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 05:46:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-20 05:17:08 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-20 02:41:17 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-20 02:36:43 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-20 02:36:19 -------- d-----w- c:\program files\Lavasoft
2012-02-20 01:10:08 64512 -c--a-w- c:\windows\system32\dllcache\serial.sys
2012-02-20 01:10:08 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-20 01:06:31 -------- d-----w- c:\documents and settings\reception\application data\QuickScan
2012-02-19 23:55:39 -------- d-----w- c:\documents and settings\all users\application data\Paessler
2012-02-19 23:54:05 -------- d-----w- c:\program files\PRTG Network Monitor
2012-02-16 23:44:10 -------- d-sh--w- c:\documents and settings\reception\local settings\application data\093d0a58
2012-02-16 23:36:09 -------- d-----w- c:\program files\Stellar Phoenix Access Recovery
2012-02-16 23:24:09 -------- d-----w- c:\documents and settings\reception\local settings\application data\Cimaware
2012-02-16 23:10:26 -------- d-----w- c:\documents and settings\reception\local settings\application data\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2012-02-14 00:21:21 -------- d-----w- c:\documents and settings\reception\MDBVU32
2012-02-09 05:28:31 -------- d-----w- c:\documents and settings\reception\application data\Mste
2012-02-09 05:25:11 -------- d-----w- c:\documents and settings\reception\local settings\application data\conduitEngine
2012-02-09 05:04:25 -------- d-----w- c:\program files\PostgreSQL
2012-02-09 02:39:45 53248 ----a-w- c:\windows\system32\LMServer.exe
2012-02-09 02:39:45 24576 ----a-w- c:\windows\system32\LMServerps.dll
2012-02-09 02:39:44 -------- d-----w- c:\program files\Kyocera Mita
2012-02-08 23:12:04 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-01-30 05:10:26 -------- d-----w- c:\program files\GIMPshop-2.0
2012-01-30 05:09:33 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-01-30 05:03:21 -------- d-----w- C:\Multimedia Files
2012-01-30 05:03:14 -------- d-----w- c:\program files\Microsoft GIF Animator
2012-01-25 03:17:13 -------- d-----w- c:\program files\Classic Menu for Office
2012-01-24 20:47:50 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx
2012-01-24 20:47:50 425984 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx
2012-01-24 20:47:50 131072 ----a-w- c:\windows\system32\SafeAppRichList.ocx
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ------w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:20:44.13 ===============


And attach the "attach" file. I also attach the log at the end of the MBAM scanning and repair. I tried to run the gmer application however it was taking some time to finish so I left it for this morning (overnight after work) and somestage during the night the computer restarted and I lost the scan. I am running it now but it is from me being in safe mode so I do not know if it is useful and I am worried about logging back into to normal boot while I am getting the voluminous messages. I have to leave work now and gmer has not finished running. In the hopes there may be some assistance possible for when I return to work I am posting this now, and when I return I will also post the gmer log.

Any assistance would be greatly appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 Vaengence

Vaengence
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 21 February 2012 - 02:39 AM

Ok sorry about the double posting, My post is just sitting there with the ball spinning indefinetly and seems to be making the post title which I can see here but doesn't seem to be posting the contents - is there an issue with the board at the moment?

EDIT: OK it posted, took several minutes, not sure why, please excuse the other post and delete it when able.

Edited by Vaengence, 21 February 2012 - 02:41 AM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 21 February 2012 - 03:08 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Vaengence

Vaengence
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 21 February 2012 - 08:28 PM

Ok so I arrived at work this morning, looked at the post and have attempted to follow instructions, this was how it went:

My first attempt to disable Anti Virus software did not go well. Upon trying to do so with AVG, while in the middle of received message after message from it's live scanne, froze the computer once again and I could do nothing. In the end I rebooted and ran combofix from Safe Mode as that seemed to be the only way to get access to the computer without freezing and in the absence of scanners.

My next issue is that I get a warning when running ComboFix telling me Ad Aware is running and to close it - except it is not installed. I even ran Revo uninstaller and removed all traces of it including registry items, rebooted and it STILL keeps telling me Ad aware is running. In the end I had to just accept the warnings saying it may not work properly while the scanner is running.

After these two issues, it successfully installed the Recovery Console, started scanning, told me it had found ZeroAccess and warned it would be a pain to remove and that if I lost internet connectivity to restart and if not re run ComboFix. It then told me it found a rootkit and said it would restart itself.

It did this, then spent the next 20 minutes or so scanning after the reboot, the computer was left alone, it ended up restarting again by itself. When I logged back in, had a screen telling me that it was preparing the log report and to wait - however while this was on screen, the incessant messages from AVG started again. Before it had finished doing it's report I had more than a dozen messages regarding ZeroAccess. I disabled the AVG (which only allows me to do so for a maximum of 15 minutes) and the messages stopped and it finished the report.

Afterthe report was finished I disabled the AVG again (thankfully it is at least not freezing this time) and I have started ComboFix again. In the meantime I attach the log from it's first run through.

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 21 February 2012 - 08:30 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Vaengence

Vaengence
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 21 February 2012 - 11:22 PM

Ok the second scan took several hours to complete so it's been a while. You also asked me to paste the results so I have done so instead of attaching files. The TDSS scan took about 5 minutes and stated it found no infection - the log file is here:

11:37:16.0008 4544 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
11:37:18.0008 4544 ============================================================
11:37:18.0008 4544 Current date / time: 2012/02/22 11:37:18.0008
11:37:18.0008 4544 SystemInfo:
11:37:18.0008 4544
11:37:18.0008 4544 OS Version: 5.1.2600 ServicePack: 3.0
11:37:18.0008 4544 Product type: Workstation
11:37:18.0008 4544 ComputerName: RECEPTION
11:37:18.0008 4544 UserName: reception
11:37:18.0008 4544 Windows directory: C:\WINDOWS
11:37:18.0008 4544 System windows directory: C:\WINDOWS
11:37:18.0008 4544 Processor architecture: Intel x86
11:37:18.0008 4544 Number of processors: 2
11:37:18.0008 4544 Page size: 0x1000
11:37:18.0008 4544 Boot type: Normal boot
11:37:18.0008 4544 ============================================================
11:37:22.0274 4544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
11:37:22.0305 4544 \Device\Harddisk0\DR0:
11:37:22.0305 4544 MBR used
11:37:22.0305 4544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x248705F1
11:37:22.0352 4544 Initialize success
11:37:22.0352 4544 ============================================================
11:37:27.0102 5268 ============================================================
11:37:27.0102 5268 Scan started
11:37:27.0102 5268 Mode: Manual;
11:37:27.0102 5268 ============================================================
11:37:28.0227 5268 Abiosdsk - ok
11:37:28.0461 5268 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:37:28.0477 5268 abp480n5 - ok
11:37:28.0899 5268 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:37:28.0946 5268 ACPI - ok
11:37:29.0352 5268 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:37:29.0352 5268 ACPIEC - ok
11:37:29.0727 5268 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:37:29.0743 5268 adpu160m - ok
11:37:30.0149 5268 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:37:30.0165 5268 aec - ok
11:37:30.0633 5268 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:37:30.0680 5268 AFD - ok
11:37:31.0477 5268 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:37:31.0477 5268 agp440 - ok
11:37:31.0961 5268 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:37:31.0977 5268 agpCPQ - ok
11:37:32.0586 5268 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:37:32.0618 5268 Aha154x - ok
11:37:33.0227 5268 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:37:33.0274 5268 aic78u2 - ok
11:37:33.0961 5268 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:37:33.0961 5268 aic78xx - ok
11:37:34.0524 5268 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:37:34.0540 5268 AliIde - ok
11:37:34.0946 5268 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:37:34.0961 5268 alim1541 - ok
11:37:35.0446 5268 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:37:35.0446 5268 amdagp - ok
11:37:35.0805 5268 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:37:35.0805 5268 amsint - ok
11:37:36.0180 5268 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:37:36.0196 5268 Arp1394 - ok
11:37:36.0555 5268 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:37:36.0571 5268 asc - ok
11:37:36.0977 5268 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:37:36.0977 5268 asc3350p - ok
11:37:37.0368 5268 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:37:37.0368 5268 asc3550 - ok
11:37:37.0758 5268 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:37:37.0774 5268 AsyncMac - ok
11:37:38.0149 5268 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:37:38.0149 5268 atapi - ok
11:37:38.0524 5268 Atdisk - ok
11:37:38.0774 5268 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:37:38.0774 5268 Atmarpc - ok
11:37:39.0133 5268 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:37:39.0133 5268 audstub - ok
11:37:39.0524 5268 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
11:37:39.0524 5268 Avgfwdx - ok
11:37:39.0540 5268 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
11:37:39.0540 5268 Avgfwfd - ok
11:37:39.0961 5268 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
11:37:39.0993 5268 AVGIDSDriver - ok
11:37:40.0415 5268 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
11:37:40.0430 5268 AVGIDSEH - ok
11:37:40.0805 5268 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
11:37:40.0821 5268 AVGIDSFilter - ok
11:37:41.0180 5268 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
11:37:41.0180 5268 AVGIDSShim - ok
11:37:41.0618 5268 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:37:41.0665 5268 Avgldx86 - ok
11:37:42.0040 5268 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:37:42.0055 5268 Avgmfx86 - ok
11:37:42.0446 5268 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:37:42.0461 5268 Avgrkx86 - ok
11:37:42.0883 5268 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:37:42.0961 5268 Avgtdix - ok
11:37:43.0415 5268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:37:43.0415 5268 Beep - ok
11:37:43.0805 5268 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
11:37:43.0821 5268 Bridge - ok
11:37:43.0836 5268 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
11:37:43.0836 5268 BridgeMP - ok
11:37:43.0852 5268 catchme - ok
11:37:44.0227 5268 CBDisk (93c568904e116607df2389907a9d8899) C:\WINDOWS\system32\drivers\CBDisk.sys
11:37:44.0243 5268 CBDisk - ok
11:37:44.0696 5268 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:37:44.0696 5268 cbidf - ok
11:37:45.0102 5268 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:37:45.0102 5268 cbidf2k - ok
11:37:45.0493 5268 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:37:45.0493 5268 cd20xrnt - ok
11:37:45.0852 5268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:37:45.0852 5268 Cdaudio - ok
11:37:46.0415 5268 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:37:46.0430 5268 Cdfs - ok
11:37:46.0805 5268 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:37:46.0821 5268 Cdrom - ok
11:37:47.0165 5268 Changer - ok
11:37:47.0461 5268 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:37:47.0477 5268 CmBatt - ok
11:37:48.0008 5268 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:37:48.0008 5268 CmdIde - ok
11:37:48.0399 5268 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:37:48.0399 5268 Compbatt - ok
11:37:48.0774 5268 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:37:48.0774 5268 Cpqarray - ok
11:37:49.0180 5268 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:37:49.0227 5268 dac2w2k - ok
11:37:49.0665 5268 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:37:49.0665 5268 dac960nt - ok
11:37:50.0071 5268 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:37:50.0086 5268 Disk - ok
11:37:50.0696 5268 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:37:50.0883 5268 dmboot - ok
11:37:51.0290 5268 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:37:51.0336 5268 dmio - ok
11:37:51.0711 5268 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:37:51.0727 5268 dmload - ok
11:37:52.0118 5268 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:37:52.0149 5268 DMusic - ok
11:37:52.0540 5268 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:37:52.0555 5268 dpti2o - ok
11:37:52.0930 5268 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:37:52.0930 5268 drmkaud - ok
11:37:53.0477 5268 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:37:53.0508 5268 Fastfat - ok
11:37:53.0899 5268 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:37:53.0899 5268 Fdc - ok
11:37:54.0258 5268 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:37:54.0274 5268 Fips - ok
11:37:54.0743 5268 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:37:54.0743 5268 Flpydisk - ok
11:37:55.0180 5268 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:37:55.0211 5268 FltMgr - ok
11:37:55.0586 5268 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:37:55.0602 5268 Fs_Rec - ok
11:37:55.0868 5268 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:37:55.0899 5268 Ftdisk - ok
11:37:56.0258 5268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:37:56.0274 5268 GEARAspiWDM - ok
11:37:56.0649 5268 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:37:56.0665 5268 Gpc - ok
11:37:57.0071 5268 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:37:57.0102 5268 HDAudBus - ok
11:37:57.0493 5268 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:37:57.0493 5268 HidUsb - ok
11:37:57.0899 5268 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:37:57.0915 5268 hpn - ok
11:37:58.0336 5268 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:37:58.0415 5268 HTTP - ok
11:37:58.0774 5268 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:37:58.0790 5268 i2omgmt - ok
11:37:59.0149 5268 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:37:59.0149 5268 i2omp - ok
11:37:59.0540 5268 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:37:59.0555 5268 i8042prt - ok
11:38:00.0415 5268 ialm (522cb93a3ae5400a17ad27b4687f086d) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:38:00.0915 5268 ialm - ok
11:38:01.0305 5268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:38:01.0321 5268 Imapi - ok
11:38:01.0977 5268 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:38:01.0993 5268 ini910u - ok
11:38:04.0071 5268 IntcAzAudAddService (db42e18d0c15d2c95c4f45c8e565f7f2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:38:05.0696 5268 IntcAzAudAddService - ok
11:38:06.0071 5268 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:38:06.0071 5268 IntelIde - ok
11:38:06.0461 5268 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:38:06.0461 5268 intelppm - ok
11:38:06.0852 5268 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:38:06.0852 5268 Ip6Fw - ok
11:38:07.0415 5268 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:38:07.0430 5268 IpFilterDriver - ok
11:38:07.0805 5268 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:38:07.0821 5268 IpInIp - ok
11:38:08.0243 5268 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:38:08.0274 5268 IpNat - ok
11:38:08.0649 5268 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:38:08.0649 5268 IPSec - ok
11:38:09.0024 5268 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:38:09.0024 5268 IRENUM - ok
11:38:09.0415 5268 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:38:09.0430 5268 isapnp - ok
11:38:09.0805 5268 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
11:38:09.0805 5268 Iviaspi - ok
11:38:10.0133 5268 KAPFA - ok
11:38:10.0446 5268 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:38:10.0446 5268 Kbdclass - ok
11:38:10.0836 5268 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:38:10.0852 5268 kbdhid - ok
11:38:11.0258 5268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:38:11.0258 5268 kmixer - ok
11:38:11.0649 5268 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:38:11.0665 5268 KSecDD - ok
11:38:12.0071 5268 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
11:38:12.0086 5268 Lbd - ok
11:38:12.0415 5268 lbrtfdc - ok
11:38:12.0665 5268 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
11:38:12.0665 5268 MBAMProtector - ok
11:38:13.0055 5268 MDFSYSNT (2c70290d63eb639da23ed667b9ebdf84) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
11:38:13.0118 5268 MDFSYSNT - ok
11:38:13.0477 5268 MDPMGRNT (d94d2e968239ce7f01f2cfa503db57e1) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
11:38:13.0477 5268 MDPMGRNT - ok
11:38:13.0852 5268 MegaCom (1337cc19c137d72af9358265ad44396d) C:\WINDOWS\system32\DRIVERS\megabatteryX86.sys
11:38:13.0868 5268 MegaCom - ok
11:38:14.0227 5268 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:38:14.0227 5268 mnmdd - ok
11:38:14.0696 5268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:38:14.0711 5268 Modem - ok
11:38:15.0071 5268 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:38:15.0086 5268 Mouclass - ok
11:38:15.0446 5268 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:38:15.0446 5268 mouhid - ok
11:38:15.0805 5268 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:38:15.0821 5268 MountMgr - ok
11:38:16.0180 5268 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:38:16.0196 5268 mraid35x - ok
11:38:16.0618 5268 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:38:16.0665 5268 MRxDAV - ok
11:38:17.0149 5268 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:38:17.0258 5268 MRxSmb - ok
11:38:17.0649 5268 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:38:17.0649 5268 Msfs - ok
11:38:18.0040 5268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:38:18.0040 5268 MSKSSRV - ok
11:38:18.0477 5268 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:38:18.0477 5268 MSPCLOCK - ok
11:38:18.0883 5268 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:38:18.0883 5268 MSPQM - ok
11:38:19.0258 5268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:38:19.0258 5268 mssmbios - ok
11:38:19.0649 5268 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:38:19.0680 5268 Mup - ok
11:38:20.0086 5268 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:38:20.0086 5268 NDIS - ok
11:38:20.0461 5268 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:38:20.0461 5268 NdisTapi - ok
11:38:21.0055 5268 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:38:21.0055 5268 Ndisuio - ok
11:38:21.0446 5268 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:38:21.0461 5268 NdisWan - ok
11:38:21.0883 5268 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:38:21.0883 5268 NDProxy - ok
11:38:22.0243 5268 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
11:38:22.0243 5268 Netaapl - ok
11:38:22.0508 5268 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:38:22.0524 5268 NetBIOS - ok
11:38:22.0946 5268 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:38:22.0993 5268 NetBT - ok
11:38:23.0508 5268 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:38:23.0524 5268 NIC1394 - ok
11:38:23.0946 5268 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:38:23.0961 5268 Npfs - ok
11:38:24.0555 5268 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:38:24.0555 5268 Ntfs - ok
11:38:24.0930 5268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:38:24.0930 5268 Null - ok
11:38:25.0321 5268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:38:25.0336 5268 NwlnkFlt - ok
11:38:25.0852 5268 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:38:25.0868 5268 NwlnkFwd - ok
11:38:26.0274 5268 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:38:26.0290 5268 ohci1394 - ok
11:38:26.0696 5268 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:38:26.0711 5268 Parport - ok
11:38:27.0118 5268 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:38:27.0118 5268 PartMgr - ok
11:38:27.0477 5268 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:38:27.0477 5268 ParVdm - ok
11:38:27.0852 5268 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:38:27.0868 5268 PCI - ok
11:38:28.0196 5268 PCIDump - ok
11:38:28.0399 5268 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:38:28.0415 5268 PCIIde - ok
11:38:28.0805 5268 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:38:28.0836 5268 Pcmcia - ok
11:38:29.0305 5268 PDCOMP - ok
11:38:29.0665 5268 PDFRAME - ok
11:38:30.0243 5268 PDRELI - ok
11:38:30.0586 5268 PDRFRAME - ok
11:38:30.0805 5268 pelmouse (b4d92797d295807d6739637538d01ccb) C:\WINDOWS\system32\DRIVERS\pelmouse.sys
11:38:30.0805 5268 pelmouse - ok
11:38:31.0290 5268 pelusblf (d599661a3957de82aed3842cf9a669d6) C:\WINDOWS\system32\DRIVERS\pelusblf.sys
11:38:31.0305 5268 pelusblf - ok
11:38:31.0680 5268 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:38:31.0696 5268 perc2 - ok
11:38:32.0274 5268 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:38:32.0290 5268 perc2hib - ok
11:38:32.0696 5268 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
11:38:32.0696 5268 pmem - ok
11:38:33.0305 5268 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:38:33.0321 5268 PptpMiniport - ok
11:38:33.0727 5268 psadd (72de205cd4006dc45b1401859c506679) C:\WINDOWS\system32\DRIVERS\psadd.sys
11:38:33.0727 5268 psadd - ok
11:38:34.0165 5268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:38:34.0227 5268 PSched - ok
11:38:34.0618 5268 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:38:34.0633 5268 Ptilink - ok
11:38:34.0993 5268 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:38:35.0008 5268 PxHelp20 - ok
11:38:35.0399 5268 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:38:35.0415 5268 ql1080 - ok
11:38:35.0821 5268 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:38:35.0821 5268 Ql10wnt - ok
11:38:36.0211 5268 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:38:36.0227 5268 ql12160 - ok
11:38:36.0602 5268 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:38:36.0618 5268 ql1240 - ok
11:38:37.0008 5268 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:38:37.0008 5268 ql1280 - ok
11:38:37.0602 5268 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:38:37.0618 5268 RasAcd - ok
11:38:38.0805 5268 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:38:38.0852 5268 Rasl2tp - ok
11:38:39.0383 5268 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:38:39.0399 5268 RasPppoe - ok
11:38:39.0758 5268 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:38:39.0774 5268 Raspti - ok
11:38:40.0211 5268 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:38:40.0258 5268 Rdbss - ok
11:38:40.0633 5268 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:38:40.0633 5268 RDPCDD - ok
11:38:41.0024 5268 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:38:41.0071 5268 rdpdr - ok
11:38:41.0493 5268 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:38:41.0524 5268 RDPWD - ok
11:38:41.0883 5268 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:38:41.0899 5268 redbook - ok
11:38:42.0258 5268 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
11:38:42.0274 5268 regi - ok
11:38:42.0649 5268 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
11:38:42.0649 5268 ROOTMODEM - ok
11:38:43.0055 5268 RTLE8023xp (6fc7ddf3b8d94fba7ac664452d6478d4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:38:43.0102 5268 RTLE8023xp - ok
11:38:43.0493 5268 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:38:43.0493 5268 Secdrv - ok
11:38:43.0883 5268 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:38:43.0883 5268 Serenum - ok
11:38:44.0274 5268 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:38:44.0290 5268 Serial - ok
11:38:44.0665 5268 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:38:44.0665 5268 Sfloppy - ok
11:38:45.0008 5268 Simbad - ok
11:38:45.0415 5268 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:38:45.0430 5268 sisagp - ok
11:38:45.0477 5268 smihlp (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:38:45.0477 5268 smihlp - ok
11:38:45.0852 5268 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:38:45.0852 5268 Sparrow - ok
11:38:46.0493 5268 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:38:46.0493 5268 splitter - ok
11:38:46.0868 5268 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:38:46.0899 5268 sr - ok
11:38:47.0336 5268 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:38:47.0430 5268 Srv - ok
11:38:47.0821 5268 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:38:47.0821 5268 swenum - ok
11:38:48.0211 5268 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:38:48.0227 5268 swmidi - ok
11:38:48.0618 5268 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:38:48.0618 5268 symc810 - ok
11:38:48.0993 5268 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:38:48.0993 5268 symc8xx - ok
11:38:49.0399 5268 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:38:49.0415 5268 sym_hi - ok
11:38:49.0790 5268 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:38:49.0805 5268 sym_u3 - ok
11:38:50.0399 5268 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:38:50.0430 5268 sysaudio - ok
11:38:51.0196 5268 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:38:51.0196 5268 Tcpip - ok
11:38:51.0571 5268 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:38:51.0571 5268 TDPIPE - ok
11:38:51.0961 5268 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:38:51.0961 5268 TDTCP - ok
11:38:52.0352 5268 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:38:52.0352 5268 TermDD - ok
11:38:52.0727 5268 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:38:52.0727 5268 TosIde - ok
11:38:53.0102 5268 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
11:38:53.0102 5268 tvtfilter - ok
11:38:53.0493 5268 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:38:53.0524 5268 Udfs - ok
11:38:54.0071 5268 ULCDRHlp (a4e07da3ae2078bd96e84d4baa07b71d) C:\WINDOWS\system32\Drivers\ULCDRHlp.sys
11:38:54.0071 5268 ULCDRHlp - ok
11:38:54.0524 5268 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:38:54.0540 5268 ultra - ok
11:38:55.0008 5268 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:38:55.0102 5268 Update - ok
11:38:55.0493 5268 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
11:38:55.0493 5268 USBAAPL - ok
11:38:55.0868 5268 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:38:55.0883 5268 usbccgp - ok
11:38:56.0415 5268 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:38:56.0430 5268 usbehci - ok
11:38:56.0836 5268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:38:56.0852 5268 usbhub - ok
11:38:57.0227 5268 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:38:57.0227 5268 usbscan - ok
11:38:57.0633 5268 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:38:57.0649 5268 USBSTOR - ok
11:38:58.0024 5268 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:38:58.0024 5268 usbuhci - ok
11:38:58.0493 5268 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:38:58.0508 5268 VgaSave - ok
11:38:58.0868 5268 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:38:58.0883 5268 viaagp - ok
11:38:59.0243 5268 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:38:59.0243 5268 ViaIde - ok
11:38:59.0633 5268 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:38:59.0649 5268 VolSnap - ok
11:39:00.0008 5268 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:39:00.0024 5268 Wanarp - ok
11:39:00.0618 5268 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:39:00.0727 5268 Wdf01000 - ok
11:39:01.0118 5268 WDICA - ok
11:39:01.0571 5268 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:39:01.0602 5268 wdmaud - ok
11:39:01.0977 5268 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:39:01.0977 5268 WmiAcpi - ok
11:39:02.0336 5268 WPRO_41_2001 (47cc68138dadc5a0680acdedc7a924cf) C:\WINDOWS\system32\drivers\WPRO_41_2001.sys
11:39:02.0352 5268 WPRO_41_2001 - ok
11:39:02.0711 5268 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:39:02.0727 5268 WS2IFSL - ok
11:39:03.0102 5268 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:39:03.0118 5268 WudfPf - ok
11:39:03.0540 5268 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:39:03.0555 5268 WudfRd - ok
11:39:03.0618 5268 MBR (0x1B8) (d31e4afcce932589d2ce61cc9fe0151f) \Device\Harddisk0\DR0
11:39:03.0649 5268 \Device\Harddisk0\DR0 - ok
11:39:03.0649 5268 Boot (0x1200) (3b69f882724640011343d6c8e3277971) \Device\Harddisk0\DR0\Partition0
11:39:03.0649 5268 \Device\Harddisk0\DR0\Partition0 - ok
11:39:03.0649 5268 ============================================================
11:39:03.0649 5268 Scan finished
11:39:03.0649 5268 ============================================================
11:39:03.0665 1884 Detected object count: 0
11:39:03.0665 1884 Actual detected object count: 0



The Avast one (avsMBR) took several hours, from what I can tell it found one file, log is here:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 11:40:02
-----------------------------
11:40:02.883 OS Version: Windows 5.1.2600 Service Pack 3
11:40:02.883 Number of processors: 2 586 0x170A
11:40:02.883 ComputerName: RECEPTION UserName: reception
11:40:07.118 Initialize success
11:47:41.696 AVAST engine defs: 12022101
11:49:12.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:49:12.118 Disk 0 Vendor: ST3320418AS CC66 Size: 305245MB BusType: 3
11:49:12.133 Disk 0 MBR read successfully
11:49:12.133 Disk 0 MBR scan
11:49:12.196 Disk 0 unknown MBR code
11:49:12.196 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 299232 MB offset 63
11:49:12.227 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 6009 MB offset 612828720
11:49:12.227 Disk 0 scanning sectors +625136400
11:49:12.336 Disk 0 scanning C:\WINDOWS\system32\drivers
11:49:26.446 Service scanning
11:50:25.696 Modules scanning
11:50:43.540 Disk 0 trace - called modules:
11:50:43.680 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
11:50:43.680 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a445ab8]
11:50:43.680 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> \Device\00000083[0x8a449af0]
11:50:43.680 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a491d98]
11:50:47.790 AVAST engine scan C:\WINDOWS
11:51:49.633 AVAST engine scan C:\WINDOWS\system32
12:00:17.071 AVAST engine scan C:\WINDOWS\system32\drivers
12:00:53.133 AVAST engine scan C:\Documents and Settings\reception
12:27:50.008 File: C:\Documents and Settings\reception\Application Data\FixZeroAccess\Archive\serial.sys **INFECTED** Win32:Sirefef-NN [Rtk]
13:27:28.400 AVAST engine scan C:\Documents and Settings\All Users
13:31:19.685 Scan finished successfully
13:46:18.294 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\reception\Desktop\MBR.dat"
13:46:18.294 The log file has been saved successfully to "C:\Documents and Settings\reception\Desktop\aswMBR.txt"


Upon completion of both scans, neither required a restart. After both scans I reactiviated AVG and within seconds I am getting multiple threat warnings from ZeroAccess (.d) variant with no change from this morning.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 21 February 2012 - 11:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
C:\Documents and Settings\reception\Application Data\FixZeroAccess\Archive

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Vaengence

Vaengence
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 22 February 2012 - 01:13 AM

Ok the following is the report from running ComboFix - there were no errors or issues that I could see, but nothing changed, getting the block messages for ZeroAccess incessently.

ComboFix 12-02-21.02 - reception 22/02/2012 15:00:30.3.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1917.1471 [GMT 9.5:30]
Running from: c:\documents and settings\reception\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\reception\Desktop\CFScript.txt
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ABP480N5.SYS
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ACPI.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ACPIEC.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\adpu160m.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\aec.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\afd.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\agp440.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\agpCPQ.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\aha154x.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\aic78u2.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\aic78xx.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\aliide.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\alim1541.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\amdagp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\amsint.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\arp1394.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\asc.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\asc3350p.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\asc3550.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\asyncmac.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\atapi.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\atmarpc.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\audstub.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\avgfwdx.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\AVGIDSDriver.Sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\AVGIDSEH.Sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\AVGIDSFilter.Sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\AVGIDSShim.Sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\avgldx86.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\avgmfx86.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\avgrkx86.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\avgtdix.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Beep.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\bridge.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\CBDisk.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\cbidf2k.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\cd20xrnt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Cdaudio.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Cdfs.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\cdrom.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\CmBatt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\cmdide.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\compbatt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\cpqarray.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\dac2w2k.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\dac960nt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\disk.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\dmboot.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\dmio.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\dmload.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\DMusic.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\dpti2o.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\drmkaud.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Fastfat.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Fdc.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Fips.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\FixZeroAccess.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Flpydisk.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\fltMgr.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ftdisk.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\GEARAspiWDM.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\HDAudBus.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\hidusb.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\hpn.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\HTTP.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\i2omgmt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\i2omp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\i8042prt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\igxpmp32.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\imapi.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ini910u.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\intelide.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\intelppm.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Ip6Fw.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ipfltdrv.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ipinip.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ipnat.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ipsec.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\irenum.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\isapnp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\iviaspi.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\kbdclass.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\kbdhid.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\KernExplorer.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\kmixer.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\KSecDD.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Lbd.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mbam.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mbamswissarmy.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\MDFSYSNT.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\MDPMGRNT.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\megabatteryX86.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mnmdd.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Modem.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mouclass.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mouhid.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\MountMgr.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mraid35x.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mrxdav.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mrxsmb.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Msfs.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\msgpc.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\MSKSSRV.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\MSPCLOCK.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\MSPQM.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\mssmbios.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Mup.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\NDIS.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ndistapi.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ndisuio.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ndiswan.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\NDProxy.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\netaapl.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\netbios.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\netbt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\nic1394.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Npfs.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Ntfs.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Null.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\nwlnkflt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\nwlnkfwd.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ohci1394.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Parport.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\PartMgr.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ParVdm.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\pci.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\pciide.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\pcmcia.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\pelmouse.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\pelusblf.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\perc2.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\perc2hib.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\pmemnt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\psadd.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\psched.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ptilink.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\PxHelp20.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ql1080.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ql10wnt.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ql12160.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ql1240.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ql1280.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\rasacd.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\rasl2tp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\raspppoe.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\raspptp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\raspti.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\rdbss.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\RDPCDD.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\rdpdr.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\RDPWD.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\redbook.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\regi.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\RootMdm.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Rtenicxp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\RtkHDAud.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\secdrv.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\serenum.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\serial.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Sfloppy.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\sisagp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\smihlp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\sparrow.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\splitter.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\sr.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\srv.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\swenum.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\swmidi.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\sym_hi.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\sym_u3.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\symc810.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\symc8xx.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\sysaudio.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\tcpip.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\TDPIPE.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\TDTCP.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\termdd.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\toside.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\tvtfilter.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\Udfs.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ULCDRHlp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\ultra.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\update.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\usbaapl.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\usbccgp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\usbehci.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\usbhub.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\usbscan.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\USBSTOR.SYS
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\usbuhci.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\vga.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\viaagp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\viaide.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\VolSnap.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\wanarp.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\wdf01000.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\wdmaud.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\wmiacpi.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\WPRO_41_2001.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\WudfPf.sys
c:\documents and settings\reception\Application Data\FixZeroAccess\Archive\wudfrd.sys
c:\windows\system32\WPRO_41_2001woem.tmp
c:\windows\system32\WPRO_41_2001woem_nm.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-22 01:50 . 2012-02-22 05:46 35088 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2012-02-21 23:53 . 2008-04-13 15:15 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2012-02-21 23:40 . 2012-02-21 23:40 -------- d-----w- c:\program files\VS Revo Group
2012-02-21 06:17 . 2012-02-21 06:17 -------- d-----w- C:\Paessler
2012-02-20 06:43 . 2012-02-20 06:43 -------- d-----w- C:\Combo
2012-02-20 06:00 . 2012-02-22 05:42 -------- d-----w- c:\documents and settings\reception\Application Data\FixZeroAccess
2012-02-20 05:47 . 2012-02-20 05:47 -------- d-----w- c:\documents and settings\reception\Application Data\Malwarebytes
2012-02-20 05:46 . 2012-02-20 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-20 05:46 . 2012-02-20 05:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-20 05:46 . 2011-12-10 05:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-20 03:04 . 2012-02-20 03:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\Agent
2012-02-20 02:41 . 2012-02-20 02:41 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-20 02:36 . 2012-02-22 04:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-02-20 01:10 . 2008-04-13 15:15 64512 -c----w- c:\windows\system32\dllcache\serial.sys
2012-02-20 01:06 . 2012-02-20 01:06 -------- d-----w- c:\documents and settings\reception\Application Data\QuickScan
2012-02-19 23:55 . 2012-02-19 23:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Paessler
2012-02-19 23:54 . 2012-02-19 23:58 -------- d-----w- c:\program files\PRTG Network Monitor
2012-02-16 23:44 . 2012-02-16 23:44 -------- d-sh--w- c:\documents and settings\reception\Local Settings\Application Data\093d0a58
2012-02-16 23:36 . 2012-02-17 00:04 -------- d-----w- c:\program files\Stellar Phoenix Access Recovery
2012-02-16 23:34 . 2012-02-17 00:01 -------- d-----w- c:\program files\SysTools Access Recovery (Demo-Version)
2012-02-16 23:34 . 1998-04-26 14:30 570128 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\DAO350.DLL
2012-02-16 23:24 . 2012-02-16 23:26 -------- d-----w- c:\documents and settings\reception\Local Settings\Application Data\Cimaware
2012-02-16 23:10 . 2012-02-16 23:10 -------- d-----w- c:\documents and settings\reception\Local Settings\Application Data\{FFFA2FB9-4857-4475-8379-F36343DA5801}
2012-02-14 00:21 . 2012-02-14 00:33 -------- d-----w- c:\documents and settings\reception\MDBVU32
2012-02-09 05:28 . 2012-02-09 05:28 -------- d-----w- c:\documents and settings\reception\Application Data\Mste
2012-02-09 05:25 . 2012-02-09 05:25 -------- d-----w- c:\documents and settings\reception\Local Settings\Application Data\conduitEngine
2012-02-09 05:05 . 2012-02-09 05:05 -------- d-----w- c:\documents and settings\KMnetAdmin
2012-02-09 05:04 . 2012-02-09 05:05 -------- d-----w- c:\program files\PostgreSQL
2012-02-09 04:57 . 2012-02-09 04:57 -------- d-----w- c:\documents and settings\reception\Application Data\InstallShield
2012-02-09 02:39 . 2012-02-09 02:44 -------- d-----w- c:\program files\Kyocera Mita
2012-02-08 23:12 . 2012-02-20 03:04 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-01-30 05:10 . 2012-01-30 05:10 -------- d-----w- c:\program files\GIMPshop-2.0
2012-01-30 05:09 . 2012-01-30 05:09 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-01-30 05:03 . 2012-01-30 05:03 -------- d-----w- C:\Multimedia Files
2012-01-30 05:03 . 2012-01-30 05:04 -------- d-----w- c:\program files\Microsoft GIF Animator
2012-01-25 03:17 . 2012-01-25 03:17 -------- d-----w- c:\program files\Classic Menu for Office
2012-01-24 20:47 . 2012-01-24 20:47 69632 ----a-w- c:\windows\system32\CUUpdateComponent.ocx
2012-01-24 20:47 . 2012-01-24 20:47 425984 ----a-w- c:\windows\system32\ComputerUpdaterLM.ocx
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 20:47 . 2012-01-24 20:47 131072 ----a-w- c:\windows\system32\SafeAppRichList.ocx
2012-02-16 23:49 . 2012-02-16 23:49 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-12-14 00:52 . 2010-12-14 00:52 119808 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-22_00.54.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-22 05:44 . 2012-02-22 05:44 16384 c:\windows\temp\Perflib_Perfdata_818.dat
+ 2012-02-22 06:05 . 2012-02-22 06:05 16384 c:\windows\temp\Perflib_Perfdata_12a8.dat
+ 2010-12-10 05:52 . 2012-02-22 05:46 212925 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBit2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-16 18:04 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d5a20021-2084-4564-9449-bf195c577fbc}"= "mscoree.dll" [2009-11-05 297808]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-16 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{d5a20021-2084-4564-9449-bf195c577fbc}]
[HKEY_CLASSES_ROOT\Leap.Research.BHO.ResearchToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-04-02 222496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-01-12 18789920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-08 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-08 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-08 142872]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-08-18 393216]
"PWRAGD"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2009-09-02 72256]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-11-27 3081528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 289368]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-03-31 141312]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-14 30192]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-16 939872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-07 421736]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\reception\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
PRTG Enterprise Console.lnk - c:\program files\PRTG Network Monitor\PRTG Enterprise Console.exe [2012-2-20 4650768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-05-22 00:54 100104 ------w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgwdsvc.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\PRTG Network Monitor\\PRTG Probe.exe"=
"c:\\Program Files\\PRTG Network Monitor\\PRTG Server Administrator.exe"=
"c:\\Program Files\\PRTG Network Monitor\\PRTG Server.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRServer.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRFeature.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\DataProxy.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\inputserv.exe"=
"c:\\Program Files\\Splashtop\\Splashtop Remote\\Server\\SRLogin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"6150:TCP"= 6150:TCP:avgagent.exe
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22/02/2011 8:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 4:03 PM 32592]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [4/02/2010 10:52 AM 231016]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [22/01/2010 11:20 AM 29792]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/01/2011 6:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5/04/2011 12:59 AM 295248]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [7/12/2010 9:02 AM 57800]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [23/11/2011 2:36 AM 2391832]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 6:09 AM 192776]
R2 KMNAagent;KMnet Admin Agent Service;c:\program files\Kyocera\KMnet Admin Agent\bin\AgentServiceHost.exe [10/10/2011 4:55 PM 22528]
R2 KMnetAdminService;KMnetAdmin Service;c:\program files\Kyocera\KMnet Admin\bin\kwrapper.exe [9/02/2012 2:28 PM 122880]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [7/01/2010 10:22 AM 192512]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/02/2012 3:16 PM 652360]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\bin\pg_ctl.exe [17/03/2008 3:47 AM 77824]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [17/11/2010 3:28 AM 64064]
R2 PRTGCoreService;PRTG Core Server Service;c:\program files\PRTG Network Monitor\PRTG Server.exe [20/02/2012 9:24 AM 4345616]
R2 PRTGProbeService;PRTG Probe Service;c:\program files\PRTG Network Monitor\PRTG Probe.exe [20/02/2012 9:24 AM 3835152]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [18/04/2007 1:39 PM 11032]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [14/03/2009 8:17 AM 12560]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [9/02/2012 12:44 PM 531328]
R2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [10/11/2011 3:34 PM 370504]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [25/11/2008 9:04 AM 520192]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [17/01/2012 3:34 AM 909152]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 4:33 AM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14/04/2011 9:28 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 7:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 7:53 AM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/02/2012 3:16 PM 20464]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [22/02/2012 11:20 AM 35088]
S2 avgagent;AVG Remote Support Service (AvgAgent);avgagent.exe /srvfsys --> avgagent.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 6:25 AM 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/06/2011 12:15 PM 136176]
S2 MegaCom;MegaCom Driver;c:\windows\system32\drivers\megabatteryX86.sys [2/02/2011 3:12 PM 16448]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [29/07/2011 1:36 PM 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 4:33 AM 30944]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/12/2010 10:22 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/06/2011 12:15 PM 136176]
S3 KAPFA;KAPFA;\??\c:\windows\system32\drivers\KAPFA.SYS --> c:\windows\system32\drivers\KAPFA.SYS [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/02/2012 8:42 AM 129992]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [3/08/2011 8:41 AM 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S3 ZetafaxServer;Zetafax Server;c:\program files\Zetafax Server\SERVER\SYSMAN.EXE [30/04/2010 4:28 PM 198072]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hwpsgt
pnkbstrb
F700iob
se58mdfl
nvgts
dot4ufd
AVWLP_USB
cltnetcnservice
BCMTPM
slabser
ramaint
vrmonsvc
VAIOMediaPlatform-VideoServer-HTTP
SiS300i
s616mdfl
s125mgmt
vetmsgnt
webupdate
issm
ATWPKT2
MREMP50
swupdtmr
personalsecuredriveservice
anbmservice
se44mgmt
sscdmdfl
EIO
tphdexlgsvc
mgabgexe
ggsemc
upperdev
DN2AKNET
service1
SaiNtHid
maya70docserver
sis162u
rtl8023
hcmon
dot4
videoacceleratorengine
VCIDRV
tosrfhid
emu10k
rvsinst
ET5Drv
SndTDriverV32
RivaTuner32
merakcontrol
mcafeeantispyware
NVTCP
pinger
AmeLanPc
naiavfilter1
lbtserv
nwdls
zebrmdfl
z525obex
UsbDiag
ndiscm
HWIONT
lvuvc
ehstart
F700ius
si3114r
c34nb4c5
bdss
LXARScan
DeviceScanner
penrendezvous
PNDIS5
iaantmon
alertservice
se2Bnd5
pdlncbas
mssql$sqlexpress
U81xmdfl
oracleservicesecinst
TeamViewer
MRESP50
hsfhwbs2
sfsync04
TBPanel
ZDPNDIS5
winachsf
e1express
penclass
sddmi2
milshieldcleaner
iclarityqosservice
wm
TIEHDUSB
raidmagt
autostore
wpsscannersvc
xnacc
cdfsvc
df5serv
StkASSrv
ghaio
{e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
imonnt
openldap-slapd
TMHIDSRV
mstdc
CDRPDACC
a016obex
NVR0FLASHDev
sthda
ScsiPort
zpmysql
stacsv
WavxDMgr
lxby_device
SQLBrowser
msfwsvc
elnkfwppservice
sbp2port
ntuneservice
mf
z800bus
pavfnsvr
AlKernel
ibmsmbus
backuplauncher
syslogd
SQLAgent$ABBEYIIOFFLINE
pageserver
sfrem01
kwatchsvc
bthusb
vmusb
aolavupd
hamachi
s116obex
stirusb
quickhealfirewall
kservice
db2jds
pcouffin
usbohci
nscservice
sandboxu
pgpserv
dlacdbhm
cccredmgr
atkdisplf
CVPND
btwdins
emAudio
dnsexit
WMIService
sansaservice
rnadiagnosticsservice
CAMCAUD
uhcd
CnxTrLan
bthport
StickyMesger
lfsfilt
logmein
As6frin
bdfsfltr
a016mgmt
UBHelper
p2pimsvc
s125obex
epson_pm_rpcv2_01
artdhcp
noipducservice
sdbus
Bcim
cics.region2
pnmsrv
M2500
JiaoIO
rrrspy
sp_rssrv
s217nd5
CTSBLFX.DLL
MSW_USB
oracleorahomeagent
stac97
uagp35
webfilter
FVNETusb
LVVI500A
backupexecalertserver
proxyserverservice
AKSIFDH
wlankeeper
sqlserveragent
SilverLink
USB_RNDIS_XP
z525bus
WNCPKT
PEVSystemStart
mcods
kpfwsvc
GBDevice
smartwiservice
hsvcmod
avgclean
DirectUpdate
nmwcd
U81xmdm
nipxirmu
prfldsvc
KR3NPXP
s3ssavage
StarOpen
mr2kserv
QWAVEDRV
bobo
HssTrayService
gameenum
ASMMAP
uisp
mcshield
owstimer
afs2k
Pctspk
tb2launch
avfilter
wlmel51b
winmtsrv
V0070VID
MREMPR5
pimsgss
winachcf
pxfhbus
tappsrv
WBHWDOCT
shdserv
papyjoy
ipsecmon
caisafe
sprtsvc_smartagent
ZD1211BU(ZyDAS)
WGX
NETGEAR_MA111
mgabg
ppa3
acedrv05
SE2Emdm
alcxsens
s117bus
tfsndrct
odclientservice
raysatxsi5_0server
CTEAPSFX.DLL
dptrackerd
ASLDRService
pwd_2K
RIOUNIV
omniinet
VMAUDIO
MQAC
ptbsync
Xyz777s
TPPWRIF
nisum
websenseusagemonitor
VHidMinidrv
wtwservice
smserial
vcommmgr
vcdsecs
tpkd
DSXUSB
SaiNtBus
actser
SDdriver
enxpsvc
mssql$pinnaclesys
citrixwmiservice
CTSYN
VRcore
ZuneBusEnum
PCTINDIS5
NetMsmqActivator
AtcL002
rspndr
se26nd5
FETNDISB
sqlagent$soshome22
UxTuneUp
bthpan
EhttpSrv
RTL8023xp
atksgt
rslinx
SIODRV
i81x
rtl8139
athr
digisptiservice
mysqlinventime
mctaskmanager
axsnmsvc
usbvm321
nod32krn
ZTEusbnmea
HSX_DP
isdrv120
incdpass
bc_filter
bc_ngn
AN983
MASPINT
botcbs
ibmpmdrv
NWDHCP
hibernation
websensepolicyserver
pxfhserd
snmptrapdservice
CoachUsb
crcdisk
atitunep
sndsrvc
LHidKe
se59nd5
tfsncofs
rfcomm
cq_mem
tfsnudfa
tcpipBM
mrpostman
ss_bus
sweepsrv.sys
CBTNDIS5
szkg
smcirda
neokdss
SaiU040B
RDID1007
DELTA
nicser_wmp11
se45mgmt
lockmgr
fsbwsys
GTWModem
HIDSwvd
eventclientmultiplexer
s716bus
mcproxy
iomegaaccess
sfusvc
oracleorahomedatagatherer
S7oppilx
compaq_rba
PD0620VID
W700mdm
Sus2pl
NWADI
PCDCODEC
ino_flpy
NWUSBModem
NTIDrvr
CXTUNE
scarddrv
oracleorahomeclientcache
mozyFilter
IFP700
imonitor
statusagent
belmonitorservice
RIOXDRV
tdsmapi
ntiopnp
pdlnatcm
enecbpth
veteboot
spsslm
pctoolsfirewallplus
tsmapip
SE2Ebus
mcpromgr
pgfilter
LMIRfsClientNP
olregcap
ProcObsrv
lxcz_device
lkclassads
zebrbus
SE2Cobex
nv
emproxy
GcKernel
mcsysmon
REVOSENS
SWUMX51
tbhsd
sfilter
amdk77
sshrmd
iviVD
tfsnboio
TdmService
EntDrv51
DNE
PolarUSB
KMWDFilter
atixsaudio
tvs
pccsmcfd
adaptecstoragemanageragent
MKEMUSB
symlcbrd
avgfwsrv
s7oppitx
acprfmgrsvc
aniwzcsdservice
nsvcip
BCMModem
Defrag32
wanminiportservice
Hotkey
mfetdik
MA-620
MtxDma0
DC21x4
W55U01
teefer2
SE2Dmdfl
E1000
C-Dilla
ssmdrv
nhcDriverDevice
HFACSVC
caccprovsp
dlaifs_m
cdrbsvsd
zebrsce
blueletaudio
amusbprt
sfsync02
pdlndqll
FontCache3.0.0.0.
CE3
ScFBPNT3
vstor2-ws60
djsnetcn
spcstb
Via4in1
https-admserv61
viamraid
RTSTOR
infrastructure
vmnetdhcp
elbydelay
arhidfltr
ma763004
logonsvcid
nchssvad
ARCSOFTVIRTUALCAPTURE
avupdsvc
UMPass
AsDsm
AVerTV
fsaua
avc
DSDrv4
Slntamr
pktfilter
Tablet2k
taphss
ScFBPNT2
EACSys
entertainment
regmanserv
avg7rsxp
bt3cser
eabfiltr
tcpip6
cdr4_2k
KR10N
ownershipprotocol
rca
{834170a7-af3b-4d34-a757-e05eb29ee96d}
SenFiltService
quickbooksdb
ipahelper.exe
acdservice
vpn5000service
backupexecnotificationserver
emu10k1
clientservice
npkcsvc
proxyhostdriver
snoopfreesvc
ntsecure
ltck000c
igfx
MA8032C
avgarcln
ALABULK
DFUBTUSB
Cardex
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-NETWORK-reception.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 05:34]
.
2012-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 08:27]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 02:44]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-06 02:44]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3325171423-1364436385-843072378-1182Core.job
- c:\documents and settings\reception\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-04 09:00]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3325171423-1364436385-843072378-1182UA.job
- c:\documents and settings\reception\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-04 09:00]
.
2012-01-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-20 10:12]
.
2010-11-16 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-11-16 01:52]
.
2012-02-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2010-01-28 17:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{E103844C-F2F5-4774-9E0C-54BBA058C160}: NameServer = 8.8.8.8,8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ce36cc2&v=6.010.006.004&i=26&tp=ab&iy=&ychte=au&lng=en-GB&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 15:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMnetAdminService]
"ImagePath"="\"c:\program files\Kyocera\KMnet Admin\bin\kwrapper.exe\" -s \"C:/Program Files/Kyocera/KMnet Admin/conf/wrapper.conf\" \"set.NETADMIN_HOME=C:/Program Files/Kyocera/KMnet Admin\" \"set.JAVA_HOME=C:/Program Files/Java/jdk1.6.0_25\" \"set.TOMCAT_HOME=C:/Program Files/Kyocera/KMnet Admin/tomcat\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1312)
c:\windows\system32\vrlogon.dll
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\qlbase.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
.
- - - - - - - > 'lsass.exe'(1372)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(1276)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\AVG\AVG2012\avgsysx.dll
c:\program files\AVG\AVG2012\avgopensslx.dll
c:\program files\AVG\AVG2012\avgntopensslx.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\program files\Common Files\Mediafour\MACFPROP.DLL
c:\program files\Common Files\Mediafour\MACDRAPI.dll
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PostgreSQL\bin\postgres.exe
c:\program files\PostgreSQL\bin\postgres.exe
c:\program files\PostgreSQL\bin\postgres.exe
c:\program files\PostgreSQL\bin\postgres.exe
c:\program files\PostgreSQL\bin\postgres.exe
c:\program files\PostgreSQL\bin\postgres.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Java\jdk1.6.0_25\bin\java.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\progra~1\ThinkPad\UTILIT~1\DPMTray.exe
c:\program files\AVG\AVG2012\avgscanx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Lenovo\Client Security Solution\password_manager.exe
c:\program files\AVG\AVG2012\avgui.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\SyncServer.exe
c:\program files\PostgreSQL\bin\postgres.exe
c:\program files\PostgreSQL\bin\postgres.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-02-22 15:40:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-22 06:10
ComboFix2.txt 2012-02-22 02:06
ComboFix3.txt 2012-02-22 01:10
.
Pre-Run: 153,735,598,080 bytes free
Post-Run: 151,829,991,424 bytes free
.
- - End Of File - - C00FD4CC9E96FB81A71FD281767F106B

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 22 February 2012 - 08:21 AM

Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Vaengence

Vaengence
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 22 February 2012 - 09:11 PM

As much as it pains me to not have it fixed yet, I came in this morning, tried that, restarted and no change :(

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 23 February 2012 - 07:57 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Vaengence

Vaengence
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 23 February 2012 - 07:00 PM

Log as requested:

OTL logfile created on: 24/02/2012 8:47:51 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\reception\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.87 Gb Total Physical Memory | 0.35 Gb Available Physical Memory | 18.59% Memory free
3.72 Gb Paging File | 1.64 Gb Available in Paging File | 43.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 292.22 Gb Total Space | 141.88 Gb Free Space | 48.55% Space Free | Partition Type: NTFS
Drive G: | 33.24 Gb Total Space | 9.74 Gb Free Space | 29.30% Space Free | Partition Type: NTFS
Drive H: | 33.24 Gb Total Space | 9.74 Gb Free Space | 29.30% Space Free | Partition Type: NTFS
Drive K: | 33.24 Gb Total Space | 9.74 Gb Free Space | 29.30% Space Free | Partition Type: NTFS
Drive N: | 292.22 Gb Total Space | 141.88 Gb Free Space | 48.55% Space Free | Partition Type: NTFS
Drive P: | 33.24 Gb Total Space | 9.74 Gb Free Space | 29.30% Space Free | Partition Type: NTFS
Drive Y: | 33.24 Gb Total Space | 9.74 Gb Free Space | 29.30% Space Free | Partition Type: NTFS
Drive Z: | 45.19 Gb Total Space | 3.70 Gb Free Space | 8.19% Space Free | Partition Type: NTFS

Computer Name: RECEPTION | User Name: reception | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\reception\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PRTG Network Monitor\PRTG Server.exe (Paessler AG)
PRC - C:\Program Files\PRTG Network Monitor\PRTG Probe.exe (Paessler AG)
PRC - C:\Program Files\PRTG Network Monitor\PRTG Enterprise Console.exe (Paessler AG)
PRC - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe (Splashtop Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Kyocera\KMnet Admin\bin\kwrapper.exe ()
PRC - C:\Program Files\Kyocera\KMnet Admin Agent\bin\AgentServiceHost.exe (Kyocera Technology Development)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jdk1.6.0_25\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
PRC - C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
PRC - C:\WINDOWS\system32\mspaint.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\Client Security Solution\password_manager.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE ()
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE ()
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\davcdata.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\PostgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko10.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\8693c32b9a77f5049e986985525cf567\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\91cd88a803768151c6262853d3454ba7\System.DirectoryServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Kyocera\KMnet Admin\model-support\KcMV3Da.dll ()
MOD - C:\Program Files\Kyocera\KMnet Admin\bin\wrapper.dll ()
MOD - C:\Program Files\Kyocera\KMnet Admin\bin\kwrapper.exe ()
MOD - C:\Program Files\Kyocera\KMnet Admin Agent\system\Device.Base\Agent.ServiceBase.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.Tools.Common2007\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common2007.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll ()
MOD - C:\Program Files\PRTG Network Monitor\PaesslerTrafficControl.dll ()
MOD - C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\office.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll ()
MOD - C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Kyocera\KMnet Admin Agent\bin\lib\netsnmp.dll ()
MOD - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE ()
MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
MOD - C:\Program Files\ThinkPad\Utilities\DPMTray.EXE ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()
MOD - C:\Program Files\ThinkPad\Utilities\US\DPMTRAY.DLL ()
MOD - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files\Kyocera\KMnet Admin Agent\bin\SmartThreadPool.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()
MOD - c:\Program Files\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\RocketDock\RocketDock.exe ()
MOD - C:\Program Files\RocketDock\RocketDock.dll ()
MOD - C:\WINDOWS\system32\custmon32.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ZuneBusEnum) -- File not found
SRV - (ZTEusbnmea) -- File not found
SRV - (zpmysql) -- File not found
SRV - (zebrsce) -- File not found
SRV - (zebrmdfl) -- File not found
SRV - (zebrbus) -- File not found
SRV - (ZDPNDIS5) -- File not found
SRV - (ZD1211BU(ZyDAS)) -- File not found
SRV - (z800bus) -- File not found
SRV - (z525obex) -- File not found
SRV - (z525bus) -- File not found
SRV - (Xyz777s) -- File not found
SRV - (xnacc) -- File not found
SRV - (wtwservice) -- File not found
SRV - (wpsscannersvc) -- File not found
SRV - (WNCPKT) -- File not found
SRV - (WMIService) -- File not found
SRV - (wmdmpmsp) -- File not found
SRV - (wm) -- File not found
SRV - (wlmel51b) -- File not found
SRV - (wlankeeper) -- File not found
SRV - (winmtsrv) -- File not found
SRV - (winachsf) -- File not found
SRV - (winachcf) -- File not found
SRV - (WGX) -- File not found
SRV - (webupdate) -- File not found
SRV - (websenseusagemonitor) -- File not found
SRV - (websensepolicyserver) -- File not found
SRV - (webfilter) -- File not found
SRV - (WBHWDOCT) -- File not found
SRV - (WavxDMgr) -- File not found
SRV - (wanminiportservice) -- File not found
SRV - (W700mdm) -- File not found
SRV - (W55U01) -- File not found
SRV - (vstor2-ws60) -- File not found
SRV - (vrmonsvc) -- File not found
SRV - (VRcore) -- File not found
SRV - (vpn5000service) -- File not found
SRV - (vmusb) -- File not found
SRV - (vmnetdhcp) -- File not found
SRV - (VMAUDIO) -- File not found
SRV - (videoacceleratorengine) -- File not found
SRV - (viamraid) -- File not found
SRV - (Via4in1) -- File not found
SRV - (VHidMinidrv) -- File not found
SRV - (vetmsgnt) -- File not found
SRV - (veteboot) -- File not found
SRV - (vcommmgr) -- File not found
SRV - (VCIDRV) -- File not found
SRV - (usbohci) -- File not found
SRV - (UMPass) -- File not found
SRV - (UBHelper) -- File not found
SRV - (tpkd) -- File not found
SRV - (tosrfhid) -- File not found
SRV - (TIEHDUSB) -- File not found
SRV - (teefer2) -- File not found
SRV - (TdmService) -- File not found
SRV - (Tablet2k) -- File not found
SRV - (syslogd) -- File not found
SRV - (symlcbrd) -- File not found
SRV - (swupdtmr) -- File not found
SRV - (SWUMX51) -- File not found
SRV - (Sus2pl) -- File not found
SRV - (StkASSrv) -- File not found
SRV - (stirusb) -- File not found
SRV - (StickyMesger) -- File not found
SRV - (sthda) -- File not found
SRV - (statusagent) -- File not found
SRV - (StarOpen) -- File not found
SRV - (stacsv) -- File not found
SRV - (stac97) -- File not found
SRV - (sscdmdfl) -- File not found
SRV - (ss_bus) -- File not found
SRV - (sqlserveragent) -- File not found
SRV - (sqlagent$soshome22) -- File not found
SRV - (sprtsvc_smartagent) -- File not found
SRV - (sp_rssrv) -- File not found
SRV - (snoopfreesvc) -- File not found
SRV - (sndsrvc) -- File not found
SRV - (smserial) -- File not found
SRV - (slabser) -- File not found
SRV - (sfusvc) -- File not found
SRV - (SenFiltService) -- File not found
SRV - (se59nd5) -- File not found
SRV - (se58mdfl) -- File not found
SRV - (SE2Emdm) -- File not found
SRV - (ScsiPort) -- File not found
SRV - (scarddrv) -- File not found
SRV - (s716bus) -- File not found
SRV - (s616mdfl) -- File not found
SRV - (s125mgmt) -- File not found
SRV - (rtl8139) -- File not found
SRV - (rtl8023) -- File not found
SRV - (rslinx) -- File not found
SRV - (rrrspy) -- File not found
SRV - (regmanserv) -- File not found
SRV - (RDID1007) -- File not found
SRV - (rca) -- File not found
SRV - (raysatxsi5_0server) -- File not found
SRV - (ramaint) -- File not found
SRV - (quickhealfirewall) -- File not found
SRV - (quickbooksdb) -- File not found
SRV - (pxfhserd) -- File not found
SRV - (pxfhbus) -- File not found
SRV - (ptbsync) -- File not found
SRV - (proxyserverservice) -- File not found
SRV - (proxyhostdriver) -- File not found
SRV - (ppa3) -- File not found
SRV - (pnkbstrb) -- File not found
SRV - (PNDIS5) -- File not found
SRV - (personalsecuredriveservice) -- File not found
SRV - (pctoolsfirewallplus) -- File not found
SRV - (PCTINDIS5) -- File not found
SRV - (pavfnsvr) -- File not found
SRV - (papyjoy) -- File not found
SRV - (owstimer) -- File not found
SRV - (ownershipprotocol) -- File not found
SRV - (omniinet) -- File not found
SRV - (nvgts) -- File not found
SRV - (nv) -- File not found
SRV - (ntsecure) -- File not found
SRV - (NTIDrvr) -- File not found
SRV - (npkcsvc) -- File not found
SRV - (nod32krn) -- File not found
SRV - (NetMsmqActivator) -- File not found
SRV - (naiavfilter1) -- File not found
SRV - (MtxDma0) -- File not found
SRV - (mstdc) -- File not found
SRV - (msfwsvc) -- File not found
SRV - (MREMP50) -- File not found
SRV - (MQAC) -- File not found
SRV - (mctaskmanager) -- File not found
SRV - (mcsysmon) -- File not found
SRV - (mcshield) -- File not found
SRV - (mcproxy) -- File not found
SRV - (mcpromgr) -- File not found
SRV - (mcods) -- File not found
SRV - (mcafeeantispyware) -- File not found
SRV - (MASPINT) -- File not found
SRV - (MA8032C) -- File not found
SRV - (lxby_device) -- File not found
SRV - (ltck000c) -- File not found
SRV - (logmein) -- File not found
SRV - (lockmgr) -- File not found
SRV - (kservice) -- File not found
SRV - (KR3NPXP) -- File not found
SRV - (KR10N) -- File not found
SRV - (issm) -- File not found
SRV - (isdrv120) -- File not found
SRV - (ipahelper.exe) -- File not found
SRV - (iomegaaccess) -- File not found
SRV - (ino_flpy) -- File not found
SRV - (incdpass) -- File not found
SRV - (igfx) -- File not found
SRV - (i81x) -- File not found
SRV - (hwpsgt) -- File not found
SRV - (hsfhwbs2) -- File not found
SRV - (HFACSVC) -- File not found
SRV - (helpsvc) -- File not found
SRV - (hcmon) -- File not found
SRV - (hamachi) -- File not found
SRV - (gameenum) -- File not found
SRV - (F700iob) -- File not found
SRV - (eventclientmultiplexer) -- File not found
SRV - (emu10k1) -- File not found
SRV - (emu10k) -- File not found
SRV - (e1express) -- File not found
SRV - (E1000) -- File not found
SRV - (dot4ufd) -- File not found
SRV - (DFUBTUSB) -- File not found
SRV - (Defrag32) -- File not found
SRV - (CTSBLFX.DLL) -- File not found
SRV - (crcdisk) -- File not found
SRV - (compaq_rba) -- File not found
SRV - (cltnetcnservice) -- File not found
SRV - (clientservice) -- File not found
SRV - (citrixwmiservice) -- File not found
SRV - (cics.region2) -- File not found
SRV - (cdr4_2k) -- File not found
SRV - (Cardex) -- File not found
SRV - (caisafe) -- File not found
SRV - (btwdins) -- File not found
SRV - (bthusb) -- File not found
SRV - (blueletaudio) -- File not found
SRV - (bdss) -- File not found
SRV - (bdfsfltr) -- File not found
SRV - (BCMTPM) -- File not found
SRV - (backupexecnotificationserver) -- File not found
SRV - (AVWLP_USB) -- File not found
SRV - (avgfwsrv) -- File not found
SRV - (avgclean) -- File not found
SRV - (avgarcln) -- File not found
SRV - (avgagent) AVG Remote Support Service (AvgAgent) -- File not found
SRV - (avg7rsxp) -- File not found
SRV - (avfilter) -- File not found
SRV - (ATWPKT2) -- File not found
SRV - (atixsaudio) -- File not found
SRV - (atitunep) -- File not found
SRV - (arhidfltr) -- File not found
SRV - (aolavupd) -- File not found
SRV - (AlKernel) -- File not found
SRV - (alcxsens) -- File not found
SRV - (ALABULK) -- File not found
SRV - (AKSIFDH) -- File not found
SRV - (acedrv05) -- File not found
SRV - (acdservice) -- File not found
SRV - ({e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}) -- File not found
SRV - ({834170a7-af3b-4d34-a757-e05eb29ee96d}) -- File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PRTGCoreService) -- C:\Program Files\PRTG Network Monitor\PRTG Server.exe (Paessler AG)
SRV - (PRTGProbeService) -- C:\Program Files\PRTG Network Monitor\PRTG Probe.exe (Paessler AG)
SRV - (SplashtopRemoteService) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (SSUService) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (KMnetAdminService) -- C:\Program Files\Kyocera\KMnet Admin\bin\kwrapper.exe ()
SRV - (KMNAagent) -- C:\Program Files\Kyocera\KMnet Admin Agent\bin\AgentServiceHost.exe (Kyocera Technology Development)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (ZetafaxServer) -- C:\Program Files\Zetafax Server\SERVER\SYSMAN.EXE (EQUISYS plc)
SRV - (MacDrive8Service) -- C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WPRO_41_2001) WinPcap Packet Driver (WPRO_41_2001) -- C:\WINDOWS\system32\drivers\WPRO_41_2001.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Netaapl) -- C:\WINDOWS\system32\drivers\netaapl.sys (Apple Inc.)
DRV - (MDFSYSNT) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation)
DRV - (MegaCom) -- C:\WINDOWS\system32\drivers\megabatteryX86.sys (Mega System Technologies,Inc)
DRV - (MDPMGRNT) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS (Mediafour Corporation)
DRV - (CBDisk) -- C:\WINDOWS\system32\drivers\CBDisk.sys (EldoS Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\pelusblf.sys (TPMX Electronics Ltd.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (TPMX Electronics Ltd.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (ULCDRHlp) -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys (Ulead Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2985330338-1094013346-509909666-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-2985330338-1094013346-509909666-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-2985330338-1094013346-509909666-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.3.3.2
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {7585C31E-1E94-4498-ACEC-CB913A05FC52}:3.0.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ce36cc2&v=6.010.006.004&i=26&tp=ab&iy=&ychte=au&lng=en-GB&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\reception\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\reception\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 12.0a2\extensions\\Components: C:\Program Files\Aurora\components [2012/02/17 09:56:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 12.0a2\extensions\\Plugins: C:\Program Files\Aurora\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/09/16 12:35:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/01 09:54:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/17 03:35:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 09:19:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/17 14:33:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2010/11/17 03:40:24 | 000,000,000 | ---D | M]

[2010/11/17 15:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\reception\Application Data\Mozilla\Extensions
[2012/02/20 10:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions
[2010/11/19 08:34:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/09 08:48:48 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/03/09 12:42:58 | 000,000,000 | ---D | M] (Free eBook Search) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\{7585C31E-1E94-4498-ACEC-CB913A05FC52}
[2012/01/09 08:48:53 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/01/09 08:48:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/20 10:35:39 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/01/28 11:45:31 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/06/24 14:50:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\engine@conduit.com
[2012/01/31 08:39:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/17 03:35:03 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\10.0.0.7
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RECEPTION\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BAQXM4MI.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RECEPTION\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BAQXM4MI.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RECEPTION\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BAQXM4MI.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\RECEPTION\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BAQXM4MI.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012/02/01 09:54:45 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/02/17 09:19:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/12 12:34:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/17 09:19:19 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/17 03:34:41 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/17 09:19:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 09:19:19 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/17 09:19:19 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/17 09:19:19 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={FEB971B7-0B3B-4ACB-A222-F2C1663B4831}&mid=f44312518fdf6c9cb4cd3036ff5ec480-88cfb84c1e488046c4c6d69fc2cc46751a2eae79&lang=en&ds=AVG&pr=pr&d=2011-11-02 10:26:43&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: WPI Detector 1.1 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.4_0\
CHR - Extension: Google Search = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\reception\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/22 15:16:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWRAGD] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182..\Run: [ISUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2985330338-1094013346-509909666-1009..\RunOnce: [WLStart] C:\SWTOOLS\WindowsLive\execcmd.exe ()
O4 - Startup: C:\Documents and Settings\reception\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\reception\Start Menu\Programs\Startup\PRTG Enterprise Console.lnk = C:\Program Files\PRTG Network Monitor\PRTG Enterprise Console.exe (Paessler AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2985330338-1094013346-509909666-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2985330338-1094013346-509909666-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289975113680 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.102.1 139.130.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = network.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E103844C-F2F5-4774-9E0C-54BBA058C160}: DhcpNameServer = 192.168.102.1 139.130.4.4
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\reception\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\reception\Application Data\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/22 07:32:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/27 16:02:21 | 001,023,938 | ---- | M] () - N:\AutoRuns.arn -- [ NTFS ]
O32 - AutoRun File - [2011/07/27 16:03:13 | 000,065,421 | ---- | M] () - N:\AutoRuns.zip -- [ NTFS ]
O32 - AutoRun File - [2011/03/14 14:34:37 | 000,093,184 | ---- | M] () - Y:\AutoRecovery save of Affidavit - LL-FED-FMC-127.asd -- [ NTFS ]
O32 - AutoRun File - [2011/03/14 14:56:39 | 000,004,096 | ---- | M] () - Y:\AutoRecovery save of LEAP03FamilyTemplate.asd -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/23 14:54:14 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\reception\Desktop\HijackThis1991.exe
[2012/02/23 12:22:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/02/23 11:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\4D
[2012/02/23 11:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Application Data\4D
[2012/02/22 15:23:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/22 15:12:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/02/22 14:29:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/22 11:37:10 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Documents and Settings\reception\Desktop\aswMBR.exe
[2012/02/22 11:37:10 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\reception\Desktop\tdsskiller.exe
[2012/02/22 09:17:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/22 09:14:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/22 09:14:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/22 09:14:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/22 09:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/02/22 09:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Start Menu\Programs\Revo Uninstaller
[2012/02/22 09:05:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/22 09:03:46 | 004,414,945 | R--- | C] (Swearware) -- C:\Documents and Settings\reception\Desktop\ComboFix.exe
[2012/02/21 15:47:35 | 000,000,000 | ---D | C] -- C:\Paessler
[2012/02/20 16:13:25 | 000,000,000 | ---D | C] -- C:\Combo
[2012/02/20 16:01:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/20 16:00:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\reception\Start Menu\Programs\Administrative Tools
[2012/02/20 15:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Application Data\FixZeroAccess
[2012/02/20 15:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Application Data\Malwarebytes
[2012/02/20 15:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/20 15:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/20 15:16:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/20 15:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/20 14:50:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/02/20 12:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Agent
[2012/02/20 12:11:17 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/20 12:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/20 10:40:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serial.sys
[2012/02/20 10:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Application Data\QuickScan
[2012/02/20 09:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Paessler
[2012/02/20 09:24:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PRTG Network Monitor
[2012/02/20 09:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\PRTG Network Monitor
[2012/02/17 09:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellar Phoenix Access Recovery
[2012/02/17 09:14:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\reception\Local Settings\Application Data\093d0a58
[2012/02/17 09:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Stellar Phoenix Access Recovery
[2012/02/17 09:04:53 | 001,045,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJET35.DLL
[2012/02/17 09:04:53 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSREPL35.DLL
[2012/02/17 09:04:53 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRDO20.DLL
[2012/02/17 09:04:53 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VBAR332.DLL
[2012/02/17 09:04:53 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSXBSE35.DLL
[2012/02/17 09:04:53 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRD2X35.DLL
[2012/02/17 09:04:53 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSEXCL35.DLL
[2012/02/17 09:04:53 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSPDOX35.DLL
[2012/02/17 09:04:53 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSTEXT35.DLL
[2012/02/17 09:04:53 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RDOCURS.DLL
[2012/02/17 09:04:53 | 000,123,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJINT35.DLL
[2012/02/17 09:04:53 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJTER35.DLL
[2012/02/17 09:04:52 | 000,929,844 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC42D.DLL
[2012/02/17 09:04:52 | 000,798,773 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCO42D.DLL
[2012/02/17 09:04:52 | 000,516,173 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP60D.DLL
[2012/02/17 09:04:52 | 000,385,100 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL
[2012/02/17 09:04:52 | 000,274,485 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCD42D.DLL
[2012/02/17 09:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools Access Recovery (Demo-Version)
[2012/02/17 08:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Start Menu\Programs\Cimaware OfficeFIX 6
[2012/02/17 08:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Local Settings\Application Data\Cimaware
[2012/02/17 08:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Local Settings\Application Data\{FFFA2FB9-4857-4475-8379-F36343DA5801}
[2012/02/14 09:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\MDBVU32
[2012/02/09 14:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Application Data\Mste
[2012/02/09 14:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Local Settings\Application Data\conduitEngine
[2012/02/09 14:35:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PostgreSQL 8.3
[2012/02/09 14:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL
[2012/02/09 14:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Application Data\InstallShield
[2012/02/09 12:14:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Desktop\Printer Job Manager
[2012/02/09 12:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kyocera Mita
[2012/02/09 12:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kyocera Mita
[2012/02/09 12:09:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Desktop\Remote Operation Panel
[2012/02/09 08:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/02/09 08:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/01/30 14:40:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMPshop
[2012/01/30 14:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\GIMPshop-2.0
[2012/01/30 14:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/01/30 14:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Start Menu\Programs\Microsoft GIF Animator
[2012/01/30 14:33:21 | 000,000,000 | ---D | C] -- C:\Multimedia Files
[2012/01/30 14:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft GIF Animator
[2012/01/30 14:06:56 | 000,028,160 | ---- | C] (WhitSoft Development) -- C:\Documents and Settings\reception\Desktop\UnFREEz.exe
[2012/01/25 12:47:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Classic Menu for Office
[2012/01/25 12:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Menu for Office
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/24 08:45:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3325171423-1364436385-843072378-1182UA.job
[2012/02/24 08:45:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3325171423-1364436385-843072378-1182Core.job
[2012/02/24 08:40:01 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/24 08:35:28 | 000,273,592 | ---- | M] () -- C:\Infection.JPG
[2012/02/24 02:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-NETWORK-reception.job
[2012/02/23 23:42:49 | 089,858,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/02/23 21:40:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 16:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2012/02/23 15:41:13 | 000,289,882 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/23 14:44:35 | 000,035,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\WPRO_41_2001.sys
[2012/02/23 14:44:20 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/23 14:42:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/23 14:41:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/23 14:41:58 | 2010,370,048 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/23 14:39:00 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\7wyo61sh.exe
[2012/02/23 14:37:38 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Documents and Settings\reception\Desktop\HijackThis1991.exe
[2012/02/23 12:00:35 | 000,000,243 | ---- | M] () -- C:\WINDOWS\MYOBP.INI
[2012/02/23 12:00:34 | 000,000,042 | ---- | M] () -- C:\WINDOWS\MYOB.INI
[2012/02/23 11:50:04 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\reception\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/02/22 20:17:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/22 19:52:02 | 000,561,436 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/22 19:52:02 | 000,105,362 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/22 15:16:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/22 14:18:30 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/22 14:18:30 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/22 13:46:18 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\MBR.dat
[2012/02/22 11:39:55 | 000,001,031 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\Install Wake On LAN.lnk
[2012/02/22 11:03:31 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Documents and Settings\reception\Desktop\aswMBR.exe
[2012/02/22 11:03:04 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\reception\Desktop\tdsskiller.exe
[2012/02/22 09:17:48 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/22 09:10:47 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\Revo Uninstaller.lnk
[2012/02/22 09:04:13 | 004,414,945 | R--- | M] (Swearware) -- C:\Documents and Settings\reception\Desktop\ComboFix.exe
[2012/02/21 16:57:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/20 15:16:59 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 12:11:16 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/20 09:29:20 | 000,001,792 | ---- | M] () -- C:\Documents and Settings\reception\Start Menu\Programs\Startup\PRTG Enterprise Console.lnk
[2012/02/20 09:28:44 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\reception\Application Data\Microsoft\Internet Explorer\Quick Launch\PRTG Enterprise Console.lnk
[2012/02/20 09:28:44 | 000,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PRTG Enterprise Console.lnk
[2012/02/20 09:28:44 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PRTG Network Monitor.lnk
[2012/02/18 21:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/02/18 03:41:40 | 000,621,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/02/17 14:07:53 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\reception\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/17 14:07:52 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\Google Chrome.lnk
[2012/02/17 10:47:34 | 000,286,720 | ---- | M] () -- C:\Documents and Settings\reception\My Documents\Mail.accdb
[2012/02/17 08:54:10 | 000,001,411 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\AccessFIX.lnk
[2012/02/16 10:02:25 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\HTTrack Website Copier.lnk
[2012/02/15 17:01:10 | 000,001,756 | -H-- | M] () -- C:\Documents and Settings\reception\My Documents\Default.rdp
[2012/02/14 10:02:25 | 000,000,266 | ---- | M] () -- C:\WINDOWS\xvport.ini
[2012/02/09 10:06:34 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\reception\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 09:54:46 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/01/31 15:52:34 | 000,598,016 | ---- | M] () -- C:\Documents and Settings\reception\My Documents\Display_Backup.accdb
[2012/01/31 15:49:38 | 000,921,600 | ---- | M] () -- C:\Documents and Settings\reception\My Documents\Display.accdb
[2012/01/31 15:49:29 | 000,000,064 | ---- | M] () -- C:\Documents and Settings\reception\My Documents\Display.laccdb
[2012/01/30 14:41:00 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\reception\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/01/30 14:41:00 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2012/01/30 14:39:33 | 000,001,625 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\Free iPod Touch Games Daily.lnk
[2012/01/30 14:39:33 | 000,001,623 | ---- | M] () -- C:\Documents and Settings\reception\Desktop\Free Whales ScreenSaver.lnk
[2012/01/25 12:47:21 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Classic Menu Manager.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/24 08:35:28 | 000,273,592 | ---- | C] () -- C:\Infection.JPG
[2012/02/23 14:54:14 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\7wyo61sh.exe
[2012/02/23 14:44:35 | 000,035,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\WPRO_41_2001.sys
[2012/02/23 14:41:58 | 2010,370,048 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/22 14:18:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/22 14:18:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/22 13:46:18 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\MBR.dat
[2012/02/22 11:39:55 | 000,001,031 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\Install Wake On LAN.lnk
[2012/02/22 10:17:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/22 09:17:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/22 09:17:44 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/22 09:14:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/22 09:14:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/22 09:14:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/22 09:14:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/22 09:14:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/22 09:10:47 | 000,000,924 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\Revo Uninstaller.lnk
[2012/02/20 15:16:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/20 09:29:20 | 000,001,792 | ---- | C] () -- C:\Documents and Settings\reception\Start Menu\Programs\Startup\PRTG Enterprise Console.lnk
[2012/02/20 09:24:47 | 000,000,866 | ---- | C] () -- C:\Documents and Settings\reception\Application Data\Microsoft\Internet Explorer\Quick Launch\PRTG Enterprise Console.lnk
[2012/02/20 09:24:47 | 000,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PRTG Enterprise Console.lnk
[2012/02/20 09:24:46 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PRTG Network Monitor.lnk
[2012/02/17 10:47:28 | 000,286,720 | ---- | C] () -- C:\Documents and Settings\reception\My Documents\Mail.accdb
[2012/02/17 08:54:10 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\AccessFIX.lnk
[2012/02/16 10:02:25 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\HTTrack Website Copier.lnk
[2012/02/14 10:02:22 | 000,000,266 | ---- | C] () -- C:\WINDOWS\xvport.ini
[2012/02/09 12:09:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\LMServer.exe
[2012/02/09 12:09:45 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\LMServerps.dll
[2012/02/09 12:09:45 | 000,000,223 | ---- | C] () -- C:\WINDOWS\KcMV3DGD.ini
[2012/01/31 15:48:58 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\reception\My Documents\Display.laccdb
[2012/01/31 15:48:54 | 000,921,600 | ---- | C] () -- C:\Documents and Settings\reception\My Documents\Display.accdb
[2012/01/30 14:41:00 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\reception\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/01/30 14:39:33 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\Free iPod Touch Games Daily.lnk
[2012/01/30 14:39:33 | 000,001,623 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\Free Whales ScreenSaver.lnk
[2012/01/27 16:51:25 | 000,835,584 | ---- | C] () -- C:\Documents and Settings\reception\Desktop\Display.accdb
[2012/01/25 12:47:21 | 000,001,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Classic Menu Manager.lnk
[2011/11/28 16:48:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/22 16:50:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\KGOleSrv.INI
[2011/02/10 10:09:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/01/25 17:07:56 | 002,239,401 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3325171423-1364436385-843072378-1182-0.dat
[2011/01/25 17:07:55 | 000,356,066 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/10 17:03:34 | 000,378,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/10 15:22:37 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/12/10 15:22:36 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/12/10 15:22:36 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/12/08 16:36:48 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/11/23 10:03:27 | 000,074,896 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/22 10:39:24 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\reception\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/18 10:41:41 | 000,000,243 | ---- | C] () -- C:\WINDOWS\MYOBP.INI
[2010/11/18 10:41:41 | 000,000,042 | ---- | C] () -- C:\WINDOWS\MYOB.INI
[2010/11/18 10:29:17 | 000,000,663 | ---- | C] () -- C:\WINDOWS\openrda.ini
[2010/11/18 10:29:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvxl32.INI
[2010/11/18 10:29:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\drvwd32.INI
[2010/11/17 15:34:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/17 15:06:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2010/11/17 15:03:58 | 001,489,920 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/11/17 15:00:04 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2010/11/17 14:51:07 | 000,042,796 | ---- | C] () -- C:\WINDOWS\System32\4dmsg.dll
[2010/11/17 03:47:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/11/17 03:38:56 | 000,150,080 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2010/11/17 03:28:36 | 000,035,392 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/11/17 03:17:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/11/17 03:17:41 | 000,982,196 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/11/17 03:17:41 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 261 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
@Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 24 February 2012 - 07:16 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105 File not found
    SRV - (ZuneBusEnum) -- File not found
    SRV - (ZTEusbnmea) -- File not found
    SRV - (zpmysql) -- File not found
    SRV - (zebrsce) -- File not found
    SRV - (zebrmdfl) -- File not found
    SRV - (zebrbus) -- File not found
    SRV - (ZDPNDIS5) -- File not found
    SRV - (ZD1211BU(ZyDAS)) -- File not found
    SRV - (z800bus) -- File not found
    SRV - (z525obex) -- File not found
    SRV - (z525bus) -- File not found
    SRV - (Xyz777s) -- File not found
    SRV - (xnacc) -- File not found
    SRV - (wtwservice) -- File not found
    SRV - (wpsscannersvc) -- File not found
    SRV - (WNCPKT) -- File not found
    SRV - (WMIService) -- File not found
    SRV - (wmdmpmsp) -- File not found
    SRV - (wm) -- File not found
    SRV - (wlmel51b) -- File not found
    SRV - (wlankeeper) -- File not found
    SRV - (winmtsrv) -- File not found
    SRV - (winachsf) -- File not found
    SRV - (winachcf) -- File not found
    SRV - (WGX) -- File not found
    SRV - (webupdate) -- File not found
    SRV - (websenseusagemonitor) -- File not found
    SRV - (websensepolicyserver) -- File not found
    SRV - (webfilter) -- File not found
    SRV - (WBHWDOCT) -- File not found
    SRV - (WavxDMgr) -- File not found
    SRV - (wanminiportservice) -- File not found
    SRV - (W700mdm) -- File not found
    SRV - (W55U01) -- File not found
    SRV - (vstor2-ws60) -- File not found
    SRV - (vrmonsvc) -- File not found
    SRV - (VRcore) -- File not found
    SRV - (vpn5000service) -- File not found
    SRV - (vmusb) -- File not found
    SRV - (vmnetdhcp) -- File not found
    SRV - (VMAUDIO) -- File not found
    SRV - (videoacceleratorengine) -- File not found
    SRV - (viamraid) -- File not found
    SRV - (Via4in1) -- File not found
    SRV - (VHidMinidrv) -- File not found
    SRV - (vetmsgnt) -- File not found
    SRV - (veteboot) -- File not found
    SRV - (vcommmgr) -- File not found
    SRV - (VCIDRV) -- File not found
    SRV - (usbohci) -- File not found
    SRV - (UMPass) -- File not found
    SRV - (UBHelper) -- File not found
    SRV - (tpkd) -- File not found
    SRV - (tosrfhid) -- File not found
    SRV - (TIEHDUSB) -- File not found
    SRV - (teefer2) -- File not found
    SRV - (TdmService) -- File not found
    SRV - (Tablet2k) -- File not found
    SRV - (syslogd) -- File not found
    SRV - (symlcbrd) -- File not found
    SRV - (swupdtmr) -- File not found
    SRV - (SWUMX51) -- File not found
    SRV - (Sus2pl) -- File not found
    SRV - (StkASSrv) -- File not found
    SRV - (stirusb) -- File not found
    SRV - (StickyMesger) -- File not found
    SRV - (sthda) -- File not found
    SRV - (statusagent) -- File not found
    SRV - (StarOpen) -- File not found
    SRV - (stacsv) -- File not found
    SRV - (stac97) -- File not found
    SRV - (sscdmdfl) -- File not found
    SRV - (ss_bus) -- File not found
    SRV - (sqlserveragent) -- File not found
    SRV - (sqlagent$soshome22) -- File not found
    SRV - (sprtsvc_smartagent) -- File not found
    SRV - (sp_rssrv) -- File not found
    SRV - (snoopfreesvc) -- File not found
    SRV - (sndsrvc) -- File not found
    SRV - (smserial) -- File not found
    SRV - (slabser) -- File not found
    SRV - (sfusvc) -- File not found
    SRV - (SenFiltService) -- File not found
    SRV - (se59nd5) -- File not found
    SRV - (se58mdfl) -- File not found
    SRV - (SE2Emdm) -- File not found
    SRV - (ScsiPort) -- File not found
    SRV - (scarddrv) -- File not found
    SRV - (s716bus) -- File not found
    SRV - (s616mdfl) -- File not found
    SRV - (s125mgmt) -- File not found
    SRV - (rtl8139) -- File not found
    SRV - (rtl8023) -- File not found
    SRV - (rslinx) -- File not found
    SRV - (rrrspy) -- File not found
    SRV - (regmanserv) -- File not found
    SRV - (RDID1007) -- File not found
    SRV - (rca) -- File not found
    SRV - (raysatxsi5_0server) -- File not found
    SRV - (ramaint) -- File not found
    SRV - (quickhealfirewall) -- File not found
    SRV - (quickbooksdb) -- File not found
    SRV - (pxfhserd) -- File not found
    SRV - (pxfhbus) -- File not found
    SRV - (ptbsync) -- File not found
    SRV - (proxyserverservice) -- File not found
    SRV - (proxyhostdriver) -- File not found
    SRV - (ppa3) -- File not found
    SRV - (pnkbstrb) -- File not found
    SRV - (PNDIS5) -- File not found
    SRV - (personalsecuredriveservice) -- File not found
    SRV - (pctoolsfirewallplus) -- File not found
    SRV - (PCTINDIS5) -- File not found
    SRV - (pavfnsvr) -- File not found
    SRV - (papyjoy) -- File not found
    SRV - (owstimer) -- File not found
    SRV - (ownershipprotocol) -- File not found
    SRV - (omniinet) -- File not found
    SRV - (nvgts) -- File not found
    SRV - (nv) -- File not found
    SRV - (ntsecure) -- File not found
    SRV - (NTIDrvr) -- File not found
    SRV - (npkcsvc) -- File not found
    SRV - (nod32krn) -- File not found
    SRV - (NetMsmqActivator) -- File not found
    SRV - (naiavfilter1) -- File not found
    SRV - (MtxDma0) -- File not found
    SRV - (mstdc) -- File not found
    SRV - (msfwsvc) -- File not found
    SRV - (MREMP50) -- File not found
    SRV - (MQAC) -- File not found
    SRV - (mctaskmanager) -- File not found
    SRV - (mcsysmon) -- File not found
    SRV - (mcshield) -- File not found
    SRV - (mcproxy) -- File not found
    SRV - (mcpromgr) -- File not found
    SRV - (mcods) -- File not found
    SRV - (mcafeeantispyware) -- File not found
    SRV - (MASPINT) -- File not found
    SRV - (MA8032C) -- File not found
    SRV - (lxby_device) -- File not found
    SRV - (ltck000c) -- File not found
    SRV - (logmein) -- File not found
    SRV - (lockmgr) -- File not found
    SRV - (kservice) -- File not found
    SRV - (KR3NPXP) -- File not found
    SRV - (KR10N) -- File not found
    SRV - (issm) -- File not found
    SRV - (isdrv120) -- File not found
    SRV - (ipahelper.exe) -- File not found
    SRV - (iomegaaccess) -- File not found
    SRV - (ino_flpy) -- File not found
    SRV - (incdpass) -- File not found
    SRV - (igfx) -- File not found
    SRV - (i81x) -- File not found
    SRV - (hwpsgt) -- File not found
    SRV - (hsfhwbs2) -- File not found
    SRV - (HFACSVC) -- File not found
    SRV - (helpsvc) -- File not found
    SRV - (hcmon) -- File not found
    SRV - (hamachi) -- File not found
    SRV - (gameenum) -- File not found
    SRV - (F700iob) -- File not found
    SRV - (eventclientmultiplexer) -- File not found
    SRV - (emu10k1) -- File not found
    SRV - (emu10k) -- File not found
    SRV - (e1express) -- File not found
    SRV - (E1000) -- File not found
    SRV - (dot4ufd) -- File not found
    SRV - (DFUBTUSB) -- File not found
    SRV - (Defrag32) -- File not found
    SRV - (CTSBLFX.DLL) -- File not found
    SRV - (crcdisk) -- File not found
    SRV - (compaq_rba) -- File not found
    SRV - (cltnetcnservice) -- File not found
    SRV - (clientservice) -- File not found
    SRV - (citrixwmiservice) -- File not found
    SRV - (cics.region2) -- File not found
    SRV - (cdr4_2k) -- File not found
    SRV - (Cardex) -- File not found
    SRV - (caisafe) -- File not found
    SRV - (btwdins) -- File not found
    SRV - (bthusb) -- File not found
    SRV - (blueletaudio) -- File not found
    SRV - (bdss) -- File not found
    SRV - (bdfsfltr) -- File not found
    SRV - (BCMTPM) -- File not found
    SRV - (backupexecnotificationserver) -- File not found
    SRV - (AVWLP_USB) -- File not found
    SRV - (avgfwsrv) -- File not found
    SRV - (avgclean) -- File not found
    SRV - (avgarcln) -- File not found
    SRV - (avgagent) AVG Remote Support Service (AvgAgent) -- File not found
    SRV - (avg7rsxp) -- File not found
    SRV - (avfilter) -- File not found
    SRV - (ATWPKT2) -- File not found
    SRV - (atixsaudio) -- File not found
    SRV - (atitunep) -- File not found
    SRV - (arhidfltr) -- File not found
    SRV - (aolavupd) -- File not found
    SRV - (AlKernel) -- File not found
    SRV - (alcxsens) -- File not found
    SRV - (ALABULK) -- File not found
    SRV - (AKSIFDH) -- File not found
    SRV - (acedrv05) -- File not found
    SRV - (acdservice) -- File not found
    SRV - ({e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}) -- File not found
    SRV - ({834170a7-af3b-4d34-a757-e05eb29ee96d}) -- File not found
    @Alternate Data Stream - 261 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A870F8B
    @Alternate Data Stream - 238 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
    IE - HKU\S-1-5-21-3325171423-1364436385-843072378-1182\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
    FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
    [2011/06/24 14:50:35 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\reception\Application Data\Mozilla\Firefox\Profiles\baqxm4mi.default\extensions\engine@conduit.com
    O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
    [2012/02/09 14:55:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\reception\Local Settings\Application Data\conduitEngine
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Vaengence

Vaengence
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:55 PM

Posted 26 February 2012 - 07:13 PM

The most recent post was unfortunately after I left work for Friday afternoon, so I didn't get a chance to try it Friday. I have come in this morning and this was the first thing I attempted to do on the computer however the computer has now essentially frozen (can move the mouse around but nothing is responding). I assumed it was still working so have left it alone, but it has been like this now for over an hour. Is this normal?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 26 February 2012 - 08:21 PM

Hello


Ok stop OTL from the task manager and then run a new scan only this time and send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users