Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess rootkit


  • This topic is locked This topic is locked
29 replies to this topic

#1 strikerx

strikerx

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 30 March 2012 - 12:55 PM

Its been a very long time that I've needed assistance and now that I do I find out security-forums.com is now renamed and no longer helping remove bugs. I understand why and am glad they have have redirection information. Anyhow, my pc is sick with the ZeroAccess rootkit bug. AVG keeps finding threats and once I direct it to move the threat to vault it detects a new threat. So I figure there is more to what AVG is detecting. I've read the stickies and will post and attach the logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Armando at 10:48:56 on 2012-03-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1123 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\LogMeIn\x86\LogMeInToolkit.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [<NO NAME>]
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301622855812
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301622851031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6964ED35-78DE-41FB-A8E1-B9BF33A7BDF8} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-1-17 47640]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-11 2218600]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-3-31 119272]
S2 ca-messagequeuing;Rapapp;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]
S2 Slpsvdr;Rpcnet;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253600]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-30 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-03-30 03:06:01 -------- d-s---w- C:\ComboFix
2012-03-30 00:16:00 -------- d-sha-r- C:\cmdcons
2012-03-30 00:13:44 98816 ----a-w- c:\windows\sed.exe
2012-03-30 00:13:44 518144 ----a-w- c:\windows\SWREG.exe
2012-03-30 00:13:44 256000 ----a-w- c:\windows\PEV.exe
2012-03-30 00:13:44 208896 ----a-w- c:\windows\MBR.exe
2012-03-29 23:30:16 388096 ----a-r- c:\documents and settings\armando\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-29 23:30:15 -------- d-----w- c:\program files\Trend Micro
2012-03-29 11:06:30 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-01 03:23:39 -------- d-----w- c:\windows\pss
2012-03-01 03:21:31 -------- d-----w- c:\program files\CCleaner
2012-03-01 02:13:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 02:08:39 169928 ----a-w- c:\program files\64res.dll
2012-03-01 02:07:06 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
2012-03-29 11:06:30 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-21 16:29:26 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-21 16:29:25 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-21 16:29:25 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-02-21 16:29:25 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-29 20:22:55 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 10:54:31.76 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:35 AM

Posted 03 April 2012 - 11:55 AM

Hello strikerx,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Backdoor Warning

One or more of the identified infections (ZeroAccess) is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

====================================================================================


Please download ComboFix from the followingl location:* IMPORTANT !!! Save ComboFix.exe to your Desktop.
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on Combofix icon Posted Image & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

We need to create an OTL Report
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

====================================================================================


In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt
  • OTL.txt
  • Extra.txt


How is your machine behaving now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 05 April 2012 - 08:05 AM

I downloaded combofix, temporarily disabled AVG and my firewall. I ran combofix and it said it needed to reboot the computer. After the reboot it started to do its thing but then locked up at process 50. I left the computer on overnight and woke up to the same process 50 complete.

I did run the other reports after the failed combofix try

OTL logfile created on: 4/5/2012 7:49:26 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Armando\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 59.88% Memory free
3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 584.90 Gb Free Space | 41.86% Space Free | Partition Type: NTFS

Computer Name: AH-C99383DA6C57 | User Name: Armando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/05 07:48:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
PRC - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 14:39:06 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/09 12:15:51 | 005,934,712 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012/02/21 11:29:32 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/21 11:29:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/10/09 12:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/04/08 00:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/12 14:39:06 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/12 14:39:05 | 001,869,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
MOD - [2012/03/12 14:39:05 | 000,692,224 | ---- | M] () -- C:\Program Files\AVG Secure Search\iGearedHelper.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/18 20:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsejcap.dll -- (ZuneBusEnum)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaudio.dll -- (wlluc48)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\https-admserv61.dll -- (websenseuserservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symtdi.dll -- (websensepolicyserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\x10nets.dll -- (wap3gx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BlueSoleilCS.dll -- (vmnetbridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\odysseyIM4.dll -- (vmkbd2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbuhci.dll -- (viamraid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btaudio.dll -- (VAIOMediaPlatform-MusicServer-UPnP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NTIDrvr.dll -- (upsentry_smart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\logonsvcid.dll -- (symidsco)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLBrowser.dll -- (svcwrsssdk)
SRV - File not found [Auto | Stopped] -- c:\docume~1\armando\locals~1\temp\cdm\{9f8cb0f0-df68-4ed5-99e1-16c745e08235}\STacSV.exe -- (STacSV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\alcan5wn.dll -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btserial.dll -- (spkrmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nicser_wmp11.dll -- (Slpsvdr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osanbm.dll -- (slee_81_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AFGMp50.dll -- (sglogplayer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTMSHD.dll -- (SED133x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftsata2.dll -- (se44bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnctdl.dll -- (s716nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeframework.dll -- (s116obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tbaspi.dll -- (RR2IOMod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\axskbus.dll -- (proxyserverservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\inetaccs.dll -- (processor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (pnrouter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvnforce.dll -- (PCISys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FETNDISB.dll -- (pchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agp440.dll -- (nvraid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\thinkpadmodemservice.dll -- (nsm1mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcc_device.dll -- (mssqlserveradhelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\csctl50.dll -- (msgsrvservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysenforce.dll -- (msgame)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSDFilter.dll -- (iSMBIOS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hotspotshieldservice.dll -- (ino_fltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\antivirservice.dll -- (infrastructure)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpskt.dll -- (iam)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symevent.dll -- (hdthermal)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ScsiPort.dll -- (grmnusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\megamonitorsrv.dll -- (ESMCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webfilter.dll -- (ESDCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysaidagent.dll -- (eectrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMCAST.dll -- (dsNcAdpt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\evteng.dll -- (DNE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Dfs.dll -- (CVPND)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvtnetwk.dll -- (CTAUDFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bbus.dll -- (cimnotify)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcpflics.dll -- (cics.region1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (ca-messagequeuing)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vncmirror.dll -- (bridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (blueletscoaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DELTA.dll -- (backupexecagentaccelerator)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stylexpservice.dll -- (atitool)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcradminserver.dll -- (apphostsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWSAP.dll -- (amdagp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flutilssvc.dll -- (aexnsclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RioS30.dll -- (acdpowerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gpc.dll -- (ac97intc)
SRV - [2012/03/29 06:06:30 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/21 11:29:32 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/21 11:29:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/08 00:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Armando\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/09 09:12:36 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/02/21 11:29:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/03 10:59:20 | 000,119,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/05 16:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/12/02 04:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {ED258941-3C24-4965-BE2B-9041781F554C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002YYus&ptb=94DD0BA3-75FB-45C8-BEC8-73A29FFD7B54&psa=&ind=2011102318&ptnrS=XPxdm002YYus&si=COu3rafo_6sCFQtb7AodjBRBqg&st=sb&n=77defc6e&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{ED258941-3C24-4965-BE2B-9041781F554C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\SearchScopes,DefaultScope = {ED258941-3C24-4965-BE2B-9041781F554C}
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\SearchScopes\{2A80E34F-FCB7-4404-8FF4-CDF1CE7D0FDB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PPC&o=102944&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=6L&apn_dtid=YYYYYYB8US&apn_uid=a5936823-e973-4865-9f1d-1d84ee40a36e&apn_sauid=19362511-1FDB-4FD2-870F-8F4DA3A18ACF&
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1091BF6C-28B8-449D-844D-455775EEC836}&mid=d1485c74520147d6b972d15097a85bae-677e1c3d9af7d5771822ac15245c8880f6bdeb6c&lang=us&ds=AVG&pr=fr&d=2011-12-11 08:56:41&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002YYus&ptb=94DD0BA3-75FB-45C8-BEC8-73A29FFD7B54&psa=&ind=2011102318&ptnrS=XPxdm002YYus&si=COu3rafo_6sCFQtb7AodjBRBqg&st=sb&n=77defc6e&searchfor={searchTerms}
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\SearchScopes\{ED258941-3C24-4965-BE2B-9041781F554C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS425
IE - HKU\S-1-5-21-515967899-813497703-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/10/13 19:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/01 18:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/01 18:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/12 14:39:13 | 000,000,000 | ---D | M]

[2011/10/09 12:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Armando\Application Data\Mozilla\Extensions

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-813497703-725345543-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-515967899-813497703-725345543-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-515967899-813497703-725345543-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-813497703-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-515967899-813497703-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-515967899-813497703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-813497703-725345543-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301622855812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301622851031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6964ED35-78DE-41FB-A8E1-B9BF33A7BDF8}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/31 20:02:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 07:48:22 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
[2012/04/04 19:54:22 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/04 19:52:07 | 004,456,875 | R--- | C] (Swearware) -- C:\Documents and Settings\Armando\Desktop\ComboFix.exe
[2012/03/31 08:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/03/31 08:16:54 | 007,925,760 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2012/03/31 08:16:54 | 002,129,920 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2012/03/31 08:16:54 | 000,212,992 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2012/03/30 10:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Desktop\gmer
[2012/03/30 10:48:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Armando\Desktop\dds.scr
[2012/03/29 19:16:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/29 19:13:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/29 19:13:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/29 19:13:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/29 19:13:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/29 19:13:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/29 19:12:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 19:12:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Armando\Start Menu\Programs\Administrative Tools
[2012/03/29 18:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/29 18:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Start Menu\Programs\HiJackThis
[2012/03/29 18:16:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Armando\Recent
[2012/03/29 10:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/03/29 06:06:30 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/28 23:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/28 23:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/24 21:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/03/15 05:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Desktop\music
[2012/03/09 09:12:36 | 000,121,208 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/05 07:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/05 07:48:29 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
[2012/04/05 07:07:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/05 06:14:37 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{02DE66EC-3006-425E-B621-AF840EB377A8}.job
[2012/04/05 06:14:02 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/05 06:13:13 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/05 06:13:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/04 19:52:11 | 004,456,875 | R--- | M] (Swearware) -- C:\Documents and Settings\Armando\Desktop\ComboFix.exe
[2012/04/04 17:56:48 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2012/04/04 17:05:27 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\Shortcut to Carlos H (D).lnk
[2012/04/04 17:01:30 | 060,051,921 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/04 17:00:05 | 000,216,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/04 09:31:22 | 060,016,670 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2012/03/31 12:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/30 18:53:05 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\Armando\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/30 10:58:34 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\gmer.zip
[2012/03/30 10:48:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Armando\Desktop\dds.scr
[2012/03/30 10:47:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Armando\defogger_reenable
[2012/03/29 19:16:06 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2012/03/29 19:00:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 18:58:51 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\MiniToolBox.exe
[2012/03/29 18:50:06 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\HiJackThis.lnk
[2012/03/29 18:13:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/29 06:06:30 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/03/29 06:06:30 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/24 21:03:23 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/03/15 03:19:38 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/12 16:38:52 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 16:38:52 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/09 09:12:36 | 000,121,208 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/04 17:05:27 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\Shortcut to Carlos H (D).lnk
[2012/03/30 10:58:34 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\gmer.zip
[2012/03/30 10:47:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Armando\defogger_reenable
[2012/03/29 19:16:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/29 19:16:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/29 19:13:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/29 19:13:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/29 19:13:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/29 19:13:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/29 19:13:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/29 18:58:46 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\MiniToolBox.exe
[2012/03/29 18:30:15 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\HiJackThis.lnk
[2012/03/29 06:06:32 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/24 21:03:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/02/29 21:08:39 | 000,169,928 | ---- | C] () -- C:\Program Files\64res.dll
[2012/02/14 16:03:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/24 23:50:44 | 000,704,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/11 22:33:10 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/11 22:33:10 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/11 22:33:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/07 21:48:10 | 000,000,173 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/04/05 21:50:16 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/04/05 21:32:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/05 21:32:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/04/05 21:32:54 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/05 21:32:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/05 21:32:54 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/01 18:34:49 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 18:13:28 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\Armando\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 20:19:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 20:19:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/31 20:04:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 19:58:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/31 15:56:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/31 15:55:15 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

< End of report >

EXTRAS LOG REPORT

OTL Extras logfile created on: 4/5/2012 7:49:26 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Armando\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 59.88% Memory free
3.85 Gb Paging File | 3.15 Gb Available in Paging File | 81.77% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 584.90 Gb Free Space | 41.86% Space Free | Partition Type: NTFS

Computer Name: AH-C99383DA6C57 | User Name: Armando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\Armando\Local Settings\Temporary Internet Files\Content.IE5\1DYVDJ4Q\AviConverterSetup[1].exe" = C:\Documents and Settings\Armando\Local Settings\Temporary Internet Files\Content.IE5\1DYVDJ4Q\AviConverterSetup[1].exe:*:Enabled:InstallCore™
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game" = C:\Program Files\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game:*:Enabled:Command & Conquer™ 4 -- (Electronic Arts Inc.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel® PRO Network Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 29
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B952A4EC-E5E9-47DF-A622-C420D107DD20}" = Verizon Wireless Software Upgrade Assistant - Samsung
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDCAED05-7803-4713-9BA0-072BD1194B83}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AnyDVD" = AnyDVD
"AVG" = AVG 2011
"AVI DVD Burner_is1" = AVI DVD Burner v5.7.0.194
"Avi2Dvd" = Avi2Dvd 0.6.2
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow v1.1.3882 [2011-06-13]
"HaaliMkx" = Haali Media Splitter
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SystemRequirementsLab" = System Requirements Lab
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-515967899-813497703-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/2/2012 9:35:35 AM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/2/2012 1:36:30 PM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/2/2012 6:22:52 PM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/3/2012 6:50:42 PM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/3/2012 10:48:40 PM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/4/2012 10:31:36 AM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/4/2012 2:30:16 PM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/4/2012 6:01:36 PM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/5/2012 7:16:52 AM | Computer Name = AH-C99383DA6C57 | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Installation cannot be done using this package,
because a higher version of the product is already installed. Please either download
and run the latest installation package or go to Start menu/Control Panel/Programs
and Features (Add or Remove Programs) and run Change action on AVG product.

Error - 4/5/2012 8:49:11 AM | Computer Name = AH-C99383DA6C57 | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.39.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The S716mdfl service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The CoachUsb service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The Inetaccs service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The Sandrathesrv service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The WUSB54GPV4SRV service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The Elbycdfl service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The Ichaud service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The SE2Ebus service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The SE2Cbus service terminated with the following error: %%126

Error - 4/5/2012 7:13:50 AM | Computer Name = AH-C99383DA6C57 | Source = Service Control Manager | ID = 7023
Description = The Lxcc_device service terminated with the following error: %%126


< End of report >

#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:35 AM

Posted 05 April 2012 - 10:32 AM

Hello strikerx,

I would like you to check if ComboFix managed to make a log file. It can be found at C:\Combofix.txt. Please copy/paste it's contents in your next reply.

I want you to run TDSSKiller:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

===================================================================================



In your next reply, please copy/paste the contents of the following:
  • TDSSKiller Log
  • C;\Combofix.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 08 April 2012 - 06:14 PM

I went to C:\ to find the combofix.txt file but all i found was a combofix folder that acts just like a my computer folder. Also tdskiller didn't find anything.

18:06:43.0468 0472 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:06:43.0953 0472 ============================================================
18:06:43.0953 0472 Current date / time: 2012/04/08 18:06:43.0953
18:06:43.0953 0472 SystemInfo:
18:06:43.0953 0472
18:06:43.0953 0472 OS Version: 5.1.2600 ServicePack: 3.0
18:06:43.0953 0472 Product type: Workstation
18:06:43.0953 0472 ComputerName: AH-C99383DA6C57
18:06:43.0953 0472 UserName: Armando
18:06:43.0953 0472 Windows directory: C:\WINDOWS
18:06:43.0953 0472 System windows directory: C:\WINDOWS
18:06:43.0953 0472 Processor architecture: Intel x86
18:06:43.0953 0472 Number of processors: 2
18:06:43.0953 0472 Page size: 0x1000
18:06:43.0953 0472 Boot type: Normal boot
18:06:43.0953 0472 ============================================================
18:06:45.0921 0472 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:06:45.0921 0472 \Device\Harddisk0\DR0:
18:06:45.0921 0472 MBR used
18:06:45.0921 0472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA82841
18:06:45.0921 0472 Initialize success
18:06:45.0921 0472 ============================================================
18:07:19.0531 4740 ============================================================
18:07:19.0531 4740 Scan started
18:07:19.0531 4740 Mode: Manual;
18:07:19.0531 4740 ============================================================
18:07:20.0390 4740 Abiosdsk - ok
18:07:20.0406 4740 abp480n5 - ok
18:07:20.0406 4740 ac97intc - ok
18:07:20.0421 4740 acdpowerservice - ok
18:07:20.0468 4740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:07:20.0468 4740 ACPI - ok
18:07:20.0500 4740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:07:20.0500 4740 ACPIEC - ok
18:07:20.0578 4740 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:20.0578 4740 AdobeFlashPlayerUpdateSvc - ok
18:07:20.0578 4740 adpu160m - ok
18:07:20.0625 4740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:07:20.0640 4740 aec - ok
18:07:20.0640 4740 aexnsclient - ok
18:07:20.0687 4740 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:07:20.0687 4740 AFD - ok
18:07:20.0703 4740 Aha154x - ok
18:07:20.0703 4740 aic78u2 - ok
18:07:20.0718 4740 aic78xx - ok
18:07:20.0750 4740 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:07:20.0750 4740 Alerter - ok
18:07:20.0781 4740 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:07:20.0781 4740 ALG - ok
18:07:20.0781 4740 AliIde - ok
18:07:20.0796 4740 amdagp - ok
18:07:20.0796 4740 amsint - ok
18:07:20.0828 4740 AnyDVD (1b1d306ef7518274835cc765a3902be9) C:\WINDOWS\system32\Drivers\AnyDVD.sys
18:07:20.0843 4740 AnyDVD - ok
18:07:20.0843 4740 apphostsvc - ok
18:07:20.0921 4740 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:07:20.0921 4740 Apple Mobile Device - ok
18:07:20.0953 4740 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:07:20.0953 4740 AppMgmt - ok
18:07:20.0984 4740 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:07:20.0984 4740 Arp1394 - ok
18:07:20.0984 4740 asc - ok
18:07:21.0000 4740 asc3350p - ok
18:07:21.0000 4740 asc3550 - ok
18:07:21.0046 4740 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:07:21.0046 4740 aspnet_state - ok
18:07:21.0062 4740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:07:21.0062 4740 AsyncMac - ok
18:07:21.0078 4740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:07:21.0078 4740 atapi - ok
18:07:21.0093 4740 Atdisk - ok
18:07:21.0093 4740 atitool - ok
18:07:21.0109 4740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:07:21.0109 4740 Atmarpc - ok
18:07:21.0125 4740 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:07:21.0125 4740 AudioSrv - ok
18:07:21.0156 4740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:07:21.0156 4740 audstub - ok
18:07:21.0203 4740 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
18:07:21.0203 4740 AVG Security Toolbar Service - ok
18:07:21.0343 4740 AVGIDSAgent (3ce07fb20b84734cce81cf10d1d7f803) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:07:21.0453 4740 AVGIDSAgent - ok
18:07:21.0484 4740 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:07:21.0484 4740 AVGIDSDriver - ok
18:07:21.0500 4740 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:07:21.0500 4740 AVGIDSEH - ok
18:07:21.0515 4740 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:07:21.0531 4740 AVGIDSFilter - ok
18:07:21.0546 4740 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:07:21.0546 4740 AVGIDSShim - ok
18:07:21.0578 4740 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:07:21.0578 4740 Avgldx86 - ok
18:07:21.0593 4740 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:07:21.0593 4740 Avgmfx86 - ok
18:07:21.0593 4740 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:07:21.0593 4740 Avgrkx86 - ok
18:07:21.0640 4740 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:07:21.0640 4740 Avgtdix - ok
18:07:21.0687 4740 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
18:07:21.0687 4740 avgwd - ok
18:07:21.0687 4740 backupexecagentaccelerator - ok
18:07:21.0718 4740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:07:21.0718 4740 Beep - ok
18:07:21.0750 4740 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:07:21.0781 4740 BITS - ok
18:07:21.0781 4740 blueletscoaudio - ok
18:07:21.0812 4740 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:07:21.0812 4740 Bonjour Service - ok
18:07:21.0812 4740 bridge - ok
18:07:21.0828 4740 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:07:21.0828 4740 Browser - ok
18:07:21.0843 4740 ca-messagequeuing - ok
18:07:21.0875 4740 catchme - ok
18:07:21.0906 4740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:07:21.0906 4740 cbidf2k - ok
18:07:21.0921 4740 cd20xrnt - ok
18:07:21.0921 4740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:07:21.0937 4740 Cdaudio - ok
18:07:21.0937 4740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:07:21.0937 4740 Cdfs - ok
18:07:21.0984 4740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:07:21.0984 4740 Cdrom - ok
18:07:22.0000 4740 Changer - ok
18:07:22.0000 4740 cics.region1 - ok
18:07:22.0000 4740 cimnotify - ok
18:07:22.0031 4740 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:07:22.0031 4740 CiSvc - ok
18:07:22.0046 4740 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:07:22.0046 4740 ClipSrv - ok
18:07:22.0078 4740 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:22.0078 4740 clr_optimization_v2.0.50727_32 - ok
18:07:22.0093 4740 CmdIde - ok
18:07:22.0093 4740 COMSysApp - ok
18:07:22.0109 4740 Cpqarray - ok
18:07:22.0125 4740 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:07:22.0125 4740 CryptSvc - ok
18:07:22.0125 4740 CTAUDFX.DLL - ok
18:07:22.0140 4740 CVPND - ok
18:07:22.0140 4740 dac2w2k - ok
18:07:22.0156 4740 dac960nt - ok
18:07:22.0187 4740 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:07:22.0203 4740 DcomLaunch - ok
18:07:22.0218 4740 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:07:22.0218 4740 Dhcp - ok
18:07:22.0250 4740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:07:22.0250 4740 Disk - ok
18:07:22.0250 4740 dmadmin - ok
18:07:22.0281 4740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:07:22.0281 4740 dmboot - ok
18:07:22.0296 4740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:07:22.0296 4740 dmio - ok
18:07:22.0312 4740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:07:22.0312 4740 dmload - ok
18:07:22.0328 4740 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:07:22.0328 4740 dmserver - ok
18:07:22.0343 4740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:07:22.0343 4740 DMusic - ok
18:07:22.0359 4740 DNE - ok
18:07:22.0375 4740 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:07:22.0375 4740 Dnscache - ok
18:07:22.0421 4740 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:07:22.0421 4740 Dot3svc - ok
18:07:22.0421 4740 dpti2o - ok
18:07:22.0437 4740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:07:22.0453 4740 drmkaud - ok
18:07:22.0453 4740 dsNcAdpt - ok
18:07:22.0468 4740 e1express (c477f783ed345ec9d739d58eff63a224) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:07:22.0468 4740 e1express - ok
18:07:22.0500 4740 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:07:22.0500 4740 EapHost - ok
18:07:22.0500 4740 eectrl - ok
18:07:22.0531 4740 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:07:22.0531 4740 ElbyCDIO - ok
18:07:22.0562 4740 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:07:22.0562 4740 ERSvc - ok
18:07:22.0562 4740 ESDCR - ok
18:07:22.0578 4740 ESMCR - ok
18:07:22.0609 4740 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:07:22.0609 4740 Eventlog - ok
18:07:22.0640 4740 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:07:22.0640 4740 EventSystem - ok
18:07:22.0640 4740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:07:22.0656 4740 Fastfat - ok
18:07:22.0671 4740 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:07:22.0671 4740 FastUserSwitchingCompatibility - ok
18:07:22.0687 4740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:07:22.0703 4740 Fdc - ok
18:07:22.0718 4740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:07:22.0718 4740 Fips - ok
18:07:22.0734 4740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:07:22.0734 4740 Flpydisk - ok
18:07:22.0750 4740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:07:22.0750 4740 FltMgr - ok
18:07:22.0796 4740 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:07:22.0796 4740 FontCache3.0.0.0 - ok
18:07:22.0812 4740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:07:22.0812 4740 Fs_Rec - ok
18:07:22.0812 4740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:07:22.0812 4740 Ftdisk - ok
18:07:22.0843 4740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:07:22.0843 4740 GEARAspiWDM - ok
18:07:22.0859 4740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:07:22.0859 4740 Gpc - ok
18:07:22.0859 4740 grmnusb - ok
18:07:22.0921 4740 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:07:22.0921 4740 gupdate - ok
18:07:22.0921 4740 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:07:22.0921 4740 gupdatem - ok
18:07:22.0937 4740 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:07:22.0937 4740 gusvc - ok
18:07:22.0968 4740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:07:22.0968 4740 HDAudBus - ok
18:07:22.0968 4740 hdthermal - ok
18:07:23.0015 4740 helpsvc - ok
18:07:23.0046 4740 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:07:23.0046 4740 HidServ - ok
18:07:23.0062 4740 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:07:23.0078 4740 hidusb - ok
18:07:23.0109 4740 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:07:23.0125 4740 hkmsvc - ok
18:07:23.0125 4740 hpn - ok
18:07:23.0156 4740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:07:23.0156 4740 HTTP - ok
18:07:23.0187 4740 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:07:23.0187 4740 HTTPFilter - ok
18:07:23.0187 4740 i2omgmt - ok
18:07:23.0203 4740 i2omp - ok
18:07:23.0234 4740 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:07:23.0234 4740 i8042prt - ok
18:07:23.0250 4740 iam - ok
18:07:23.0328 4740 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:07:23.0343 4740 idsvc - ok
18:07:23.0375 4740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:07:23.0375 4740 Imapi - ok
18:07:23.0421 4740 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:07:23.0421 4740 ImapiService - ok
18:07:23.0437 4740 infrastructure - ok
18:07:23.0437 4740 ini910u - ok
18:07:23.0437 4740 ino_fltr - ok
18:07:23.0453 4740 IntelIde - ok
18:07:23.0484 4740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:07:23.0484 4740 intelppm - ok
18:07:23.0500 4740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:07:23.0500 4740 Ip6Fw - ok
18:07:23.0531 4740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:07:23.0531 4740 IpFilterDriver - ok
18:07:23.0546 4740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:07:23.0546 4740 IpInIp - ok
18:07:23.0562 4740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:07:23.0578 4740 IpNat - ok
18:07:23.0625 4740 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:07:23.0640 4740 iPod Service - ok
18:07:23.0687 4740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:07:23.0687 4740 IPSec - ok
18:07:23.0718 4740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:07:23.0718 4740 IRENUM - ok
18:07:23.0750 4740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:07:23.0750 4740 isapnp - ok
18:07:23.0750 4740 iSMBIOS - ok
18:07:23.0796 4740 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:07:23.0796 4740 JavaQuickStarterService - ok
18:07:23.0812 4740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:07:23.0812 4740 Kbdclass - ok
18:07:23.0828 4740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:07:23.0843 4740 kmixer - ok
18:07:23.0843 4740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:07:23.0859 4740 KSecDD - ok
18:07:23.0875 4740 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:07:23.0875 4740 lanmanserver - ok
18:07:23.0906 4740 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:07:23.0906 4740 lanmanworkstation - ok
18:07:23.0906 4740 lbrtfdc - ok
18:07:23.0921 4740 lhidusb - ok
18:07:23.0937 4740 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:07:23.0937 4740 LmHosts - ok
18:07:23.0968 4740 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:07:23.0984 4740 LMIGuardianSvc - ok
18:07:24.0015 4740 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:07:24.0015 4740 LMIInfo - ok
18:07:24.0031 4740 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
18:07:24.0031 4740 LMIMaint - ok
18:07:24.0046 4740 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:07:24.0046 4740 lmimirr - ok
18:07:24.0062 4740 LMIRfsClientNP - ok
18:07:24.0093 4740 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:07:24.0093 4740 LMIRfsDriver - ok
18:07:24.0109 4740 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:07:24.0109 4740 LogMeIn - ok
18:07:24.0125 4740 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:07:24.0125 4740 Messenger - ok
18:07:24.0171 4740 Microsoft SharePoint Workspace Audit Service - ok
18:07:24.0187 4740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:07:24.0203 4740 mnmdd - ok
18:07:24.0218 4740 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:07:24.0234 4740 mnmsrvc - ok
18:07:24.0250 4740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:07:24.0250 4740 Modem - ok
18:07:24.0265 4740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:07:24.0265 4740 Mouclass - ok
18:07:24.0296 4740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:07:24.0296 4740 mouhid - ok
18:07:24.0312 4740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:07:24.0312 4740 MountMgr - ok
18:07:24.0312 4740 mraid35x - ok
18:07:24.0328 4740 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:07:24.0328 4740 MRxDAV - ok
18:07:24.0359 4740 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:07:24.0359 4740 MRxSmb - ok
18:07:24.0375 4740 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:07:24.0375 4740 MSDTC - ok
18:07:24.0390 4740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:07:24.0390 4740 Msfs - ok
18:07:24.0390 4740 msgame - ok
18:07:24.0406 4740 msgsrvservice - ok
18:07:24.0421 4740 MSIServer - ok
18:07:24.0437 4740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:07:24.0437 4740 MSKSSRV - ok
18:07:24.0453 4740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:07:24.0453 4740 MSPCLOCK - ok
18:07:24.0468 4740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:07:24.0468 4740 MSPQM - ok
18:07:24.0484 4740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:07:24.0484 4740 mssmbios - ok
18:07:24.0484 4740 mssqlserveradhelper - ok
18:07:24.0500 4740 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:07:24.0500 4740 Mup - ok
18:07:24.0515 4740 NAL (16ea7d22102b952621ef4d4f87e3463b) C:\WINDOWS\system32\Drivers\iqvw32.sys
18:07:24.0515 4740 NAL - ok
18:07:24.0546 4740 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:07:24.0546 4740 napagent - ok
18:07:24.0578 4740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:07:24.0578 4740 NDIS - ok
18:07:24.0609 4740 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:07:24.0609 4740 NdisTapi - ok
18:07:24.0625 4740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:07:24.0625 4740 Ndisuio - ok
18:07:24.0640 4740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:07:24.0640 4740 NdisWan - ok
18:07:24.0656 4740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:07:24.0656 4740 NDProxy - ok
18:07:24.0671 4740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:07:24.0671 4740 NetBIOS - ok
18:07:24.0718 4740 NetBT (e64b7a34be422d32ffb17533b733f08e) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:07:24.0718 4740 NetBT - ok
18:07:24.0750 4740 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:07:24.0765 4740 NetDDE - ok
18:07:24.0765 4740 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:07:24.0765 4740 NetDDEdsdm - ok
18:07:24.0796 4740 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:24.0796 4740 Netlogon - ok
18:07:24.0828 4740 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:07:24.0828 4740 Netman - ok
18:07:24.0875 4740 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:07:24.0875 4740 NetTcpPortSharing - ok
18:07:24.0906 4740 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:07:24.0906 4740 NIC1394 - ok
18:07:24.0937 4740 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:07:24.0937 4740 Nla - ok
18:07:24.0937 4740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:07:24.0937 4740 Npfs - ok
18:07:24.0953 4740 nsm1mdfl - ok
18:07:24.0968 4740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:07:24.0984 4740 Ntfs - ok
18:07:25.0000 4740 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:25.0000 4740 NtLmSsp - ok
18:07:25.0015 4740 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:07:25.0031 4740 NtmsSvc - ok
18:07:25.0062 4740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:07:25.0062 4740 Null - ok
18:07:25.0281 4740 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:07:25.0437 4740 nv - ok
18:07:25.0468 4740 NVHDA (e10aacc565e0a8b76ac4fb912343d38e) C:\WINDOWS\system32\drivers\nvhda32.sys
18:07:25.0468 4740 NVHDA - ok
18:07:25.0484 4740 nvraid - ok
18:07:25.0515 4740 nvsvc (e13944917cfb081ebb9a9cf3b151c42f) C:\WINDOWS\system32\nvsvc32.exe
18:07:25.0515 4740 nvsvc - ok
18:07:25.0609 4740 nvUpdatusService (a446705ef408cf4813230b483b486370) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:07:25.0640 4740 nvUpdatusService - ok
18:07:25.0671 4740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:07:25.0671 4740 NwlnkFlt - ok
18:07:25.0671 4740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:07:25.0687 4740 NwlnkFwd - ok
18:07:25.0687 4740 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:07:25.0687 4740 ohci1394 - ok
18:07:25.0734 4740 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:07:25.0750 4740 ose - ok
18:07:25.0843 4740 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:07:25.0906 4740 osppsvc - ok
18:07:25.0953 4740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:07:25.0953 4740 Parport - ok
18:07:25.0953 4740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:07:25.0953 4740 PartMgr - ok
18:07:25.0984 4740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:07:25.0984 4740 ParVdm - ok
18:07:25.0984 4740 pchost - ok
18:07:26.0000 4740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:07:26.0000 4740 PCI - ok
18:07:26.0000 4740 PCIDump - ok
18:07:26.0046 4740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:07:26.0046 4740 PCIIde - ok
18:07:26.0046 4740 PCISys - ok
18:07:26.0078 4740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:07:26.0078 4740 Pcmcia - ok
18:07:26.0078 4740 PDCOMP - ok
18:07:26.0093 4740 PDFRAME - ok
18:07:26.0093 4740 PDRELI - ok
18:07:26.0109 4740 PDRFRAME - ok
18:07:26.0109 4740 perc2 - ok
18:07:26.0125 4740 perc2hib - ok
18:07:26.0156 4740 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:07:26.0156 4740 PlugPlay - ok
18:07:26.0171 4740 pnrouter - ok
18:07:26.0171 4740 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:26.0171 4740 PolicyAgent - ok
18:07:26.0187 4740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:07:26.0187 4740 PptpMiniport - ok
18:07:26.0203 4740 processor - ok
18:07:26.0203 4740 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:26.0203 4740 ProtectedStorage - ok
18:07:26.0218 4740 proxyserverservice - ok
18:07:26.0234 4740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:07:26.0234 4740 PSched - ok
18:07:26.0250 4740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:07:26.0250 4740 Ptilink - ok
18:07:26.0265 4740 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:07:26.0265 4740 PxHelp20 - ok
18:07:26.0281 4740 ql1080 - ok
18:07:26.0281 4740 Ql10wnt - ok
18:07:26.0296 4740 ql12160 - ok
18:07:26.0296 4740 ql1240 - ok
18:07:26.0312 4740 ql1280 - ok
18:07:26.0328 4740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:07:26.0328 4740 RasAcd - ok
18:07:26.0343 4740 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:07:26.0343 4740 RasAuto - ok
18:07:26.0359 4740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:07:26.0359 4740 Rasl2tp - ok
18:07:26.0390 4740 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:07:26.0406 4740 RasMan - ok
18:07:26.0421 4740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:07:26.0421 4740 RasPppoe - ok
18:07:26.0437 4740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:07:26.0437 4740 Raspti - ok
18:07:26.0453 4740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:07:26.0453 4740 Rdbss - ok
18:07:26.0468 4740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:07:26.0468 4740 RDPCDD - ok
18:07:26.0484 4740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:07:26.0484 4740 rdpdr - ok
18:07:26.0515 4740 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:07:26.0515 4740 RDPWD - ok
18:07:26.0531 4740 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:07:26.0546 4740 RDSessMgr - ok
18:07:26.0578 4740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:07:26.0578 4740 redbook - ok
18:07:26.0609 4740 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:07:26.0609 4740 RemoteAccess - ok
18:07:26.0640 4740 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:07:26.0640 4740 RemoteRegistry - ok
18:07:26.0656 4740 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:07:26.0656 4740 RpcLocator - ok
18:07:26.0687 4740 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:07:26.0687 4740 RpcSs - ok
18:07:26.0703 4740 RR2IOMod - ok
18:07:26.0718 4740 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:07:26.0718 4740 RSVP - ok
18:07:26.0734 4740 s116obex - ok
18:07:26.0734 4740 s716nd5 - ok
18:07:26.0734 4740 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:26.0750 4740 SamSs - ok
18:07:26.0765 4740 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:07:26.0765 4740 SCardSvr - ok
18:07:26.0781 4740 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:07:26.0781 4740 Schedule - ok
18:07:26.0796 4740 se44bus - ok
18:07:26.0812 4740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:07:26.0812 4740 Secdrv - ok
18:07:26.0828 4740 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:07:26.0828 4740 seclogon - ok
18:07:26.0828 4740 SED133x - ok
18:07:26.0843 4740 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
18:07:26.0843 4740 SENS - ok
18:07:26.0859 4740 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:07:26.0859 4740 serenum - ok
18:07:26.0875 4740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:07:26.0875 4740 Serial - ok
18:07:26.0890 4740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:07:26.0906 4740 Sfloppy - ok
18:07:26.0921 4740 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
18:07:26.0937 4740 sfng32 - ok
18:07:26.0953 4740 sglogplayer - ok
18:07:26.0984 4740 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:07:27.0000 4740 SharedAccess - ok
18:07:27.0046 4740 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:07:27.0046 4740 ShellHWDetection - ok
18:07:27.0046 4740 Simbad - ok
18:07:27.0062 4740 slee_81_service - ok
18:07:27.0062 4740 Slpsvdr - ok
18:07:27.0078 4740 Sparrow - ok
18:07:27.0078 4740 spkrmon - ok
18:07:27.0093 4740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:07:27.0093 4740 splitter - ok
18:07:27.0109 4740 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:07:27.0109 4740 Spooler - ok
18:07:27.0125 4740 SQLBrowser - ok
18:07:27.0140 4740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:07:27.0140 4740 sr - ok
18:07:27.0156 4740 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:07:27.0171 4740 srservice - ok
18:07:27.0203 4740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:07:27.0218 4740 Srv - ok
18:07:27.0250 4740 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:07:27.0250 4740 sscdbus - ok
18:07:27.0265 4740 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:07:27.0281 4740 sscdmdfl - ok
18:07:27.0281 4740 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:07:27.0296 4740 sscdmdm - ok
18:07:27.0312 4740 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
18:07:27.0312 4740 sscdserd - ok
18:07:27.0328 4740 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:07:27.0328 4740 SSDPSRV - ok
18:07:27.0375 4740 STacSV - ok
18:07:27.0406 4740 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
18:07:27.0421 4740 STHDA - ok
18:07:27.0437 4740 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:07:27.0453 4740 stisvc - ok
18:07:27.0453 4740 svcwrsssdk - ok
18:07:27.0468 4740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:07:27.0468 4740 swenum - ok
18:07:27.0484 4740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:07:27.0484 4740 swmidi - ok
18:07:27.0500 4740 SwPrv - ok
18:07:27.0500 4740 symc810 - ok
18:07:27.0515 4740 symc8xx - ok
18:07:27.0515 4740 symidsco - ok
18:07:27.0531 4740 sym_hi - ok
18:07:27.0531 4740 sym_u3 - ok
18:07:27.0562 4740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:07:27.0562 4740 sysaudio - ok
18:07:27.0578 4740 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:07:27.0578 4740 SysmonLog - ok
18:07:27.0609 4740 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:07:27.0609 4740 TapiSrv - ok
18:07:27.0671 4740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:07:27.0671 4740 Tcpip - ok
18:07:27.0718 4740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:07:27.0718 4740 TDPIPE - ok
18:07:27.0734 4740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:07:27.0734 4740 TDTCP - ok
18:07:27.0750 4740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:07:27.0765 4740 TermDD - ok
18:07:27.0781 4740 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:07:27.0796 4740 TermService - ok
18:07:27.0812 4740 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:07:27.0812 4740 Themes - ok
18:07:27.0843 4740 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:07:27.0843 4740 TlntSvr - ok
18:07:27.0843 4740 TosIde - ok
18:07:27.0875 4740 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:07:27.0875 4740 TrkWks - ok
18:07:27.0890 4740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:07:27.0890 4740 Udfs - ok
18:07:27.0890 4740 ultra - ok
18:07:27.0921 4740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:07:27.0921 4740 Update - ok
18:07:27.0953 4740 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:07:27.0953 4740 upnphost - ok
18:07:27.0984 4740 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:07:27.0984 4740 UPS - ok
18:07:27.0984 4740 upsentry_smart - ok
18:07:28.0046 4740 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:07:28.0046 4740 USBAAPL - ok
18:07:28.0062 4740 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:07:28.0062 4740 usbaudio - ok
18:07:28.0078 4740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:07:28.0078 4740 usbccgp - ok
18:07:28.0093 4740 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:07:28.0093 4740 usbehci - ok
18:07:28.0109 4740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:07:28.0109 4740 usbhub - ok
18:07:28.0125 4740 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:07:28.0140 4740 usbprint - ok
18:07:28.0156 4740 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:07:28.0156 4740 usbscan - ok
18:07:28.0171 4740 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:07:28.0187 4740 USBSTOR - ok
18:07:28.0203 4740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:07:28.0203 4740 usbuhci - ok
18:07:28.0203 4740 VAIOMediaPlatform-MusicServer-UPnP - ok
18:07:28.0218 4740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:07:28.0218 4740 VgaSave - ok
18:07:28.0234 4740 ViaIde - ok
18:07:28.0234 4740 viamraid - ok
18:07:28.0250 4740 vmkbd2 - ok
18:07:28.0250 4740 vmnetbridge - ok
18:07:28.0265 4740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:07:28.0265 4740 VolSnap - ok
18:07:28.0296 4740 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:07:28.0312 4740 VSS - ok
18:07:28.0390 4740 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
18:07:28.0406 4740 vToolbarUpdater10.2.0 - ok
18:07:28.0421 4740 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:07:28.0421 4740 W32Time - ok
18:07:28.0437 4740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:07:28.0437 4740 Wanarp - ok
18:07:28.0437 4740 wap3gx - ok
18:07:28.0453 4740 WDICA - ok
18:07:28.0468 4740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:07:28.0468 4740 wdmaud - ok
18:07:28.0484 4740 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:07:28.0484 4740 WebClient - ok
18:07:28.0500 4740 websensepolicyserver - ok
18:07:28.0500 4740 websenseuserservice - ok
18:07:28.0546 4740 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:07:28.0546 4740 winmgmt - ok
18:07:28.0562 4740 wlluc48 - ok
18:07:28.0609 4740 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:07:28.0609 4740 WmdmPmSN - ok
18:07:28.0640 4740 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:07:28.0640 4740 Wmi - ok
18:07:28.0671 4740 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:07:28.0671 4740 WmiApSrv - ok
18:07:28.0703 4740 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:07:28.0703 4740 WMPNetworkSvc - ok
18:07:28.0734 4740 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:07:28.0734 4740 WpdUsb - ok
18:07:28.0750 4740 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:07:28.0750 4740 WS2IFSL - ok
18:07:28.0796 4740 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:07:28.0796 4740 wscsvc - ok
18:07:28.0812 4740 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:07:28.0812 4740 wuauserv - ok
18:07:28.0828 4740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:07:28.0828 4740 WudfPf - ok
18:07:28.0843 4740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:07:28.0843 4740 WudfRd - ok
18:07:28.0859 4740 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:07:28.0859 4740 WudfSvc - ok
18:07:28.0890 4740 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:07:28.0890 4740 WZCSVC - ok
18:07:28.0906 4740 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:07:28.0921 4740 xmlprov - ok
18:07:28.0921 4740 ZuneBusEnum - ok
18:07:28.0937 4740 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:07:29.0046 4740 \Device\Harddisk0\DR0 - ok
18:07:29.0046 4740 Boot (0x1200) (a41f174154e568016feab56f48b8a240) \Device\Harddisk0\DR0\Partition0
18:07:29.0046 4740 \Device\Harddisk0\DR0\Partition0 - ok
18:07:29.0046 4740 ============================================================
18:07:29.0046 4740 Scan finished
18:07:29.0046 4740 ============================================================
18:07:29.0046 4640 Detected object count: 0
18:07:29.0046 4640 Actual detected object count: 0
18:07:36.0453 4792 ============================================================
18:07:36.0453 4792 Scan started
18:07:36.0453 4792 Mode: Manual;
18:07:36.0453 4792 ============================================================
18:07:36.0796 4792 Abiosdsk - ok
18:07:36.0812 4792 abp480n5 - ok
18:07:36.0812 4792 ac97intc - ok
18:07:36.0812 4792 acdpowerservice - ok
18:07:36.0843 4792 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:07:36.0843 4792 ACPI - ok
18:07:36.0875 4792 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:07:36.0875 4792 ACPIEC - ok
18:07:36.0937 4792 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:07:36.0953 4792 AdobeFlashPlayerUpdateSvc - ok
18:07:36.0953 4792 adpu160m - ok
18:07:36.0968 4792 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:07:36.0968 4792 aec - ok
18:07:36.0984 4792 aexnsclient - ok
18:07:37.0015 4792 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:07:37.0015 4792 AFD - ok
18:07:37.0031 4792 Aha154x - ok
18:07:37.0031 4792 aic78u2 - ok
18:07:37.0046 4792 aic78xx - ok
18:07:37.0093 4792 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:07:37.0093 4792 Alerter - ok
18:07:37.0109 4792 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:07:37.0109 4792 ALG - ok
18:07:37.0109 4792 AliIde - ok
18:07:37.0125 4792 amdagp - ok
18:07:37.0125 4792 amsint - ok
18:07:37.0171 4792 AnyDVD (1b1d306ef7518274835cc765a3902be9) C:\WINDOWS\system32\Drivers\AnyDVD.sys
18:07:37.0171 4792 AnyDVD - ok
18:07:37.0171 4792 apphostsvc - ok
18:07:37.0234 4792 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:07:37.0234 4792 Apple Mobile Device - ok
18:07:37.0265 4792 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:07:37.0265 4792 AppMgmt - ok
18:07:37.0296 4792 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:07:37.0296 4792 Arp1394 - ok
18:07:37.0296 4792 asc - ok
18:07:37.0312 4792 asc3350p - ok
18:07:37.0312 4792 asc3550 - ok
18:07:37.0375 4792 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:07:37.0375 4792 aspnet_state - ok
18:07:37.0390 4792 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:07:37.0390 4792 AsyncMac - ok
18:07:37.0421 4792 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:07:37.0421 4792 atapi - ok
18:07:37.0421 4792 Atdisk - ok
18:07:37.0437 4792 atitool - ok
18:07:37.0453 4792 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:07:37.0453 4792 Atmarpc - ok
18:07:37.0468 4792 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:07:37.0468 4792 AudioSrv - ok
18:07:37.0500 4792 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:07:37.0500 4792 audstub - ok
18:07:37.0546 4792 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
18:07:37.0546 4792 AVG Security Toolbar Service - ok
18:07:37.0687 4792 AVGIDSAgent (3ce07fb20b84734cce81cf10d1d7f803) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
18:07:37.0718 4792 AVGIDSAgent - ok
18:07:37.0765 4792 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:07:37.0765 4792 AVGIDSDriver - ok
18:07:37.0765 4792 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:07:37.0765 4792 AVGIDSEH - ok
18:07:37.0781 4792 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:07:37.0781 4792 AVGIDSFilter - ok
18:07:37.0796 4792 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:07:37.0796 4792 AVGIDSShim - ok
18:07:37.0828 4792 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:07:37.0828 4792 Avgldx86 - ok
18:07:37.0843 4792 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:07:37.0843 4792 Avgmfx86 - ok
18:07:37.0859 4792 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:07:37.0859 4792 Avgrkx86 - ok
18:07:37.0859 4792 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:07:37.0875 4792 Avgtdix - ok
18:07:37.0906 4792 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
18:07:37.0906 4792 avgwd - ok
18:07:37.0921 4792 backupexecagentaccelerator - ok
18:07:37.0937 4792 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:07:37.0953 4792 Beep - ok
18:07:37.0968 4792 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:07:37.0984 4792 BITS - ok
18:07:37.0984 4792 blueletscoaudio - ok
18:07:38.0000 4792 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:07:38.0000 4792 Bonjour Service - ok
18:07:38.0000 4792 bridge - ok
18:07:38.0015 4792 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:07:38.0015 4792 Browser - ok
18:07:38.0031 4792 ca-messagequeuing - ok
18:07:38.0062 4792 catchme - ok
18:07:38.0093 4792 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:07:38.0093 4792 cbidf2k - ok
18:07:38.0109 4792 cd20xrnt - ok
18:07:38.0125 4792 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:07:38.0125 4792 Cdaudio - ok
18:07:38.0125 4792 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:07:38.0140 4792 Cdfs - ok
18:07:38.0156 4792 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:07:38.0171 4792 Cdrom - ok
18:07:38.0171 4792 Changer - ok
18:07:38.0187 4792 cics.region1 - ok
18:07:38.0187 4792 cimnotify - ok
18:07:38.0203 4792 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:07:38.0203 4792 CiSvc - ok
18:07:38.0218 4792 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:07:38.0218 4792 ClipSrv - ok
18:07:38.0265 4792 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:07:38.0265 4792 clr_optimization_v2.0.50727_32 - ok
18:07:38.0265 4792 CmdIde - ok
18:07:38.0281 4792 COMSysApp - ok
18:07:38.0281 4792 Cpqarray - ok
18:07:38.0296 4792 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:07:38.0296 4792 CryptSvc - ok
18:07:38.0312 4792 CTAUDFX.DLL - ok
18:07:38.0312 4792 CVPND - ok
18:07:38.0312 4792 dac2w2k - ok
18:07:38.0328 4792 dac960nt - ok
18:07:38.0359 4792 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:07:38.0359 4792 DcomLaunch - ok
18:07:38.0390 4792 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:07:38.0390 4792 Dhcp - ok
18:07:38.0406 4792 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:07:38.0406 4792 Disk - ok
18:07:38.0406 4792 dmadmin - ok
18:07:38.0437 4792 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:07:38.0453 4792 dmboot - ok
18:07:38.0453 4792 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:07:38.0453 4792 dmio - ok
18:07:38.0468 4792 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:07:38.0468 4792 dmload - ok
18:07:38.0484 4792 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:07:38.0484 4792 dmserver - ok
18:07:38.0500 4792 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:07:38.0500 4792 DMusic - ok
18:07:38.0515 4792 DNE - ok
18:07:38.0531 4792 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:07:38.0531 4792 Dnscache - ok
18:07:38.0578 4792 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:07:38.0578 4792 Dot3svc - ok
18:07:38.0578 4792 dpti2o - ok
18:07:38.0609 4792 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:07:38.0609 4792 drmkaud - ok
18:07:38.0609 4792 dsNcAdpt - ok
18:07:38.0671 4792 e1express (c477f783ed345ec9d739d58eff63a224) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
18:07:38.0671 4792 e1express - ok
18:07:38.0687 4792 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:07:38.0687 4792 EapHost - ok
18:07:38.0703 4792 eectrl - ok
18:07:38.0734 4792 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:07:38.0734 4792 ElbyCDIO - ok
18:07:38.0734 4792 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:07:38.0734 4792 ERSvc - ok
18:07:38.0750 4792 ESDCR - ok
18:07:38.0750 4792 ESMCR - ok
18:07:38.0781 4792 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:07:38.0781 4792 Eventlog - ok
18:07:38.0812 4792 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:07:38.0812 4792 EventSystem - ok
18:07:38.0828 4792 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:07:38.0828 4792 Fastfat - ok
18:07:38.0859 4792 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:07:38.0859 4792 FastUserSwitchingCompatibility - ok
18:07:38.0875 4792 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:07:38.0875 4792 Fdc - ok
18:07:38.0890 4792 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:07:38.0890 4792 Fips - ok
18:07:38.0906 4792 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:07:38.0906 4792 Flpydisk - ok
18:07:38.0921 4792 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:07:38.0921 4792 FltMgr - ok
18:07:38.0953 4792 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:07:38.0953 4792 FontCache3.0.0.0 - ok
18:07:38.0968 4792 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:07:38.0968 4792 Fs_Rec - ok
18:07:38.0984 4792 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:07:38.0984 4792 Ftdisk - ok
18:07:39.0015 4792 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:07:39.0015 4792 GEARAspiWDM - ok
18:07:39.0031 4792 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:07:39.0031 4792 Gpc - ok
18:07:39.0031 4792 grmnusb - ok
18:07:39.0093 4792 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:07:39.0093 4792 gupdate - ok
18:07:39.0093 4792 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:07:39.0093 4792 gupdatem - ok
18:07:39.0109 4792 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:07:39.0125 4792 gusvc - ok
18:07:39.0140 4792 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:07:39.0140 4792 HDAudBus - ok
18:07:39.0140 4792 hdthermal - ok
18:07:39.0187 4792 helpsvc - ok
18:07:39.0234 4792 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:07:39.0234 4792 HidServ - ok
18:07:39.0250 4792 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:07:39.0250 4792 hidusb - ok
18:07:39.0296 4792 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:07:39.0296 4792 hkmsvc - ok
18:07:39.0296 4792 hpn - ok
18:07:39.0328 4792 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:07:39.0343 4792 HTTP - ok
18:07:39.0359 4792 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:07:39.0375 4792 HTTPFilter - ok
18:07:39.0375 4792 i2omgmt - ok
18:07:39.0390 4792 i2omp - ok
18:07:39.0406 4792 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:07:39.0406 4792 i8042prt - ok
18:07:39.0421 4792 iam - ok
18:07:39.0515 4792 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:07:39.0515 4792 idsvc - ok
18:07:39.0546 4792 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:07:39.0546 4792 Imapi - ok
18:07:39.0562 4792 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:07:39.0562 4792 ImapiService - ok
18:07:39.0578 4792 infrastructure - ok
18:07:39.0578 4792 ini910u - ok
18:07:39.0578 4792 ino_fltr - ok
18:07:39.0593 4792 IntelIde - ok
18:07:39.0640 4792 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:07:39.0640 4792 intelppm - ok
18:07:39.0671 4792 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:07:39.0671 4792 Ip6Fw - ok
18:07:39.0703 4792 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:07:39.0703 4792 IpFilterDriver - ok
18:07:39.0718 4792 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:07:39.0718 4792 IpInIp - ok
18:07:39.0734 4792 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:07:39.0734 4792 IpNat - ok
18:07:39.0796 4792 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:07:39.0796 4792 iPod Service - ok
18:07:39.0828 4792 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:07:39.0828 4792 IPSec - ok
18:07:39.0859 4792 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:07:39.0859 4792 IRENUM - ok
18:07:39.0875 4792 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:07:39.0890 4792 isapnp - ok
18:07:39.0890 4792 iSMBIOS - ok
18:07:39.0937 4792 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
18:07:39.0937 4792 JavaQuickStarterService - ok
18:07:39.0953 4792 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:07:39.0953 4792 Kbdclass - ok
18:07:39.0984 4792 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:07:39.0984 4792 kmixer - ok
18:07:40.0000 4792 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:07:40.0000 4792 KSecDD - ok
18:07:40.0015 4792 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:07:40.0015 4792 lanmanserver - ok
18:07:40.0046 4792 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:07:40.0046 4792 lanmanworkstation - ok
18:07:40.0046 4792 lbrtfdc - ok
18:07:40.0062 4792 lhidusb - ok
18:07:40.0078 4792 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:07:40.0078 4792 LmHosts - ok
18:07:40.0125 4792 LMIGuardianSvc (2375e7e01635fbccde2f796a9e078e07) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
18:07:40.0125 4792 LMIGuardianSvc - ok
18:07:40.0156 4792 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:07:40.0156 4792 LMIInfo - ok
18:07:40.0187 4792 LMIMaint (b9c127273eaba403311854a8dcb6d0aa) C:\Program Files\LogMeIn\x86\RaMaint.exe
18:07:40.0187 4792 LMIMaint - ok
18:07:40.0203 4792 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:07:40.0203 4792 lmimirr - ok
18:07:40.0203 4792 LMIRfsClientNP - ok
18:07:40.0218 4792 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:07:40.0218 4792 LMIRfsDriver - ok
18:07:40.0234 4792 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
18:07:40.0250 4792 LogMeIn - ok
18:07:40.0265 4792 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:07:40.0265 4792 Messenger - ok
18:07:40.0281 4792 Microsoft SharePoint Workspace Audit Service - ok
18:07:40.0312 4792 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:07:40.0312 4792 mnmdd - ok
18:07:40.0343 4792 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:07:40.0343 4792 mnmsrvc - ok
18:07:40.0359 4792 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:07:40.0359 4792 Modem - ok
18:07:40.0375 4792 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:07:40.0375 4792 Mouclass - ok
18:07:40.0406 4792 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:07:40.0406 4792 mouhid - ok
18:07:40.0406 4792 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:07:40.0406 4792 MountMgr - ok
18:07:40.0421 4792 mraid35x - ok
18:07:40.0421 4792 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:07:40.0437 4792 MRxDAV - ok
18:07:40.0453 4792 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:07:40.0468 4792 MRxSmb - ok
18:07:40.0484 4792 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:07:40.0484 4792 MSDTC - ok
18:07:40.0500 4792 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:07:40.0500 4792 Msfs - ok
18:07:40.0500 4792 msgame - ok
18:07:40.0515 4792 msgsrvservice - ok
18:07:40.0515 4792 MSIServer - ok
18:07:40.0546 4792 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:07:40.0546 4792 MSKSSRV - ok
18:07:40.0562 4792 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:07:40.0562 4792 MSPCLOCK - ok
18:07:40.0562 4792 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:07:40.0562 4792 MSPQM - ok
18:07:40.0578 4792 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:07:40.0578 4792 mssmbios - ok
18:07:40.0578 4792 mssqlserveradhelper - ok
18:07:40.0609 4792 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:07:40.0609 4792 Mup - ok
18:07:40.0625 4792 NAL (16ea7d22102b952621ef4d4f87e3463b) C:\WINDOWS\system32\Drivers\iqvw32.sys
18:07:40.0625 4792 NAL - ok
18:07:40.0656 4792 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:07:40.0656 4792 napagent - ok
18:07:40.0671 4792 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:07:40.0671 4792 NDIS - ok
18:07:40.0703 4792 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:07:40.0703 4792 NdisTapi - ok
18:07:40.0718 4792 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:07:40.0718 4792 Ndisuio - ok
18:07:40.0734 4792 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:07:40.0734 4792 NdisWan - ok
18:07:40.0750 4792 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:07:40.0750 4792 NDProxy - ok
18:07:40.0765 4792 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:07:40.0765 4792 NetBIOS - ok
18:07:40.0812 4792 NetBT (e64b7a34be422d32ffb17533b733f08e) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:07:40.0812 4792 NetBT - ok
18:07:40.0843 4792 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:07:40.0843 4792 NetDDE - ok
18:07:40.0859 4792 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:07:40.0859 4792 NetDDEdsdm - ok
18:07:40.0890 4792 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:40.0890 4792 Netlogon - ok
18:07:40.0937 4792 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:07:40.0937 4792 Netman - ok
18:07:40.0968 4792 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:07:40.0968 4792 NetTcpPortSharing - ok
18:07:41.0000 4792 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:07:41.0000 4792 NIC1394 - ok
18:07:41.0015 4792 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:07:41.0031 4792 Nla - ok
18:07:41.0031 4792 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:07:41.0031 4792 Npfs - ok
18:07:41.0031 4792 nsm1mdfl - ok
18:07:41.0046 4792 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:07:41.0062 4792 Ntfs - ok
18:07:41.0062 4792 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:41.0062 4792 NtLmSsp - ok
18:07:41.0093 4792 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:07:41.0093 4792 NtmsSvc - ok
18:07:41.0109 4792 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:07:41.0109 4792 Null - ok
18:07:41.0312 4792 nv (f1de35c89d98a883d1b4030dc9896855) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:07:41.0375 4792 nv - ok
18:07:41.0421 4792 NVHDA (e10aacc565e0a8b76ac4fb912343d38e) C:\WINDOWS\system32\drivers\nvhda32.sys
18:07:41.0421 4792 NVHDA - ok
18:07:41.0421 4792 nvraid - ok
18:07:41.0453 4792 nvsvc (e13944917cfb081ebb9a9cf3b151c42f) C:\WINDOWS\system32\nvsvc32.exe
18:07:41.0453 4792 nvsvc - ok
18:07:41.0515 4792 nvUpdatusService (a446705ef408cf4813230b483b486370) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:07:41.0531 4792 nvUpdatusService - ok
18:07:41.0546 4792 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:07:41.0546 4792 NwlnkFlt - ok
18:07:41.0562 4792 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:07:41.0562 4792 NwlnkFwd - ok
18:07:41.0562 4792 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:07:41.0562 4792 ohci1394 - ok
18:07:41.0609 4792 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:07:41.0609 4792 ose - ok
18:07:41.0703 4792 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:07:41.0734 4792 osppsvc - ok
18:07:41.0781 4792 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:07:41.0781 4792 Parport - ok
18:07:41.0781 4792 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:07:41.0781 4792 PartMgr - ok
18:07:41.0796 4792 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:07:41.0796 4792 ParVdm - ok
18:07:41.0796 4792 pchost - ok
18:07:41.0812 4792 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:07:41.0812 4792 PCI - ok
18:07:41.0812 4792 PCIDump - ok
18:07:41.0843 4792 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:07:41.0843 4792 PCIIde - ok
18:07:41.0843 4792 PCISys - ok
18:07:41.0875 4792 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:07:41.0875 4792 Pcmcia - ok
18:07:41.0875 4792 PDCOMP - ok
18:07:41.0890 4792 PDFRAME - ok
18:07:41.0906 4792 PDRELI - ok
18:07:41.0906 4792 PDRFRAME - ok
18:07:41.0921 4792 perc2 - ok
18:07:41.0921 4792 perc2hib - ok
18:07:41.0953 4792 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:07:41.0953 4792 PlugPlay - ok
18:07:41.0953 4792 pnrouter - ok
18:07:41.0968 4792 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:41.0968 4792 PolicyAgent - ok
18:07:41.0984 4792 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:07:41.0984 4792 PptpMiniport - ok
18:07:41.0984 4792 processor - ok
18:07:42.0000 4792 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:42.0000 4792 ProtectedStorage - ok
18:07:42.0000 4792 proxyserverservice - ok
18:07:42.0031 4792 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:07:42.0031 4792 PSched - ok
18:07:42.0031 4792 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:07:42.0031 4792 Ptilink - ok
18:07:42.0046 4792 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:07:42.0046 4792 PxHelp20 - ok
18:07:42.0062 4792 ql1080 - ok
18:07:42.0062 4792 Ql10wnt - ok
18:07:42.0078 4792 ql12160 - ok
18:07:42.0093 4792 ql1240 - ok
18:07:42.0093 4792 ql1280 - ok
18:07:42.0109 4792 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:07:42.0109 4792 RasAcd - ok
18:07:42.0125 4792 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:07:42.0125 4792 RasAuto - ok
18:07:42.0156 4792 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:07:42.0156 4792 Rasl2tp - ok
18:07:42.0187 4792 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:07:42.0187 4792 RasMan - ok
18:07:42.0203 4792 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:07:42.0203 4792 RasPppoe - ok
18:07:42.0218 4792 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:07:42.0218 4792 Raspti - ok
18:07:42.0234 4792 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:07:42.0234 4792 Rdbss - ok
18:07:42.0250 4792 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:07:42.0250 4792 RDPCDD - ok
18:07:42.0265 4792 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:07:42.0265 4792 rdpdr - ok
18:07:42.0312 4792 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:07:42.0312 4792 RDPWD - ok
18:07:42.0328 4792 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:07:42.0328 4792 RDSessMgr - ok
18:07:42.0359 4792 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:07:42.0359 4792 redbook - ok
18:07:42.0406 4792 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:07:42.0406 4792 RemoteAccess - ok
18:07:42.0437 4792 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:07:42.0437 4792 RemoteRegistry - ok
18:07:42.0453 4792 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:07:42.0453 4792 RpcLocator - ok
18:07:42.0484 4792 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:07:42.0484 4792 RpcSs - ok
18:07:42.0500 4792 RR2IOMod - ok
18:07:42.0515 4792 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:07:42.0515 4792 RSVP - ok
18:07:42.0515 4792 s116obex - ok
18:07:42.0531 4792 s716nd5 - ok
18:07:42.0546 4792 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:07:42.0546 4792 SamSs - ok
18:07:42.0562 4792 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:07:42.0562 4792 SCardSvr - ok
18:07:42.0578 4792 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:07:42.0578 4792 Schedule - ok
18:07:42.0593 4792 se44bus - ok
18:07:42.0609 4792 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:07:42.0609 4792 Secdrv - ok
18:07:42.0625 4792 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:07:42.0625 4792 seclogon - ok
18:07:42.0640 4792 SED133x - ok
18:07:42.0640 4792 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
18:07:42.0656 4792 SENS - ok
18:07:42.0656 4792 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:07:42.0656 4792 serenum - ok
18:07:42.0671 4792 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:07:42.0671 4792 Serial - ok
18:07:42.0687 4792 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:07:42.0687 4792 Sfloppy - ok
18:07:42.0703 4792 sfng32 (5fe18fff6fbcf218290042009eab023d) C:\WINDOWS\system32\drivers\sfng32.sys
18:07:42.0718 4792 sfng32 - ok
18:07:42.0718 4792 sglogplayer - ok
18:07:42.0750 4792 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:07:42.0750 4792 SharedAccess - ok
18:07:42.0781 4792 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:07:42.0796 4792 ShellHWDetection - ok
18:07:42.0796 4792 Simbad - ok
18:07:42.0812 4792 slee_81_service - ok
18:07:42.0812 4792 Slpsvdr - ok
18:07:42.0828 4792 Sparrow - ok
18:07:42.0828 4792 spkrmon - ok
18:07:42.0859 4792 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:07:42.0859 4792 splitter - ok
18:07:42.0875 4792 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:07:42.0875 4792 Spooler - ok
18:07:42.0875 4792 SQLBrowser - ok
18:07:42.0906 4792 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:07:42.0906 4792 sr - ok
18:07:42.0921 4792 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:07:42.0921 4792 srservice - ok
18:07:42.0937 4792 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:07:42.0937 4792 Srv - ok
18:07:42.0968 4792 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:07:42.0968 4792 sscdbus - ok
18:07:43.0000 4792 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:07:43.0000 4792 sscdmdfl - ok
18:07:43.0015 4792 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:07:43.0015 4792 sscdmdm - ok
18:07:43.0031 4792 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
18:07:43.0031 4792 sscdserd - ok
18:07:43.0046 4792 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:07:43.0046 4792 SSDPSRV - ok
18:07:43.0093 4792 STacSV - ok
18:07:43.0140 4792 STHDA (6ad7569cc5e40b94932ec56097c5dccd) C:\WINDOWS\system32\drivers\sthda.sys
18:07:43.0140 4792 STHDA - ok
18:07:43.0171 4792 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:07:43.0171 4792 stisvc - ok
18:07:43.0187 4792 svcwrsssdk - ok
18:07:43.0203 4792 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:07:43.0203 4792 swenum - ok
18:07:43.0218 4792 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:07:43.0234 4792 swmidi - ok
18:07:43.0234 4792 SwPrv - ok
18:07:43.0250 4792 symc810 - ok
18:07:43.0250 4792 symc8xx - ok
18:07:43.0265 4792 symidsco - ok
18:07:43.0265 4792 sym_hi - ok
18:07:43.0281 4792 sym_u3 - ok
18:07:43.0296 4792 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:07:43.0296 4792 sysaudio - ok
18:07:43.0312 4792 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:07:43.0312 4792 SysmonLog - ok
18:07:43.0343 4792 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:07:43.0343 4792 TapiSrv - ok
18:07:43.0406 4792 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:07:43.0406 4792 Tcpip - ok
18:07:43.0437 4792 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:07:43.0437 4792 TDPIPE - ok
18:07:43.0453 4792 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:07:43.0453 4792 TDTCP - ok
18:07:43.0468 4792 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:07:43.0468 4792 TermDD - ok
18:07:43.0500 4792 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:07:43.0500 4792 TermService - ok
18:07:43.0531 4792 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:07:43.0531 4792 Themes - ok
18:07:43.0546 4792 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:07:43.0562 4792 TlntSvr - ok
18:07:43.0562 4792 TosIde - ok
18:07:43.0578 4792 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:07:43.0578 4792 TrkWks - ok
18:07:43.0609 4792 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:07:43.0609 4792 Udfs - ok
18:07:43.0609 4792 ultra - ok
18:07:43.0656 4792 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:07:43.0656 4792 Update - ok
18:07:43.0687 4792 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:07:43.0687 4792 upnphost - ok
18:07:43.0703 4792 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:07:43.0703 4792 UPS - ok
18:07:43.0718 4792 upsentry_smart - ok
18:07:43.0765 4792 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:07:43.0765 4792 USBAAPL - ok
18:07:43.0781 4792 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:07:43.0781 4792 usbaudio - ok
18:07:43.0812 4792 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:07:43.0812 4792 usbccgp - ok
18:07:43.0812 4792 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:07:43.0812 4792 usbehci - ok
18:07:43.0828 4792 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:07:43.0828 4792 usbhub - ok
18:07:43.0843 4792 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:07:43.0843 4792 usbprint - ok
18:07:43.0875 4792 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:07:43.0875 4792 usbscan - ok
18:07:43.0890 4792 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:07:43.0890 4792 USBSTOR - ok
18:07:43.0890 4792 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:07:43.0890 4792 usbuhci - ok
18:07:43.0906 4792 VAIOMediaPlatform-MusicServer-UPnP - ok
18:07:43.0921 4792 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:07:43.0921 4792 VgaSave - ok
18:07:43.0937 4792 ViaIde - ok
18:07:43.0937 4792 viamraid - ok
18:07:43.0937 4792 vmkbd2 - ok
18:07:43.0968 4792 vmnetbridge - ok
18:07:43.0968 4792 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:07:43.0968 4792 VolSnap - ok
18:07:44.0000 4792 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:07:44.0000 4792 VSS - ok
18:07:44.0062 4792 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
18:07:44.0078 4792 vToolbarUpdater10.2.0 - ok
18:07:44.0093 4792 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:07:44.0093 4792 W32Time - ok
18:07:44.0109 4792 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:07:44.0109 4792 Wanarp - ok
18:07:44.0109 4792 wap3gx - ok
18:07:44.0125 4792 WDICA - ok
18:07:44.0140 4792 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:07:44.0140 4792 wdmaud - ok
18:07:44.0156 4792 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:07:44.0156 4792 WebClient - ok
18:07:44.0156 4792 websensepolicyserver - ok
18:07:44.0171 4792 websenseuserservice - ok
18:07:44.0218 4792 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:07:44.0218 4792 winmgmt - ok
18:07:44.0234 4792 wlluc48 - ok
18:07:44.0250 4792 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:07:44.0250 4792 WmdmPmSN - ok
18:07:44.0281 4792 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:07:44.0281 4792 Wmi - ok
18:07:44.0312 4792 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:07:44.0312 4792 WmiApSrv - ok
18:07:44.0343 4792 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:07:44.0343 4792 WMPNetworkSvc - ok
18:07:44.0359 4792 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:07:44.0359 4792 WpdUsb - ok
18:07:44.0375 4792 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:07:44.0375 4792 WS2IFSL - ok
18:07:44.0406 4792 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:07:44.0406 4792 wscsvc - ok
18:07:44.0421 4792 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:07:44.0421 4792 wuauserv - ok
18:07:44.0437 4792 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:07:44.0437 4792 WudfPf - ok
18:07:44.0453 4792 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:07:44.0453 4792 WudfRd - ok
18:07:44.0468 4792 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:07:44.0468 4792 WudfSvc - ok
18:07:44.0500 4792 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:07:44.0500 4792 WZCSVC - ok
18:07:44.0531 4792 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:07:44.0531 4792 xmlprov - ok
18:07:44.0531 4792 ZuneBusEnum - ok
18:07:44.0562 4792 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:07:44.0687 4792 \Device\Harddisk0\DR0 - ok
18:07:44.0687 4792 Boot (0x1200) (a41f174154e568016feab56f48b8a240) \Device\Harddisk0\DR0\Partition0
18:07:44.0687 4792 \Device\Harddisk0\DR0\Partition0 - ok
18:07:44.0687 4792 ============================================================
18:07:44.0687 4792 Scan finished
18:07:44.0687 4792 ============================================================
18:07:44.0703 4788 Detected object count: 0
18:07:44.0703 4788 Actual detected object count: 0

#6 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 08 April 2012 - 07:36 PM

try combofix again and it worked. here is the log.

ComboFix 12-04-04.02 - Armando 04/08/2012 18:27:24.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1492 [GMT -5:00]
Running from: c:\documents and settings\Armando\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB17889$\2895029743
c:\windows\$NtUninstallKB17889$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-03-31 13:16 . 2012-03-31 13:16 -------- d-----w- c:\program files\IDT
2012-03-31 13:16 . 2008-04-11 01:08 212992 ----a-w- c:\windows\system32\stacsv.exe
2012-03-31 13:16 . 2008-04-11 01:06 2129920 ----a-w- c:\windows\system32\stlang.dll
2012-03-31 13:16 . 2008-04-11 01:05 7925760 ----a-w- c:\windows\system32\idtsg.cpl
2012-03-29 23:30 . 2012-03-29 23:30 388096 ----a-r- c:\documents and settings\Armando\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-29 23:30 . 2012-03-29 23:30 -------- d-----w- c:\program files\Trend Micro
2012-03-29 11:06 . 2012-03-29 11:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 11:06 . 2011-09-23 00:24 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-09 14:12 . 2012-03-09 14:12 121208 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2012-02-21 16:29 . 2012-01-17 20:03 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-21 16:29 . 2012-01-17 20:03 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-21 16:29 . 2012-01-17 20:03 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-21 16:29 . 2012-01-17 20:03 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-16 23:14 . 2012-01-16 23:12 1324 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2012-01-11 19:06 . 2012-02-14 21:03 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-01 21:18 . 2012-03-01 02:08 169928 ----a-w- c:\program files\64res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 19:39 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-01 39408]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-03-09 5934712]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NvMediaCenter"="NvMCTray.dll" [2011-04-08 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-04-08 13891176]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-02-24 1753192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-11 413696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-02-21 16:29 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 23:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 4 Tiberian Twilight\\Data\\CNC4.game"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [12/7/2011 7:21 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/16/2011 3:10 PM 12856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/11/2011 10:34 PM 2218600]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/12/2012 2:39 PM 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 4:23 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 4:23 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 4:23 PM 27216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [3/31/2011 8:25 PM 119272]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2011 7:13 AM 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 6:06 AM 253600]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/30/2011 12:56 AM 167264]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2011 7:13 AM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
iam
slee_81_service
hdthermal
upsentry_smart
dsNcAdpt
mssqlserveradhelper
s716nd5
wlluc48
cics.region1
processor
Slpsvdr
websensepolicyserver
SED133x
bridge
apphostsvc
msgsrvservice
ZuneBusEnum
pnrouter
atitool
viamraid
svcwrsssdk
lhidusb
wap3gx
nsm1mdfl
se44bus
DNE
cimnotify
msgame
PCISys
ca-messagequeuing
sglogplayer
infrastructure
RR2IOMod
eectrl
symidsco
spkrmon
ac97intc
ESMCR
ESDCR
CTAUDFX.DLL
nvraid
SQLBrowser
websenseuserservice
blueletscoaudio
VAIOMediaPlatform-MusicServer-UPnP
pchost
amdagp
aexnsclient
CVPND
grmnusb
proxyserverservice
vmnetbridge
s116obex
acdpowerservice
vmkbd2
backupexecagentaccelerator
ino_fltr
iSMBIOS
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 11:06]
.
2012-04-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-01 12:13]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-01 12:13]
.
2012-04-08 c:\windows\Tasks\User_Feed_Synchronization-{02DE66EC-3006-425E-B621-AF840EB377A8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-ImgBurn - c:\program files\ImgBurn\uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-08 18:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1408)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\RunDLL32.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-04-08 18:39:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-08 23:39
.
Pre-Run: 626,903,191,552 bytes free
Post-Run: 626,902,437,888 bytes free
.
- - End Of File - - B548BC58841F50D652ADD75FFF6724C8

#7 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:35 AM

Posted 09 April 2012 - 09:48 AM

Hi,

That's looking a bit better.

Can you run a scan with Malwarebytes (ensuring virus definitions are up to date) and copy/paste contents of it's log in your next reply.

How is your machine behaving now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#8 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 09 April 2012 - 01:16 PM

Updated and running Malwarebytes now. I wanted to point out that AVG has found multiple system restore points infected with trojan crypt.aqlw and AVG is also popping up threat found windows from folder c:\windows\system32 folder. If I tell it to remove the threat it just pops up saying it found another in the same folder. Threat name is IDP.Trojan.1C8D1A13

#9 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 09 April 2012 - 01:47 PM

AVG seems to be corrupted or something. I can't update it. Here is the malwarebytes log.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.09.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Armando :: AH-C99383DA6C57 [administrator]

4/9/2012 1:11:44 PM
mbam-log-2012-04-09 (13-11-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 286324
Time elapsed: 26 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:35 AM

Posted 09 April 2012 - 06:04 PM

Hello strikerx,

Don't worry, what AVG found in System Restore will be removed at the end of the cleaning process.

I'd like us to scan your machine with ESET OnlineScan
  • Right click on the following link and open ESET OnlineScan in a new window.ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


In your next reply, please copy/paste the contents of the following:
  • ESETScan


How is your machine running now?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#11 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 10 April 2012 - 06:27 AM

AVG is still finding threats in C:\WINDOWS\SYSTEM32\ (DIFFERENT DLL'S)

ESETScan log:

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP202\A0027824.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP202\A0027825.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP257\A0041032.exe a variant of Win32/Adware.Gamevance.BE application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP257\A0041035.dll a variant of Win32/Adware.Gamevance.BH application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP257\A0041036.dll a variant of Win32/Adware.Gamevance.BH application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP257\A0041037.dll a variant of Win32/Adware.Gamevance.BH application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP257\A0041038.dll a variant of Win32/Adware.Gamevance.BH application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP257\A0041173.exe Win32/Adware.Gamevance.BE application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A26770C7-950B-46F4-A3D7-593C0300F5C6}\RP281\A0045473.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\netbt.sys Win32/Sirefef.DA trojan unable to clean

#12 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:35 AM

Posted 10 April 2012 - 07:54 AM

Hello strikerx,

We need to run an OTL Custom Fix.

  • Please download OTL from the following mirror and save it to your desktop:

    This is THE Mirror
  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste all of the following code into the Posted Image textbox.
    /md5start
    netbt.sys
    /md5stop
  • Push Quick Scan
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
====================================================================================


I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

======================================================================================

In your next reply, please copy/paste the contents of the following:
  • OTL Report
  • aswMBR Log

Edited by ratman, 10 April 2012 - 08:05 AM.

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#13 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 10 April 2012 - 08:30 AM

OTL logfile created on: 4/10/2012 8:11:54 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Armando\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.53% Memory free
3.85 Gb Paging File | 3.14 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 578.81 Gb Free Space | 41.43% Space Free | Partition Type: NTFS

Computer Name: AH-C99383DA6C57 | User Name: Armando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 08:11:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
PRC - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 14:39:06 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/09 12:15:51 | 005,934,712 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012/02/21 11:29:32 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/21 11:29:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/04/08 00:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/12 14:39:06 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/12 14:39:05 | 001,869,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
MOD - [2012/03/12 14:39:05 | 000,692,224 | ---- | M] () -- C:\Program Files\AVG Secure Search\iGearedHelper.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/18 20:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsejcap.dll -- (ZuneBusEnum)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaudio.dll -- (wlluc48)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\https-admserv61.dll -- (websenseuserservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symtdi.dll -- (websensepolicyserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\x10nets.dll -- (wap3gx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BlueSoleilCS.dll -- (vmnetbridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\odysseyIM4.dll -- (vmkbd2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbuhci.dll -- (viamraid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btaudio.dll -- (VAIOMediaPlatform-MusicServer-UPnP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NTIDrvr.dll -- (upsentry_smart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\logonsvcid.dll -- (symidsco)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLBrowser.dll -- (svcwrsssdk)
SRV - File not found [Auto | Stopped] -- c:\docume~1\armando\locals~1\temp\cdm\{9f8cb0f0-df68-4ed5-99e1-16c745e08235}\STacSV.exe -- (STacSV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\alcan5wn.dll -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btserial.dll -- (spkrmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nicser_wmp11.dll -- (Slpsvdr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osanbm.dll -- (slee_81_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AFGMp50.dll -- (sglogplayer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTMSHD.dll -- (SED133x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftsata2.dll -- (se44bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnctdl.dll -- (s716nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeframework.dll -- (s116obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tbaspi.dll -- (RR2IOMod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\axskbus.dll -- (proxyserverservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\inetaccs.dll -- (processor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (pnrouter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvnforce.dll -- (PCISys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FETNDISB.dll -- (pchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agp440.dll -- (nvraid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\thinkpadmodemservice.dll -- (nsm1mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcc_device.dll -- (mssqlserveradhelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\csctl50.dll -- (msgsrvservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysenforce.dll -- (msgame)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSDFilter.dll -- (iSMBIOS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hotspotshieldservice.dll -- (ino_fltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\antivirservice.dll -- (infrastructure)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpskt.dll -- (iam)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symevent.dll -- (hdthermal)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ScsiPort.dll -- (grmnusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\megamonitorsrv.dll -- (ESMCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webfilter.dll -- (ESDCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysaidagent.dll -- (eectrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMCAST.dll -- (dsNcAdpt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\evteng.dll -- (DNE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Dfs.dll -- (CVPND)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvtnetwk.dll -- (CTAUDFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bbus.dll -- (cimnotify)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcpflics.dll -- (cics.region1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (ca-messagequeuing)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vncmirror.dll -- (bridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (blueletscoaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DELTA.dll -- (backupexecagentaccelerator)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stylexpservice.dll -- (atitool)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcradminserver.dll -- (apphostsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWSAP.dll -- (amdagp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flutilssvc.dll -- (aexnsclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RioS30.dll -- (acdpowerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gpc.dll -- (ac97intc)
SRV - [2012/03/29 06:06:30 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/21 11:29:32 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/21 11:29:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/08 00:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/09 09:12:36 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/02/21 11:29:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/03 10:59:20 | 000,119,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/05 16:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/12/02 04:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {ED258941-3C24-4965-BE2B-9041781F554C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002YYus&ptb=94DD0BA3-75FB-45C8-BEC8-73A29FFD7B54&psa=&ind=2011102318&ptnrS=XPxdm002YYus&si=COu3rafo_6sCFQtb7AodjBRBqg&st=sb&n=77defc6e&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{ED258941-3C24-4965-BE2B-9041781F554C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {ED258941-3C24-4965-BE2B-9041781F554C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2A80E34F-FCB7-4404-8FF4-CDF1CE7D0FDB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PPC&o=102944&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=6L&apn_dtid=YYYYYYB8US&apn_uid=a5936823-e973-4865-9f1d-1d84ee40a36e&apn_sauid=19362511-1FDB-4FD2-870F-8F4DA3A18ACF&
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1091BF6C-28B8-449D-844D-455775EEC836}&mid=d1485c74520147d6b972d15097a85bae-677e1c3d9af7d5771822ac15245c8880f6bdeb6c&lang=us&ds=AVG&pr=fr&d=2011-12-11 08:56:41&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002YYus&ptb=94DD0BA3-75FB-45C8-BEC8-73A29FFD7B54&psa=&ind=2011102318&ptnrS=XPxdm002YYus&si=COu3rafo_6sCFQtb7AodjBRBqg&st=sb&n=77defc6e&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{ED258941-3C24-4965-BE2B-9041781F554C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS425
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/10/13 19:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/01 18:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/01 18:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/12 14:39:13 | 000,000,000 | ---D | M]

[2011/10/09 12:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Armando\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/04/08 18:35:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301622855812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301622851031 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6964ED35-78DE-41FB-A8E1-B9BF33A7BDF8}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/31 20:02:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/09 21:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/08 18:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Desktop\tdsskiller
[2012/04/05 07:48:22 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
[2012/04/04 19:52:07 | 004,456,875 | R--- | C] (Swearware) -- C:\Documents and Settings\Armando\Desktop\ComboFix.exe
[2012/03/31 08:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/03/31 08:16:54 | 007,925,760 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2012/03/31 08:16:54 | 002,129,920 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2012/03/31 08:16:54 | 000,212,992 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2012/03/30 10:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Desktop\gmer
[2012/03/30 10:48:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Armando\Desktop\dds.scr
[2012/03/29 19:16:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/29 19:13:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/29 19:13:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/29 19:13:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/29 19:13:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/29 19:13:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/29 19:12:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 19:12:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Armando\Start Menu\Programs\Administrative Tools
[2012/03/29 18:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/29 18:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Start Menu\Programs\HiJackThis
[2012/03/29 18:16:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Armando\Recent
[2012/03/29 10:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/03/28 23:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/28 23:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/24 21:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/03/15 05:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Desktop\music
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 08:11:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
[2012/04/10 08:07:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 07:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/10 07:46:24 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{02DE66EC-3006-425E-B621-AF840EB377A8}.job
[2012/04/09 21:15:29 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/09 21:14:34 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 21:14:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 20:58:37 | 4223,236,096 | ---- | M] () -- C:\05_58789_CYBERBULLY.ISO
[2012/04/09 17:35:59 | 060,360,938 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/09 13:09:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/09 06:20:16 | 060,325,014 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2012/04/08 22:01:43 | 000,216,018 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/08 18:35:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/08 18:02:12 | 002,053,661 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\tdsskiller.zip
[2012/04/07 12:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/04 19:52:11 | 004,456,875 | R--- | M] (Swearware) -- C:\Documents and Settings\Armando\Desktop\ComboFix.exe
[2012/04/04 17:56:48 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2012/04/04 17:05:27 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\Shortcut to Carlos H (D).lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/30 18:53:05 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\Armando\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/30 10:58:34 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\gmer.zip
[2012/03/30 10:48:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Armando\Desktop\dds.scr
[2012/03/30 10:47:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Armando\defogger_reenable
[2012/03/29 19:16:06 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2012/03/29 19:00:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 18:58:51 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\MiniToolBox.exe
[2012/03/29 18:50:06 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\HiJackThis.lnk
[2012/03/29 18:13:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/24 21:03:23 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/03/15 03:19:38 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/12 16:38:52 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 16:38:52 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/09 20:53:47 | 4223,236,096 | ---- | C] () -- C:\05_58789_CYBERBULLY.ISO
[2012/04/08 18:02:05 | 002,053,661 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\tdsskiller.zip
[2012/04/04 17:05:27 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\Shortcut to Carlos H (D).lnk
[2012/03/30 10:58:34 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\gmer.zip
[2012/03/30 10:47:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Armando\defogger_reenable
[2012/03/29 19:16:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/29 19:16:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/29 19:13:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/29 19:13:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/29 19:13:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/29 19:13:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/29 19:13:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/29 18:58:46 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\MiniToolBox.exe
[2012/03/29 18:30:15 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\HiJackThis.lnk
[2012/03/29 06:06:32 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/24 21:03:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/02/29 21:08:39 | 000,169,928 | ---- | C] () -- C:\Program Files\64res.dll
[2012/02/14 16:03:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/24 23:50:44 | 000,704,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/11 22:33:10 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/11 22:33:10 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/11 22:33:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/07 21:48:10 | 000,000,173 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/04/05 21:50:16 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/04/05 21:32:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/05 21:32:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/04/05 21:32:54 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/05 21:32:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/05 21:32:54 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/01 18:34:49 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 18:13:28 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\Armando\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 20:19:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 20:19:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/31 20:04:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 19:58:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/31 15:56:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/31 15:55:15 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

========== LOP Check ==========

[2012/03/12 14:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/03/31 21:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/31 20:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/31 20:51:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/26 22:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/12/23 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/04/10 08:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/21 08:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/29 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/05/22 21:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/06/26 19:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/01/11 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/11 21:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\AVG Secure Search
[2011/03/31 20:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\AVG10
[2011/10/21 08:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\AVG2012
[2011/06/24 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\AviDvdBurner
[2011/06/26 21:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\BDREBUILDER
[2011/09/24 21:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\Command and Conquer 4
[2011/04/01 18:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\DDMSettings
[2011/04/08 16:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\HandBrake
[2011/06/26 22:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\ImgBurn
[2011/03/31 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\InterTrust
[2012/01/01 16:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\StreamTorrent
[2011/10/09 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\Unity
[2012/03/30 06:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\uTorrent
[2012/04/10 07:46:24 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{02DE66EC-3006-425E-B621-AF840EB377A8}.job

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: NETBT.SYS >
[2006/02/28 07:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 14:21:00 | 000,162,816 | ---- | M] () MD5=E64B7A34BE422D32FFB17533B733F08E -- C:\WINDOWS\system32\drivers\netbt.sys

< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 08:17:12
-----------------------------
08:17:12.609 OS Version: Windows 5.1.2600 Service Pack 3
08:17:12.609 Number of processors: 2 586 0xF06
08:17:12.609 ComputerName: AH-C99383DA6C57 UserName: Armando
08:17:15.093 Initialize success
08:19:47.937 AVAST engine defs: 12041001
08:20:11.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
08:20:11.187 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
08:20:11.187 Disk 0 MBR read successfully
08:20:11.187 Disk 0 MBR scan
08:20:11.203 Disk 0 Windows XP default MBR code
08:20:11.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1430789 MB offset 63
08:20:11.203 Disk 0 scanning sectors +2930256000
08:20:11.296 Disk 0 scanning C:\WINDOWS\system32\drivers
08:20:15.437 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ASC [Rtk]
08:20:19.078 Disk 0 trace - called modules:
08:20:19.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:20:19.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3a1ab8]
08:20:19.093 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a3e0f18]
08:20:19.093 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a355d98]
08:20:21.656 AVAST engine scan C:\WINDOWS
08:20:27.359 AVAST engine scan C:\WINDOWS\system32
08:22:47.546 AVAST engine scan C:\WINDOWS\system32\drivers
08:22:54.343 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ASC [Rtk]
08:23:37.968 AVAST engine scan C:\Documents and Settings\Armando
08:28:00.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Armando\Desktop\MBR.dat"
08:28:00.953 The log file has been saved successfully to "C:\Documents and Settings\Armando\Desktop\aswMBR.txt"

#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:35 AM

Posted 10 April 2012 - 09:01 AM

Hello strikerx,

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Files
    C:\WINDOWS\system32\drivers\netbt.sys|C:\WINDOWS\ServicePackFiles\i386\netbt.sys /replace
  • Push Quick Scan
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
==================================================================

Please do another scan with aswMBR and post it's log in your next reply.

===================================================================


In your next reply, please copy/paste the contents of the following:
  • OTL Report
  • aswMBR Log
How is your machine running now?

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 strikerx

strikerx
  • Topic Starter

  • Members
  • 75 posts
  • OFFLINE
  •  
  • Local time:10:35 PM

Posted 10 April 2012 - 09:50 AM

The file swap didn't happen. AVG still finding threats in system32 folder.


OTL logfile created on: 4/10/2012 9:07:15 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Armando\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.28% Memory free
3.85 Gb Paging File | 3.01 Gb Available in Paging File | 78.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 1397.25 Gb Total Space | 578.49 Gb Free Space | 41.40% Space Free | Partition Type: NTFS

Computer Name: AH-C99383DA6C57 | User Name: Armando | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 08:11:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
PRC - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 14:39:06 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/09 12:15:51 | 005,934,712 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2012/02/21 11:29:32 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/21 11:29:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/04/08 00:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/12 14:39:06 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/03/12 14:39:05 | 001,869,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011/01/18 20:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsejcap.dll -- (ZuneBusEnum)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viaudio.dll -- (wlluc48)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\https-admserv61.dll -- (websenseuserservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symtdi.dll -- (websensepolicyserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\x10nets.dll -- (wap3gx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\BlueSoleilCS.dll -- (vmnetbridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\odysseyIM4.dll -- (vmkbd2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbuhci.dll -- (viamraid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btaudio.dll -- (VAIOMediaPlatform-MusicServer-UPnP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NTIDrvr.dll -- (upsentry_smart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\logonsvcid.dll -- (symidsco)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SQLBrowser.dll -- (svcwrsssdk)
SRV - File not found [Auto | Stopped] -- c:\docume~1\armando\locals~1\temp\cdm\{9f8cb0f0-df68-4ed5-99e1-16c745e08235}\STacSV.exe -- (STacSV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\alcan5wn.dll -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btserial.dll -- (spkrmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nicser_wmp11.dll -- (Slpsvdr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\osanbm.dll -- (slee_81_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AFGMp50.dll -- (sglogplayer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTMSHD.dll -- (SED133x)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftsata2.dll -- (se44bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnctdl.dll -- (s716nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcafeeframework.dll -- (s116obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tbaspi.dll -- (RR2IOMod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\axskbus.dll -- (proxyserverservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\inetaccs.dll -- (processor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RIOUNIV.dll -- (pnrouter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvnforce.dll -- (PCISys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FETNDISB.dll -- (pchost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agp440.dll -- (nvraid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\thinkpadmodemservice.dll -- (nsm1mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcc_device.dll -- (mssqlserveradhelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\csctl50.dll -- (msgsrvservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysenforce.dll -- (msgame)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pchost.dll -- (lhidusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSDFilter.dll -- (iSMBIOS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hotspotshieldservice.dll -- (ino_fltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\antivirservice.dll -- (infrastructure)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rpskt.dll -- (iam)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symevent.dll -- (hdthermal)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ScsiPort.dll -- (grmnusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\megamonitorsrv.dll -- (ESMCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webfilter.dll -- (ESDCR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysaidagent.dll -- (eectrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RMCAST.dll -- (dsNcAdpt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\evteng.dll -- (DNE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Dfs.dll -- (CVPND)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvtnetwk.dll -- (CTAUDFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Bbus.dll -- (cimnotify)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dcpflics.dll -- (cics.region1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdvp.dll -- (ca-messagequeuing)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vncmirror.dll -- (bridge)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nmwcdc.dll -- (blueletscoaudio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DELTA.dll -- (backupexecagentaccelerator)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\stylexpservice.dll -- (atitool)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pcradminserver.dll -- (apphostsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWSAP.dll -- (amdagp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\flutilssvc.dll -- (aexnsclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RioS30.dll -- (acdpowerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gpc.dll -- (ac97intc)
SRV - [2012/03/29 06:06:30 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/12 14:39:07 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/21 11:29:32 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/21 11:29:25 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/08 00:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Armando\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/09 09:12:36 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2012/02/21 11:29:26 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/03 10:59:20 | 000,119,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/07/05 16:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/12/02 04:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {ED258941-3C24-4965-BE2B-9041781F554C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002YYus&ptb=94DD0BA3-75FB-45C8-BEC8-73A29FFD7B54&psa=&ind=2011102318&ptnrS=XPxdm002YYus&si=COu3rafo_6sCFQtb7AodjBRBqg&st=sb&n=77defc6e&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{ED258941-3C24-4965-BE2B-9041781F554C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {ED258941-3C24-4965-BE2B-9041781F554C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2A80E34F-FCB7-4404-8FF4-CDF1CE7D0FDB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PPC&o=102944&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=6L&apn_dtid=YYYYYYB8US&apn_uid=a5936823-e973-4865-9f1d-1d84ee40a36e&apn_sauid=19362511-1FDB-4FD2-870F-8F4DA3A18ACF&
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1091BF6C-28B8-449D-844D-455775EEC836}&mid=d1485c74520147d6b972d15097a85bae-677e1c3d9af7d5771822ac15245c8880f6bdeb6c&lang=us&ds=AVG&pr=fr&d=2011-12-11 08:56:41&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002YYus&ptb=94DD0BA3-75FB-45C8-BEC8-73A29FFD7B54&psa=&ind=2011102318&ptnrS=XPxdm002YYus&si=COu3rafo_6sCFQtb7AodjBRBqg&st=sb&n=77defc6e&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{ED258941-3C24-4965-BE2B-9041781F554C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS425
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/10/13 19:33:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/01 18:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/01 18:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/12 14:39:13 | 000,000,000 | ---D | M]

[2011/10/09 12:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Armando\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2012/04/08 18:35:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301622855812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301622851031 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6964ED35-78DE-41FB-A8E1-B9BF33A7BDF8}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/31 20:02:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 08:16:56 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Armando\Desktop\aswMBR.exe
[2012/04/09 21:04:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/08 18:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Desktop\tdsskiller
[2012/04/05 07:48:22 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
[2012/04/04 19:52:07 | 004,456,875 | R--- | C] (Swearware) -- C:\Documents and Settings\Armando\Desktop\ComboFix.exe
[2012/03/31 08:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/03/31 08:16:54 | 007,925,760 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\idtsg.cpl
[2012/03/31 08:16:54 | 002,129,920 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2012/03/31 08:16:54 | 000,212,992 | ---- | C] (IDT, Inc.) -- C:\WINDOWS\System32\stacsv.exe
[2012/03/30 10:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Desktop\gmer
[2012/03/30 10:48:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Armando\Desktop\dds.scr
[2012/03/29 19:16:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/29 19:13:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/29 19:13:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/29 19:13:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/29 19:13:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/29 19:13:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/29 19:12:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/29 19:12:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Armando\Start Menu\Programs\Administrative Tools
[2012/03/29 18:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/29 18:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Start Menu\Programs\HiJackThis
[2012/03/29 18:16:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Armando\Recent
[2012/03/29 10:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/03/28 23:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/28 23:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/24 21:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/03/15 05:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armando\Desktop\music
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 09:07:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 08:52:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/10 08:28:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\MBR.dat
[2012/04/10 08:25:26 | 060,389,293 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/10 08:17:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Armando\Desktop\aswMBR.exe
[2012/04/10 08:11:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armando\Desktop\OTL.exe
[2012/04/10 07:46:24 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{02DE66EC-3006-425E-B621-AF840EB377A8}.job
[2012/04/09 21:15:29 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/09 21:14:34 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 21:14:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 20:58:37 | 4223,236,096 | ---- | M] () -- C:\05_58789_CYBERBULLY.ISO
[2012/04/09 17:35:59 | 060,360,938 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2012/04/09 13:09:59 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/08 22:01:43 | 000,216,018 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/08 18:35:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/08 18:02:12 | 002,053,661 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\tdsskiller.zip
[2012/04/07 12:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/04 19:52:11 | 004,456,875 | R--- | M] (Swearware) -- C:\Documents and Settings\Armando\Desktop\ComboFix.exe
[2012/04/04 17:56:48 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk
[2012/04/04 17:05:27 | 000,000,283 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\Shortcut to Carlos H (D).lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/30 18:53:05 | 000,151,040 | ---- | M] () -- C:\Documents and Settings\Armando\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/30 10:58:34 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\gmer.zip
[2012/03/30 10:48:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Armando\Desktop\dds.scr
[2012/03/30 10:47:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Armando\defogger_reenable
[2012/03/29 19:16:06 | 000,000,327 | -HS- | M] () -- C:\boot.ini
[2012/03/29 19:00:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/29 18:58:51 | 000,396,041 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\MiniToolBox.exe
[2012/03/29 18:50:06 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Armando\Desktop\HiJackThis.lnk
[2012/03/29 18:13:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/24 21:03:23 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/03/15 03:19:38 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/12 16:38:52 | 000,436,026 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 16:38:52 | 000,068,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 08:28:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\MBR.dat
[2012/04/09 20:53:47 | 4223,236,096 | ---- | C] () -- C:\05_58789_CYBERBULLY.ISO
[2012/04/08 18:02:05 | 002,053,661 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\tdsskiller.zip
[2012/04/04 17:05:27 | 000,000,283 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\Shortcut to Carlos H (D).lnk
[2012/03/30 10:58:34 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\gmer.zip
[2012/03/30 10:47:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Armando\defogger_reenable
[2012/03/29 19:16:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/29 19:16:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/29 19:13:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/29 19:13:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/29 19:13:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/29 19:13:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/29 19:13:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/29 18:58:46 | 000,396,041 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\MiniToolBox.exe
[2012/03/29 18:30:15 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\Armando\Desktop\HiJackThis.lnk
[2012/03/29 06:06:32 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/24 21:03:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/02/29 21:08:39 | 000,169,928 | ---- | C] () -- C:\Program Files\64res.dll
[2012/02/14 16:03:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/24 23:50:44 | 000,704,944 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/05/11 22:33:10 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/11 22:33:10 | 000,259,604 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/11 22:33:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/07 21:48:10 | 000,000,173 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2011/04/05 21:50:16 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2011/04/05 21:32:55 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/04/05 21:32:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/04/05 21:32:54 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/04/05 21:32:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/04/05 21:32:54 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/01 18:34:49 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/01 18:13:28 | 000,151,040 | ---- | C] () -- C:\Documents and Settings\Armando\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 20:19:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 20:19:16 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/03/31 20:04:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 19:58:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/31 15:56:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/31 15:55:15 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

========== LOP Check ==========

[2012/03/12 14:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/03/31 21:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/03/31 20:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/31 20:51:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/06/26 22:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/12/23 10:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/04/10 08:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/21 08:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/02/29 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Origin
[2011/05/22 21:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/06/26 19:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2012/01/11 22:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/11 21:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\AVG Secure Search
[2011/03/31 20:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\AVG10
[2011/10/21 08:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\AVG2012
[2011/06/24 16:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\AviDvdBurner
[2011/06/26 21:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\BDREBUILDER
[2011/09/24 21:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\Command and Conquer 4
[2011/04/01 18:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\DDMSettings
[2011/04/08 16:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\HandBrake
[2011/06/26 22:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\ImgBurn
[2011/03/31 20:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\InterTrust
[2012/01/01 16:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\StreamTorrent
[2011/10/09 12:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\Unity
[2012/03/30 06:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armando\Application Data\uTorrent
[2012/04/10 07:46:24 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{02DE66EC-3006-425E-B621-AF840EB377A8}.job

========== Purity Check ==========



========== Custom Scans ==========

< :Files >

< C:\WINDOWS\system32\drivers\netbt.sys|C:\WINDOWS\ServicePackFiles\i386\netbt.sys /replace >
Invalid Switch: replace

< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 08:17:12
-----------------------------
08:17:12.609 OS Version: Windows 5.1.2600 Service Pack 3
08:17:12.609 Number of processors: 2 586 0xF06
08:17:12.609 ComputerName: AH-C99383DA6C57 UserName: Armando
08:17:15.093 Initialize success
08:19:47.937 AVAST engine defs: 12041001
08:20:11.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
08:20:11.187 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
08:20:11.187 Disk 0 MBR read successfully
08:20:11.187 Disk 0 MBR scan
08:20:11.203 Disk 0 Windows XP default MBR code
08:20:11.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1430789 MB offset 63
08:20:11.203 Disk 0 scanning sectors +2930256000
08:20:11.296 Disk 0 scanning C:\WINDOWS\system32\drivers
08:20:15.437 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ASC [Rtk]
08:20:19.078 Disk 0 trace - called modules:
08:20:19.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:20:19.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3a1ab8]
08:20:19.093 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a3e0f18]
08:20:19.093 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a355d98]
08:20:21.656 AVAST engine scan C:\WINDOWS
08:20:27.359 AVAST engine scan C:\WINDOWS\system32
08:22:47.546 AVAST engine scan C:\WINDOWS\system32\drivers
08:22:54.343 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ASC [Rtk]
08:23:37.968 AVAST engine scan C:\Documents and Settings\Armando
08:28:00.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Armando\Desktop\MBR.dat"
08:28:00.953 The log file has been saved successfully to "C:\Documents and Settings\Armando\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-10 09:13:13
-----------------------------
09:13:13.593 OS Version: Windows 5.1.2600 Service Pack 3
09:13:13.593 Number of processors: 2 586 0xF06
09:13:13.593 ComputerName: AH-C99383DA6C57 UserName: Armando
09:13:27.515 Initialize success
09:13:35.078 AVAST engine defs: 12041001
09:13:39.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
09:13:39.484 Disk 0 Vendor: ST31500341AS CC1H Size: 1430799MB BusType: 3
09:13:39.515 Disk 0 MBR read successfully
09:13:39.515 Disk 0 MBR scan
09:13:39.609 Disk 0 Windows XP default MBR code
09:13:39.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1430789 MB offset 63
09:13:39.734 Disk 0 scanning sectors +2930256000
09:13:39.843 Disk 0 scanning C:\WINDOWS\system32\drivers
09:13:51.406 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ASC [Rtk]
09:14:00.531 Disk 0 trace - called modules:
09:14:00.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
09:14:00.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a3a1ab8]
09:14:00.546 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8a3e0f18]
09:14:00.562 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x8a355d98]
09:14:13.781 AVAST engine scan C:\WINDOWS
09:15:26.546 AVAST engine scan C:\WINDOWS\system32
09:26:00.109 AVAST engine scan C:\WINDOWS\system32\drivers
09:26:18.062 File: C:\WINDOWS\system32\drivers\netbt.sys **INFECTED** Win32:Alureon-ASC [Rtk]
09:28:32.875 AVAST engine scan C:\Documents and Settings\Armando
09:49:30.453 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Armando\Desktop\MBR.dat"
09:49:30.453 The log file has been saved successfully to "C:\Documents and Settings\Armando\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users