Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan BCMiner, Sirefef, Zaccess


  • This topic is locked This topic is locked
27 replies to this topic

#1 wags1424

wags1424

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 July 2012 - 01:05 AM

Not sure how i received all of these. Computer was fine til the other day when i was getting redirects while browsing the internet. I ran MBAM along with TDSS Killer which i will also post the logs of. MBAM deleted sirefef and bcminer but additional scans with MBAM still show Zaccess lurking around. The first scan of gmer i was not able to save but i know it included a couple of extra things the 2nd saved scan did not pick up. 2nd scan didnt pick up a hidden data stream in the explorer.exe process like it did the first time. Heres the mbam and tdss killer logs first as i ran those before the other required logs. Thanks!



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Brett :: OWNER-BD80C925C [administrator]

7/8/2012 12:59:53 AM
mbam-log-2012-07-08 (00-59-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269830
Time elapsed: 26 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\WINDOWS\Installer\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)


01:02:31.0343 1052 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
01:02:33.0343 1052 ============================================================
01:02:33.0343 1052 Current date / time: 2012/07/09 01:02:33.0343
01:02:33.0343 1052 SystemInfo:
01:02:33.0343 1052
01:02:33.0343 1052 OS Version: 5.1.2600 ServicePack: 3.0
01:02:33.0343 1052 Product type: Workstation
01:02:33.0343 1052 ComputerName: OWNER-BD80C925C
01:02:33.0343 1052 UserName: Brett
01:02:33.0343 1052 Windows directory: C:\WINDOWS
01:02:33.0343 1052 System windows directory: C:\WINDOWS
01:02:33.0343 1052 Processor architecture: Intel x86
01:02:33.0343 1052 Number of processors: 1
01:02:33.0343 1052 Page size: 0x1000
01:02:33.0343 1052 Boot type: Normal boot
01:02:33.0343 1052 ============================================================
01:02:39.0437 1052 Drive \Device\Harddisk0\DR0 - Size: 0x12A04E9E00 (74.50 Gb), SectorSize: 0x200, Cylinders: 0x25FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:02:39.0546 1052 ============================================================
01:02:39.0546 1052 \Device\Harddisk0\DR0:
01:02:39.0765 1052 MBR partitions:
01:02:39.0765 1052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FAABD
01:02:39.0765 1052 ============================================================
01:02:41.0140 1052 C: <-> \Device\Harddisk0\DR0\Partition0
01:02:41.0140 1052 ============================================================
01:02:41.0140 1052 Initialize success
01:02:41.0140 1052 ============================================================
01:03:04.0531 1504 ============================================================
01:03:04.0531 1504 Scan started
01:03:04.0531 1504 Mode: Manual;
01:03:04.0531 1504 ============================================================
01:03:04.0953 1504 Abiosdsk - ok
01:03:04.0968 1504 abp480n5 - ok
01:03:05.0031 1504 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:03:05.0046 1504 ACPI - ok
01:03:05.0093 1504 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:03:05.0093 1504 ACPIEC - ok
01:03:05.0093 1504 adpu160m - ok
01:03:05.0156 1504 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
01:03:05.0171 1504 aec - ok
01:03:05.0218 1504 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
01:03:05.0234 1504 AFD - ok
01:03:05.0250 1504 Aha154x - ok
01:03:05.0250 1504 aic78u2 - ok
01:03:05.0265 1504 aic78xx - ok
01:03:05.0328 1504 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
01:03:05.0328 1504 Alerter - ok
01:03:05.0343 1504 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
01:03:05.0343 1504 ALG - ok
01:03:05.0343 1504 AliIde - ok
01:03:05.0359 1504 amsint - ok
01:03:05.0500 1504 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:03:05.0500 1504 Apple Mobile Device - ok
01:03:05.0515 1504 AppMgmt - ok
01:03:05.0515 1504 asc - ok
01:03:05.0531 1504 asc3350p - ok
01:03:05.0546 1504 asc3550 - ok
01:03:05.0640 1504 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:03:05.0640 1504 aspnet_state - ok
01:03:05.0687 1504 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:03:05.0687 1504 AsyncMac - ok
01:03:05.0734 1504 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:03:05.0734 1504 atapi - ok
01:03:05.0750 1504 Atdisk - ok
01:03:05.0781 1504 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:03:05.0796 1504 Atmarpc - ok
01:03:05.0828 1504 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
01:03:05.0828 1504 AudioSrv - ok
01:03:05.0875 1504 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:03:05.0875 1504 audstub - ok
01:03:05.0937 1504 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
01:03:05.0937 1504 AVGIDSEH - ok
01:03:06.0000 1504 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
01:03:06.0015 1504 Avgldx86 - ok
01:03:06.0093 1504 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
01:03:06.0109 1504 Avgmfx86 - ok
01:03:06.0156 1504 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
01:03:06.0156 1504 Avgrkx86 - ok
01:03:06.0187 1504 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
01:03:06.0203 1504 Avgtdix - ok
01:03:06.0296 1504 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
01:03:06.0328 1504 avgwd - ok
01:03:06.0375 1504 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:03:06.0375 1504 Beep - ok
01:03:06.0453 1504 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
01:03:06.0468 1504 BITS - ok
01:03:06.0578 1504 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe
01:03:06.0593 1504 Bonjour Service - ok
01:03:06.0640 1504 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
01:03:06.0640 1504 Browser - ok
01:03:06.0687 1504 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:03:06.0687 1504 cbidf2k - ok
01:03:06.0687 1504 cd20xrnt - ok
01:03:06.0750 1504 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:03:06.0750 1504 Cdaudio - ok
01:03:06.0796 1504 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
01:03:06.0796 1504 Cdfs - ok
01:03:06.0859 1504 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:03:06.0859 1504 Cdrom - ok
01:03:06.0875 1504 Changer - ok
01:03:06.0906 1504 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
01:03:06.0906 1504 CiSvc - ok
01:03:06.0921 1504 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
01:03:06.0921 1504 ClipSrv - ok
01:03:07.0015 1504 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:03:07.0015 1504 clr_optimization_v2.0.50727_32 - ok
01:03:07.0125 1504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:03:07.0140 1504 clr_optimization_v4.0.30319_32 - ok
01:03:07.0156 1504 CmdIde - ok
01:03:07.0171 1504 COMSysApp - ok
01:03:07.0187 1504 Cpqarray - ok
01:03:07.0250 1504 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
01:03:07.0250 1504 CryptSvc - ok
01:03:07.0250 1504 dac2w2k - ok
01:03:07.0265 1504 dac960nt - ok
01:03:07.0343 1504 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:03:07.0359 1504 DcomLaunch - ok
01:03:07.0421 1504 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
01:03:07.0421 1504 Dhcp - ok
01:03:07.0437 1504 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
01:03:07.0437 1504 Disk - ok
01:03:07.0453 1504 dmadmin - ok
01:03:07.0531 1504 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
01:03:07.0593 1504 dmboot - ok
01:03:07.0625 1504 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
01:03:07.0640 1504 dmio - ok
01:03:07.0671 1504 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:03:07.0671 1504 dmload - ok
01:03:07.0703 1504 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
01:03:07.0718 1504 dmserver - ok
01:03:07.0765 1504 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
01:03:07.0765 1504 DMusic - ok
01:03:07.0812 1504 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
01:03:07.0843 1504 Dnscache - ok
01:03:07.0890 1504 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
01:03:07.0890 1504 Dot3svc - ok
01:03:07.0906 1504 dpti2o - ok
01:03:07.0953 1504 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
01:03:07.0953 1504 drmkaud - ok
01:03:08.0015 1504 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
01:03:08.0015 1504 E100B - ok
01:03:08.0093 1504 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
01:03:08.0093 1504 EapHost - ok
01:03:08.0125 1504 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
01:03:08.0125 1504 ERSvc - ok
01:03:08.0187 1504 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:03:08.0187 1504 Eventlog - ok
01:03:08.0265 1504 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
01:03:08.0265 1504 EventSystem - ok
01:03:08.0328 1504 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
01:03:08.0343 1504 Fastfat - ok
01:03:08.0390 1504 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:03:08.0406 1504 FastUserSwitchingCompatibility - ok
01:03:08.0468 1504 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
01:03:08.0468 1504 Fdc - ok
01:03:08.0484 1504 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
01:03:08.0484 1504 Fips - ok
01:03:08.0500 1504 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
01:03:08.0500 1504 Flpydisk - ok
01:03:08.0546 1504 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
01:03:08.0562 1504 FltMgr - ok
01:03:08.0656 1504 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:03:08.0656 1504 FontCache3.0.0.0 - ok
01:03:08.0703 1504 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:03:08.0703 1504 Fs_Rec - ok
01:03:08.0718 1504 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:03:08.0734 1504 Ftdisk - ok
01:03:08.0781 1504 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
01:03:08.0781 1504 GEARAspiWDM - ok
01:03:08.0796 1504 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:03:08.0812 1504 Gpc - ok
01:03:08.0906 1504 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:03:08.0906 1504 helpsvc - ok
01:03:08.0953 1504 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
01:03:08.0953 1504 HidServ - ok
01:03:09.0000 1504 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:03:09.0000 1504 hidusb - ok
01:03:09.0046 1504 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
01:03:09.0062 1504 hkmsvc - ok
01:03:09.0062 1504 hpn - ok
01:03:09.0125 1504 HSFHWBS2 (6db36593abdda54c505b77a4f135d5f3) C:\WINDOWS\system32\DRIVERS\USR_BSC2.sys
01:03:09.0140 1504 HSFHWBS2 - ok
01:03:09.0234 1504 HSF_DPV (01dc6300bd5b4eaa3de6fc3fa4adb82a) C:\WINDOWS\system32\DRIVERS\USR_MDMV.sys
01:03:09.0281 1504 HSF_DPV - ok
01:03:09.0343 1504 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
01:03:09.0343 1504 HTTP - ok
01:03:09.0406 1504 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
01:03:09.0406 1504 HTTPFilter - ok
01:03:09.0421 1504 i2omgmt - ok
01:03:09.0421 1504 i2omp - ok
01:03:09.0484 1504 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
01:03:09.0484 1504 i8042prt - ok
01:03:09.0593 1504 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
01:03:09.0640 1504 ialm - ok
01:03:09.0796 1504 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:03:09.0828 1504 idsvc - ok
01:03:09.0937 1504 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:03:09.0937 1504 Imapi - ok
01:03:10.0000 1504 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
01:03:10.0015 1504 ImapiService - ok
01:03:10.0031 1504 ini910u - ok
01:03:10.0078 1504 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
01:03:10.0078 1504 IntelIde - ok
01:03:10.0125 1504 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:03:10.0125 1504 intelppm - ok
01:03:10.0187 1504 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
01:03:10.0187 1504 Ip6Fw - ok
01:03:10.0218 1504 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:03:10.0234 1504 IpFilterDriver - ok
01:03:10.0265 1504 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:03:10.0265 1504 IpInIp - ok
01:03:10.0296 1504 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:03:10.0312 1504 IpNat - ok
01:03:10.0421 1504 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe
01:03:10.0453 1504 iPod Service - ok
01:03:10.0500 1504 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:03:10.0515 1504 IPSec - ok
01:03:10.0546 1504 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:03:10.0546 1504 IRENUM - ok
01:03:10.0593 1504 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:03:10.0593 1504 isapnp - ok
01:03:10.0687 1504 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
01:03:10.0687 1504 JavaQuickStarterService - ok
01:03:10.0750 1504 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:03:10.0750 1504 Kbdclass - ok
01:03:10.0765 1504 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:03:10.0765 1504 kbdhid - ok
01:03:10.0812 1504 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
01:03:10.0828 1504 kmixer - ok
01:03:10.0890 1504 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
01:03:10.0890 1504 KSecDD - ok
01:03:10.0953 1504 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
01:03:10.0968 1504 LanmanServer - ok
01:03:11.0031 1504 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
01:03:11.0031 1504 lanmanworkstation - ok
01:03:11.0046 1504 lbrtfdc - ok
01:03:11.0125 1504 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
01:03:11.0125 1504 LmHosts - ok
01:03:11.0218 1504 lxdnCATSCustConnectService (ab694fa24e02246f9ddcdd729d6b9278) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
01:03:11.0234 1504 lxdnCATSCustConnectService - ok
01:03:11.0250 1504 lxdn_device - ok
01:03:11.0296 1504 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
01:03:11.0296 1504 mdmxsdk - ok
01:03:11.0328 1504 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
01:03:11.0343 1504 Messenger - ok
01:03:11.0406 1504 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
01:03:11.0406 1504 Microsoft Office Groove Audit Service - ok
01:03:11.0453 1504 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:03:11.0453 1504 mnmdd - ok
01:03:11.0500 1504 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
01:03:11.0500 1504 mnmsrvc - ok
01:03:11.0546 1504 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
01:03:11.0546 1504 Modem - ok
01:03:11.0562 1504 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:03:11.0562 1504 Mouclass - ok
01:03:11.0609 1504 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:03:11.0609 1504 mouhid - ok
01:03:11.0625 1504 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
01:03:11.0640 1504 MountMgr - ok
01:03:11.0703 1504 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:03:11.0703 1504 MozillaMaintenance - ok
01:03:11.0718 1504 mraid35x - ok
01:03:11.0734 1504 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:03:11.0750 1504 MRxDAV - ok
01:03:11.0828 1504 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:03:11.0843 1504 MRxSmb - ok
01:03:11.0890 1504 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
01:03:11.0890 1504 MSDTC - ok
01:03:12.0000 1504 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
01:03:12.0000 1504 Msfs - ok
01:03:12.0000 1504 MSIServer - ok
01:03:12.0046 1504 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:03:12.0046 1504 MSKSSRV - ok
01:03:12.0078 1504 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:03:12.0078 1504 MSPCLOCK - ok
01:03:12.0093 1504 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
01:03:12.0093 1504 MSPQM - ok
01:03:12.0140 1504 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:03:12.0156 1504 mssmbios - ok
01:03:12.0218 1504 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
01:03:12.0218 1504 Mup - ok
01:03:12.0281 1504 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
01:03:12.0296 1504 napagent - ok
01:03:12.0328 1504 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
01:03:12.0343 1504 NDIS - ok
01:03:12.0406 1504 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:03:12.0406 1504 NdisTapi - ok
01:03:12.0453 1504 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:03:12.0453 1504 Ndisuio - ok
01:03:12.0515 1504 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:03:12.0515 1504 NdisWan - ok
01:03:12.0562 1504 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
01:03:12.0562 1504 NDProxy - ok
01:03:12.0609 1504 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:03:12.0609 1504 NetBIOS - ok
01:03:12.0625 1504 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:03:12.0640 1504 NetBT - ok
01:03:12.0687 1504 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:03:12.0687 1504 NetDDE - ok
01:03:12.0703 1504 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
01:03:12.0703 1504 NetDDEdsdm - ok
01:03:12.0750 1504 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:12.0750 1504 Netlogon - ok
01:03:12.0812 1504 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
01:03:12.0828 1504 Netman - ok
01:03:12.0921 1504 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:03:12.0937 1504 NetTcpPortSharing - ok
01:03:13.0000 1504 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
01:03:13.0015 1504 Nla - ok
01:03:13.0062 1504 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
01:03:13.0062 1504 Npfs - ok
01:03:13.0171 1504 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
01:03:13.0218 1504 Ntfs - ok
01:03:13.0234 1504 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:13.0234 1504 NtLmSsp - ok
01:03:13.0328 1504 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
01:03:13.0359 1504 NtmsSvc - ok
01:03:13.0421 1504 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:03:13.0421 1504 Null - ok
01:03:13.0468 1504 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:03:13.0468 1504 NwlnkFlt - ok
01:03:13.0468 1504 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:03:13.0468 1504 NwlnkFwd - ok
01:03:13.0593 1504 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:03:13.0609 1504 odserv - ok
01:03:13.0656 1504 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:03:13.0671 1504 ose - ok
01:03:13.0718 1504 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
01:03:13.0718 1504 Parport - ok
01:03:13.0750 1504 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
01:03:13.0750 1504 PartMgr - ok
01:03:13.0781 1504 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
01:03:13.0781 1504 ParVdm - ok
01:03:13.0812 1504 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
01:03:13.0812 1504 PCI - ok
01:03:13.0843 1504 PCIDump - ok
01:03:13.0906 1504 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:03:13.0906 1504 PCIIde - ok
01:03:13.0968 1504 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:03:13.0968 1504 Pcmcia - ok
01:03:13.0984 1504 PDCOMP - ok
01:03:13.0984 1504 PDFRAME - ok
01:03:13.0984 1504 PDRELI - ok
01:03:14.0000 1504 PDRFRAME - ok
01:03:14.0000 1504 perc2 - ok
01:03:14.0015 1504 perc2hib - ok
01:03:14.0078 1504 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
01:03:14.0078 1504 PlugPlay - ok
01:03:14.0125 1504 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:14.0125 1504 PolicyAgent - ok
01:03:14.0140 1504 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:03:14.0140 1504 PptpMiniport - ok
01:03:14.0156 1504 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:14.0156 1504 ProtectedStorage - ok
01:03:14.0171 1504 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
01:03:14.0171 1504 PSched - ok
01:03:14.0218 1504 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:03:14.0218 1504 Ptilink - ok
01:03:14.0234 1504 ql1080 - ok
01:03:14.0234 1504 Ql10wnt - ok
01:03:14.0250 1504 ql12160 - ok
01:03:14.0250 1504 ql1240 - ok
01:03:14.0265 1504 ql1280 - ok
01:03:14.0281 1504 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:03:14.0281 1504 RasAcd - ok
01:03:14.0312 1504 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
01:03:14.0328 1504 RasAuto - ok
01:03:14.0359 1504 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:03:14.0359 1504 Rasl2tp - ok
01:03:14.0390 1504 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
01:03:14.0406 1504 RasMan - ok
01:03:14.0421 1504 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:03:14.0421 1504 RasPppoe - ok
01:03:14.0437 1504 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:03:14.0437 1504 Raspti - ok
01:03:14.0500 1504 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:03:14.0500 1504 Rdbss - ok
01:03:14.0531 1504 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:03:14.0531 1504 RDPCDD - ok
01:03:14.0578 1504 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
01:03:14.0593 1504 RDPWD - ok
01:03:14.0625 1504 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
01:03:14.0640 1504 RDSessMgr - ok
01:03:14.0687 1504 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:03:14.0687 1504 redbook - ok
01:03:14.0718 1504 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
01:03:14.0734 1504 RemoteAccess - ok
01:03:14.0750 1504 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
01:03:14.0750 1504 RpcLocator - ok
01:03:14.0796 1504 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
01:03:14.0796 1504 RpcSs - ok
01:03:14.0843 1504 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
01:03:14.0859 1504 RSVP - ok
01:03:14.0890 1504 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
01:03:14.0890 1504 SamSs - ok
01:03:14.0937 1504 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
01:03:14.0937 1504 SCardSvr - ok
01:03:14.0984 1504 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
01:03:15.0000 1504 Schedule - ok
01:03:15.0046 1504 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:03:15.0046 1504 Secdrv - ok
01:03:15.0093 1504 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
01:03:15.0109 1504 seclogon - ok
01:03:15.0203 1504 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
01:03:15.0234 1504 senfilt - ok
01:03:15.0265 1504 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
01:03:15.0265 1504 SENS - ok
01:03:15.0328 1504 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
01:03:15.0328 1504 serenum - ok
01:03:15.0375 1504 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
01:03:15.0375 1504 Serial - ok
01:03:15.0500 1504 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:03:15.0500 1504 Sfloppy - ok
01:03:15.0562 1504 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:03:15.0562 1504 ShellHWDetection - ok
01:03:15.0562 1504 Simbad - ok
01:03:15.0625 1504 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
01:03:15.0640 1504 smwdm - ok
01:03:15.0656 1504 Sparrow - ok
01:03:15.0703 1504 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
01:03:15.0703 1504 splitter - ok
01:03:15.0750 1504 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
01:03:15.0750 1504 Spooler - ok
01:03:15.0781 1504 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
01:03:15.0781 1504 sr - ok
01:03:15.0812 1504 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
01:03:15.0828 1504 srservice - ok
01:03:15.0890 1504 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
01:03:15.0906 1504 Srv - ok
01:03:15.0968 1504 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
01:03:15.0984 1504 SSDPSRV - ok
01:03:16.0031 1504 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
01:03:16.0078 1504 stisvc - ok
01:03:16.0140 1504 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:03:16.0140 1504 swenum - ok
01:03:16.0187 1504 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
01:03:16.0187 1504 swmidi - ok
01:03:16.0203 1504 SwPrv - ok
01:03:16.0234 1504 symc810 - ok
01:03:16.0234 1504 symc8xx - ok
01:03:16.0250 1504 sym_hi - ok
01:03:16.0265 1504 sym_u3 - ok
01:03:16.0312 1504 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
01:03:16.0312 1504 sysaudio - ok
01:03:16.0359 1504 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
01:03:16.0359 1504 SysmonLog - ok
01:03:16.0406 1504 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
01:03:16.0421 1504 TapiSrv - ok
01:03:16.0484 1504 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:03:16.0500 1504 Tcpip - ok
01:03:16.0531 1504 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:03:16.0531 1504 TDPIPE - ok
01:03:16.0546 1504 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
01:03:16.0562 1504 TDTCP - ok
01:03:16.0609 1504 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:03:16.0609 1504 TermDD - ok
01:03:16.0640 1504 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
01:03:16.0640 1504 TermService - ok
01:03:16.0703 1504 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
01:03:16.0703 1504 Themes - ok
01:03:16.0718 1504 TosIde - ok
01:03:16.0796 1504 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
01:03:16.0812 1504 TrkWks - ok
01:03:16.0859 1504 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
01:03:16.0859 1504 Udfs - ok
01:03:16.0875 1504 ultra - ok
01:03:16.0921 1504 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
01:03:16.0937 1504 Update - ok
01:03:17.0015 1504 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
01:03:17.0031 1504 upnphost - ok
01:03:17.0046 1504 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
01:03:17.0046 1504 UPS - ok
01:03:17.0093 1504 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
01:03:17.0093 1504 USBAAPL - ok
01:03:17.0140 1504 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:03:17.0140 1504 usbccgp - ok
01:03:17.0203 1504 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:03:17.0203 1504 usbehci - ok
01:03:17.0265 1504 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:03:17.0265 1504 usbhub - ok
01:03:17.0328 1504 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:03:17.0328 1504 usbprint - ok
01:03:17.0390 1504 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:03:17.0390 1504 usbscan - ok
01:03:17.0437 1504 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:03:17.0437 1504 USBSTOR - ok
01:03:17.0468 1504 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:03:17.0468 1504 usbuhci - ok
01:03:17.0515 1504 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
01:03:17.0515 1504 VgaSave - ok
01:03:17.0531 1504 ViaIde - ok
01:03:17.0578 1504 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
01:03:17.0578 1504 VolSnap - ok
01:03:17.0640 1504 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
01:03:17.0671 1504 vsdatant - ok
01:03:17.0703 1504 vsmon - ok
01:03:17.0750 1504 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
01:03:17.0765 1504 VSS - ok
01:03:17.0812 1504 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
01:03:17.0828 1504 W32Time - ok
01:03:17.0890 1504 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:03:17.0890 1504 Wanarp - ok
01:03:17.0906 1504 WDICA - ok
01:03:17.0953 1504 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
01:03:17.0953 1504 wdmaud - ok
01:03:18.0015 1504 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
01:03:18.0015 1504 WebClient - ok
01:03:18.0078 1504 winachsf (35104d888a90ebc18f71fdc2374d2bb9) C:\WINDOWS\system32\DRIVERS\HSF_USR.sys
01:03:18.0093 1504 winachsf - ok
01:03:18.0203 1504 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:03:18.0203 1504 winmgmt - ok
01:03:18.0312 1504 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
01:03:18.0375 1504 WinRM - ok
01:03:18.0406 1504 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
01:03:18.0406 1504 WmdmPmSN - ok
01:03:18.0453 1504 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:03:18.0453 1504 WmiApSrv - ok
01:03:18.0640 1504 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
01:03:18.0671 1504 WMPNetworkSvc - ok
01:03:18.0750 1504 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
01:03:18.0750 1504 WpdUsb - ok
01:03:18.0968 1504 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:03:19.0031 1504 WPFFontCache_v0400 - ok
01:03:19.0093 1504 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
01:03:19.0093 1504 wuauserv - ok
01:03:19.0156 1504 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:03:19.0156 1504 WudfPf - ok
01:03:19.0203 1504 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:03:19.0203 1504 WudfRd - ok
01:03:19.0265 1504 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
01:03:19.0265 1504 WudfSvc - ok
01:03:19.0343 1504 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
01:03:19.0390 1504 WZCSVC - ok
01:03:19.0437 1504 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
01:03:19.0453 1504 xmlprov - ok
01:03:19.0468 1504 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
01:03:19.0875 1504 \Device\Harddisk0\DR0 - ok
01:03:19.0890 1504 Boot (0x1200) (bfb80d051dfa442d73f3bb326d63c828) \Device\Harddisk0\DR0\Partition0
01:03:19.0890 1504 \Device\Harddisk0\DR0\Partition0 - ok
01:03:19.0906 1504 ============================================================
01:03:19.0906 1504 Scan finished
01:03:19.0906 1504 ============================================================
01:03:19.0921 3564 Detected object count: 0
01:03:19.0921 3564 Actual detected object count: 0
01:04:51.0656 1352 Deinitialize success



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by Brett at 13:33:54 on 2012-07-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.94 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdnPSWX.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{03CC09B5-9957-491B-A0FB-1C1047A5A318} : DhcpNameServer = 192.168.254.254 192.168.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\brett\application data\mozilla\firefox\profiles\cb087378.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=E95E4103-7CE7-4B1F-853E-1A5EAD7BDF93&ind=2011050210&ptnrS=CDxdm003YYus&si=&n=77de30e2&psa=&st=kwd&searchfor=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-17 532224]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2011-4-17 98984]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
.
=============== Created Last 30 ================
.
2012-06-29 21:01:41 -------- d-sh--w- c:\documents and settings\brett\PrivacIE
2012-06-13 23:29:27 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
.
==================== Find3M ====================
.
2012-06-07 06:23:56 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 13:35:47.46 ===============

Attached Files


Edited by wags1424, 10 July 2012 - 01:07 AM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 10 July 2012 - 09:48 AM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 wags1424

wags1424
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 July 2012 - 12:50 PM

combofix will not run. After clicking to open it, the initializing bar fills up but then nothing happens afterwards. Opening task manager shows no processes running for combofix either.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 10 July 2012 - 12:52 PM

please delete the copy of combofix that you have on your desktop and download a fresh copy but rename it to svchost.exe before saving it.

Now boot into safe mode and run it, give it plenty of time to complete


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 wags1424

wags1424
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 July 2012 - 01:24 PM

that was a no go also. It got a bit further than running in normal mode though. After accepting the license agreement a little command box opened said deleting files and showed quite a few being deleted. Then after that it said extracting files and showed it extracting quite a few files as well. Then it shutdown and renamed itself back to combofix.

Also explorer.exe tends to hang a lot. Sometimes logging in nothing on my desktop loads, im just stuck on a blank screen with my background. Having to restart/shutdown multiple times before it actually works. Ive had the problem for quite a while though.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 10 July 2012 - 02:15 PM

It sounds as though it has made a lot of progress

try it one more time in safe mode

reboot into safe mode then as soon as you are able launch ComboFix

give it lots of time to create a log (longer than you think it should take)


if you still can't get it to complete we will move on

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 wags1424

wags1424
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 July 2012 - 02:50 PM

it never actually ran. i didnt even make it to the screen about the windows recovery console. sorry if my last post was confusing. do you still want me to try again?

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 10 July 2012 - 03:07 PM

Let's try this


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 wags1424

wags1424
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 10 July 2012 - 09:55 PM

Here are the otl logs.


OTL logfile created on: 7/10/2012 4:46:23 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Brett\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 341.64 Mb Available Physical Memory | 66.99% Memory free
1.47 Gb Paging File | 1.07 Gb Available in Paging File | 72.71% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 46.60 Gb Free Space | 62.55% Space Free | Partition Type: NTFS

Computer Name: OWNER-BD80C925C | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 15:14:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/17 04:55:44 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
PRC - [2007/12/17 04:55:41 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe
PRC - [2007/12/05 04:18:59 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 07:27:00 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/14 07:26:14 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/10 10:45:57 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/10 10:22:42 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/10 03:26:17 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/10 03:25:45 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/05/26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/12/17 04:55:44 | 000,660,136 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
MOD - [2007/12/17 04:55:41 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe
MOD - [2007/12/07 16:36:27 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\app4r.monitor.core.dll
MOD - [2007/12/07 16:36:27 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\app4r.monitor.common.dll
MOD - [2007/12/07 16:35:14 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/11/28 14:26:40 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
MOD - [2007/11/22 11:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/11/20 19:02:39 | 000,782,336 | ---- | M] () -- C:\WINDOWS\system32\lxdndrs.dll
MOD - [2007/11/20 19:02:39 | 000,782,336 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdndrs.dll
MOD - [2007/11/20 19:02:02 | 000,380,928 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdnscw.dll
MOD - [2007/11/20 18:44:48 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\lxdncaps.dll
MOD - [2007/11/20 18:44:48 | 000,081,920 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdncaps.dll
MOD - [2007/10/02 17:51:09 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxdncnv4.dll
MOD - [2007/10/02 17:51:09 | 000,069,632 | ---- | M] () -- C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007/05/29 10:39:08 | 000,589,824 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdndatr.dll
MOD - [2007/03/26 10:39:35 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdncats.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/16 07:09:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2007/12/05 04:18:59 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\lxdncoms.exe -- (lxdn_device)
SRV - [2007/12/05 04:18:53 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - [2012/07/10 00:52:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/08/08 13:52:58 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR_MDMV.sys -- (HSF_DPV)
DRV - [2005/08/08 13:52:16 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USR_BSC2.sys -- (HSFHWBS2)
DRV - [2005/08/08 13:52:12 | 000,729,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_USR.sys -- (winachsf)
DRV - [2004/09/17 11:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390067357-2146988999-1417001333-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1390067357-2146988999-1417001333-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1390067357-2146988999-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "My Way"
FF - prefs.js..browser.startup.homepage: "http://facebook.com/"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=E95E4103-7CE7-4B1F-853E-1A5EAD7BDF93&ind=2011050210&ptnrS=CDxdm003YYus&si=&n=77de30e2&psa=&st=kwd&searchfor="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/12/25 19:51:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 07:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 11:52:12 | 000,000,000 | ---D | M]

[2011/04/17 15:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Extensions
[2012/07/04 14:24:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\cb087378.default\extensions
[2012/04/09 13:03:28 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\cb087378.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/05/19 11:49:49 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\cb087378.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/12 20:34:21 | 000,000,000 | ---D | M] (CouponAlert) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\cb087378.default\extensions\2pffxtbr@CouponAlert_2p.com
[2012/06/28 12:16:55 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\cb087378.default\extensions\FasterFox_Lite@BigRedBrent
[2011/05/02 10:57:16 | 000,009,946 | ---- | M] () -- C:\Documents and Settings\Brett\Application Data\Mozilla\Firefox\Profiles\cb087378.default\searchplugins\CouponAlert_2p.xml
[2012/06/07 01:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/07 01:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\䍻䙁䕅䅆ⵃ〰㜱〭〰ⴰ〰㐰䄭䍂䕄䙆䑅䉃絁
[2012/06/28 23:55:30 | 000,525,327 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BRETT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CB087378.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/04/18 01:31:28 | 000,330,316 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BRETT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CB087378.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/05/15 02:03:41 | 000,278,789 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\BRETT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CB087378.DEFAULT\EXTENSIONS\UTOOLS@K3LTIC.COM.XPI
[2012/06/16 07:09:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/17 14:06:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 14:06:01 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/04/17 20:56:14 | 000,432,284 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14881 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SCAPI: Flags = 1051650
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-2146988999-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1390067357-2146988999-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03CC09B5-9957-491B-A0FB-1C1047A5A318}: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/14 15:02:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 17:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2012/07/10 15:14:03 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
[2012/07/10 13:00:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/10 13:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 12:54:00 | 004,575,265 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\Desktop\ComboFix.exe
[2012/07/10 12:39:45 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/10 00:52:14 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/07/09 13:32:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Brett\Start Menu\Programs\Administrative Tools
[2012/07/09 13:31:26 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Brett\Desktop\dds.scr
[2012/07/09 00:59:05 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\Desktop\tdsskiller.exe
[2012/07/08 01:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2012/07/08 01:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/07/08 01:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/08 01:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/07 19:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2012/07/07 13:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/07 13:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/06/29 16:01:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Brett\PrivacIE
[2012/06/18 11:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/06/18 11:49:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/10 17:37:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/10 15:14:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brett\Desktop\OTL.exe
[2012/07/10 13:14:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/10 13:00:24 | 000,000,332 | ---- | M] () -- C:\Start_.cmd
[2012/07/10 12:54:07 | 004,575,265 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\Desktop\ComboFix.exe
[2012/07/10 00:52:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/07/09 13:44:33 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Brett\Desktop\438lyl1n.exe
[2012/07/09 13:31:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Brett\Desktop\dds.scr
[2012/07/09 12:12:18 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/09 00:59:10 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Brett\Desktop\tdsskiller.exe
[2012/07/08 00:50:42 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/24 14:00:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 11:50:18 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/06/14 07:21:54 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 01:53:24 | 000,475,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/14 01:53:24 | 000,076,842 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/14 01:35:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/10 13:00:24 | 000,000,332 | ---- | C] () -- C:\Start_.cmd
[2012/07/09 13:44:31 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Brett\Desktop\438lyl1n.exe
[2012/07/08 11:09:30 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\00000008.@
[2012/07/08 11:09:27 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\80000032.@
[2012/07/08 11:09:27 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\L\00000004.@
[2012/07/08 11:09:13 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\80000000.@
[2012/07/08 11:09:07 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\000000cb.@
[2012/07/08 11:09:01 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\00000004.@
[2012/07/08 00:50:42 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/18 11:50:18 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/18 11:50:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/02/15 11:27:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/31 21:57:29 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Brett\jagex_cl_runescape_LIVE.dat
[2011/10/07 21:30:10 | 000,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/11 22:30:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/27 13:03:58 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Brett\jagex_runescape_preferences2.dat
[2011/05/27 13:02:55 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\Brett\jagex_runescape_preferences.dat
[2011/05/16 21:37:05 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/18 13:51:29 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Brett\webct_upload_applet.properties
[2011/04/17 21:04:16 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/04/17 15:52:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/17 15:14:53 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2011/04/17 15:14:40 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2011/04/17 15:12:46 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2011/04/17 15:12:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2011/04/17 15:12:45 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2011/04/17 15:10:08 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2011/04/17 15:09:54 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2011/04/17 15:09:53 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2011/04/17 15:09:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2011/04/17 15:09:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2011/04/17 15:09:51 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2011/04/17 15:09:51 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2011/04/17 15:09:50 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2011/04/17 15:09:50 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2011/04/17 15:09:50 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2011/04/17 15:09:49 | 000,320,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2011/04/17 15:09:48 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2011/04/17 15:09:48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2011/04/17 15:09:47 | 000,594,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2011/04/17 15:09:46 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2011/04/17 15:09:46 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2011/04/17 15:09:46 | 000,365,224 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2011/04/14 15:28:52 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2011/04/14 15:04:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/04/14 14:56:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/04/14 07:46:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/04/14 07:43:12 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 07:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\@

========== LOP Check ==========

[2011/04/17 16:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\AVG10
[2011/09/14 23:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Cool Record Edit Pro
[2011/09/14 23:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Free Sound Recorder
[2012/06/18 11:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Adam\Application Data\Lexmark Productivity Studio
[2011/04/15 09:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 09:05:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/15 09:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/17 20:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/07 21:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/31 02:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Audacity
[2011/04/17 15:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\AVG10
[2011/09/16 00:11:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Cool Record Edit Pro
[2011/05/17 12:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Free Sound Recorder
[2012/06/07 01:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Brett\Application Data\Oracle
[2011/04/15 09:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 07:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 07:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 07:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST380011A
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 74.00GB
Starting Offset: 32256
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >


OTL Extras logfile created on: 7/10/2012 4:46:23 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Brett\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

509.98 Mb Total Physical Memory | 341.64 Mb Available Physical Memory | 66.99% Memory free
1.47 Gb Paging File | 1.07 Gb Available in Paging File | 72.71% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 46.60 Gb Free Space | 62.55% Space Free | Partition Type: NTFS

Computer Name: OWNER-BD80C925C | User Name: Brett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1390067357-2146988999-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2B7B87E3-90D5-4086-B921-31C24DF20166}" = AVG 2011
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6003F12D-6DAF-4C3F-9FFA-F4A721DC6BBF}" = AVG 2011
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{656A70D4-98FD-41F8-B172-575F60C922BB}" = AVG 2011
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011
"{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F17F7703-1E72-40C1-A0DD-E5B365661033}" = Nero 7 Essentials
"{FA1162AE-AF27-44A9-9C78-0C46BD44D75F}" = AVG 2011
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AVG" = AVG 2011
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Sound Recorder_is1" = Free Sound Recorder v9.2.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 2600 Series" = Lexmark 2600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"mIRC" = mIRC
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"SpywareBlaster_is1" = SpywareBlaster 4.4
"USR_MODEM_PCI_VEN_16EC&DEV_2F00&SUBSYS_010A16EC" = U.S. Robotics V.92 PCI Faxmodem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinISD beta" = WinISD beta
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/25/2011 8:53:51 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/25/2011 8:53:56 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/25/2011 8:53:59 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/25/2011 8:54:02 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/25/2011 8:54:07 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/25/2011 8:54:12 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/25/2011 8:54:16 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/25/2011 8:54:18 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/25/2011 8:54:22 PM | Computer Name = OWNER-BD80C925C | Source = MsiInstaller | ID = 1013
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- SA_Error25101:
StandardAction(0xC007620D): We have detected that ZoneAlarm is already installed
on your system, therefore the installation can not continue. We recommend that
you uninstall this product first and then try to launch the installation again.

Error - 12/28/2011 9:38:29 PM | Computer Name = OWNER-BD80C925C | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 4/24/2011 10:26:21 PM | Computer Name = OWNER-BD80C925C | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 18241
seconds with 4260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/10/2012 2:13:23 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 7/10/2012 2:13:23 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7034
Description = The wscsvc service terminated unexpectedly. It has done this 1 time(s).

Error - 7/10/2012 2:13:23 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7034
Description = The Automatic Updates service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/10/2012 2:13:23 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7034
Description = The Wireless Zero Configuration service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/10/2012 2:14:52 PM | Computer Name = OWNER-BD80C925C | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/10/2012 2:14:59 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdnCATSCustConnectService
service to connect.

Error - 7/10/2012 2:14:59 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7000
Description = The lxdnCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/10/2012 2:14:59 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/10/2012 2:14:59 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/10/2012 2:17:50 PM | Computer Name = OWNER-BD80C925C | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056


< End of report >

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 11 July 2012 - 10:20 AM

Hi,

Please run the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    SRV - [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart)
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=E95E4103-7CE7-4B1F-853E-1A5EAD7BDF93&ind=2011050210&ptnrS=CDxdm003YYus&si=&n=77de30e2&psa=&st=kwd&searchfor="
    [2012/07/08 11:09:30 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\00000008.@
    [2012/07/08 11:09:27 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\80000032.@
    [2012/07/08 11:09:27 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\L\00000004.@
    [2012/07/08 11:09:13 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\80000000.@
    [2012/07/08 11:09:07 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\000000cb.@
    [2012/07/08 11:09:01 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\00000004.@
    [2008/04/14 07:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\@
    
    :Files
    C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}
    C:\WINDOWS\assembly\GAC\Desktop.ini 
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log


NEXT

Please retry ComboFix, make certain AVG is disabled or it will interfere (uninstall it if you have to)

Edited by CatByte, 11 July 2012 - 10:21 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 wags1424

wags1424
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 11 July 2012 - 02:08 PM

Hi how long should the otl fix take? Its been running for about 45mins now. About 30mins ago a box popped up saying could not create hosts file and ever since it says resetting hosts do not interrupt. Also im sure you noticed but otl wasnt able to create restore point from the first run of otl.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 11 July 2012 - 02:16 PM

close it out and we'll re run the script without the hosts file reset

please run the following:


Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    SRV - [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart)
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=E95E4103-7CE7-4B1F-853E-1A5EAD7BDF93&ind=2011050210&ptnrS=CDxdm003YYus&si=&n=77de30e2&psa=&st=kwd&searchfor="
    [2012/07/08 11:09:30 | 000,232,960 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\00000008.@
    [2012/07/08 11:09:27 | 000,095,744 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\80000032.@
    [2012/07/08 11:09:27 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\L\00000004.@
    [2012/07/08 11:09:13 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\80000000.@
    [2012/07/08 11:09:07 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\000000cb.@
    [2012/07/08 11:09:01 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\U\00000004.@
    [2008/04/14 07:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}\@
    
    :Files
    C:\Documents and Settings\Adam\Local Settings\Application Data\{ddf1cc5c-152a-7a98-b7b2-ff373cb48f2d}
    C:\WINDOWS\assembly\GAC\Desktop.ini 
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 wags1424

wags1424
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 11 July 2012 - 02:24 PM

This opened as i clicked on otl. Should i reboot before running otl with the new fix or just go ahead with what you have?


Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2011/04/17 20:56:14 | 000,432,284 | ---- | M] () C:\WINDOWS\System32\drivers\etc\Hosts : Unable to obtain MD5

Registry entries deleted on Reboot...

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:18 AM

Posted 11 July 2012 - 02:27 PM

reboot

then run the new fix, if it's already fixed it, it will just come back "not found"

there should be a fix log in the OTL folder on your C:\ drive

Edited by CatByte, 11 July 2012 - 02:28 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 wags1424

wags1424
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:18 AM

Posted 11 July 2012 - 03:19 PM

Dont think that worked either. After 30mins it was still on ff-prefs. So i hit exit but it didnt exit it jumped down to empty temp folders and has been doing that for 15mins. There is nothing at the bottom of the program saying what its doing. All thats happening is the progress bar is filling up very fast over and over. Seems to be stuck in a loop. Keep letting it run or end it again?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users