Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect


  • This topic is locked This topic is locked
38 replies to this topic

#1 1c3creamcake

1c3creamcake

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 21 July 2012 - 12:43 PM

Hello!

I'm getting a browser redirect malware. Malwarebytes and AVG aren't picking anything up. I'd appreciate any help you can offer!

I followed the "start here" directions, and ran DDS and GMER (as well as Combofix, before I realized I should wait on that). Combofix picked something up, but and definitely helped, but the problem is still happening. Finally, not all the boxes were available to check in GMER, so I'm not sure if it ran completely.

Thanks!

Here's the DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_32
Run by Alex at 8:51:58 on 2012-07-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.279 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.10\AVG Secure Search_toolbar.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.10\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hp\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxp://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.uconn.edu/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.uconn.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{12DE0346-6AC8-4DE5-B368-740225F05AE9} : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alex\application data\mozilla\firefox\profiles\wtn0mxhz.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bccd1e3e7-b552-4ea0-bae2-6186b2020e02%7D&mid=7e7d3005c18947d0b039d14acce4e9e6-3d1f7fe9c2832674e76898a88fafedb65dc45e66&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-07-16%2015%3A32%3A40&sap=ku&q=
FF - plugin: c:\documents and settings\alex\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\psb\application data\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-7-16 934496]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-8 113120]
.
=============== Created Last 30 ================
.
2012-07-21 02:18:39 -------- d-sha-r- C:\cmdcons
2012-07-21 02:10:39 98816 ----a-w- c:\windows\sed.exe
2012-07-21 02:10:39 518144 ----a-w- c:\windows\SWREG.exe
2012-07-21 02:10:39 256000 ----a-w- c:\windows\PEV.exe
2012-07-21 02:10:39 208896 ----a-w- c:\windows\MBR.exe
2012-07-21 02:08:51 -------- d-----w- C:\ComboFix
2012-07-16 22:13:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 22:13:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-16 19:35:23 -------- d-----w- c:\documents and settings\alex\application data\AVG2012
2012-07-16 19:33:30 -------- d-----w- c:\documents and settings\alex\local settings\application data\AVG Secure Search
2012-07-16 19:32:41 -------- d-----w- c:\documents and settings\alex\application data\AVG Secure Search
2012-07-16 19:32:38 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-07-16 19:32:29 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-16 19:32:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-16 19:26:36 -------- d-----w- C:\$AVG
2012-07-16 19:26:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-16 19:26:34 -------- d-----w- c:\documents and settings\all users\application data\AVG2012
2012-07-16 19:23:48 -------- d-----w- c:\program files\AVG
2012-07-16 19:19:29 -------- d-----w- c:\documents and settings\all users\application data\Common Files
2012-07-16 19:19:28 -------- d-----w- c:\documents and settings\all users\application data\MFAData
.
==================== Find3M ====================
.
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 16:44:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-09 16:44:54 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-09 16:44:54 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 9:00:30.29 ===============

Here's the GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-21 13:37:08
Windows 5.1.2600 Service Pack 3
Running: n11swn5d.exe; Driver: C:\DOCUME~1\Alex\LOCALS~1\Temp\pxtdypow.sys


---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service [DISABLED] Abiosdsk
Service C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS (AdvanSys SCSI Controller Driver/Microsoft Corporation) [DISABLED] abp480n5
Service C:\WINDOWS\system32\DRIVERS\ACPI.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service (ACPI Embedded Controller Driver/Microsoft Corporation) [DISABLED] ACPIEC
Service C:\WINDOWS\system32\DRIVERS\adpu160m.sys (Adaptec Ultra160 SCSI miniport/Microsoft Corporation) [DISABLED] adpu160m
Service C:\WINDOWS\system32\drivers\aec.sys (Microsoft Acoustic Echo Canceller/Microsoft Corporation) [MANUAL] aec
Service C:\WINDOWS\system32\DRIVERS\AegisP.sys (IEEE 802.1X Protocol Driver/Meetinghouse Data Communications) [AUTO] AegisP
Service C:\WINDOWS\System32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service C:\WINDOWS\system32\DRIVERS\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [DISABLED] agp440
Service C:\WINDOWS\system32\DRIVERS\agpCPQ.sys (CompatNT AGP Filter/Microsoft Corporation) [DISABLED] agpCPQ
Service C:\WINDOWS\system32\DRIVERS\aha154x.sys (Adaptec AHA-154x series SCSI miniport/Microsoft Corporation) [DISABLED] Aha154x
Service C:\WINDOWS\system32\DRIVERS\aic78u2.sys (Adaptec Ultra2 SCSI miniport/Microsoft Corporation) [DISABLED] aic78u2
Service C:\WINDOWS\system32\DRIVERS\aic78xx.sys (Adaptec Ultra SCSI miniport/Microsoft Corporation) [DISABLED] aic78xx
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Alerter
Service C:\WINDOWS\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service C:\WINDOWS\system32\DRIVERS\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] AliIde
Service C:\WINDOWS\system32\DRIVERS\alim1541.sys (ALi M1541 NT AGP Filter/Microsoft Corporation) [DISABLED] alim1541
Service C:\WINDOWS\system32\DRIVERS\amdagp.sys (AMD Win2000 AGP Filter/Advanced Micro Devices, Inc.) [DISABLED] amdagp
Service C:\WINDOWS\system32\DRIVERS\amsint.sys (AMD SCSI/NET Controller/Microsoft Corporation) [DISABLED] amsint
Service C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (AOL Connectivity Service/America Online, Inc.) [AUTO] AOL ACS
Service C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (App Support Driver/Dell Inc) [SYSTEM] APPDRV
Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Mobile Device Service/Apple Inc.) [AUTO] Apple Mobile Device
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] AppMgmt
Service C:\WINDOWS\system32\DRIVERS\arp1394.sys (IP/1394 Arp Client/Microsoft Corporation) [MANUAL] Arp1394
Service C:\WINDOWS\system32\DRIVERS\asc.sys (AdvanSys SCSI Controller Driver/Advanced System Products, Inc.) [DISABLED] asc
Service C:\WINDOWS\system32\DRIVERS\asc3350p.sys (AdvanSys SCSI Card Driver/Microsoft Corporation) [DISABLED] asc3350p
Service C:\WINDOWS\system32\DRIVERS\asc3550.sys (AdvanSys Ultra-Wide PCI SCSI Driver/Advanced System Products, Inc.) [DISABLED] asc3550
Service (TR Manager/Windows ® 2000 DDK provider) [AUTO] ASCTRM
Service ASP.NET
Service ASP.NET_1.1.4322
Service ASP.NET_2.0.50727
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft ASP.NET State Server/Microsoft Corporation) [MANUAL] aspnet_state
Service C:\WINDOWS\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [BOOT] atapi
Service [DISABLED] Atdisk
Service C:\WINDOWS\system32\DRIVERS\atmarpc.sys (IP/ATM Arp Client/Microsoft Corporation) [MANUAL] Atmarpc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] AudioSrv
Service C:\WINDOWS\system32\DRIVERS\audstub.sys (AudStub Driver/Microsoft Corporation) [MANUAL] audstub
Service Avg
Service C:\WINDOWS\system32\DRIVERS\avgfwdx.sys (AVG Firewall intermediate miniport driver/AVG Technologies CZ, s.r.o.) [MANUAL] Avgfwdx
Service C:\WINDOWS\system32\DRIVERS\avgfwdx.sys (AVG Firewall intermediate miniport driver/AVG Technologies CZ, s.r.o.) [MANUAL] Avgfwfd
Service C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Firewall Service/AVG Technologies CZ, s.r.o.) [AUTO] avgfws
Service C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Identity Protection Service/AVG Technologies CZ, s.r.o.) [AUTO] AVGIDSAgent
Service C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys (IDS Application Activity Monitor Driver./AVG Technologies CZ, s.r.o. ) [MANUAL] AVGIDSDriver
Service C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) [MANUAL] AVGIDSFilter
Service C:\WINDOWS\system32\DRIVERS\avgidshx.sys (IDS Application Activity Monitor Helper Driver./AVG Technologies CZ, s.r.o. ) [BOOT] AVGIDSHX
Service C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) [MANUAL] AVGIDSShim
Service C:\WINDOWS\system32\DRIVERS\avgldx86.sys (AVG AVI Loader Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] Avgldx86
Service C:\WINDOWS\system32\DRIVERS\avgmfx86.sys (AVG Resident Shield Minifilter Driver/AVG Technologies CZ, s.r.o.) [SYSTEM] Avgmfx86
Service C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Anti-Rootkit Driver/AVG Technologies CZ, s.r.o.) [BOOT] Avgrkx86
Service C:\WINDOWS\system32\DRIVERS\avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) [SYSTEM] Avgtdix
Service C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Watchdog Service/AVG Technologies CZ, s.r.o.) [AUTO] avgwd
Service (Battery Class Driver/Microsoft Corporation) BattC
Service C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation NDIS 5.1 ethernet driver/Broadcom Corporation) [MANUAL] bcm4sbxp
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] BITS
Service C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service/Apple Inc.) [AUTO] Bonjour Service
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Browser
Service C:\DOCUME~1\Alex\LOCALS~1\Temp\catchme.sys [MANUAL] catchme
Service C:\WINDOWS\system32\DRIVERS\cbidf2k.sys (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf
Service (CardBus/PCMCIA IDE Miniport Driver/Microsoft Corporation) [DISABLED] cbidf2k
Service C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys (IBM Portable CD-ROM Drive Miniport/Microsoft Corporation) [DISABLED] cd20xrnt
Service (CD-ROM Audio Filter Driver/Microsoft Corporation) [SYSTEM] Cdaudio
Service (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] Cdfs
Service C:\WINDOWS\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] Cdrom
Service [SYSTEM] Changer
Service C:\WINDOWS\system32\cisvc.exe (Content Index service/Microsoft Corporation) [MANUAL] CiSvc
Service C:\WINDOWS\system32\clipsrv.exe (Windows NT DDE Server/Microsoft Corporation) [MANUAL] ClipSrv
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [MANUAL] clr_optimization_v2.0.50727_32
Service C:\WINDOWS\system32\DRIVERS\CmBatt.sys (Control Method Battery Driver/Microsoft Corporation) [MANUAL] CmBatt
Service C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] CmdIde
Service C:\WINDOWS\system32\DRIVERS\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [BOOT] Compbatt
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service ContentFilter
Service ContentIndex
Service C:\WINDOWS\system32\DRIVERS\cpqarray.sys (Compaq Drive Array Controllers SCSI Miniport Driver/Microsoft Corporation) [DISABLED] Cpqarray
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] CryptSvc
Service C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Disk Array Controller Driver/Mylex Corporation) [DISABLED] dac2w2k
Service C:\WINDOWS\system32\DRIVERS\dac960nt.sys (Mylex Disk Array Controller Driver/Microsoft Corporation) [DISABLED] dac960nt
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\WINDOWS\system32\DRIVERS\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] Disk
Service C:\WINDOWS\System32\dmadmin.exe (Logical Disk Manager service process/Microsoft Corp., Veritas Software) [MANUAL] dmadmin
Service C:\WINDOWS\System32\drivers\dmboot.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software) [DISABLED] dmboot
Service C:\WINDOWS\System32\drivers\dmio.sys (NT Disk Manager I/O Driver/Microsoft Corp., Veritas Software) [BOOT] dmio
Service C:\WINDOWS\System32\drivers\dmload.sys (NT Disk Manager Startup Driver/Microsoft Corp., Veritas Software.) [DISABLED] dmload
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] dmserver
Service C:\WINDOWS\system32\drivers\DMusic.sys (Microsoft Kernel DLS Synthesizer/Microsoft Corporation) [MANUAL] DMusic
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Dot3svc
Service C:\WINDOWS\system32\DRIVERS\dpti2o.sys (DPT SmartRAID miniport/Microsoft Corporation) [DISABLED] dpti2o
Service C:\WINDOWS\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\WINDOWS\system32\drivers\drvmcdb.sys (Device Driver/Sonic Solutions) [BOOT] drvmcdb
Service drvncdb
Service C:\WINDOWS\system32\drivers\drvnddm.sys (Device Driver Manager/Sonic Solutions) [AUTO] drvnddm
Service C:\Program Files\DellSupport\brkrsvc.exe [MANUAL] DSBrokerService
Service C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys (dsNcAdapter/Juniper Networks) [MANUAL] dsNcAdpt
Service C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Network Connect Service/Juniper Networks) [AUTO] dsNcService
Service C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Process Trigger Driver/Gteko Ltd.) [MANUAL] DSproct
Service C:\WINDOWS\system32\DRIVERS\dsunidrv.sys (GUniDriver/Gteko Ltd.) [AUTO] dsunidrv
Service C:\WINDOWS\system32\DRIVERS\e100b325.sys (NDIS 5 driver/Intel Corporation) [MANUAL] E100B
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\WINDOWS\eHome\ehRecvr.exe (Media Center Receiver Service/Microsoft Corporation) [AUTO] ehRecvr
Service C:\WINDOWS\eHome\ehSched.exe (Media Center Scheduler Service/Microsoft Corporation) [AUTO] ehSched
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ERSvc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] Eventlog
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] EventSystem
Service C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel® PROSet/Wireless Event Log/Intel Corporation) [AUTO] EvtEng
Service (Fast FAT File System Driver/Microsoft Corporation) [DISABLED] Fastfat
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] FastUserSwitchingCompatibility
Service C:\WINDOWS\system32\fxssvc.exe (Fax Service/Microsoft Corporation) [AUTO] Fax
Service C:\WINDOWS\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [MANUAL] Fdc
Service (FIPS Crypto Driver/Microsoft Corporation) [SYSTEM] Fips
Service C:\WINDOWS\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] Flpydisk
Service C:\WINDOWS\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\WINDOWS\system32\DRIVERS\ftdisk.sys (FT Disk Driver/Microsoft Corporation) [BOOT] Ftdisk
Service system32\DRIVERS\GEARAspiWDM.sys [MANUAL] GearAspiWDM
Service C:\WINDOWS\system32\DRIVERS\msgpc.sys (MS General Packet Classifier/Microsoft Corporation) [MANUAL] Gpc
Service hcw89
Service C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) [MANUAL] HDAudBus
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] helpsvc
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] HidServ
Service C:\WINDOWS\system32\DRIVERS\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [MANUAL] HidUsb
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] hkmsvc
Service C:\WINDOWS\system32\DRIVERS\hpn.sys (NetRAID-4M Miniport Driver/Microsoft Corporation) [DISABLED] hpn
Service C:\WINDOWS\system32\DRIVERS\HPZid412.sys (IEEE-1284.4-1999 Driver (Windows 2000)/HP) [MANUAL] HPZid412
Service C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (IEEE-1284.4-1999 Print Class Driver/HP) [MANUAL] HPZipr12
Service C:\WINDOWS\system32\DRIVERS\HPZius12.sys (1284.4<->Usb Datalink Driver (Windows 2000)/HP) [MANUAL] HPZius12
Service C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSFHWAZL
Service C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV
Service C:\WINDOWS\System32\Drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] HTTPFilter
Service (I2O Utility Filter/Microsoft Corporation) [SYSTEM] i2omgmt
Service C:\WINDOWS\system32\DRIVERS\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [DISABLED] i2omp
Service C:\WINDOWS\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Graphics Miniport Driver/Intel Corporation) [MANUAL] ialm
Service C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\WINDOWS\system32\DRIVERS\imapi.sys (IMAPI Kernel Driver/Microsoft Corporation) [SYSTEM] Imapi
Service C:\WINDOWS\system32\imapi.exe (Image Mastering API/Microsoft Corporation) [MANUAL] ImapiService
Service inetaccs
Service C:\WINDOWS\system32\DRIVERS\ini910u.sys (INITIO ini910u SCSI miniport/Microsoft Corporation) [DISABLED] ini910u
Service Inport
Service C:\WINDOWS\system32\DRIVERS\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [DISABLED] IntelIde
Service C:\WINDOWS\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [SYSTEM] intelppm
Service C:\WINDOWS\system32\drivers\ip6fw.sys (IPv6 Windows Firewall Driver/Microsoft Corporation) [MANUAL] Ip6Fw
Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\WINDOWS\system32\DRIVERS\ipinip.sys (IP in IP Encapsulation Driver/Microsoft Corporation) [MANUAL] IpInIp
Service C:\WINDOWS\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IpNat
Service C:\Program Files\iPod\bin\iPodService.exe (iPodService Module (32-bit)/Apple Inc.) [MANUAL] iPod Service
Service C:\WINDOWS\system32\DRIVERS\ipsec.sys (IPSec Driver/Microsoft Corporation) [SYSTEM] IPSec
Service C:\WINDOWS\system32\DRIVERS\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service ISAPISearch
Service C:\WINDOWS\system32\DRIVERS\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [BOOT] isapnp
Service C:\Program Files\Java\jre6\bin\jqs.exe (Java™ Quick Starter Service/Sun Microsystems, Inc.) [AUTO] JavaQuickStarterService
Service C:\WINDOWS\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] Kbdclass
Service C:\WINDOWS\system32\drivers\kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) [MANUAL] kmixer
Service (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanserver
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] lanmanworkstation
Service [SYSTEM] lbrtfdc
Service ldap
Service LicenseService
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] LmHosts
Service C:\WINDOWS\ehome\mcrdsvc.exe (MCRD Device Service/Microsoft Corporation) [AUTO] McrdSvc
Service C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface DRIVER/Conexant) [AUTO] mdmxsdk
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] Messenger
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] MHN
Service C:\WINDOWS\system32\DRIVERS\mhndrv.sys (Microsoft Multimedia Home Network (MHN) Support Driver/Microsoft Corporation) [MANUAL] MHNDRV
Service (Frame buffer simulator/Microsoft Corporation) [SYSTEM] mnmdd
Service C:\WINDOWS\system32\mnmsrvc.exe (NetMeeting Remote Desktop Sharing/Microsoft Corporation) [MANUAL] mnmsrvc
Service (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\WINDOWS\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] Mouclass
Service C:\WINDOWS\system32\DRIVERS\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [MANUAL] mouhid
Service (Mount Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) [MANUAL] MozillaMaintenance
Service C:\WINDOWS\system32\DRIVERS\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Whistler 32/American Megatrends Inc.) [DISABLED] mraid35x
Service C:\WINDOWS\system32\DRIVERS\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\WINDOWS\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [SYSTEM] MRxSmb
Service C:\WINDOWS\system32\msdtc.exe (MS DTC console program/Microsoft Corporation) [MANUAL] MSDTC
Service MSDTC Bridge 3.0.0.0
Service (Mailslot driver/Microsoft Corporation) [SYSTEM] Msfs
Service C:\WINDOWS\system32\msiexec.exe (Windows® installer/Microsoft Corporation) [MANUAL] MSIServer
Service C:\WINDOWS\system32\drivers\MSKSSRV.sys (MS KS Server/Microsoft Corporation) [MANUAL] MSKSSRV
Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys (MS Proxy Clock/Microsoft Corporation) [MANUAL] MSPCLOCK
Service C:\WINDOWS\system32\drivers\MSPQM.sys (MS Proxy Quality Manager/Microsoft Corporation) [MANUAL] MSPQM
Service C:\WINDOWS\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service (Multiple UNC Provider driver/Microsoft Corporation) [BOOT] Mup
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] napagent
Service (NDIS 5.1 wrapper driver/Microsoft Corporation) [BOOT] NDIS
Service C:\WINDOWS\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) [MANUAL] NdisTapi
Service C:\WINDOWS\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) [MANUAL] Ndisuio
Service C:\WINDOWS\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) [MANUAL] NdisWan
Service (NDIS Proxy/Microsoft Corporation) [MANUAL] NDProxy
Service C:\WINDOWS\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) [SYSTEM] NetBIOS
Service C:\WINDOWS\system32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) [SYSTEM] NetBT
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDE
Service C:\WINDOWS\system32\netdde.exe (Network DDE - DDE Communication/Microsoft Corporation) [DISABLED] NetDDEdsdm
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] Netlogon
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Netman
Service C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (SMSvcHost.exe/Microsoft Corporation) [DISABLED] NetTcpPortSharing
Service C:\WINDOWS\system32\DRIVERS\nic1394.sys (IEEE1394 Ndis Miniport and Call Manager/Microsoft Corporation) [MANUAL] NIC1394
Service C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Internal Network Card Power Management Service/Dell Inc.) [AUTO] NICCONFIGSVC
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Nla
Service (NPFS Driver/Microsoft Corporation) [SYSTEM] Npfs
Service (NT File System Driver/Microsoft Corporation) [DISABLED] Ntfs
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [MANUAL] NtLmSsp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] NtmsSvc
Service (NULL Driver/Microsoft Corporation) [SYSTEM] Null
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) [MANUAL] nv
Service C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys (NWLINK2 Traffic Filter Driver/Microsoft Corporation) [MANUAL] NwlnkFlt
Service C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys (NWLINK2 Forwarder Driver/Microsoft Corporation) [MANUAL] NwlnkFwd
Service C:\WINDOWS\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) [BOOT] ohci1394
Service C:\WINDOWS\system32\DRIVERS\omci.sys (OMCI Device Driver/Dell Inc) [SYSTEM] omci
Service C:\WINDOWS\system32\DRIVERS\parport.sys (Parallel Port Driver/Microsoft Corporation) [MANUAL] Parport
Service (Partition Manager/Microsoft Corporation) [BOOT] PartMgr
Service (VDM Parallel Driver/Microsoft Corporation) [DISABLED] ParVdm
Service C:\WINDOWS\system32\DRIVERS\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) [BOOT] PCI
Service [SYSTEM] PCIDump
Service C:\WINDOWS\system32\DRIVERS\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] PCIIde
Service (PCMCIA Bus Driver/Microsoft Corporation) [DISABLED] Pcmcia
Service [MANUAL] PDCOMP
Service [MANUAL] PDFRAME
Service [MANUAL] PDRELI
Service [MANUAL] PDRFRAME
Service C:\WINDOWS\system32\DRIVERS\perc2.sys (PERC 2 Miniport Driver/Microsoft Corporation) [DISABLED] perc2
Service C:\WINDOWS\system32\DRIVERS\perc2hib.sys (PERC 2 Hibernate Driver/Microsoft Corporation) [DISABLED] perc2hib
Service PerfDisk
Service PerfNet
Service PerfOS
Service PerfProc
Service C:\WINDOWS\system32\services.exe (Services and Controller app/Microsoft Corporation) [AUTO] PlugPlay
Service C:\WINDOWS\system32\HPZipm12.exe (PML Driver/HP) [MANUAL] Pml Driver HPZ12
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] PolicyAgent
Service C:\WINDOWS\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) [MANUAL] PptpMiniport
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] ProtectedStorage
Service C:\WINDOWS\system32\DRIVERS\psched.sys (MS QoS Packet Scheduler/Microsoft Corporation) [MANUAL] PSched
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\ql1080.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1080
Service C:\WINDOWS\system32\DRIVERS\ql10wnt.sys (Miniport Driver for QLogic ISP PCI Adapters/Microsoft Corporation) [DISABLED] Ql10wnt
Service C:\WINDOWS\system32\DRIVERS\ql12160.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql12160
Service C:\WINDOWS\system32\DRIVERS\ql1240.sys (QLogic ISP PCI Adapters/Microsoft Corporation) [DISABLED] ql1240
Service C:\WINDOWS\system32\DRIVERS\ql1280.sys (Miniport Driver for QLogic ISP PCI Adapters/QLogic Corporation) [DISABLED] ql1280
Service C:\WINDOWS\system32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) [SYSTEM] RasAcd
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasAuto
Service C:\WINDOWS\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Rasl2tp
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] RasMan
Service C:\WINDOWS\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) [MANUAL] RasPppoe
Service C:\WINDOWS\system32\DRIVERS\raspti.sys (PTI DirectParallel® mini-port/call-manager driver/Microsoft Corporation) [MANUAL] Raspti
Service C:\WINDOWS\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) [SYSTEM] Rdbss
Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPCDD
Service RDPDD
Service C:\WINDOWS\system32\DRIVERS\rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation) [MANUAL] rdpdr
Service RDPNP
Service (RDP Terminal Stack Driver (US/Canada Only, Not for Export)/Microsoft Corporation) [MANUAL] RDPWD
Service C:\WINDOWS\system32\sessmgr.exe (Microsoft® Remote Desktop Help Session Manager/Microsoft Corporation) [MANUAL] RDSessMgr
Service C:\WINDOWS\system32\DRIVERS\redbook.sys (Redbook Audio Filter Driver/Microsoft Corporation) [SYSTEM] redbook
Service C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel® PROSet/Wireless Registry Service/Intel Corporation) [AUTO] RegSrvc
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RemoteRegistry
Service C:\WINDOWS\system32\DRIVERS\rimmptsk.sys (RICOH MMC Driver/REDC) [MANUAL] rimmptsk
Service C:\WINDOWS\system32\DRIVERS\rimsptsk.sys (RICOH MS Driver/REDC) [MANUAL] rimsptsk
Service C:\WINDOWS\system32\DRIVERS\rixdptsk.sys (RICOH XD SM Driver/REDC) [MANUAL] rismxdp
Service C:\WINDOWS\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\WINDOWS\system32\rsvp.exe (Microsoft RSVP/Microsoft Corporation) [MANUAL] RSVP
Service C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Wireless Management Service/Intel Corporation ) [AUTO] S24EventMonitor
Service C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel WLAN Packet Driver/Intel Corporation) [AUTO] s24trans
Service C:\WINDOWS\system32\lsass.exe (LSA Shell (Export Version)/Microsoft Corporation) [AUTO] SamSs
Service C:\WINDOWS\System32\SCardSvr.exe (Smart Card Resource Management Server/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Schedule
Service C:\WINDOWS\system32\drivers\scsiport.sys (SCSI Port Driver/Microsoft Corporation) ScsiPort
Service C:\WINDOWS\system32\DRIVERS\sdbus.sys (SecureDigital Bus Driver/Microsoft Corporation) [MANUAL] sdbus
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [MANUAL] Secdrv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] seclogon
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SENS
Service C:\WINDOWS\system32\DRIVERS\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] serenum
Service C:\WINDOWS\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) [SYSTEM] Serial
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service (SCSI Floppy Driver/Microsoft Corporation) [SYSTEM] Sfloppy
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SharedAccess
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service [DISABLED] Simbad
Service C:\WINDOWS\system32\DRIVERS\sisagp.sys (SiS NT AGP Filter/Silicon Integrated Systems Corporation) [DISABLED] sisagp
Service SMSvcHost 3.0.0.0
Service C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony USB Lower Filter driver/Sony Corporation) [MANUAL] SONYPVU1
Service C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec AIC-6x60 series SCSI miniport/Adaptec, Inc.) [DISABLED] Sparrow
Service C:\WINDOWS\system32\drivers\splitter.sys (Microsoft Kernel Audio Splitter/Microsoft Corporation) [MANUAL] splitter
Service C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Program [AUTO] sprtsvc_dellsupportcenter
Service C:\WINDOWS\system32\DRIVERS\sr.sys (System Restore Filesystem Filter Driver/Microsoft Corporation) [BOOT] sr
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] srservice
Service C:\WINDOWS\system32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] Srv
Service C:\WINDOWS\system32\drivers\sscdbhk5.sys (Shared Driver Component/Sonic Solutions) [SYSTEM] sscdbhk5
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] SSDPSRV
Service C:\WINDOWS\system32\drivers\ssrtln.sys (Shared Driver Component/Sonic Solutions) [SYSTEM] ssrtln
Service C:\WINDOWS\system32\drivers\sthda.sys (NDRC/SigmaTel, Inc.) [MANUAL] STHDA
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] stisvc
Service C:\WINDOWS\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\WINDOWS\system32\drivers\swmidi.sys (Microsoft GS Wavetable Synthesizer/Microsoft Corporation) [MANUAL] swmidi
Service C:\WINDOWS\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] SwPrv
Service swwd
Service C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc. SCSI Miniport Driver/Symbios Logic Inc.) [DISABLED] symc810
Service C:\WINDOWS\system32\DRIVERS\symc8xx.sys (Symbios 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] symc8xx
Service C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Core Component/Symantec Corporation) [AUTO] symlcbrd
Service C:\WINDOWS\system32\DRIVERS\sym_hi.sys (Symbios Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] sym_hi
Service C:\WINDOWS\system32\DRIVERS\sym_u3.sys (Symbios Ultra3 SCSI Miniport Driver/LSI Logic) [DISABLED] sym_u3
Service SynPS2Enable
Service C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP
Service C:\WINDOWS\system32\drivers\sysaudio.sys (System Audio WDM Filter/Microsoft Corporation) [MANUAL] sysaudio
Service C:\WINDOWS\system32\smlogsvc.exe (Performance Logs and Alerts Service/Microsoft Corporation) [MANUAL] SysmonLog
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\WINDOWS\system32\DRIVERS\tcpip.sys (TCP/IP Protocol Driver/Microsoft Corporation) [SYSTEM] Tcpip
Service (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\WINDOWS\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] TermService
Service C:\WINDOWS\system32\dla\tfsnboio.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnboio
Service C:\WINDOWS\system32\dla\tfsncofs.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsncofs
Service C:\WINDOWS\system32\dla\tfsndrct.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsndrct
Service C:\WINDOWS\system32\dla\tfsndres.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsndres
Service C:\WINDOWS\system32\dla\tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnifs
Service C:\WINDOWS\system32\dla\tfsnopio.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnopio
Service C:\WINDOWS\system32\dla\tfsnpool.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnpool
Service C:\WINDOWS\system32\dla\tfsnudf.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnudf
Service C:\WINDOWS\system32\dla\tfsnudfa.sys (Drive Letter Access Component/Sonic Solutions) [AUTO] tfsnudfa
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] Themes
Service C:\WINDOWS\system32\tlntsvr.exe (Telnet/Microsoft Corporation) [MANUAL] TlntSvr
Service C:\WINDOWS\system32\DRIVERS\toside.sys (Toshiba PCI IDE Controller/Microsoft Corporation) [DISABLED] TosIde
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] TrkWks
Service TSDDD
Service (UDF File System Driver/Microsoft Corporation) [DISABLED] Udfs
Service C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Ultra66 Miniport Driver/Promise Technology, Inc.) [DISABLED] ultra
Service C:\WINDOWS\system32\wdfmgr.exe (Windows User Mode Driver Manager/Microsoft Corporation) [MANUAL] UMWdf
Service C:\WINDOWS\system32\DRIVERS\update.sys (Update Driver/Microsoft Corporation) [MANUAL] Update
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] upnphost
Service C:\WINDOWS\System32\ups.exe (UPS Service/Microsoft Corporation) [MANUAL] UPS
Service usb
Service C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple Mobile Device USB Driver/Apple, Inc.) [MANUAL] USBAAPL
Service C:\WINDOWS\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\WINDOWS\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\WINDOWS\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\WINDOWS\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\WINDOWS\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\WINDOWS\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbuhci
Service C:\WINDOWS\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\WINDOWS\system32\DRIVERS\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [DISABLED] viaagp
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [DISABLED] ViaIde
Service (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] VolSnap
Service C:\WINDOWS\System32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [AUTO] vToolbarUpdater11.0.2
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] w32time
Service C:\WINDOWS\system32\DRIVERS\w39n51.sys (Intel® Wireless LAN Driver/Intel® Corporation) [MANUAL] w39n51
Service W3SVC
Service C:\WINDOWS\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service C:\WINDOWS\system32\DRIVERS\wanatw4.sys (Wan Miniport (ATW)/America Online, Inc.) [MANUAL] wanatw
Service [MANUAL] WDICA
Service C:\WINDOWS\system32\drivers\wdmaud.sys (MMSYSTEM Wave/Midi API mapper/Microsoft Corporation) [MANUAL] wdmaud
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WebClient
Service C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] winmgmt
Service [MANUAL] Winsock
Service WinSock2
Service WinTrust
Service C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (WLANKEEPER/Intel® Corporation) [AUTO] WLANKEEPER
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] WmdmPmSN
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] Wmi
Service WmiApRpl
Service C:\WINDOWS\system32\wbem\wmiapsrv.exe (WMI Performance Adapter Service/Microsoft Corporation) [MANUAL] WmiApSrv
Service C:\WINDOWS\System32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [SYSTEM] WS2IFSL
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [AUTO] WZCSVC
Service C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) [MANUAL] xmlprov
Service {07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}
Service {12DE0346-6AC8-4DE5-B368-740225F05AE9}
Service {1739268D-94EB-479E-AB21-F1147C3CBF7D}
Service {81E96B69-EF51-418E-99B2-302678BB8FC2}
Service {AB16CFD0-D8C8-4D5D-BAB7-8A60BC0F3D73}

---- EOF - GMER 1.0.15 ----


Here's the ComboFix Log

ComboFix 12-07-20.02 - Alex 07/20/2012 22:25:16.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.328 [GMT -4:00]
Running from: c:\documents and settings\Alex\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\avgfwdx.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))
.
.
2012-07-16 22:13 . 2012-07-16 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-16 22:13 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 19:35 . 2012-07-16 19:35 -------- d-----w- c:\documents and settings\Alex\Application Data\AVG2012
2012-07-16 19:33 . 2012-07-16 19:33 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\AVG Secure Search
2012-07-16 19:32 . 2012-07-16 19:32 -------- d-----w- c:\documents and settings\Alex\Application Data\AVG Secure Search
2012-07-16 19:32 . 2012-07-16 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-07-16 19:32 . 2012-07-16 19:32 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-16 19:32 . 2012-07-16 19:33 -------- d-----w- c:\program files\AVG Secure Search
2012-07-16 19:26 . 2012-07-16 19:26 -------- d-----w- C:\$AVG
2012-07-16 19:26 . 2012-07-20 22:44 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-16 19:26 . 2012-07-16 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-16 19:23 . 2012-07-16 19:23 -------- d-----w- c:\program files\AVG
2012-07-16 19:19 . 2012-07-16 19:19 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-07-16 19:19 . 2012-07-20 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 19:19 . 2007-06-21 12:14 22040 ---ha-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-21 12:14 15384 ---ha-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 09:40 329240 ---ha-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 09:40 210968 ---ha-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 09:40 219160 ---ha-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-06-21 12:14 15384 ---ha-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 09:40 53784 ---ha-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 09:40 35864 ---ha-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 09:18 97304 ---ha-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ---ha-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-06-21 12:14 17944 ---ha-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 09:40 577048 ---ha-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 09:40 1933848 ---ha-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-03-29 13:49 214256 ---ha-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2009-03-29 13:49 17136 ---ha-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2009-03-29 13:49 275696 ---ha-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 09:18 599040 ---ha-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-08-16 09:18 916992 ---ha-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2005-08-16 09:18 1863168 ---ha-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2005-08-16 09:18 43520 ---ha-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2005-08-16 09:18 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2005-08-16 09:18 385024 ---ha-w- c:\windows\system32\html.iec
2012-05-09 16:44 . 2012-05-09 16:45 73728 ---ha-w- c:\windows\system32\javacpl.cpl
2012-05-09 16:44 . 2012-05-09 16:45 476960 ---ha-w- c:\windows\system32\npdeployJava1.dll
2012-05-09 16:44 . 2010-11-09 11:49 472864 ---ha-w- c:\windows\system32\deployJava1.dll
2012-05-04 13:16 . 2005-08-16 09:18 2148352 ---ha-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-04 03:59 2026496 ---ha-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2005-08-16 09:37 139656 ---ha-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 22:20 . 2012-07-09 03:24 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-16 19:32 2069088 ----a-w- c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll" [2012-07-16 2069088]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-16 1118304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-22 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2007-2-24 118784]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [6/13/2012 3:48 AM 2321560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [7/16/2012 3:32 PM 934496]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/8/2012 11:24 PM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406164688-1667019281-2411116883-1006Core.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-30 22:19]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406164688-1667019281-2411116883-1006UA.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-30 22:19]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Alex\Application Data\Mozilla\Firefox\Profiles\wtn0mxhz.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bccd1e3e7-b552-4ea0-bae2-6186b2020e02%7D&mid=7e7d3005c18947d0b039d14acce4e9e6-3d1f7fe9c2832674e76898a88fafedb65dc45e66&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-07-16%2015%3A32%3A40&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKU-Default-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-20 23:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¨* Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2012-07-20 23:29:17
ComboFix-quarantined-files.txt 2012-07-21 03:28
.
Pre-Run: 837,709,824 bytes free
Post-Run: 1,197,101,056 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 6B5C3E72B807E82D1BDBA2E2257B5365

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 26 July 2012 - 12:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461773 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:10 AM

Posted 31 July 2012 - 12:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 08 August 2012 - 03:41 PM

This topic has been re-opened at the request of the person who originally posted.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 AM

Posted 08 August 2012 - 09:52 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 1c3creamcake

1c3creamcake
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 10 August 2012 - 10:32 AM

The Security Check Log:

Results of screen317's Security Check version 0.99.43
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 32
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 24% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


The Combo Fix Log

ComboFix 12-08-09.01 - PSB 08/10/2012 10:25:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.349 [GMT -4:00]
Running from: c:\documents and settings\PSB\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
c:\documents and settings\PSB\My Documents\~WRL0005.tmp
c:\documents and settings\PSB\My Documents\~WRL0810.tmp
c:\documents and settings\PSB\My Documents\~WRL3276.tmp
c:\documents and settings\PSB\My Documents\~WRL3380.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-08 14:41 . 2012-08-08 14:41 -------- d-----w- c:\documents and settings\PSB\Application Data\AVG2012
2012-08-08 14:40 . 2012-08-08 14:40 -------- d-----w- c:\documents and settings\PSB\Local Settings\Application Data\AVG Secure Search
2012-07-16 22:13 . 2012-07-16 22:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-16 22:13 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 19:35 . 2012-07-16 19:35 -------- d-----w- c:\documents and settings\Alex\Application Data\AVG2012
2012-07-16 19:33 . 2012-07-16 19:33 -------- d-----w- c:\documents and settings\Alex\Local Settings\Application Data\AVG Secure Search
2012-07-16 19:32 . 2012-07-16 19:32 -------- d-----w- c:\documents and settings\Alex\Application Data\AVG Secure Search
2012-07-16 19:32 . 2012-07-16 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-07-16 19:32 . 2012-07-16 19:32 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-16 19:32 . 2012-07-16 19:33 -------- d-----w- c:\program files\AVG Secure Search
2012-07-16 19:26 . 2012-07-16 19:26 -------- d-----w- C:\$AVG
2012-07-16 19:26 . 2012-08-08 15:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-16 19:26 . 2012-07-16 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-16 19:23 . 2012-07-16 19:23 -------- d-----w- c:\program files\AVG
2012-07-16 19:19 . 2012-07-16 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2012-07-16 19:19 . 2012-08-08 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:19 . 2005-08-16 09:18 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-09-21 19:30 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2005-08-16 09:18 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-06-21 12:14 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-06-21 12:14 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2005-08-16 09:40 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2005-08-16 09:40 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2005-08-16 09:40 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-06-21 12:14 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-08-16 09:40 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2005-08-16 09:40 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2005-08-16 09:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2007-06-21 12:14 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2005-08-16 09:40 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2005-08-16 09:40 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2009-03-29 13:49 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2009-03-29 13:49 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 19:18 . 2009-03-29 13:49 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-05-31 13:22 . 2005-08-16 09:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2005-08-16 09:18 916992 ----a-w- c:\windows\system32\wininet.dll
2012-06-14 22:20 . 2012-07-09 03:24 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-21_03.04.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-19 02:51 . 2011-04-19 02:51 51024 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_4ddc769f\vcomp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90rus.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90kor.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90jpn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90ita.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90fra.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esp.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90esn.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 53584 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 63312 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90deu.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90cht.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 35664 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90chs.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfcm90.dll
+ 2012-08-10 13:36 . 2012-08-10 13:36 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat
+ 2011-04-19 02:51 . 2011-04-19 02:51 653136 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 569680 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcm90.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 159048 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\atl90.dll
+ 2005-08-16 09:27 . 2012-08-08 14:57 220840 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 09:27 . 2012-06-14 10:39 220840 c:\windows\system32\FNTCACHE.DAT
+ 2008-12-05 06:54 . 2012-06-04 04:32 152576 c:\windows\system32\dllcache\schannel.dll
- 2010-11-09 14:52 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2010-11-09 14:52 . 2012-05-28 18:16 536576 c:\windows\system32\dllcache\msado15.dll
+ 2012-08-08 14:49 . 2012-08-08 14:49 223744 c:\windows\Installer\1491f4.msi
+ 2011-04-19 02:51 . 2011-04-19 02:51 3781960 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
+ 2011-04-19 02:51 . 2011-04-19 02:51 3766600 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90.dll
+ 2005-08-16 09:18 . 2012-06-08 14:26 8462848 c:\windows\system32\shell32.dll
+ 2008-10-15 23:23 . 2012-06-13 13:19 1866112 c:\windows\system32\dllcache\win32k.sys
+ 2008-06-17 19:02 . 2012-06-08 14:26 8462848 c:\windows\system32\dllcache\shell32.dll
+ 2008-09-21 19:30 . 2012-06-05 15:50 1372672 c:\windows\system32\dllcache\msxml6.dll
- 2008-09-21 19:30 . 2009-07-31 15:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2006-09-13 05:01 . 2012-06-05 15:50 1172480 c:\windows\system32\dllcache\msxml3.dll
- 2006-09-13 05:01 . 2010-06-14 07:41 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2007-05-06 21:26 . 2012-08-08 14:33 57442464 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-16 19:32 2069088 ----a-w- c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll" [2012-07-16 2069088]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [BU]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-16 1118304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-22 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-28 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [7/16/2012 3:32 PM 934496]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [6/13/2012 3:48 AM 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 5:25 PM 5160568]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/8/2012 11:24 PM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406164688-1667019281-2411116883-1006Core.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-30 22:19]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-406164688-1667019281-2411116883-1006UA.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-30 22:19]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://gmail.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: //lms.uconn.edu/
Trusted Zone: uconn.edu\huskymailweb
Trusted Zone: uconn.edu\www.huskymail
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\PSB\Application Data\Mozilla\Firefox\Profiles\t8voqdd3.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B50b16c6f-c826-48eb-81ae-7f5f1fa840a6%7D&mid=7e7d3005c18947d0b039d14acce4e9e6-3d1f7fe9c2832674e76898a88fafedb65dc45e66&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-07-16%2015%3A32%3A40&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aim6 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 11:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¨* Æ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
Completion time: 2012-08-10 11:22:10
ComboFix-quarantined-files.txt 2012-08-10 15:21
ComboFix2.txt 2012-07-21 03:29
.
Pre-Run: 750,800,896 bytes free
Post-Run: 852,107,264 bytes free
.
- - End Of File - - D2ED6DB168DA5B2FAB1F8B2E056022D2

The computer appears to no longer be redirecting, but it's still running slow. Not sure if I should consider this fixed, but it definitely helped!!

#7 1c3creamcake

1c3creamcake
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 10 August 2012 - 10:44 AM

Also, thanks so much for your time and effort so far!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 AM

Posted 10 August 2012 - 12:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 1c3creamcake

1c3creamcake
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 10 August 2012 - 05:09 PM

I''m experiencing a really weird issue. Neither of those programs will run. I downloaded them, opened them, hit "run", and....nothing happens..

:-(

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 AM

Posted 10 August 2012 - 08:31 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 1c3creamcake

1c3creamcake
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 11 August 2012 - 08:28 AM

FixTDSS doesn't seem to run either. I have all Anti-Virus turned off and no other programs running.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 AM

Posted 11 August 2012 - 10:41 AM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 1c3creamcake

1c3creamcake
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 11 August 2012 - 03:00 PM

Attached File  screenshot1.png   326.56KB   6 downloads

I finally got all this to work. Here's the screen shot.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:10 AM

Posted 11 August 2012 - 03:19 PM

Hello

That looks good



Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 1c3creamcake

1c3creamcake
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 11 August 2012 - 04:51 PM

Thanks! Here's the OTL.TXT log

OTL logfile created on: 8/11/2012 5:25:51 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Documents and Settings\PSB\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 525.65 Mb Available Physical Memory | 51.82% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.85% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 0.55 Gb Free Space | 1.47% Space Free | Partition Type: NTFS
Drive D: | 12.54 Gb Total Space | 12.38 Gb Free Space | 98.69% Space Free | Partition Type: NTFS

Computer Name: SHEA | User Name: PSB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\PSB\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_a998f860\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_356f79b1\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_86fbc21c\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_bb7110ed\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7e31c640\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll ()
MOD - c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll ()
MOD - c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll ()
MOD - c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll ()
MOD - c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\Libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (NICCONFIGSVC) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (GearAspiWDM) -- system32\DRIVERS\GEARAspiWDM.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\PSB\LOCALS~1\Temp\catchme.sys File not found
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1F27B9CD-F939-41DC-B73C-17B06C36B1DA}&mid=7e7d3005c18947d0b039d14acce4e9e6-3d1f7fe9c2832674e76898a88fafedb65dc45e66&lang=en&ds=AVG&pr=pr&d=2012-07-16 15:32:40&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=4
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..\SearchScopes\{D6964DD4-0CD0-43C4-986E-E1EC897EB1AF}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B50b16c6f-c826-48eb-81ae-7f5f1fa840a6%7D&mid=7e7d3005c18947d0b039d14acce4e9e6-3d1f7fe9c2832674e76898a88fafedb65dc45e66&ds=AVG&v=11.0.0.10&lang=en&pr=pr&d=2012-07-16%2015%3A32%3A40&sap=ku&q="
FF - prefs.js..network.proxy.http: "169.229.50.4"
FF - prefs.js..network.proxy.http_port: 3128
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\PSB\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\PSB\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/16 15:27:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/08/11 10:11:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/08 23:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/09 12:45:28 | 000,000,000 | ---D | M]

[2009/09/24 17:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PSB\Application Data\Mozilla\Extensions
[2012/08/10 09:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PSB\Application Data\Mozilla\Firefox\Profiles\t8voqdd3.default\extensions
[2012/07/08 23:24:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/11 10:11:21 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/10 11:04:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..Trusted Domains: //lms.uconn.edu/ ([]htto in Trusted sites)
O15 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..Trusted Domains: uconn.edu ([huskymailweb] https in Trusted sites)
O15 - HKU\S-1-5-21-406164688-1667019281-2411116883-1005\..Trusted Domains: uconn.edu ([www.huskymail] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn.uconn.edu/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.uconn.edu/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12DE0346-6AC8-4DE5-B368-740225F05AE9}: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PSB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PSB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/11 17:24:42 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PSB\Desktop\OTL.exe
[2012/08/11 12:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PSB\Application Data\AVG Secure Search
[2012/08/11 10:10:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012/08/10 11:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PSB\Application Data\Malwarebytes
[2012/08/10 09:59:01 | 004,728,003 | R--- | C] (Swearware) -- C:\Documents and Settings\PSB\Desktop\ComboFix.exe
[2012/08/10 09:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PSB\Desktop\BLEEPINGCOMPUTER
[2012/08/08 11:39:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\PSB\Start Menu\Programs\Administrative Tools
[2012/08/08 10:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PSB\Application Data\AVG2012
[2012/08/08 10:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PSB\Local Settings\Application Data\AVG Secure Search
[2012/07/20 22:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2012/07/20 22:18:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/07/20 22:10:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/20 22:10:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/20 22:10:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/20 22:10:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/20 22:07:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/20 22:06:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/16 18:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/16 18:13:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/16 18:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/16 15:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/07/16 15:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/16 15:32:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/16 15:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/16 15:26:36 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/16 15:26:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/07/16 15:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/16 15:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/16 15:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/16 15:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\PSB\Desktop\CA1KWZ5D.
[2012/08/11 17:33:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-406164688-1667019281-2411116883-1006UA.job
[2012/08/11 17:24:44 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PSB\Desktop\OTL.exe
[2012/08/11 17:15:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/11 16:32:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-406164688-1667019281-2411116883-1006Core.job
[2012/08/11 16:00:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/11 16:00:20 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/11 12:57:51 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\PSB\Local Settings\Application Data\dt.dat
[2012/08/11 12:39:30 | 103,576,853 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/08/10 11:04:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/08/10 09:59:05 | 004,728,003 | R--- | M] (Swearware) -- C:\Documents and Settings\PSB\Desktop\ComboFix.exe
[2012/08/08 10:57:03 | 000,220,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/08 10:50:12 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/20 22:18:57 | 000,000,326 | RHS- | M] () -- C:\boot.ini
[2012/07/16 18:14:09 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 15:33:37 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Documents and Settings\PSB\Desktop\CA1KWZ5D.
[2012/08/11 12:57:51 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\PSB\Local Settings\Application Data\dt.dat
[2012/08/11 12:39:30 | 103,576,853 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/20 22:45:59 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2012/07/20 22:45:58 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2012/07/20 22:45:57 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/07/20 22:45:56 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/07/20 22:45:55 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2012/07/20 22:43:10 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/07/20 22:43:09 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/07/20 22:43:08 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD.lnk
[2012/07/20 22:43:07 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Photo Story 3 for Windows.lnk
[2012/07/20 22:43:06 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Musicmatch Jukebox.lnk
[2012/07/20 22:43:05 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/07/20 22:43:04 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2012/07/20 22:43:03 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/07/20 22:43:02 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Plus! Photo Story 2 LE.lnk
[2012/07/20 22:43:01 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2012/07/20 22:43:00 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2012/07/20 22:42:58 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2012/07/20 22:42:57 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2012/07/20 22:42:56 | 000,001,370 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2012/07/20 22:42:55 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Inspiration 8.lnk
[2012/07/20 22:42:54 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/07/20 22:42:53 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2012/07/20 22:18:55 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/07/20 22:18:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/07/20 22:10:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/20 22:10:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/20 22:10:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/20 22:10:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/20 22:10:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/16 18:14:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/16 15:33:36 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/16 07:42:59 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/19 06:50:08 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/01/31 14:00:18 | 000,000,908 | ---- | C] () -- C:\Documents and Settings\PSB\.powerschool_gradebook.properties
[2010/01/31 13:41:01 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\PSB\.gradebook_userdict.tlx
[2010/01/18 19:08:14 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\PSB\webct_upload_applet.properties
[2009/03/05 11:18:36 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\PSB\couponmanager.properties
[2007/04/30 18:01:04 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\PSB\Application Data\PFP120JPR.{PB
[2007/04/30 18:01:04 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\PSB\Application Data\PFP120JCM.{PB
[2007/02/24 16:30:31 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2006/10/30 22:10:31 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/06 20:07:22 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\PSB\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/01 16:27:11 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\PSB\Local Settings\Application Data\fusioncache.dat
[2006/08/22 21:09:08 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users