Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System tools infection?


  • Please log in to reply

#1
Trixsteruk

Trixsteruk

    Member

  • Member
  • PipPip
  • 35 posts
My mum woke me up this morning and i came downstairs to a you have malware background and an open windowwith a "system tools" header. I came onto Geekstogo.com and re read the removal guides etc, i started by trying to download ad run OTL, this was unsuccesful, it popped up in the taskbar that i couldnt run the exe due to infection, this was also a "system tools" pop up :/. I proceeded to try the other versions of OTL with no success. MBAM wouldnt run either. The only thing i seem to be able to do is run OTL in safe mode, I will add the log to the post. I'm far from experienced when it comes to what seems to be a major infection so any advice help would br greatly appreciated, thank you in advance.

The OTL log is in the attatchment!!

Attached Files

  • Attached File  OTL.Txt   69.7KB   104 downloads

  • 0

Advertisements


#2
Trixsteruk

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
BTW, my mums computer is on win7 hone not xp pro as it says in my thingy on the left. <<<<<<<<<<<<
  • 0

#3
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and press enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
  • 0

#4
Trixsteruk

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Just to clarify, am i doing this in safe mode or normal, as i dont seem to be able to run any executable file in non safe mode!"!!

Edited by Trixsteruk, 19 March 2011 - 09:12 AM.

  • 0

#5
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
Try it in normal mode first. It may take a few attempts but it should run
  • 0

#6
Trixsteruk

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
RogueKiller V4.3.2 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: nhvh [Admin rights]
Mode: Scan -- Date : 03/19/2011 16:28:45

Bad processes: 1
[APPDT/TMP/DESKTOP] mLaJkLf16633.exe -- c:\programdata\mlajklf16633\mlajklf16633.exe -> KILLED

Registry Entries: 2
[APPDT/TMP/DESKTOP] HKCU\[...]\RunOnce : mLaJkLf16633 (C:\ProgramData\mLaJkLf16633\mLaJkLf16633.exe) -> FOUND
[APPDT/TMP/DESKTOP] HKUS\S-1-5-21-2009667962-4236194040-924885787-1001[...]\RunOnce : mLaJkLf16633 (C:\ProgramData\mLaJkLf16633\mLaJkLf16633.exe) -> FOUND

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt



That was in normal mode, it worked fine as it was!!

Edited by Trixsteruk, 19 March 2011 - 10:32 AM.

  • 0

#7
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
» Step1«
Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and press enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

» Step2«

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.

    Posted Image

  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

» Step3«
Run OTL again please and post the log it produces
  • 0

#8
Trixsteruk

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
RKunhooker will not work it come up with the error "Error loading driver NTSTATUS code: 0xC000036B"
  • 0

#9
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
That's OK, I should have spotted that it wouldn't before I asked you :D

Do this instead of step 2

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#10
Trixsteruk

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
2011/03/19 17:47:46.0991 4940 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/19 17:47:48.0442 4940 ================================================================================
2011/03/19 17:47:48.0442 4940 SystemInfo:
2011/03/19 17:47:48.0442 4940
2011/03/19 17:47:48.0442 4940 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/19 17:47:48.0442 4940 Product type: Workstation
2011/03/19 17:47:48.0442 4940 ComputerName: NHVH-PC
2011/03/19 17:47:48.0442 4940 UserName: nhvh
2011/03/19 17:47:48.0442 4940 Windows directory: C:\Windows
2011/03/19 17:47:48.0442 4940 System windows directory: C:\Windows
2011/03/19 17:47:48.0442 4940 Running under WOW64
2011/03/19 17:47:48.0442 4940 Processor architecture: Intel x64
2011/03/19 17:47:48.0442 4940 Number of processors: 2
2011/03/19 17:47:48.0442 4940 Page size: 0x1000
2011/03/19 17:47:48.0442 4940 Boot type: Normal boot
2011/03/19 17:47:48.0442 4940 ================================================================================
2011/03/19 17:47:49.0051 4940 Initialize success
2011/03/19 17:48:01.0593 4128 ================================================================================
2011/03/19 17:48:01.0593 4128 Scan started
2011/03/19 17:48:01.0593 4128 Mode: Manual;
2011/03/19 17:48:01.0593 4128 ================================================================================
2011/03/19 17:48:02.0701 4128 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/19 17:48:03.0247 4128 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/19 17:48:03.0293 4128 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/19 17:48:03.0371 4128 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/19 17:48:03.0418 4128 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/19 17:48:03.0465 4128 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/19 17:48:03.0543 4128 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/19 17:48:03.0559 4128 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/19 17:48:03.0637 4128 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/19 17:48:03.0746 4128 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/19 17:48:03.0824 4128 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/19 17:48:03.0855 4128 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/19 17:48:03.0902 4128 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/19 17:48:03.0995 4128 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/19 17:48:04.0058 4128 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/19 17:48:04.0167 4128 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/19 17:48:04.0292 4128 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/19 17:48:04.0354 4128 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/19 17:48:04.0385 4128 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/19 17:48:04.0417 4128 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/19 17:48:04.0479 4128 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
2011/03/19 17:48:04.0541 4128 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/19 17:48:04.0635 4128 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/03/19 17:48:04.0651 4128 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/19 17:48:04.0776 4128 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys
2011/03/19 17:48:04.0885 4128 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys
2011/03/19 17:48:04.0963 4128 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys
2011/03/19 17:48:05.0025 4128 Avgtdia (8875fb5471c0682032df6fa463af3ba9) C:\Windows\system32\DRIVERS\avgtdia.sys
2011/03/19 17:48:05.0166 4128 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/19 17:48:05.0244 4128 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/19 17:48:05.0322 4128 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/19 17:48:05.0431 4128 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys
2011/03/19 17:48:05.0493 4128 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/19 17:48:05.0540 4128 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/19 17:48:05.0602 4128 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/19 17:48:05.0618 4128 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/19 17:48:05.0649 4128 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/19 17:48:05.0696 4128 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/19 17:48:05.0727 4128 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/19 17:48:05.0743 4128 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/19 17:48:05.0774 4128 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/19 17:48:05.0852 4128 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
2011/03/19 17:48:05.0899 4128 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/19 17:48:05.0946 4128 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/19 17:48:06.0008 4128 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/19 17:48:06.0070 4128 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/19 17:48:06.0133 4128 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/19 17:48:06.0148 4128 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/19 17:48:06.0180 4128 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/19 17:48:06.0304 4128 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/19 17:48:06.0351 4128 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/19 17:48:06.0414 4128 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/19 17:48:06.0507 4128 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/19 17:48:06.0523 4128 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/19 17:48:06.0554 4128 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/19 17:48:06.0601 4128 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/19 17:48:06.0679 4128 dtsoftbus01 (9f98d7afa293947a0dfc6ffd4671fe70) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/03/19 17:48:06.0741 4128 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/19 17:48:06.0866 4128 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/19 17:48:07.0209 4128 eeCtrl (066108ae4c35835081598827a1a7d08d) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/03/19 17:48:07.0443 4128 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/19 17:48:07.0537 4128 EraserUtilRebootDrv (12866876e3851f1e5d462b2a83e25578) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/03/19 17:48:07.0630 4128 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/19 17:48:07.0755 4128 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/19 17:48:07.0802 4128 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/19 17:48:07.0818 4128 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/19 17:48:07.0864 4128 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/19 17:48:07.0880 4128 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/19 17:48:07.0911 4128 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/19 17:48:08.0020 4128 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/19 17:48:08.0052 4128 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/19 17:48:08.0114 4128 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/03/19 17:48:08.0192 4128 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/19 17:48:08.0254 4128 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/19 17:48:08.0286 4128 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/19 17:48:08.0332 4128 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/19 17:48:08.0395 4128 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/19 17:48:08.0426 4128 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/19 17:48:08.0457 4128 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/19 17:48:08.0488 4128 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/19 17:48:08.0535 4128 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/19 17:48:08.0582 4128 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/19 17:48:08.0660 4128 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/19 17:48:08.0738 4128 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/19 17:48:08.0800 4128 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/19 17:48:08.0847 4128 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/19 17:48:08.0894 4128 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/19 17:48:09.0128 4128 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110317.002\IDSvia64.sys
2011/03/19 17:48:09.0612 4128 igfx (59e3e4d80cdfbbc61bf7d9b7cc3bc993) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/03/19 17:48:09.0908 4128 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/19 17:48:10.0002 4128 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/19 17:48:10.0376 4128 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/19 17:48:10.0423 4128 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/19 17:48:10.0454 4128 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/19 17:48:10.0485 4128 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/19 17:48:10.0501 4128 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/19 17:48:10.0782 4128 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/19 17:48:10.0828 4128 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/19 17:48:10.0860 4128 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/19 17:48:10.0922 4128 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/19 17:48:10.0953 4128 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/19 17:48:10.0984 4128 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/19 17:48:11.0265 4128 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/19 17:48:11.0530 4128 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/19 17:48:11.0920 4128 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/19 17:48:12.0264 4128 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/19 17:48:12.0310 4128 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/19 17:48:12.0342 4128 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/19 17:48:12.0357 4128 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/19 17:48:12.0388 4128 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/19 17:48:12.0420 4128 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/19 17:48:12.0466 4128 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/19 17:48:12.0529 4128 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/19 17:48:12.0607 4128 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/19 17:48:12.0622 4128 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/19 17:48:12.0669 4128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/19 17:48:12.0700 4128 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/19 17:48:12.0716 4128 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/19 17:48:12.0763 4128 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/19 17:48:12.0794 4128 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/19 17:48:12.0919 4128 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/19 17:48:12.0981 4128 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/19 17:48:13.0059 4128 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/19 17:48:13.0122 4128 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/19 17:48:13.0168 4128 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/19 17:48:13.0246 4128 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/19 17:48:13.0293 4128 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/19 17:48:13.0356 4128 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/19 17:48:13.0496 4128 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/19 17:48:13.0543 4128 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/19 17:48:13.0574 4128 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/19 17:48:13.0668 4128 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/19 17:48:13.0792 4128 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/19 17:48:14.0073 4128 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/19 17:48:14.0151 4128 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/19 17:48:14.0229 4128 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/19 17:48:14.0370 4128 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/19 17:48:14.0650 4128 NAVENG (7be93dbb02b66e72872ff76d8a92e662) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110319.003\ENG64.SYS
2011/03/19 17:48:14.0962 4128 NAVEX15 (be99edbba322ca59b3f2fe17b9bf987a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110319.003\EX64.SYS
2011/03/19 17:48:15.0072 4128 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/19 17:48:15.0243 4128 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/19 17:48:15.0337 4128 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/19 17:48:15.0399 4128 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/19 17:48:15.0493 4128 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/19 17:48:15.0555 4128 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/19 17:48:15.0774 4128 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/19 17:48:15.0805 4128 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/19 17:48:15.0883 4128 netr7364 (0461e245827ecf7c52cdd56df0d66fa9) C:\Windows\system32\DRIVERS\netr7364.sys
2011/03/19 17:48:15.0930 4128 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/19 17:48:16.0054 4128 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/19 17:48:16.0070 4128 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/19 17:48:16.0117 4128 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/19 17:48:16.0366 4128 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/19 17:48:16.0429 4128 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/19 17:48:16.0460 4128 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/19 17:48:16.0507 4128 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/19 17:48:16.0600 4128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/19 17:48:16.0663 4128 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/19 17:48:16.0694 4128 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/19 17:48:16.0725 4128 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/19 17:48:16.0756 4128 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/19 17:48:16.0788 4128 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/19 17:48:16.0819 4128 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/19 17:48:16.0866 4128 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/19 17:48:16.0990 4128 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/19 17:48:17.0022 4128 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/19 17:48:17.0131 4128 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/19 17:48:17.0256 4128 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/19 17:48:17.0646 4128 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/19 17:48:17.0692 4128 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/19 17:48:17.0724 4128 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/19 17:48:17.0755 4128 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/19 17:48:17.0770 4128 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/19 17:48:17.0802 4128 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/19 17:48:17.0848 4128 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/19 17:48:17.0911 4128 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/19 17:48:18.0145 4128 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/19 17:48:18.0207 4128 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/19 17:48:18.0363 4128 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/19 17:48:18.0394 4128 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/19 17:48:18.0457 4128 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/19 17:48:18.0566 4128 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/19 17:48:18.0628 4128 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/19 17:48:18.0706 4128 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/03/19 17:48:18.0753 4128 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/19 17:48:18.0816 4128 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/19 17:48:18.0878 4128 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/19 17:48:18.0909 4128 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/19 17:48:18.0972 4128 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/19 17:48:19.0018 4128 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/19 17:48:19.0081 4128 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/19 17:48:19.0128 4128 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/19 17:48:19.0174 4128 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/19 17:48:19.0237 4128 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/19 17:48:19.0268 4128 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/19 17:48:19.0299 4128 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/19 17:48:19.0330 4128 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/19 17:48:19.0440 4128 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/19 17:48:19.0580 4128 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
2011/03/19 17:48:19.0689 4128 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
2011/03/19 17:48:19.0861 4128 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/19 17:48:19.0939 4128 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/19 17:48:20.0095 4128 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/19 17:48:20.0173 4128 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/19 17:48:20.0204 4128 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/19 17:48:20.0282 4128 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
2011/03/19 17:48:20.0641 4128 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/03/19 17:48:20.0953 4128 SYMFW (6320bf296b62d324890866a13a296fc0) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS
2011/03/19 17:48:21.0015 4128 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
2011/03/19 17:48:21.0140 4128 SYMNDISV (21dcc664a1e0af7bf4c8aded8c9ff9d5) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS
2011/03/19 17:48:21.0234 4128 SYMTDI (56a1cb71b8bb7ba9c41d2c9706df43cd) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
2011/03/19 17:48:21.0468 4128 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/19 17:48:22.0138 4128 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/19 17:48:22.0622 4128 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/19 17:48:22.0731 4128 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/19 17:48:22.0762 4128 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/19 17:48:22.0825 4128 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/19 17:48:22.0872 4128 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/19 17:48:22.0934 4128 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/19 17:48:23.0043 4128 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/19 17:48:23.0090 4128 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/19 17:48:23.0121 4128 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/19 17:48:23.0184 4128 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/19 17:48:23.0230 4128 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/19 17:48:23.0262 4128 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/19 17:48:23.0277 4128 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/19 17:48:23.0324 4128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/19 17:48:23.0340 4128 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/19 17:48:23.0386 4128 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/19 17:48:23.0433 4128 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/19 17:48:23.0480 4128 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/19 17:48:23.0542 4128 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/19 17:48:23.0574 4128 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/19 17:48:23.0605 4128 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/19 17:48:23.0636 4128 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/19 17:48:23.0667 4128 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/19 17:48:23.0714 4128 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/19 17:48:23.0776 4128 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/19 17:48:23.0823 4128 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/19 17:48:23.0854 4128 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/19 17:48:23.0886 4128 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/19 17:48:23.0901 4128 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/19 17:48:23.0948 4128 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/19 17:48:23.0979 4128 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/19 17:48:24.0057 4128 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/19 17:48:24.0120 4128 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/03/19 17:48:24.0166 4128 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/19 17:48:24.0198 4128 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/19 17:48:24.0213 4128 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/19 17:48:24.0260 4128 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys
2011/03/19 17:48:24.0322 4128 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/19 17:48:24.0369 4128 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/19 17:48:24.0556 4128 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/19 17:48:24.0588 4128 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/19 17:48:24.0790 4128 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/19 17:48:24.0900 4128 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/19 17:48:24.0993 4128 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/03/19 17:48:25.0134 4128 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/19 17:48:25.0680 4128 ================================================================================
2011/03/19 17:48:25.0680 4128 Scan finished
2011/03/19 17:48:25.0680 4128 ================================================================================
  • 0

Advertisements


#11
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
Have you the new OTL log please?
  • 0

#12
Trixsteruk

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 19/03/2011 18:20:06 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\nhvh\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.45 Gb Total Space | 192.96 Gb Free Space | 67.84% Space Free | Partition Type: NTFS
Drive D: | 13.54 Gb Total Space | 2.40 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
Drive E: | 19.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 981.02 Mb Total Space | 2.79 Mb Free Space | 0.28% Space Free | Partition Type: FAT32

Computer Name: NHVH-PC | User Name: nhvh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
PRC - [2011/02/10 17:21:21 | 000,234,656 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10m_ActiveX.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/15 12:10:33 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/19 13:49:01 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/09 22:22:16 | 003,229,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/15 12:10:33 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/09 23:45:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 02:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 02:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 02:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/30 14:41:43 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/08/29 16:27:27 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/08/19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/12 03:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/01/20 21:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/15 12:10:34 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/15 12:10:34 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/08/15 12:10:34 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2009/08/15 12:10:34 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2009/08/15 12:10:34 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2009/08/15 12:10:34 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/15 12:10:34 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/21 15:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 16:53:32 | 000,716,288 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/29 22:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2010/12/16 09:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110319.003\EX64.SYS -- (NAVEX15)
DRV - [2010/12/16 09:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110319.003\ENG64.SYS -- (NAVENG)
DRV - [2010/11/22 02:18:46 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/09 00:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110317.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/08/29 03:08:46 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/09/01 06:10:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/24 21:57:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1296293777\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [mLaJkLf16633] C:\ProgramData\mLaJkLf16633\mLaJkLf16633.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/07/02 11:07:42 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{41e00231-b388-11df-96d7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{41e00231-b388-11df-96d7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2004/01/19 08:40:14 | 000,737,280 | R--- | M] ()
O33 - MountPoints2\{d488554b-1bce-11e0-8a84-90e6ba0485ed}\Shell - "" = AutoRun
O33 - MountPoints2\{d488554b-1bce-11e0-8a84-90e6ba0485ed}\Shell\AutoRun\command - "" = H:\DiscworldTrilogy.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/19 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\tdsskiller
[2011/03/19 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\RK_Quarantine
[2011/03/19 13:33:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.com
[2011/03/19 13:32:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.scr
[2011/03/19 13:29:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
[2011/03/19 12:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\mLaJkLf16633
[2011/03/15 18:53:20 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\Lisa Batala recording
[2011/03/15 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\Debbie Glasto recording
[2011/03/14 23:41:50 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Documents\Digital Wave Player
[2011/03/14 23:41:13 | 000,086,016 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\STRDEVAPI.dll
[2011/03/14 23:41:04 | 000,073,728 | ---- | C] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\SysWow64\DW90USB.DLL
[2011/03/14 23:41:04 | 000,073,728 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\VNUSB.dll
[2011/03/14 23:41:04 | 000,039,096 | ---- | C] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\SysWow64\drivers\DW90USB.SYS
[2011/03/14 23:41:04 | 000,038,496 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\drivers\VNUSB.sys
[2011/03/14 23:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Olympus Digital Wave Player
[2011/03/14 23:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Olympus
[2011/03/14 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Friday's games
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stray Souls - Dollhouse Story
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stray Souls - Dollhouse Story
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stray Souls - Dollhouse Story
[2011/03/14 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\CursedOnboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Adventures - Cursed Onboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Adventures - Cursed Onboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epic Adventures - Cursed Onboard
[2011/03/14 12:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/03/09 19:06:13 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/03/09 19:06:13 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/03/09 19:06:13 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/03/09 19:06:13 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/03/09 19:06:09 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/09 19:06:09 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/09 19:06:09 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/09 19:06:09 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/09 19:06:09 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/09 19:06:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/09 19:06:09 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/09 19:06:09 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/09 19:06:06 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/09 19:06:06 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/09 19:06:06 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/09 19:06:06 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/09 13:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/09 13:52:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/03/09 13:52:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/03/09 13:52:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/03/09 13:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/27 19:33:52 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Documents\McFeggan Burials
[2011/02/23 12:53:51 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/23 12:53:51 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/23 12:53:51 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/23 12:53:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

========== Files - Modified Within 30 Days ==========

[2011/03/19 17:49:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/19 17:04:05 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/03/19 16:49:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/19 16:29:39 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/19 16:29:39 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/19 16:29:39 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/19 16:28:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 16:28:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 16:26:06 | 001,001,472 | ---- | M] () -- C:\Users\nhvh\Desktop\RogueKiller.exe
[2011/03/19 16:21:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/19 16:21:22 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/19 13:33:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.com
[2011/03/19 13:32:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.scr
[2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
[2011/03/14 23:41:14 | 000,001,965 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
[2011/03/14 12:47:16 | 000,001,720 | ---- | M] () -- C:\Users\nhvh\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/03/14 12:47:16 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2011/02/28 22:04:48 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/02/28 22:02:30 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011/02/19 06:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/02/19 06:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/02/19 05:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/02/19 05:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll

========== Files Created - No Company Name ==========

[2011/03/19 17:01:33 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/03/19 16:28:32 | 001,001,472 | ---- | C] () -- C:\Users\nhvh\Desktop\RogueKiller.exe
[2011/03/14 23:41:14 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
[2011/03/14 23:41:13 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2011/03/14 23:41:09 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2011/01/29 09:31:05 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/12 18:03:37 | 000,000,440 | ---- | C] () -- C:\Users\nhvh\AppData\Roaming\prefsdb.dat
[2010/11/02 17:00:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/07 22:22:54 | 000,357,424 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 057.JPG
[2010/09/07 22:22:34 | 000,228,845 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 056.0
[2010/09/07 22:22:34 | 000,145,758 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 056.JPG
[2010/09/07 22:12:27 | 000,556,462 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 057.0
[2010/09/07 18:31:42 | 000,833,096 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpJAMES MAC WILL 1817 001.0
[2010/09/07 18:31:42 | 000,819,526 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpJAMES MAC WILL 1817 001.JPG
[2010/09/07 17:09:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/29 17:38:24 | 000,000,122 | ---- | C] () -- C:\Users\nhvh\AppData\Roaming\wklnhst.dat
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/15 20:20:52 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/15 20:20:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/15 20:20:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/08/15 20:20:51 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/15 12:09:19 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:6114B257
@Alternate Data Stream - 243 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:9812B773
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:29F0CA7D
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:D9656460
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:A6D89509
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:8684F6F0
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:4A77A28B
@Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:FB7C1D10
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:329BA65B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B3196E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:53B8C5D2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2F1D743F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:59846E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:95198126

< End of report >
  • 0

#13
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts
Are you using both Norton & AVG Anti-Viruses?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\RunOnce: [mLaJkLf16633] C:\ProgramData\mLaJkLf16633\mLaJkLf16633.exe ()
    O33 - MountPoints2\{41e00231-b388-11df-96d7-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{41e00231-b388-11df-96d7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2004/01/19 08:40:14 | 000,737,280 | R--- | M] ()
    O33 - MountPoints2\{d488554b-1bce-11e0-8a84-90e6ba0485ed}\Shell - "" = AutoRun
    O33 - MountPoints2\{d488554b-1bce-11e0-8a84-90e6ba0485ed}\Shell\AutoRun\command - "" = H:\DiscworldTrilogy.exe
    
    :Commands
    [purity]
    [emptytemp]
    
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#14
Trixsteruk

Trixsteruk

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
She has both running yes!!


OTL logfile created on: 20/03/2011 12:52:24 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\nhvh\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 68.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.45 Gb Total Space | 195.57 Gb Free Space | 68.76% Space Free | Partition Type: NTFS
Drive D: | 13.54 Gb Total Space | 2.40 Gb Free Space | 17.74% Space Free | Partition Type: NTFS
Drive E: | 19.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 981.02 Mb Total Space | 2.79 Mb Free Space | 0.28% Space Free | Partition Type: FAT32

Computer Name: NHVH-PC | User Name: nhvh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
PRC - [2011/01/05 09:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 07:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1296293777\ee\aolupdates.exe
PRC - [2010/03/08 07:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1296293777\ee\aolsoftware.exe
PRC - [2009/10/20 13:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/08/15 12:10:33 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
PRC - [2009/08/05 12:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/14 01:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/05/26 08:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2006/06/08 15:41:18 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe


========== Modules (SafeList) ==========

MOD - [2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/19 13:49:01 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/09 22:22:16 | 003,229,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/15 12:10:33 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2006/10/23 12:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/01/09 23:45:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/11/09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/13 15:28:00 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2010/09/07 02:48:56 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2010/09/07 02:48:52 | 000,305,232 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/09/07 02:48:50 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2010/08/30 14:41:43 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/08/29 16:27:27 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/08/19 20:42:38 | 000,157,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2010/08/19 20:42:38 | 000,035,920 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2010/07/12 03:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/01/20 21:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/08/15 12:10:34 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/15 12:10:34 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/08/15 12:10:34 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2009/08/15 12:10:34 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2009/08/15 12:10:34 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2009/08/15 12:10:34 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/08/15 12:10:34 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/07/21 15:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:31:42 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 20:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 16:53:32 | 000,716,288 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/29 22:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2011/03/19 17:04:05 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\Normandy.sys -- (Normandy)
DRV - [2010/12/16 09:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110319.003\EX64.SYS -- (NAVEX15)
DRV - [2010/12/16 09:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110319.003\ENG64.SYS -- (NAVENG)
DRV - [2010/11/22 02:18:46 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/09 00:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110317.002\IDSviA64.sys -- (IDSVia64)
DRV - [2010/08/29 03:08:46 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cndt
IE - HKLM\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk
IE - HKCU\..\URLSearchHook: {4a6e1b85-1193-4a2a-aab8-7417f275f18a} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/09/01 06:10:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/24 21:57:28 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AOL Broadband Toolbar Loader) - {776a9d06-e178-4aa0-aee4-b4de3a64ad28} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Broadband Toolbar) - {e6ed7f95-e571-4f81-8757-5eb11252703d} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Broadband Toolbar) - {E6ED7F95-E571-4F81-8757-5EB11252703D} - C:\Program Files (x86)\AOL Broadband Toolbar\aolbbtb.dll (AOL)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1296293777\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/07/02 11:07:42 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 12:45:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/19 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\tdsskiller
[2011/03/19 16:28:45 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\RK_Quarantine
[2011/03/19 13:33:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.com
[2011/03/19 13:32:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.scr
[2011/03/19 13:29:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
[2011/03/19 12:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\mLaJkLf16633
[2011/03/15 18:53:20 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\Lisa Batala recording
[2011/03/15 18:52:27 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Desktop\Debbie Glasto recording
[2011/03/14 23:41:50 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Documents\Digital Wave Player
[2011/03/14 23:41:13 | 000,086,016 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\STRDEVAPI.dll
[2011/03/14 23:41:04 | 000,073,728 | ---- | C] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\SysWow64\DW90USB.DLL
[2011/03/14 23:41:04 | 000,073,728 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\VNUSB.dll
[2011/03/14 23:41:04 | 000,039,096 | ---- | C] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\SysWow64\drivers\DW90USB.SYS
[2011/03/14 23:41:04 | 000,038,496 | ---- | C] (OLYMPUS IMAGING CORP.) -- C:\Windows\SysWow64\drivers\VNUSB.sys
[2011/03/14 23:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Olympus Digital Wave Player
[2011/03/14 23:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Olympus
[2011/03/14 14:57:21 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Friday's games
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stray Souls - Dollhouse Story
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stray Souls - Dollhouse Story
[2011/03/14 14:56:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stray Souls - Dollhouse Story
[2011/03/14 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\CursedOnboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\Users\nhvh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Adventures - Cursed Onboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Adventures - Cursed Onboard
[2011/03/14 12:56:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epic Adventures - Cursed Onboard
[2011/03/14 12:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2011/03/09 13:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/03/09 13:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/27 19:33:52 | 000,000,000 | ---D | C] -- C:\Users\nhvh\Documents\McFeggan Burials

========== Files - Modified Within 30 Days ==========

[2011/03/20 12:49:39 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/20 12:49:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/20 12:49:18 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/20 11:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/19 17:04:05 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/03/19 16:29:39 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/19 16:29:39 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/19 16:29:39 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/19 16:28:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 16:28:52 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/19 16:26:06 | 001,001,472 | ---- | M] () -- C:\Users\nhvh\Desktop\RogueKiller.exe
[2011/03/19 13:33:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.com
[2011/03/19 13:32:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.scr
[2011/03/19 13:29:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\nhvh\Desktop\OTL.exe
[2011/03/14 23:41:14 | 000,001,965 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
[2011/03/14 12:47:16 | 000,001,720 | ---- | M] () -- C:\Users\nhvh\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2011/03/14 12:47:16 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2011/02/28 22:04:48 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2011/02/28 22:02:30 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job

========== Files Created - No Company Name ==========

[2011/03/19 17:01:33 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/03/19 16:28:32 | 001,001,472 | ---- | C] () -- C:\Users\nhvh\Desktop\RogueKiller.exe
[2011/03/14 23:41:14 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Detector 3.lnk
[2011/03/14 23:41:13 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\OdiOlDVR.dll
[2011/03/14 23:41:09 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\OdiAPI.dll
[2011/01/29 09:31:05 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/12 18:03:37 | 000,000,440 | ---- | C] () -- C:\Users\nhvh\AppData\Roaming\prefsdb.dat
[2010/11/02 17:00:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/09/07 22:22:54 | 000,357,424 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 057.JPG
[2010/09/07 22:22:34 | 000,228,845 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 056.0
[2010/09/07 22:22:34 | 000,145,758 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 056.JPG
[2010/09/07 22:12:27 | 000,556,462 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpNOTTING HILL 057.0
[2010/09/07 18:31:42 | 000,833,096 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpJAMES MAC WILL 1817 001.0
[2010/09/07 18:31:42 | 000,819,526 | ---- | C] () -- C:\Users\nhvh\AppData\Local\tmpJAMES MAC WILL 1817 001.JPG
[2010/09/07 17:09:41 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/08/29 17:38:24 | 000,000,122 | ---- | C] () -- C:\Users\nhvh\AppData\Roaming\wklnhst.dat
[2010/06/29 23:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/15 20:20:52 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/08/15 20:20:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/08/15 20:20:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/08/15 20:20:51 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/08/15 12:09:19 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/10/29 11:56:10 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\AVG10
[2010/08/31 20:15:26 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Big Fish Games
[2011/03/14 13:03:12 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\CursedOnboard
[2011/01/09 23:47:04 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\DAEMON Tools Lite
[2010/12/19 01:11:53 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Floodlight Games
[2011/03/14 14:57:21 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Friday's games
[2010/12/01 23:31:28 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\GameMill Entertainment
[2010/08/31 21:15:55 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Gogii
[2010/11/10 17:24:14 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\MA2
[2010/11/20 22:32:08 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\MumboJumbo
[2010/12/12 01:17:32 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Orneon
[2010/11/12 18:04:14 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\perfect future studio
[2011/01/29 15:49:51 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Phantasmat_bf_ce1
[2010/10/10 20:07:07 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\PlayFirst
[2011/01/09 23:50:59 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\ProtectDisc
[2011/01/13 22:41:55 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\ScummVM
[2010/11/11 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Skinux
[2010/12/04 19:46:32 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\TeamViewer
[2010/08/29 17:38:26 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Template
[2011/01/10 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\The Games Company
[2010/11/22 22:57:20 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\URSE Games
[2010/12/11 21:03:07 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\Vast Studios
[2010/08/30 12:41:34 | 000,000,000 | ---D | M] -- C:\Users\nhvh\AppData\Roaming\WinBatch
[2011/02/28 22:02:30 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/02/28 22:04:48 | 000,000,552 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/01/17 11:11:17 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:6114B257
@Alternate Data Stream - 243 bytes -> C:\ProgramData\Temp:14A1BBE3
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:9812B773
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:29F0CA7D
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:D9656460
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:A6D89509
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:774A0E14
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:8684F6F0
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:4A77A28B
@Alternate Data Stream - 191 bytes -> C:\ProgramData\Temp:FB7C1D10
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:1E17A249
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:329BA65B
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:B3196E8D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:53B8C5D2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2F1D743F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:6BFA43EB
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:59846E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:95198126

< End of report >
  • 0

#15
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,288 posts

She has both running yes!!


OK, one needs to go - they conflict with each other and slow the system down. Choose whichever one you want to keep and uninstall the other. When you've done that can you do me another OTL scan plase. Thanks
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP