Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

adware huntbar, whitesmoke


  • Please log in to reply

#1
barracudacool

barracudacool

    Member

  • Member
  • PipPip
  • 14 posts
The computer first started running very slowly. and now freezes. I suspected I picked up a cootie in a powerpoint which was sent to me. Tried a variety of things to get it off. AVG, microsoft security. etc. It seems to be proliferating. I have no specific error messages. Spyware doctor found adware huntbar, adware tubby, spyware known bad sites. application white smoke. OTL log posted below. thanks in advance.



OTL logfile created on: 10/1/2011 7:09:48 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\melissa\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 54.84% Memory free
6.99 Gb Paging File | 4.84 Gb Available in Paging File | 69.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.89 Gb Total Space | 28.57 Gb Free Space | 19.19% Space Free | Partition Type: NTFS
Drive E: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MELISSA-PC | User Name: melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/01 19:09:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\melissa\Downloads\OTL.exe
PRC - [2011/10/01 10:03:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/15 08:21:42 | 028,182,368 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/24 00:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/03 17:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
PRC - [2011/05/03 17:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/13 16:14:04 | 000,094,040 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Camtasia Studio 7\TscHelp.exe
PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 17:29:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/05/21 13:28:36 | 002,071,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2010/05/21 13:28:34 | 000,796,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
PRC - [2010/05/21 13:28:30 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/08/07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/16 12:13:34 | 001,245,472 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/07/16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/07/13 21:14:16 | 000,176,128 | ---- | M] (Microsoft Corp.) -- C:\Windows\System32\Defrag.exe
PRC - [2009/06/11 21:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [1999/12/31 20:00:00 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [1999/12/31 20:00:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/01 10:02:02 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/30 12:40:11 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/30 12:38:54 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/30 12:38:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/30 12:38:39 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/30 12:38:33 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/30 12:38:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/30 12:38:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/30 12:38:15 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/08/30 12:38:10 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/08/29 20:21:58 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/11/16 21:51:36 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/08/26 16:12:00 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/25 03:01:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/03 17:56:02 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/05/03 17:50:59 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/05/21 13:28:36 | 002,071,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/05/21 13:28:30 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/08/07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/07/16 12:10:22 | 000,382,752 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [1999/12/31 20:00:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)


========== Driver Services (SafeList) ==========

DRV - [2011/10/01 17:07:44 | 000,011,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2011/09/09 13:44:06 | 000,816,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110920.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/29 20:43:49 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110930.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/29 20:43:49 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/29 20:43:49 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/29 20:43:49 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110930.033\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/28 18:26:38 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110930.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/06/23 16:19:08 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 20:39:49 | 000,296,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/06/06 23:12:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/04/05 23:36:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel®
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/06/23 14:28:12 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2004/03/29 17:28:24 | 000,014,531 | ---- | M] (iRiver, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ifp700.sys -- (IFP700)
DRV - [2003/01/20 11:50:36 | 000,020,648 | ---- | M] (Thomson Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netrcacm.sys -- (netrcacm)
DRV - [1999/12/31 20:00:00 | 006,468,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [1999/12/31 20:00:00 | 006,468,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [1999/12/31 20:00:00 | 000,228,352 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 2E 07 BC DB 31 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylo...m/home?AF=14542
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..keyword.URL: "http://isearch.avg.c...7:56&sap=ku&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\melissa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\melissa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\melissa\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\melissa\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/06/23 19:01:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn\ [2011/06/23 16:18:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/01 12:13:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 10:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/23 15:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\melissa\AppData\Roaming\Mozilla\Extensions
[2011/09/30 12:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\kruz9lww.default\extensions
[2011/07/07 10:22:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\kruz9lww.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/04 15:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\kruz9lww.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/08/30 09:25:23 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\kruz9lww.default\extensions\[email protected]
[2011/07/02 14:46:32 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\kruz9lww.default\extensions\[email protected]
[2011/07/02 14:46:32 | 000,001,919 | ---- | M] () -- C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\kruz9lww.default\searchplugins\bing-zugo.xml
[2011/06/23 22:26:09 | 000,002,469 | ---- | M] () -- C:\Users\melissa\AppData\Roaming\Mozilla\Firefox\Profiles\kruz9lww.default\searchplugins\safesearch.xml
[2011/07/07 10:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/01 11:18:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/01 12:13:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/06/23 19:01:54 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2011/10/01 10:04:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/11 23:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iRiver Updater] \Updater.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {77D7D41D-B005-44D9-AF2A-DE1C02DF34D7} https://prod.isis.jh...skedNumEdit.cab (MaskNumEdit_Control.MaskNumEdit)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AD00D2D-8430-411A-9151-51B8268CDF48}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{a0f3e1cf-9dbd-11e0-aab5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a0f3e1cf-9dbd-11e0-aab5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{cb6a6393-9e0f-11e0-9833-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cb6a6393-9e0f-11e0-9833-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/01 15:25:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/01 12:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/01 12:12:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/09/30 22:36:45 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/09/30 22:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/09/30 22:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/09/30 19:48:51 | 000,000,000 | ---D | C] -- C:\Users\melissa\AppData\Roaming\AVG2012
[2011/09/30 19:46:18 | 000,000,000 | ---D | C] -- C:\Users\melissa\AppData\Roaming\Sammsoft
[2011/09/30 19:35:50 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/09/30 18:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/09/30 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/09/30 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/09/30 17:45:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/09/30 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/09/30 12:07:15 | 000,000,000 | ---D | C] -- C:\Users\melissa\AppData\Roaming\AVG
[2011/09/29 08:54:51 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2011/09/29 08:54:51 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2011/09/29 08:54:51 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2011/09/29 08:50:35 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/09/29 08:50:35 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/09/29 08:49:48 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/09/29 08:49:48 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/09/29 08:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/09/29 08:49:45 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/09/29 08:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/09/29 08:49:42 | 000,000,000 | ---D | C] -- C:\Users\melissa\AppData\Roaming\PC Tools
[2011/09/29 08:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/09/29 08:49:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/09/29 08:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/09/29 08:47:36 | 000,000,000 | ---D | C] -- C:\Users\melissa\Desktop\Downloads
[2011/09/29 08:47:28 | 000,000,000 | ---D | C] -- C:\Users\melissa\AppData\Roaming\GetRightToGo
[2011/09/19 10:43:51 | 000,000,000 | ---D | C] -- C:\Users\melissa\Documents\Scans_Today
[2011/09/16 18:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Amazon
[2011/09/16 18:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011/09/16 18:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/09/16 18:03:47 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/09/05 12:05:19 | 000,000,000 | ---D | C] -- C:\Users\melissa\Documents\50scultureclass

========== Files - Modified Within 30 Days ==========

[2011/10/01 18:58:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2271823407-3231534759-3299175636-1000UA.job
[2011/10/01 17:34:58 | 105,571,413 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/10/01 17:34:54 | 000,011,776 | ---- | M] () -- C:\Users\melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/01 17:14:26 | 000,028,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 17:14:26 | 000,028,144 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/01 17:08:37 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2011/10/01 17:07:44 | 000,011,232 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/10/01 17:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/01 17:04:58 | 2816,679,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/01 16:19:01 | 000,002,776 | ---- | M] () -- C:\{E47AD1E6-0685-4501-94AE-B086F1071E26}
[2011/10/01 15:56:05 | 000,001,440 | ---- | M] () -- C:\Users\melissa\Desktop\gmer(2) - Shortcut ().lnk
[2011/10/01 15:26:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/10/01 15:25:23 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/01 15:25:23 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/01 12:40:09 | 000,000,000 | ---- | M] () -- C:\Users\melissa\defogger_reenable
[2011/10/01 12:13:09 | 000,000,222 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2011/10/01 12:13:06 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/01 08:10:12 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2271823407-3231534759-3299175636-1000Core.job
[2011/09/30 22:36:43 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/09/30 19:41:34 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2011/09/29 08:49:46 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/09/20 11:31:11 | 000,000,000 | -H-- | M] () -- C:\Users\melissa\Documents\Default.rdp
[2011/09/16 18:04:15 | 000,001,976 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2011/09/16 18:04:15 | 000,001,946 | ---- | M] () -- C:\Users\melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Amazon Unbox Video.lnk
[2011/09/16 18:04:15 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk

========== Files Created - No Company Name ==========

[2011/10/01 17:34:58 | 105,571,413 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/10/01 16:19:00 | 000,002,776 | ---- | C] () -- C:\{E47AD1E6-0685-4501-94AE-B086F1071E26}
[2011/10/01 15:45:56 | 000,001,440 | ---- | C] () -- C:\Users\melissa\Desktop\gmer(2) - Shortcut ().lnk
[2011/10/01 12:40:09 | 000,000,000 | ---- | C] () -- C:\Users\melissa\defogger_reenable
[2011/10/01 12:13:09 | 000,000,222 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2011/10/01 12:13:06 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/01 09:21:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/30 19:41:34 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2011/09/29 08:50:35 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/09/29 08:49:48 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/09/29 08:49:48 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/09/29 08:49:46 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/09/29 08:49:45 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/09/20 11:31:11 | 000,000,000 | -H-- | C] () -- C:\Users\melissa\Documents\Default.rdp
[2011/09/16 18:04:15 | 000,001,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2011/09/16 18:04:15 | 000,001,946 | ---- | C] () -- C:\Users\melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Amazon Unbox Video.lnk
[2011/09/16 18:04:15 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[2011/08/30 09:53:32 | 000,224,342 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/08/30 09:53:32 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 09:47:04 | 000,011,232 | ---- | C] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2011/08/29 21:36:25 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2011/06/29 15:52:39 | 000,011,776 | ---- | C] () -- C:\Users\melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/23 13:26:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,341,208 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,623,940 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,316 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/30 12:58:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 000,126,976 | ---- | C] () -- C:\Windows\System32\bioapi100.dll

========== LOP Check ==========

[2011/09/30 12:27:42 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\.purple
[2011/09/30 12:07:44 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\AVG
[2011/09/30 19:48:51 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\AVG2012
[2011/09/30 21:59:21 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\GetRightToGo
[2011/09/20 11:30:04 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\Juniper Networks
[2011/07/02 14:46:20 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\OpenCandy
[2011/08/27 18:50:53 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\PCDr
[2011/08/21 17:46:41 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\PhotoFiltre
[2011/10/01 07:10:00 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\Sammsoft
[2011/08/28 12:24:48 | 000,000,000 | ---D | M] -- C:\Users\melissa\AppData\Roaming\Tific
[2009/07/14 00:53:46 | 000,013,164 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/01 12:13:09 | 000,000,222 | ---- | M] () -- C:\Windows\Tasks\SidebarExecute.job
[2011/10/01 17:08:37 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\SlimDrivers Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Edited by barracudacool, 04 October 2011 - 07:36 AM.

  • 0

Advertisements


#2
barracudacool

barracudacool

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Norton has been blocking some wicked looking stuff including this am Attack: HTTP Negative Content Length . I know there is something on my computer but at least my blockers are preventing any further damage
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP