Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Website Redirect [Solved]


  • This topic is locked This topic is locked

#1
Northernman

Northernman

    New Member

  • Member
  • Pip
  • 8 posts
Hi, I'm new to the forum but have been trying to identify the source of my problems for a few days now and it's driving me mad. A couple of weeks ago I noticed that Google searches produced resulsts that were being redirected through other US based websites (I am a UK citizen) such as strongbodys.net to apparently random other websites including monstermarketplace.com. I have used Spybot/Adaware/Malwarebytes to identify the source of the problem but without luck. I've also used HiJackThis to generate a report which I then used to try and identify problems, again without any success.

Then I found this website! I've run OLT as instructed and here is my OTL.txt file. Can someone please advise what I should do next?

Many thanks in advance,
Mike

OTL logfile created on: 28/12/2011 15:36:47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dad\My Documents\Install Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 67.21% Memory free
5.09 Gb Paging File | 4.09 Gb Available in Paging File | 80.38% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.43 Gb Total Space | 52.38 Gb Free Space | 17.85% Space Free | Partition Type: NTFS
Drive D: | 302.74 Gb Total Space | 86.89 Gb Free Space | 28.70% Space Free | Partition Type: NTFS
Drive E: | 293.44 Gb Total Space | 209.41 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive F: | 302.73 Gb Total Space | 86.88 Gb Free Space | 28.70% Space Free | Partition Type: NTFS
Drive G: | 233.76 Gb Total Space | 17.91 Gb Free Space | 7.66% Space Free | Partition Type: NTFS

Computer Name: BEDROOMDESKTOP | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 15:36:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\My Documents\Install Software\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/11/09 20:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 23:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010/03/25 18:42:36 | 000,388,096 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/10 02:57:36 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/04 14:18:44 | 000,073,826 | ---- | M] () -- C:\Program Files\EmvSmartCardReader\SmartMON.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/05 18:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2006/12/04 14:18:44 | 000,073,826 | ---- | M] () -- C:\Program Files\EmvSmartCardReader\SmartMON.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/11 17:45:11 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 10:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/06/10 02:57:36 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/02 07:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/24 17:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 17:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 17:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/06/25 09:53:47 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/25 09:53:47 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/06/25 09:53:42 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/06/25 09:53:37 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/05/14 22:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 22:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2010/05/14 22:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/01/20 16:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/12/02 11:21:00 | 000,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 11:20:58 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 11:20:56 | 000,026,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/12/02 11:20:54 | 000,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2009/11/11 11:22:02 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/19 04:29:38 | 004,477,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/17 11:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/06 02:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/24 10:24:34 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/06/17 16:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/25 07:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/12/17 09:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/04/16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/12/14 15:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/10/18 11:25:06 | 000,010,324 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WF88XBAR.sys -- (WF88XBAR)
DRV - [2004/10/18 11:25:04 | 000,208,851 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf88vcap.sys -- (WF23880)
DRV - [2004/10/18 11:25:04 | 000,034,789 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf88tune.sys -- (WFTUNE)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/19 12:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 03:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/11/10 06:30:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/home.php [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...urce=gama&hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 EB A5 5D 55 0A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62727
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/02 18:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/02 18:50:23 | 000,000,000 | ---D | M]

[2010/05/15 12:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2010/05/15 12:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/15 06:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6vrodyb5.default\extensions
[2010/05/15 06:21:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6vrodyb5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/19 17:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions
[2010/05/15 06:21:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/29 16:17:50 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/06/12 18:05:52 | 000,000,000 | ---D | M] (Create Shortcut) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions\{7c9a24c3-9d29-43cf-9264-d3ec3ea607c2}
[2010/05/15 06:21:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/04/27 20:22:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/02 18:50:24 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

O1 HOSTS File: ([2011/12/28 15:02:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PtiuPbmd] C:\WINDOWS\System32\ptipbm.dll (Promise Technology,Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277153551328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27E267B6-1B2F-4318-AB81-1C7F0D31BAA1}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B99DA6A-B772-45D0-98BD-5C9FC9A0635D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/27 23:07:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/27 23:07:24 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 14:56:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/28 14:52:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/28 14:52:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/28 14:52:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/28 14:52:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/28 14:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/28 14:47:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/27 10:29:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\Recent
[2011/12/24 12:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/12/24 12:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/24 12:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/12/24 12:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/24 12:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Start Menu\Programs\HiJackThis
[2011/12/05 18:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Goh
[2011/12/05 18:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Efb
[2011/12/02 15:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Okani
[2011/12/02 15:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Gulyte
[2011/04/09 15:52:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dad\Application Data\pcouffin.sys
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 15:16:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/28 15:10:32 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\HiJackThis.lnk
[2011/12/28 15:10:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 15:10:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/12/28 15:10:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/12/28 15:02:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/28 14:56:06 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/12/28 10:46:36 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook 2010.lnk
[2011/12/28 10:38:14 | 085,350,146 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/28 10:34:33 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/27 10:02:00 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2011/12/27 10:00:05 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Microsoft Word 2010.lnk
[2011/12/24 17:14:51 | 000,192,000 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/23 20:22:39 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/18 18:33:07 | 000,211,337 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/14 18:43:45 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/12 11:59:20 | 000,443,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/12 11:59:20 | 000,071,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/11 17:49:11 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 17:49:11 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/11 17:46:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 17:46:41 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/11 17:33:34 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/12/01 18:18:32 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Microsoft Excel 2010.lnk
[2011/11/30 15:33:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 14:02:10 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old
[2011/11/28 19:38:49 | 000,119,099 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\Car Insurance Document Dec 2011 - Dec 2012.pdf
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/28 14:56:06 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/12/28 14:56:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/28 14:52:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/28 14:52:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/28 14:52:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/28 14:52:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/28 14:52:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 12:28:13 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\HiJackThis.lnk
[2011/12/11 20:26:36 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/11 17:49:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 17:49:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/11 17:33:34 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/11/28 19:38:49 | 000,119,099 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\Car Insurance Document Dec 2011 - Dec 2012.pdf
[2011/07/30 12:34:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/05 15:42:52 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2011/07/05 15:42:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/07/05 15:42:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/07/05 15:42:51 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2011/07/05 15:42:51 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2011/04/09 15:52:06 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.cat
[2011/04/09 15:52:06 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.inf
[2010/08/18 14:41:25 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/09 13:48:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/25 09:30:37 | 000,000,249 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2010/06/24 16:21:25 | 000,000,011 | ---- | C] () -- C:\WINDOWS\EuBcd.ini
[2010/06/24 11:05:30 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/24 11:05:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/21 22:32:48 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/06/21 22:31:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/21 15:49:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/06/21 15:45:14 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/06/21 15:41:51 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/06/21 15:41:51 | 000,195,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/06/21 15:41:51 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/06/21 15:41:08 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/06/21 15:41:08 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/06/21 15:41:06 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/06/21 15:41:06 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/06/21 11:04:16 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/29 16:03:21 | 000,000,722 | ---- | C] () -- C:\WINDOWS\exampro32.ini
[2010/05/29 16:03:20 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2010/05/29 16:03:20 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2010/05/15 12:47:56 | 000,192,000 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 21:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 21:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 21:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/09 14:58:26 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/08 12:34:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/07 20:41:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/01 15:24:06 | 000,000,020 | ---- | C] () -- C:\WINDOWS\CrocTech.INI
[2010/04/27 20:48:09 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/12 15:11:07 | 000,573,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/27 16:13:28 | 000,062,174 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2010/03/14 12:30:02 | 000,062,174 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/03/01 21:14:32 | 000,193,915 | ---- | C] () -- C:\WINDOWS\hpoins39.dat
[2010/03/01 21:14:32 | 000,000,703 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat
[2010/02/28 19:11:12 | 000,193,884 | ---- | C] () -- C:\WINDOWS\hpoins39.dat.temp
[2010/02/28 19:11:12 | 000,000,703 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat.temp
[2010/02/28 08:19:25 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2010/02/28 08:19:25 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2010/02/28 08:18:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/02/28 08:18:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/02/28 08:18:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/02/28 08:18:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/02/28 08:18:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/02/28 08:18:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/02/28 07:36:44 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/02/28 07:36:44 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/02/28 07:36:44 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/02/28 07:36:44 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/02/28 07:36:44 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/02/28 07:29:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/02/28 07:29:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/02/28 07:29:41 | 000,000,452 | ---- | C] () -- C:\WINDOWS\alsndmgr.ini
[2010/02/28 07:29:32 | 000,039,860 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/02/28 07:29:32 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/02/27 23:08:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/27 23:05:36 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/27 23:01:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/27 23:00:30 | 000,299,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/06/07 11:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2009/02/18 17:55:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 20:52:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2006/09/12 10:08:38 | 006,172,672 | ---- | C] () -- C:\WINDOWS\System32\HwRecogK.dll
[2006/08/14 08:56:52 | 007,946,240 | ---- | C] () -- C:\WINDOWS\System32\HWRecogT.dll
[2006/08/13 16:48:58 | 015,147,008 | ---- | C] () -- C:\WINDOWS\System32\HWRecog.dll
[2006/06/14 18:54:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\CTAlc001.dll
[2005/03/30 02:48:00 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,443,916 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,071,750 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 05:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[1998/03/26 00:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

< End of report >

Edited by Northernman, 28 December 2011 - 11:34 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there - on completion of this run could you check for redirects

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 62727
    FF - prefs.js..network.proxy.type: 1
    [2011/12/05 18:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Goh
    [2011/12/05 18:08:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Efb
    [2011/12/02 15:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Okani
    [2011/12/02 15:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Application Data\Gulyte
    [2011/12/28 15:10:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2011/12/28 15:10:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Northernman

Northernman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, many thanks for your reply, I've run OTL and aswMBR as instructed and here are my results. Just to add, I did a quick google search on a file that appeared red in the aswMBR report (ntkrnlpa.exe) and the search redirected me through the strongbodys.net site again so my problem is still there unfortunately.

Thanks again for your help :)
Mike

OTL logfile created on: 29/12/2011 10:14:56 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Dad\My Documents\Install Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 75.06% Memory free
5.09 Gb Paging File | 4.40 Gb Available in Paging File | 86.42% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.43 Gb Total Space | 50.02 Gb Free Space | 17.05% Space Free | Partition Type: NTFS
Drive D: | 302.74 Gb Total Space | 86.87 Gb Free Space | 28.69% Space Free | Partition Type: NTFS
Drive E: | 293.44 Gb Total Space | 209.41 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive F: | 302.73 Gb Total Space | 86.86 Gb Free Space | 28.69% Space Free | Partition Type: NTFS
Drive G: | 233.76 Gb Total Space | 17.89 Gb Free Space | 7.65% Space Free | Partition Type: NTFS
Drive P: | 931.51 Gb Total Space | 647.79 Gb Free Space | 69.54% Space Free | Partition Type: NTFS

Computer Name: BEDROOMDESKTOP | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/28 15:36:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\My Documents\Install Software\OTL.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/11/09 20:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 23:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/10 02:57:36 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/04 14:18:44 | 000,073,826 | ---- | M] () -- C:\Program Files\EmvSmartCardReader\SmartMON.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2006/12/04 14:18:44 | 000,073,826 | ---- | M] () -- C:\Program Files\EmvSmartCardReader\SmartMON.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/11 17:45:11 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 10:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/10/07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/06/10 02:57:36 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/02 07:49:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/24 17:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 17:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/08/24 17:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010/06/25 09:53:47 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/25 09:53:47 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/06/25 09:53:42 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/06/25 09:53:37 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/05/14 22:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 22:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2010/05/14 22:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 13:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 13:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/01/20 16:53:06 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/12/02 11:21:00 | 000,020,616 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 11:20:58 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 11:20:56 | 000,026,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/12/02 11:20:54 | 000,122,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2009/11/11 11:22:02 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/10/07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/19 04:29:38 | 004,477,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/08/17 11:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/06 02:48:02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/24 10:24:34 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009/06/17 16:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/05/25 07:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/12/17 09:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/04/16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2004/12/14 15:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/10/18 11:25:06 | 000,010,324 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\WF88XBAR.sys -- (WF88XBAR)
DRV - [2004/10/18 11:25:04 | 000,208,851 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf88vcap.sys -- (WF23880)
DRV - [2004/10/18 11:25:04 | 000,034,789 | ---- | M] (Copyright @2000-2006 Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\wf88tune.sys -- (WFTUNE)
DRV - [2004/08/13 02:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/19 12:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 03:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/11/10 06:30:00 | 000,174,464 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yukonwxp.sys -- (yukonwxp)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/home.php [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...urce=gama&hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 EB A5 5D 55 0A CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62727
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/02 18:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/02 18:50:23 | 000,000,000 | ---D | M]

[2010/05/15 12:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions
[2010/05/15 12:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/15 06:21:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6vrodyb5.default\extensions
[2010/05/15 06:21:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\6vrodyb5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/19 17:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions
[2010/05/15 06:21:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/29 16:17:50 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/06/12 18:05:52 | 000,000,000 | ---D | M] (Create Shortcut) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions\{7c9a24c3-9d29-43cf-9264-d3ec3ea607c2}
[2010/05/15 06:21:11 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dad\Application Data\Mozilla\Firefox\Profiles\jmx1ebee.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG9\FIREFOX
[2010/04/27 20:22:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/08/02 18:50:24 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

O1 HOSTS File: ([2011/12/29 10:05:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PtiuPbmd] C:\WINDOWS\System32\ptipbm.dll (Promise Technology,Inc.)
O4 - HKLM..\Run: [Six Engine] C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SmartMon] C:\Program Files\EmvSmartCardReader\SmartMON.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1277153551328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27E267B6-1B2F-4318-AB81-1C7F0D31BAA1}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B99DA6A-B772-45D0-98BD-5C9FC9A0635D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/27 23:07:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/27 23:07:24 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/29 10:15:15 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Dad\Desktop\aswMBR.exe
[2011/12/29 10:05:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/28 15:52:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/28 14:56:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/28 14:52:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/28 14:52:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/28 14:52:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/28 14:52:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/28 14:47:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/28 14:47:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/27 10:29:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dad\Recent
[2011/12/24 12:43:52 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/12/24 12:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/24 12:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/12/24 12:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/12/24 12:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\Start Menu\Programs\HiJackThis
[2011/04/09 15:52:06 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dad\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/12/29 10:15:57 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Shortcut to OTL.exe.lnk
[2011/12/29 10:15:27 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Dad\Desktop\aswMBR.exe
[2011/12/29 10:11:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 10:11:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/12/29 10:05:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/29 09:56:29 | 085,425,326 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/12/29 09:54:33 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook 2010.lnk
[2011/12/28 17:20:01 | 000,192,512 | ---- | M] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 15:16:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/12/28 15:10:32 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\HiJackThis.lnk
[2011/12/28 14:56:06 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/12/28 10:34:33 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/27 10:02:00 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new
[2011/12/27 10:00:05 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Microsoft Word 2010.lnk
[2011/12/23 20:22:39 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/12/18 18:33:07 | 000,211,337 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/12/14 18:43:45 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/12 11:59:20 | 000,443,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/12 11:59:20 | 000,071,750 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/11 17:49:11 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 17:49:11 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/11 17:46:51 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/12/11 17:46:41 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/11 17:33:34 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/12/01 18:18:32 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Dad\Desktop\Microsoft Excel 2010.lnk
[2011/11/30 15:33:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/30 14:02:10 | 000,000,761 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.old

========== Files Created - No Company Name ==========

[2011/12/29 10:15:57 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\Shortcut to OTL.exe.lnk
[2011/12/29 10:11:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/12/28 14:56:06 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/12/28 14:56:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/28 14:52:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/28 14:52:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/28 14:52:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/28 14:52:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/28 14:52:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 12:28:13 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Dad\Desktop\HiJackThis.lnk
[2011/12/11 20:26:36 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/12/11 17:49:11 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/12/11 17:49:11 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/12/11 17:33:34 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2011/07/30 12:34:59 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/07/05 15:42:52 | 000,404,480 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2011/07/05 15:42:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2011/07/05 15:42:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2011/07/05 15:42:51 | 003,049,984 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2011/07/05 15:42:51 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2011/04/09 15:52:06 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.cat
[2011/04/09 15:52:06 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dad\Application Data\pcouffin.inf
[2010/08/18 14:41:25 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/09 13:48:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/25 09:30:37 | 000,000,249 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini
[2010/06/24 16:21:25 | 000,000,011 | ---- | C] () -- C:\WINDOWS\EuBcd.ini
[2010/06/24 11:05:30 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/24 11:05:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/21 22:32:48 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/06/21 22:31:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/06/21 15:49:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/06/21 15:45:14 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/06/21 15:41:51 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/06/21 15:41:51 | 000,195,855 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/06/21 15:41:51 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/06/21 15:41:08 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/06/21 15:41:08 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/06/21 15:41:06 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/06/21 15:41:06 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/06/21 11:04:16 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/29 16:03:21 | 000,000,722 | ---- | C] () -- C:\WINDOWS\exampro32.ini
[2010/05/29 16:03:20 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll
[2010/05/29 16:03:20 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2010/05/15 12:47:56 | 000,192,512 | ---- | C] () -- C:\Documents and Settings\Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 21:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 21:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 21:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/09 14:58:26 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/05/08 12:34:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/07 20:41:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/01 15:24:06 | 000,000,020 | ---- | C] () -- C:\WINDOWS\CrocTech.INI
[2010/04/27 20:48:09 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/04/12 15:11:07 | 000,573,240 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/27 16:13:28 | 000,062,174 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
[2010/03/14 12:30:02 | 000,062,174 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/03/01 21:14:32 | 000,193,915 | ---- | C] () -- C:\WINDOWS\hpoins39.dat
[2010/03/01 21:14:32 | 000,000,703 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat
[2010/02/28 19:11:12 | 000,193,884 | ---- | C] () -- C:\WINDOWS\hpoins39.dat.temp
[2010/02/28 19:11:12 | 000,000,703 | ---- | C] () -- C:\WINDOWS\hpomdl39.dat.temp
[2010/02/28 08:19:25 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2010/02/28 08:19:25 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\cddvdint.dll
[2010/02/28 08:18:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/02/28 08:18:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/02/28 08:18:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/02/28 08:18:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/02/28 08:18:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/02/28 08:18:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/02/28 07:36:44 | 001,692,288 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2010/02/28 07:36:44 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2010/02/28 07:36:44 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/02/28 07:36:44 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/02/28 07:36:44 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/02/28 07:29:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/02/28 07:29:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/02/28 07:29:41 | 000,000,452 | ---- | C] () -- C:\WINDOWS\alsndmgr.ini
[2010/02/28 07:29:32 | 000,039,860 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/02/28 07:29:32 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/02/27 23:08:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/27 23:05:36 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/27 23:01:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/27 23:00:30 | 000,299,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/06/07 11:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2009/02/18 17:55:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 20:52:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2006/09/12 10:08:38 | 006,172,672 | ---- | C] () -- C:\WINDOWS\System32\HwRecogK.dll
[2006/08/14 08:56:52 | 007,946,240 | ---- | C] () -- C:\WINDOWS\System32\HWRecogT.dll
[2006/08/13 16:48:58 | 015,147,008 | ---- | C] () -- C:\WINDOWS\System32\HWRecog.dll
[2006/06/14 18:54:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\CTAlc001.dll
[2005/03/30 02:48:00 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,443,916 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,071,750 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/07 15:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/03/24 05:03:00 | 000,279,552 | ---- | C] () -- C:\WINDOWS\System32\FGWVB32.DLL
[1998/03/26 00:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2011/03/13 16:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2010/06/25 09:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/03/08 21:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Activ Software
[2011/10/12 16:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/12/02 16:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/18 18:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/18 19:16:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/05/09 14:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2011/12/29 09:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/08 10:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/08/02 18:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/02/28 15:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2010/08/02 18:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/02/28 20:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/09 15:02:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/12/10 13:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2010/04/08 10:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/28 14:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/07/05 16:54:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\AnvSoft
[2011/10/12 16:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\AVG2012
[2011/07/30 12:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Broken Rules
[2011/07/27 11:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Crayon Physics Deluxe
[2011/04/01 15:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Digiarty
[2011/01/11 21:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\ElevatedDiagnostics
[2010/10/30 16:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\FLVPlayer4Free
[2011/07/05 15:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\FreeBurner
[2011/07/17 15:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\GrabPro
[2010/05/17 18:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\InterVideo
[2011/07/27 11:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Lazy 8 Studios
[2010/08/18 12:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Leadertech
[2010/05/23 09:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Nokia
[2010/05/23 09:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Nokia Ovi Suite
[2011/08/01 08:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Orbit
[2010/05/23 09:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\PC Suite
[2011/07/17 14:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\ProgSense
[2011/10/25 11:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Spotify
[2010/05/15 12:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Thunderbird
[2011/12/28 17:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\uTorrent
[2011/04/09 15:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Vso
[2010/05/14 17:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Windows Search

========== Purity Check ==========



< End of report >



aswMBR version 0.9.9.1120 Copyright© 2011 AVAST Software
Run date: 2011-12-29 10:20:21
-----------------------------
10:20:21.281 OS Version: Windows 5.1.2600 Service Pack 3
10:20:21.281 Number of processors: 4 586 0x402
10:20:21.281 ComputerName: BEDROOMDESKTOP UserName: Dad
10:20:21.828 Initialize success
10:20:40.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:20:40.953 Disk 0 Vendor: WDC_WD6400AADS-00M2B0 01.00A01 Size: 610480MB BusType: 3
10:20:40.953 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:20:40.953 Disk 1 Vendor: WDC_WD6400AAKS-00A7B0 01.03B01 Size: 610480MB BusType: 3
10:20:40.953 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-17
10:20:40.953 Disk 2 Vendor: Maxtor_6V250F0 VA111630 Size: 239372MB BusType: 3
10:20:42.968 Disk 0 MBR read successfully
10:20:42.968 Disk 0 MBR scan
10:20:42.968 Disk 0 Windows XP default MBR code
10:20:42.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300473 MB offset 63
10:20:42.968 Disk 0 Partition - 00 0F Extended LBA 310004 MB offset 615369825
10:20:43.000 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 310004 MB offset 615369888
10:20:43.000 Disk 0 scanning sectors +1250258625
10:20:43.046 Disk 0 scanning C:\WINDOWS\system32\drivers
10:20:49.796 Service scanning
10:20:50.078 Service ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys **LOCKED** 32
10:20:50.734 Modules scanning
10:20:54.000 Disk 0 trace - called modules:
10:20:54.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8b4dbc51]<<
10:20:54.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b4ebab8]
10:20:54.031 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000082[0x8b519f18]
10:20:54.031 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b54ed98]
10:20:54.046 Scan finished successfully
10:21:28.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\Desktop\MBR.dat"
10:21:28.281 The log file has been saved successfully to "C:\Documents and Settings\Dad\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see that you have run Combofix, could you post that log please

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#5
Northernman

Northernman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, many thanks for your reply. I have run tds and it identified Virus.Win32.Rloader.a - could this be the source of my problems? I'll have a browse and see if it reoccurs. I've attached my TDS and combofix reports for information.

Cheers! :)


19:44:58.0593 5468 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:44:58.0703 5468 ============================================================
19:44:58.0703 5468 Current date / time: 2011/12/29 19:44:58.0703
19:44:58.0703 5468 SystemInfo:
19:44:58.0703 5468
19:44:58.0703 5468 OS Version: 5.1.2600 ServicePack: 3.0
19:44:58.0703 5468 Product type: Workstation
19:44:58.0703 5468 ComputerName: BEDROOMDESKTOP
19:44:58.0703 5468 UserName: Dad
19:44:58.0703 5468 Windows directory: C:\WINDOWS
19:44:58.0703 5468 System windows directory: C:\WINDOWS
19:44:58.0703 5468 Processor architecture: Intel x86
19:44:58.0703 5468 Number of processors: 4
19:44:58.0703 5468 Page size: 0x1000
19:44:58.0703 5468 Boot type: Normal boot
19:44:58.0703 5468 ============================================================
19:45:00.0140 5468 Initialize success
19:45:28.0187 4408 ============================================================
19:45:28.0187 4408 Scan started
19:45:28.0187 4408 Mode: Manual; SigCheck; TDLFS;
19:45:28.0187 4408 ============================================================
19:45:29.0062 4408 1562D - ok
19:45:29.0078 4408 Abiosdsk - ok
19:45:29.0078 4408 abp480n5 - ok
19:45:29.0140 4408 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:45:29.0140 4408 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
19:45:29.0140 4408 ACPI ( Virus.Win32.Rloader.a ) - infected
19:45:29.0140 4408 ACPI - detected Virus.Win32.Rloader.a (0)
19:45:29.0171 4408 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:45:30.0156 4408 ACPIEC - ok
19:45:30.0203 4408 adpu160m - ok
19:45:30.0250 4408 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:45:30.0406 4408 aec - ok
19:45:30.0437 4408 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:45:30.0500 4408 AFD - ok
19:45:30.0500 4408 Aha154x - ok
19:45:30.0515 4408 aic78u2 - ok
19:45:30.0515 4408 aic78xx - ok
19:45:30.0562 4408 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
19:45:30.0640 4408 ALCXSENS - ok
19:45:30.0687 4408 ALCXWDM (9a6a99f0d75b457e3a2267776ebe9f47) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:45:30.0750 4408 ALCXWDM - ok
19:45:30.0765 4408 AliIde - ok
19:45:30.0796 4408 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
19:45:30.0843 4408 AmdPPM - ok
19:45:30.0859 4408 amsint - ok
19:45:30.0890 4408 AnyDVD (a289fb3bb1894f14ac9c7230ef28f0be) C:\WINDOWS\system32\Drivers\AnyDVD.sys
19:45:30.0921 4408 AnyDVD - ok
19:45:30.0968 4408 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:45:31.0125 4408 Arp1394 - ok
19:45:31.0125 4408 asc - ok
19:45:31.0140 4408 asc3350p - ok
19:45:31.0140 4408 asc3550 - ok
19:45:31.0171 4408 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
19:45:31.0187 4408 AsIO - ok
19:45:31.0218 4408 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
19:45:31.0218 4408 AsUpIO - ok
19:45:31.0250 4408 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:45:31.0390 4408 AsyncMac - ok
19:45:31.0421 4408 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:45:31.0562 4408 atapi - ok
19:45:31.0578 4408 Atdisk - ok
19:45:31.0687 4408 ati2mtag (67124e317582758e04230f7800e8b6f8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:45:31.0828 4408 ati2mtag - ok
19:45:31.0843 4408 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:45:31.0953 4408 Atmarpc - ok
19:45:31.0984 4408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:45:32.0125 4408 audstub - ok
19:45:32.0156 4408 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:45:32.0171 4408 AVGIDSDriver - ok
19:45:32.0187 4408 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:45:32.0203 4408 AVGIDSEH - ok
19:45:32.0218 4408 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:45:32.0234 4408 AVGIDSFilter - ok
19:45:32.0265 4408 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:45:32.0265 4408 AVGIDSShim - ok
19:45:32.0312 4408 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:45:32.0328 4408 Avgldx86 - ok
19:45:32.0343 4408 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:45:32.0359 4408 Avgmfx86 - ok
19:45:32.0375 4408 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:45:32.0390 4408 Avgrkx86 - ok
19:45:32.0453 4408 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:45:32.0453 4408 Avgtdix - ok
19:45:32.0500 4408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:45:32.0593 4408 Beep - ok
19:45:32.0718 4408 catchme - ok
19:45:32.0734 4408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:45:32.0875 4408 cbidf2k - ok
19:45:32.0921 4408 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:45:33.0000 4408 CCDECODE - ok
19:45:33.0000 4408 cd20xrnt - ok
19:45:33.0031 4408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:45:33.0171 4408 Cdaudio - ok
19:45:33.0187 4408 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:45:33.0312 4408 Cdfs - ok
19:45:33.0343 4408 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:45:33.0421 4408 Cdrom - ok
19:45:33.0437 4408 Changer - ok
19:45:33.0468 4408 CmdIde - ok
19:45:33.0500 4408 Cpqarray - ok
19:45:33.0515 4408 dac2w2k - ok
19:45:33.0515 4408 dac960nt - ok
19:45:33.0546 4408 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:45:33.0671 4408 Disk - ok
19:45:33.0718 4408 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:45:33.0890 4408 dmboot - ok
19:45:33.0906 4408 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:45:34.0046 4408 dmio - ok
19:45:34.0078 4408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:45:34.0171 4408 dmload - ok
19:45:34.0187 4408 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:45:34.0328 4408 DMusic - ok
19:45:34.0328 4408 dpti2o - ok
19:45:34.0343 4408 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:45:34.0484 4408 drmkaud - ok
19:45:34.0515 4408 EIO (59d74c7b787aa3dda0948986403cea55) C:\WINDOWS\system32\drivers\EIO.sys
19:45:34.0515 4408 EIO ( UnsignedFile.Multi.Generic ) - warning
19:45:34.0515 4408 EIO - detected UnsignedFile.Multi.Generic (1)
19:45:34.0546 4408 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
19:45:34.0562 4408 ElbyCDIO - ok
19:45:34.0593 4408 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
19:45:34.0609 4408 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
19:45:34.0609 4408 epmntdrv - detected UnsignedFile.Multi.Generic (1)
19:45:34.0640 4408 EUBAKUP (eada995e71211537fb3726c700af6fac) C:\WINDOWS\system32\drivers\eubakup.sys
19:45:34.0640 4408 EUBAKUP ( UnsignedFile.Multi.Generic ) - warning
19:45:34.0640 4408 EUBAKUP - detected UnsignedFile.Multi.Generic (1)
19:45:34.0671 4408 EuDisk (37aba51f85518fc381cefc8d76f2e2c4) C:\WINDOWS\system32\DRIVERS\EuDisk.sys
19:45:34.0687 4408 EuDisk ( UnsignedFile.Multi.Generic ) - warning
19:45:34.0687 4408 EuDisk - detected UnsignedFile.Multi.Generic (1)
19:45:34.0703 4408 EUDSKACS (cb41e20ce4a32584ea592f07f5da12c5) C:\WINDOWS\system32\drivers\eudskacs.sys
19:45:34.0718 4408 EUDSKACS ( UnsignedFile.Multi.Generic ) - warning
19:45:34.0718 4408 EUDSKACS - detected UnsignedFile.Multi.Generic (1)
19:45:34.0718 4408 EUFS (a08e9e711cd7661d7c3f19ee638102c2) C:\WINDOWS\system32\drivers\eufs.sys
19:45:34.0718 4408 EUFS ( UnsignedFile.Multi.Generic ) - warning
19:45:34.0718 4408 EUFS - detected UnsignedFile.Multi.Generic (1)
19:45:34.0750 4408 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
19:45:34.0750 4408 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
19:45:34.0750 4408 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
19:45:34.0781 4408 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:45:34.0921 4408 Fastfat - ok
19:45:34.0937 4408 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:45:35.0078 4408 Fdc - ok
19:45:35.0109 4408 FilterService (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
19:45:35.0109 4408 FilterService - ok
19:45:35.0156 4408 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:45:35.0296 4408 Fips - ok
19:45:35.0312 4408 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:45:35.0437 4408 Flpydisk - ok
19:45:35.0468 4408 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:45:35.0593 4408 FltMgr - ok
19:45:35.0625 4408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:45:35.0765 4408 Fs_Rec - ok
19:45:35.0796 4408 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:45:35.0875 4408 Ftdisk - ok
19:45:35.0890 4408 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
19:45:36.0015 4408 gagp30kx - ok
19:45:36.0046 4408 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:45:36.0062 4408 GEARAspiWDM - ok
19:45:36.0078 4408 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:45:36.0203 4408 Gpc - ok
19:45:36.0265 4408 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:45:36.0406 4408 HDAudBus - ok
19:45:36.0406 4408 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:45:36.0546 4408 HidUsb - ok
19:45:36.0562 4408 hpn - ok
19:45:36.0593 4408 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:45:36.0625 4408 HTTP - ok
19:45:36.0640 4408 i2omgmt - ok
19:45:36.0640 4408 i2omp - ok
19:45:36.0656 4408 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:45:36.0750 4408 i8042prt - ok
19:45:36.0750 4408 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:45:36.0906 4408 Imapi - ok
19:45:36.0921 4408 ini910u - ok
19:45:36.0937 4408 IntelIde - ok
19:45:36.0953 4408 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:45:37.0093 4408 Ip6Fw - ok
19:45:37.0125 4408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:45:37.0265 4408 IpFilterDriver - ok
19:45:37.0281 4408 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:45:37.0421 4408 IpInIp - ok
19:45:37.0453 4408 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:45:37.0593 4408 IpNat - ok
19:45:37.0609 4408 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:45:37.0750 4408 IPSec - ok
19:45:37.0765 4408 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:45:37.0828 4408 IRENUM - ok
19:45:37.0843 4408 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:45:37.0984 4408 isapnp - ok
19:45:38.0031 4408 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:45:38.0156 4408 Kbdclass - ok
19:45:38.0187 4408 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:45:38.0328 4408 kbdhid - ok
19:45:38.0343 4408 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:45:38.0484 4408 kmixer - ok
19:45:38.0515 4408 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:45:38.0578 4408 KSecDD - ok
19:45:38.0593 4408 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
19:45:38.0609 4408 L8042Kbd - ok
19:45:38.0703 4408 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:45:38.0703 4408 Lavasoft Kernexplorer - ok
19:45:38.0718 4408 Lbd - ok
19:45:38.0750 4408 LBeepKE (c99ba72106a858cb8b521bb4c02c93ed) C:\WINDOWS\system32\Drivers\LBeepKE.sys
19:45:38.0750 4408 LBeepKE - ok
19:45:38.0750 4408 lbrtfdc - ok
19:45:38.0796 4408 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
19:45:38.0812 4408 LHidFilt - ok
19:45:38.0828 4408 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
19:45:38.0843 4408 LMouFilt - ok
19:45:38.0875 4408 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
19:45:38.0875 4408 LVPr2Mon - ok
19:45:38.0921 4408 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
19:45:38.0937 4408 LVRS - ok
19:45:39.0078 4408 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
19:45:39.0296 4408 LVUVC - ok
19:45:39.0328 4408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:45:39.0468 4408 mnmdd - ok
19:45:39.0500 4408 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:45:39.0656 4408 Modem - ok
19:45:39.0687 4408 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:45:39.0843 4408 Mouclass - ok
19:45:39.0875 4408 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:45:40.0015 4408 mouhid - ok
19:45:40.0046 4408 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:45:40.0156 4408 MountMgr - ok
19:45:40.0156 4408 mraid35x - ok
19:45:40.0187 4408 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:45:40.0312 4408 MRxDAV - ok
19:45:40.0359 4408 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:45:40.0406 4408 MRxSmb - ok
19:45:40.0421 4408 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:45:40.0562 4408 Msfs - ok
19:45:40.0609 4408 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:45:40.0671 4408 MSKSSRV - ok
19:45:40.0687 4408 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:45:40.0828 4408 MSPCLOCK - ok
19:45:40.0843 4408 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:45:40.0968 4408 MSPQM - ok
19:45:41.0015 4408 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:45:41.0140 4408 mssmbios - ok
19:45:41.0156 4408 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
19:45:41.0281 4408 MSTEE - ok
19:45:41.0312 4408 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
19:45:41.0359 4408 MTsensor - ok
19:45:41.0390 4408 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:45:41.0421 4408 Mup - ok
19:45:41.0453 4408 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:45:41.0593 4408 NABTSFEC - ok
19:45:41.0640 4408 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:45:41.0765 4408 NDIS - ok
19:45:41.0781 4408 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:45:41.0921 4408 NdisIP - ok
19:45:41.0937 4408 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:45:41.0984 4408 NdisTapi - ok
19:45:42.0015 4408 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:45:42.0140 4408 Ndisuio - ok
19:45:42.0156 4408 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:45:42.0281 4408 NdisWan - ok
19:45:42.0281 4408 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:45:42.0312 4408 NDProxy - ok
19:45:42.0328 4408 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:45:42.0421 4408 NetBIOS - ok
19:45:42.0437 4408 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:45:42.0578 4408 NetBT - ok
19:45:42.0609 4408 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:45:42.0718 4408 NIC1394 - ok
19:45:42.0750 4408 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
19:45:42.0937 4408 nmwcd - ok
19:45:42.0968 4408 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
19:45:43.0046 4408 nmwcdc - ok
19:45:43.0078 4408 nmwcdnsu (338f83ee9cb9e15eeacf0cbb90218cbf) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
19:45:43.0140 4408 nmwcdnsu - ok
19:45:43.0171 4408 nmwcdnsuc (d15bac979144fb69ed28f97b2dd84d48) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
19:45:43.0218 4408 nmwcdnsuc - ok
19:45:43.0234 4408 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:45:43.0312 4408 Npfs - ok
19:45:43.0343 4408 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:45:43.0421 4408 Ntfs - ok
19:45:43.0453 4408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:45:43.0578 4408 Null - ok
19:45:43.0656 4408 nv (fc31d022f7b58baef2ab60dc1c4f8348) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:45:43.0796 4408 nv - ok
19:45:43.0828 4408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:45:43.0968 4408 NwlnkFlt - ok
19:45:44.0000 4408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:45:44.0125 4408 NwlnkFwd - ok
19:45:44.0140 4408 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:45:44.0265 4408 ohci1394 - ok
19:45:44.0312 4408 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:45:44.0437 4408 Parport - ok
19:45:44.0453 4408 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:45:44.0578 4408 PartMgr - ok
19:45:44.0609 4408 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:45:44.0734 4408 ParVdm - ok
19:45:44.0765 4408 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
19:45:44.0781 4408 pccsmcfd - ok
19:45:44.0796 4408 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:45:44.0859 4408 PCI - ok
19:45:44.0875 4408 PCIDump - ok
19:45:44.0890 4408 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:45:44.0968 4408 PCIIde - ok
19:45:44.0968 4408 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:45:45.0046 4408 Pcmcia - ok
19:45:45.0093 4408 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
19:45:45.0109 4408 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:45:45.0109 4408 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:45:45.0109 4408 PDCOMP - ok
19:45:45.0125 4408 PDFRAME - ok
19:45:45.0125 4408 PDRELI - ok
19:45:45.0140 4408 PDRFRAME - ok
19:45:45.0140 4408 perc2 - ok
19:45:45.0156 4408 perc2hib - ok
19:45:45.0187 4408 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
19:45:45.0187 4408 Pfc ( UnsignedFile.Multi.Generic ) - warning
19:45:45.0187 4408 Pfc - detected UnsignedFile.Multi.Generic (1)
19:45:45.0203 4408 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:45:45.0343 4408 PptpMiniport - ok
19:45:45.0359 4408 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:45:45.0500 4408 Processor - ok
19:45:45.0515 4408 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:45:45.0640 4408 PSched - ok
19:45:45.0656 4408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:45:45.0796 4408 Ptilink - ok
19:45:45.0796 4408 ql1080 - ok
19:45:45.0812 4408 Ql10wnt - ok
19:45:45.0812 4408 ql12160 - ok
19:45:45.0828 4408 ql1240 - ok
19:45:45.0843 4408 ql1280 - ok
19:45:45.0875 4408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:45:46.0000 4408 RasAcd - ok
19:45:46.0015 4408 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:45:46.0140 4408 Rasl2tp - ok
19:45:46.0156 4408 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:45:46.0281 4408 RasPppoe - ok
19:45:46.0312 4408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:45:46.0421 4408 Raspti - ok
19:45:46.0453 4408 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:45:46.0562 4408 Rdbss - ok
19:45:46.0578 4408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:45:46.0718 4408 RDPCDD - ok
19:45:46.0781 4408 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:45:46.0812 4408 RDPWD - ok
19:45:46.0828 4408 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:45:46.0921 4408 redbook - ok
19:45:47.0015 4408 RTHDMIAzAudService (3cf6631543c743c29a369287ea67ffe6) C:\WINDOWS\system32\drivers\RtKHDMI.sys
19:45:47.0171 4408 RTHDMIAzAudService - ok
19:45:47.0203 4408 RTLE8023xp (b0e1648aae1e59bdd0854af07a605399) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:45:47.0250 4408 RTLE8023xp - ok
19:45:47.0312 4408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:45:47.0375 4408 Secdrv - ok
19:45:47.0406 4408 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:45:47.0546 4408 serenum - ok
19:45:47.0562 4408 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:45:47.0703 4408 Serial - ok
19:45:47.0734 4408 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:45:47.0875 4408 Sfloppy - ok
19:45:47.0890 4408 Simbad - ok
19:45:47.0906 4408 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:45:48.0046 4408 SLIP - ok
19:45:48.0093 4408 snapman (68fc62a72bd6d8e9dfe3718440be94a0) C:\WINDOWS\system32\DRIVERS\snapman.sys
19:45:48.0093 4408 snapman - ok
19:45:48.0093 4408 Sparrow - ok
19:45:48.0140 4408 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:45:48.0281 4408 splitter - ok
19:45:48.0281 4408 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:45:48.0343 4408 sr - ok
19:45:48.0375 4408 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:45:48.0437 4408 Srv - ok
19:45:48.0468 4408 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
19:45:48.0593 4408 StillCam - ok
19:45:48.0625 4408 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:45:48.0718 4408 streamip - ok
19:45:48.0734 4408 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:45:48.0875 4408 swenum - ok
19:45:48.0890 4408 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:45:48.0953 4408 swmidi - ok
19:45:48.0968 4408 symc810 - ok
19:45:48.0984 4408 symc8xx - ok
19:45:48.0984 4408 sym_hi - ok
19:45:49.0000 4408 sym_u3 - ok
19:45:49.0031 4408 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:45:49.0171 4408 sysaudio - ok
19:45:49.0218 4408 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:45:49.0281 4408 Tcpip - ok
19:45:49.0312 4408 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:45:49.0453 4408 TDPIPE - ok
19:45:49.0500 4408 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
19:45:49.0515 4408 tdrpman - ok
19:45:49.0546 4408 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:45:49.0671 4408 TDTCP - ok
19:45:49.0687 4408 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:45:49.0750 4408 TermDD - ok
19:45:49.0765 4408 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:45:49.0781 4408 tifsfilter - ok
19:45:49.0796 4408 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
19:45:49.0812 4408 timounter - ok
19:45:49.0812 4408 TosIde - ok
19:45:49.0875 4408 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:45:49.0984 4408 Udfs - ok
19:45:50.0015 4408 UlSata (b37c465ec8029d732cd572b347dacc2e) C:\WINDOWS\system32\drivers\UlSata.sys
19:45:50.0015 4408 UlSata ( UnsignedFile.Multi.Generic ) - warning
19:45:50.0015 4408 UlSata - detected UnsignedFile.Multi.Generic (1)
19:45:50.0015 4408 ultra - ok
19:45:50.0046 4408 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:45:50.0156 4408 Update - ok
19:45:50.0203 4408 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
19:45:50.0265 4408 upperdev - ok
19:45:50.0281 4408 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:45:50.0296 4408 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
19:45:50.0296 4408 USBAAPL - detected UnsignedFile.Multi.Generic (1)
19:45:50.0328 4408 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:45:50.0468 4408 usbaudio - ok
19:45:50.0500 4408 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:45:50.0640 4408 usbccgp - ok
19:45:50.0671 4408 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:45:50.0796 4408 usbehci - ok
19:45:50.0828 4408 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:45:50.0984 4408 usbhub - ok
19:45:51.0015 4408 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:45:51.0078 4408 usbohci - ok
19:45:51.0109 4408 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:45:51.0171 4408 usbprint - ok
19:45:51.0203 4408 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:45:51.0328 4408 usbscan - ok
19:45:51.0390 4408 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
19:45:51.0531 4408 usbser - ok
19:45:51.0578 4408 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
19:45:51.0625 4408 UsbserFilt - ok
19:45:51.0671 4408 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:45:51.0796 4408 USBSTOR - ok
19:45:51.0828 4408 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:45:51.0921 4408 usbuhci - ok
19:45:51.0937 4408 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
19:45:52.0062 4408 usbvideo - ok
19:45:52.0109 4408 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
19:45:52.0109 4408 VClone ( UnsignedFile.Multi.Generic ) - warning
19:45:52.0109 4408 VClone - detected UnsignedFile.Multi.Generic (1)
19:45:52.0125 4408 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:45:52.0265 4408 VgaSave - ok
19:45:52.0359 4408 VIAHdAudAddService (8586d10602ff4994e0f56a13a47d2b28) C:\WINDOWS\system32\drivers\viahduaa.sys
19:45:52.0468 4408 VIAHdAudAddService - ok
19:45:52.0500 4408 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:45:52.0593 4408 ViaIde - ok
19:45:52.0609 4408 viamraid (fbf18f9f5fb852c2976723587b44f346) C:\WINDOWS\system32\drivers\viamraid.sys
19:45:52.0640 4408 viamraid - ok
19:45:52.0640 4408 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:45:52.0781 4408 VolSnap - ok
19:45:52.0796 4408 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:45:52.0937 4408 Wanarp - ok
19:45:52.0984 4408 wceusbsh (4c0b8ef721783f52f8e531fbdc4b1f74) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
19:45:53.0062 4408 wceusbsh - ok
19:45:53.0078 4408 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
19:45:53.0093 4408 Wdf01000 - ok
19:45:53.0093 4408 WDICA - ok
19:45:53.0140 4408 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:45:53.0265 4408 wdmaud - ok
19:45:53.0312 4408 WF23880 (07bb39cd0c01a619a5614bc4e3a48cdd) C:\WINDOWS\system32\drivers\wf88vcap.sys
19:45:53.0343 4408 WF23880 - ok
19:45:53.0343 4408 WF88XBAR (2dfc3bae598c5465a6af1aca4acaad15) C:\WINDOWS\system32\drivers\WF88XBAR.sys
19:45:53.0359 4408 WF88XBAR - ok
19:45:53.0390 4408 WFTUNE (01a7dd0ed03e9133a836a94c6be25866) C:\WINDOWS\system32\drivers\WF88TUNE.sys
19:45:53.0421 4408 WFTUNE - ok
19:45:53.0468 4408 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:45:53.0593 4408 WmiAcpi - ok
19:45:53.0640 4408 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:45:53.0687 4408 WpdUsb - ok
19:45:53.0703 4408 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:45:53.0859 4408 WSTCODEC - ok
19:45:53.0906 4408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:45:53.0937 4408 WudfPf - ok
19:45:53.0968 4408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:45:53.0984 4408 WudfRd - ok
19:45:54.0031 4408 yukonwxp (dee4899b4ac10a673b2df0cdd135167e) C:\WINDOWS\system32\DRIVERS\yukonwxp.sys
19:45:54.0046 4408 yukonwxp - ok
19:45:54.0078 4408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:45:54.0296 4408 \Device\Harddisk0\DR0 - ok
19:45:54.0312 4408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:45:54.0593 4408 \Device\Harddisk1\DR1 - ok
19:45:54.0593 4408 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
19:45:54.0640 4408 \Device\Harddisk2\DR2 - ok
19:45:54.0656 4408 Boot (0x1200) (bb4c45b0b29fde7914bac123078a4c29) \Device\Harddisk0\DR0\Partition0
19:45:54.0656 4408 \Device\Harddisk0\DR0\Partition0 - ok
19:45:54.0656 4408 Boot (0x1200) (a268fede92319d4ae3f38868d5176e45) \Device\Harddisk0\DR0\Partition1
19:45:54.0656 4408 \Device\Harddisk0\DR0\Partition1 - ok
19:45:54.0656 4408 Boot (0x1200) (a8024370c31c52a1aa8a13142d0eb452) \Device\Harddisk1\DR1\Partition0
19:45:54.0656 4408 \Device\Harddisk1\DR1\Partition0 - ok
19:45:54.0671 4408 Boot (0x1200) (060b181e8610cccda85ee78a3cc8a098) \Device\Harddisk1\DR1\Partition1
19:45:54.0671 4408 \Device\Harddisk1\DR1\Partition1 - ok
19:45:54.0671 4408 Boot (0x1200) (c0b00f699b48d5e7af197b0466b181cf) \Device\Harddisk2\DR2\Partition0
19:45:54.0671 4408 \Device\Harddisk2\DR2\Partition0 - ok
19:45:54.0671 4408 ============================================================
19:45:54.0671 4408 Scan finished
19:45:54.0671 4408 ============================================================
19:45:54.0796 5548 Detected object count: 13
19:45:54.0796 5548 Actual detected object count: 13
19:47:46.0640 5548 Backup copy found, using it..
19:47:46.0656 5548 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
19:47:46.0656 5548 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
19:47:46.0656 5548 EIO ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0656 5548 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0656 5548 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0656 5548 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0656 5548 EUBAKUP ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0656 5548 EUBAKUP ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0656 5548 EuDisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0656 5548 EuDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0656 5548 EUDSKACS ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0656 5548 EUDSKACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0671 5548 EUFS ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0671 5548 EUFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0671 5548 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0671 5548 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0671 5548 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0671 5548 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0671 5548 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0671 5548 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0671 5548 UlSata ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0671 5548 UlSata ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0671 5548 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0671 5548 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:46.0671 5548 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
19:47:46.0671 5548 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:47:57.0546 4132 Deinitialize success


Combofix Report

2011-12-28 15:06:46 . 2011-12-28 15:06:46 688 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-VirtualCloneDrive.reg.dat
2011-12-28 15:06:39 . 2011-12-28 15:06:39 108 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-nwiz.reg.dat
2011-12-28 15:06:39 . 2011-12-28 15:06:39 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
2011-12-28 15:03:05 . 2011-12-28 15:03:05 54,019 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\logishrd\_LVPrcInj01_.dll.zip
2011-12-28 14:59:37 . 2011-12-28 14:59:37 9,755 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-12-28 14:47:56 . 2011-12-28 15:03:34 288 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-12-28 10:34:50 . 2009-10-07 00:47:22 109,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\logishrd\LVPrcInj01.dll.vir
2011-12-27 10:00:40 . 2011-12-27 10:10:56 581 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\etc\hosts.txt.vir
2011-04-09 15:52:06 . 2011-04-09 15:52:06 87,608 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Dad\Application Data\inst.exe.vir
2010-02-28 07:29:42 . 2004-02-02 10:44:02 139,264 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\alcrmv.exe.vir
2006-11-24 13:58:22 . 2006-11-24 13:58:22 59 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\Update.bat.vir
2006-10-18 20:47:20 . 2006-10-18 20:47:20 99,840 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET91.tmp.vir
2004-08-04 12:00:00 . 2004-08-04 12:00:00 2,804,224 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000111_.tmp.dll.vir
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep if you could please, also let me know of any problems that you are experiencing
  • 0

#7
Northernman

Northernman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, up to now I've had no redirects so fingers crossed! I've also found that google search results are again location based not US results.

Many thanks for your help, I've bought you a pint through Paypal :)

Edited by Northernman, 30 December 2011 - 04:02 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thankee :cheers:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP