Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hidden files; Trojan fakeAV and trojan generic [Solved]

Started by libsrone , Jan 19 2012 09:11 PM

  • This topic is locked This topic is locked

#1
libsrone
Posted 19 January 2012 - 09:11 PM

libsrone

    New Member

  • Member
  • Pip
  • 8 posts
I use Windows XP. A few days ago, my computer started running very slowly, and AVG started giving me alerts about threats (I chose quarantine/delete in each case). After a number of restarts, all the icons on my desktop except the recycle bin disappeared. When I try going to "all programs" or "recent documents" from the start menu, it says there's nothing there. Programs in the start menu have generic icons and when I select them, I get a missing shortcut message.

I'm getting 3 error messages:
memory errors for svchost.exe
unable to create MoHlog.txt file
generic host process for Win32 Services encountered a problem and needs to close

There are no new icons in my taskbar.

I tried doing a system restore by going into safe mode with command prompt. I got a message saying that system restore cannot make your computer safe.

I was able to download and run SuperAntiSpyware (I do get icons for anything new I download). It found 452 cookies, trojans, viruses, etc. After that, I ran AVG, which found nothing.

I was able to run Malwarebytes by uninstalling the old one from program access in the start menu and downloading a new version. It found, I think, 68 problem files. I ran it again in safe mode and it found nothing. But when I restarted, my files were still hidden.

In the AVG vault (all from the WINDOWS\TEMP and temp file):
Trojan horse Generic26.BTDG
Trojan horse Generic_r.AHQ
some unknowns
some old stuff I thought I had deleted

In the Malwarebytes quarantine is one thing: Trojan.FakeAV from C:\System Volume Information\_restore{(long string of letters, numbers, and dashes)

After I ran OTL, transparent versions of all the previously hidden files appeared on my desktop, as well as icons for the files that are supposed to be hidden. I'm able to open them. I still can't go anywhere from the start menu.

Any help would be greatly appreciated.

OTL logfile created on: 1/19/2012 7:11:21 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Vinny\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.74 Gb Available Physical Memory | 37.24% Memory free
5.84 Gb Paging File | 3.32 Gb Available in Paging File | 56.85% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 441.96 Gb Total Space | 22.76 Gb Free Space | 5.15% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BANJO | User Name: Vinny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 23:49:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinny\Desktop\OTL.exe
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/12/19 00:27:43 | 000,869,216 | -H-- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/19 00:27:41 | 000,892,768 | -H-- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/08 18:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | -H-- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | -H-- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/14 10:25:41 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/20 03:20:12 | 001,305,408 | -H-- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/09/10 13:52:06 | 002,326,920 | -H-- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/09/12 15:31:36 | 000,357,384 | -H-- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 15:30:48 | 005,048,488 | -H-- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/09/12 10:45:48 | 000,036,352 | -H-- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/05/07 16:13:00 | 004,314,464 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/05/07 16:13:00 | 002,245,984 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2008/05/07 11:30:48 | 001,558,000 | -H-- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2006/05/16 22:15:10 | 000,071,288 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2006/04/06 13:58:52 | 001,032,192 | -H-- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 13:57:54 | 000,380,928 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/22 23:13:46 | 001,591,808 | -H-- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | -H-- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/04 08:46:24 | 000,172,032 | -H-- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | -H-- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/19 16:58:11 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/19 16:58:10 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/18 19:14:26 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/18 19:14:26 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/05 23:29:54 | 002,076,672 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_749594a3\system.xml.dll
MOD - [2012/01/05 23:29:46 | 002,994,176 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_76365581\system.windows.forms.dll
MOD - [2012/01/05 23:29:37 | 000,835,584 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_cb18fa41\system.drawing.dll
MOD - [2012/01/05 23:29:33 | 001,929,216 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b5719552\system.dll
MOD - [2012/01/05 23:29:06 | 003,289,088 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b6c6067f\mscorlib.dll
MOD - [2012/01/05 23:27:39 | 001,335,296 | -H-- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012/01/05 23:27:38 | 002,039,808 | -H-- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/01/05 23:27:36 | 001,245,184 | -H-- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/05 23:27:34 | 000,323,584 | -H-- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2012/01/05 23:27:33 | 000,368,640 | -H-- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2012/01/05 23:27:32 | 000,466,944 | -H-- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/01/05 23:27:31 | 001,216,512 | -H-- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/12/19 00:27:43 | 000,869,216 | -H-- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/19 00:27:41 | 000,892,768 | -H-- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/11/03 12:06:56 | 000,591,232 | -H-- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | -H-- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | -H-- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/05/24 16:21:24 | 006,271,136 | -H-- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/14 10:25:47 | 001,874,904 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/06/15 09:50:44 | 000,093,696 | -H-- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/09/12 10:45:48 | 000,036,352 | -H-- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2006/04/06 13:59:08 | 000,073,728 | -H-- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/12/19 07:08:42 | 000,086,016 | -H-- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2005/12/19 07:08:30 | 000,757,760 | -H-- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/10/13 12:53:36 | 000,090,223 | -H-- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2003/09/10 01:24:00 | 000,020,480 | -H-- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/19 00:27:43 | 000,869,216 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/03 12:06:56 | 002,152,152 | -H-- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 05:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 05:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/20 23:52:44 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/10 13:52:06 | 002,326,920 | -H-- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 15:31:30 | 000,660,520 | -H-- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/05/07 16:13:00 | 004,314,464 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008/05/07 11:30:48 | 001,558,000 | -H-- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/09/12 17:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/03/07 14:47:46 | 000,076,848 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/04/06 13:57:54 | 000,380,928 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2002/12/17 17:26:22 | 007,520,337 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (MBAMSwissArmy)
DRV - [2011/11/03 12:06:56 | 000,064,512 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 05:23:48 | 000,230,608 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 00:14:38 | 000,295,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/04 23:31:47 | 000,218,688 | -H-- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/09/10 13:52:11 | 000,159,168 | -H-- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/09/10 13:51:59 | 000,902,432 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2010/09/10 13:51:56 | 000,570,016 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/09/10 13:51:38 | 000,157,248 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/03/30 23:00:00 | 000,027,760 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2008/05/07 11:30:54 | 000,137,952 | -H-- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2008/01/19 19:12:42 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/19 18:45:40 | 000,038,112 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2008/01/19 18:40:16 | 000,015,088 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/23 06:06:36 | 001,578,496 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 15:34:30 | 001,156,648 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 11:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 16:50:46 | 000,016,128 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 08:32:16 | 000,045,312 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 15:58:14 | 000,028,544 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 14:28:38 | 000,307,968 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 16:00:30 | 000,051,328 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/09/20 11:44:48 | 000,005,652 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/08/10 05:00:00 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/10 05:00:00 | 000,012,160 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/02/13 08:46:00 | 000,017,153 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..keyword.URL: "http://isearch.avg.c...2:16&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 22:05:44 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.22\ [2011/12/19 00:27:57 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/04 02:24:44 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 02:25:01 | 000,000,000 | -H-D | M]

[2008/09/03 06:05:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Extensions
[2011/10/21 22:30:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions
[2010/05/01 16:07:16 | 000,000,000 | -H-D | M] (Screengrab) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/10/21 22:30:52 | 000,000,000 | -H-D | M] (Rikaichan) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2011/09/14 00:58:51 | 000,000,000 | -H-D | M] (StartNow Toolbar) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/09/14 00:57:01 | 000,000,000 | -H-D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/09/14 00:58:51 | 000,000,000 | -H-D | M] (DealPly) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/09/17 01:52:39 | 000,000,000 | -H-D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\[email protected]
[2011/09/13 22:40:05 | 000,001,945 | -H-- | M] () -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\searchplugins\bing-zugo.xml
[2011/05/28 17:16:32 | 000,001,635 | -H-- | M] () -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\searchplugins\firefox-add-ons.xml
[2011/09/14 00:39:07 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\searchplugins\SearchResults.xml
[2011/09/14 00:48:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/24 15:00:27 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/04 00:19:34 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/19 00:27:57 | 000,000,000 | -H-D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\9.0.0.22
[2007/08/26 10:54:34 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/25 21:02:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/27 06:38:21 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/25 19:12:53 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2011/07/04 00:19:34 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/23 22:05:44 | 000,000,000 | -H-D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/07/04 00:19:16 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/14 00:57:01 | 000,000,000 | -H-D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SAVEVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011/04/14 10:26:02 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/04 00:19:15 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/19 06:57:38 | 000,310,272 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/11/06 10:37:20 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/19 00:27:39 | 000,003,766 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2009/01/08 11:22:08 | 000,004,212 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\orbitsearch.xml
[2011/09/14 00:39:07 | 000,002,497 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Installer] C:\Program Files\CheckPoint\Install\Launcher.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Vinny\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktopChanges = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: erightsoft.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: free.fr ([gpl.download] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A49256A0-8EAE-4327-8DAA-A08019055890}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Vinny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vinny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{7b0b78f1-0cbb-11dd-9ccb-0015c5494866}\Shell\Decrypt using DVD Decrypter\Command - "" = C:\Program Files\DVD Decrypter\DVDDecrypter.exe -- [2005/03/20 19:55:47 | 000,772,608 | -H-- | M] (LIGHTNING UK!)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: autotvol - (C:\WINDOWS\system32\autonet1.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 02:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 02:21:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/18 23:49:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vinny\Desktop\OTL.exe
[2012/01/18 23:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/01/18 22:55:09 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Vinny\Desktop\mbam-setup-1.60.0.1800.com
[2012/01/18 19:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vinny\Application Data\SUPERAntiSpyware.com
[2012/01/18 19:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/18 19:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/18 19:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/18 19:03:25 | 014,131,560 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Vinny\Desktop\SUPERAntiSpyware.exe
[2012/01/18 04:57:56 | 000,064,512 | -H-- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/01/18 04:57:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/01/18 03:59:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/17 19:05:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2012/01/17 19:04:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/01/17 19:04:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/17 18:58:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/15 22:29:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\Amok Time Fanmix
[2012/01/09 03:27:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\Versus Video Games
[2012/01/09 03:27:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\Dual Dragons
[2012/01/09 03:12:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\VG Rocks
[2012/01/09 03:11:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\Leg Vacuum
[2012/01/09 03:11:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\CarboHydroM
[2012/01/08 05:49:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\[Game - Soundtrack] Genso Suikoden Piano Collection ~Avertunerio Antes Lance Mao~
[2012/01/08 05:05:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\[Game - Soundtrack] Genso Suikoden Orgel Collection
[2012/01/05 23:11:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\dontletthemfoolyou
[2011/04/15 01:55:46 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Vinny\Application Data\pcouffin.sys
[2007/05/20 05:31:42 | 000,061,440 | -H-- | C] (Freeware licensed under GPL) -- C:\Program Files\DGVfapi.vfp
[2007/03/15 23:29:16 | 000,781,992 | -H-- | C] (Beepa P/L) -- C:\Program Files\fraps.exe
[2007/03/15 23:27:30 | 000,118,784 | -H-- | C] (Beepa P/L) -- C:\Program Files\fraps.dll
[2007/03/15 23:27:16 | 000,122,880 | -H-- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll
[2006/12/21 23:01:46 | 000,057,856 | -H-- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll
[2006/12/21 23:01:36 | 000,293,376 | -H-- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat
[2006/11/17 16:18:00 | 000,120,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[7 C:\Documents and Settings\Vinny\My Documents\*.tmp files -> C:\Documents and Settings\Vinny\My Documents\*.tmp -> ]
[5 C:\Documents and Settings\Vinny\Desktop\*.tmp files -> C:\Documents and Settings\Vinny\Desktop\*.tmp -> ]
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1525 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 18:51:00 | 000,358,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/19 16:56:14 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-46722641-3523488381-3589522040-1006.job
[2012/01/19 16:56:13 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\Registry Reviver-Vinny-Startup.job
[2012/01/19 16:56:12 | 087,064,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/19 16:53:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/19 16:49:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 06:28:49 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/19 06:28:49 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/19 06:28:40 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/19 02:21:22 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Vinny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/19 02:21:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 00:04:53 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Vinny\Desktop\Shortcut to mbam-setup-1.60.0.1800.com.pif
[2012/01/18 23:49:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinny\Desktop\OTL.exe
[2012/01/18 22:56:11 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Vinny\Desktop\mbam-setup-1.60.0.1800.com
[2012/01/18 19:12:13 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/18 19:11:14 | 014,131,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Vinny\Desktop\SUPERAntiSpyware.exe
[2012/01/18 04:45:41 | 012,021,760 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\Ad-Aware96Install.msi
[2012/01/17 20:02:34 | 000,000,397 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\51c5c6a8
[2012/01/17 19:20:40 | 000,030,022 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\tumblr_lxke96fCtb1qf9gcq.jpg
[2012/01/13 23:04:01 | 079,836,741 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\No Path.zip
[2012/01/13 00:30:03 | 000,000,776 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\settings.config
[2012/01/12 00:06:42 | 000,194,086 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\TurboVote (Rachel Marie Anderson).pdf
[2012/01/10 01:10:34 | 066,727,368 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\prem1.avi
[2012/01/09 04:21:40 | 069,822,165 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\Genso Suikoden Piano Collection 2.rar
[2012/01/09 03:50:13 | 098,588,278 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\ET-SET.rar
[2012/01/09 03:46:09 | 057,393,968 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\ES-TCAC.rar
[2012/01/09 03:38:54 | 096,519,528 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\DWATRM-ITFR...LAA!.rar
[2012/01/09 03:31:29 | 023,870,054 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\DOE-BTM.rar
[2012/01/09 01:29:30 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 05:01:47 | 000,001,492 | -HS- | M] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/08 05:01:47 | 000,001,492 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/06 03:24:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-46722641-3523488381-3589522040-1006.job
[2012/01/05 23:28:43 | 000,483,224 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 23:28:43 | 000,089,446 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 01:29:27 | 000,081,408 | -H-- | M] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 00:19:17 | 000,000,077 | -H-- | M] () -- C:\WINDOWS\huffyuv.ini
[2011/12/31 04:06:46 | 000,000,114 | -H-- | M] () -- C:\WINDOWS\CIV.INI
[2011/12/27 01:29:25 | 036,464,060 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\comeon-divx.zip
[2011/12/23 22:28:03 | 085,207,351 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\Dream Within v2.wmv
[7 C:\Documents and Settings\Vinny\My Documents\*.tmp files -> C:\Documents and Settings\Vinny\My Documents\*.tmp -> ]
[5 C:\Documents and Settings\Vinny\Desktop\*.tmp files -> C:\Documents and Settings\Vinny\Desktop\*.tmp -> ]
[1525 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 02:21:22 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Vinny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/19 02:21:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 00:04:53 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Vinny\Desktop\Shortcut to mbam-setup-1.60.0.1800.com.pif
[2012/01/18 22:13:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/18 22:13:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/18 19:12:13 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/18 04:44:54 | 012,021,760 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\Ad-Aware96Install.msi
[2012/01/17 20:02:33 | 000,000,422 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1ee5aec9
[2012/01/17 20:02:33 | 000,000,406 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Application Data\c0a48891
[2012/01/17 20:02:33 | 000,000,397 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\51c5c6a8
[2012/01/17 19:20:40 | 000,030,022 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\tumblr_lxke96fCtb1qf9gcq.jpg
[2012/01/13 22:55:07 | 079,836,741 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\No Path.zip
[2012/01/12 00:06:45 | 000,194,086 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\TurboVote (Rachel Marie Anderson).pdf
[2012/01/10 00:56:56 | 066,727,368 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\prem1.avi
[2012/01/09 04:09:11 | 069,822,165 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\Genso Suikoden Piano Collection 2.rar
[2012/01/09 03:40:24 | 098,588,278 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\ET-SET.rar
[2012/01/09 03:40:09 | 057,393,968 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\ES-TCAC.rar
[2012/01/09 03:29:22 | 096,519,528 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\DWATRM-ITFR...LAA!.rar
[2012/01/09 03:28:56 | 023,870,054 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\DOE-BTM.rar
[2012/01/08 05:01:40 | 000,001,492 | -HS- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/08 05:01:40 | 000,001,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/08 01:55:11 | 000,227,328 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\MTPAxe.exe
[2012/01/08 01:44:03 | 000,000,776 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\settings.config
[2012/01/05 22:56:41 | 033,105,844 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\clearthearea-astarte.avi
[2011/12/27 01:11:41 | 036,464,060 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\comeon-divx.zip
[2011/12/23 22:11:14 | 085,207,351 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\Dream Within v2.wmv
[2011/04/15 01:55:46 | 000,087,608 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\inst.exe
[2011/04/15 01:55:46 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\pcouffin.cat
[2011/04/15 01:55:46 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\pcouffin.inf
[2010/11/11 00:02:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/01 22:50:17 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\CIV.INI
[2010/10/29 02:30:36 | 000,791,112 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/19 02:33:39 | 000,695,642 | -H-- | C] () -- C:\WINDOWS\unins001.exe
[2010/09/19 02:33:39 | 000,001,783 | -H-- | C] () -- C:\WINDOWS\unins001.dat
[2010/09/19 02:33:15 | 000,695,642 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2010/09/19 02:33:15 | 000,001,142 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2010/09/09 18:34:36 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/09 18:32:50 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2010/09/05 14:17:12 | 000,139,264 | -H-- | C] () -- C:\WINDOWS\System32\utvideo.dll
[2010/06/19 03:00:00 | 000,000,279 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\.thetimelineproj.cfg
[2010/05/27 21:24:03 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/05/25 22:53:49 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\czyiwa.dat
[2010/05/25 18:31:48 | 000,000,104 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/04/01 01:31:27 | 001,866,670 | -H-- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2010/04/01 00:35:41 | 002,371,760 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/04/01 00:35:41 | 000,002,190 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Renaissance uPlayer.dat
[2010/02/09 19:37:31 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\prvlcl.dat
[2009/11/30 14:51:19 | 000,001,572 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\home_budget_lite.ini
[2009/08/25 22:43:24 | 000,005,652 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/08/17 17:16:10 | 000,122,880 | -H-- | C] () -- C:\WINDOWS\System32\avsfilter.dll
[2009/08/17 17:16:10 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\LoadPluginEx.dll
[2009/08/17 17:16:09 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\warpsharp.dll
[2009/08/17 16:46:52 | 001,627,136 | -H-- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2009/07/23 23:43:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/26 05:55:39 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\PUTTY.RND
[2008/09/30 22:05:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Irremote.ini
[2008/09/26 19:58:57 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/04 14:48:53 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/03 16:04:12 | 000,237,568 | -H-- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/08/06 19:52:58 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/27 20:44:18 | 000,035,365 | -H-- | C] () -- C:\WINDOWS\System32\uninstHelixYUV.exe
[2008/06/27 20:42:00 | 000,815,104 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/27 20:42:00 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/15 19:44:58 | 000,002,296 | -H-- | C] () -- C:\WINDOWS\hpdj5700.ini
[2008/01/15 19:44:12 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/01/10 22:54:32 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/01/10 21:22:13 | 000,004,159 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\jexqjxsy.dne
[2007/05/28 13:22:42 | 000,022,701 | -H-- | C] () -- C:\Program Files\uninstall.exe
[2007/05/17 21:42:11 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/03/27 16:39:20 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\CF0F9240.DAT
[2007/03/27 16:39:20 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\CF0F9240.DAT
[2006/12/19 06:59:42 | 000,001,860 | -H-- | C] () -- C:\Program Files\README.HTM
[2006/10/22 21:30:26 | 000,057,856 | -H-- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2006/10/22 16:16:56 | 000,000,067 | -H-- | C] () -- C:\WINDOWS\IDMan.INI
[2006/10/01 15:07:36 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/01 15:07:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C67A36DCD6.sys
[2006/09/26 22:56:27 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/26 03:00:22 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\lagarith.ini
[2006/09/24 23:07:31 | 000,081,408 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/24 15:00:17 | 000,003,691 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/14 00:32:21 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\fusioncache.dat
[2006/09/08 13:30:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/08 13:18:20 | 000,129,024 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/08 13:17:18 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/09/08 13:15:32 | 000,000,402 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/08 13:14:16 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/08 13:12:10 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 13:09:05 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/08 12:42:26 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/08 12:42:20 | 000,016,480 | -H-- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/08 12:42:17 | 000,127,614 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/08 12:41:58 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/09/08 12:41:58 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/09/08 12:41:53 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/09/08 12:40:47 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/23 00:06:42 | 000,006,739 | -H-- | C] () -- C:\Program Files\QuickStart.html
[2005/09/15 16:40:22 | 000,160,768 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,034,380 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,294,072 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:37 | 000,022,040 | -H-- | C] () -- C:\WINDOWS\System32\_004501_.tmp.dll
[2005/08/16 03:18:37 | 000,022,040 | -H-- | C] () -- C:\WINDOWS\System32\_004381_.tmp.dll
[2005/08/16 03:18:33 | 000,483,224 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,089,446 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:28 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:22 | 000,249,270 | -H-- | C] () -- C:\WINDOWS\System32\_004552_.tmp.dll
[2005/08/16 03:18:22 | 000,249,270 | -H-- | C] () -- C:\WINDOWS\System32\_004413_.tmp.dll
[2005/05/12 08:25:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 16:38:24 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:38:24 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,249,270 | -H-- | C] () -- C:\WINDOWS\System32\_005057_.tmp.dll
[2004/08/10 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,022,040 | -H-- | C] () -- C:\WINDOWS\System32\_005025_.tmp.dll
[2004/08/10 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 22:11:42 | 000,185,856 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/27 06:13:54 | 000,421,888 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/01/27 06:13:14 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2004/01/05 22:50:40 | 000,245,760 | -H-- | C] () -- C:\WINDOWS\System32\ImxEx.dll
[2003/01/07 14:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/16 07:32:12 | 000,000,077 | -H-- | C] () -- C:\WINDOWS\huffyuv.ini
[2002/06/17 18:36:00 | 000,482,816 | -H-- | C] () -- C:\WINDOWS\System32\VFCodec.dll

========== LOP Check ==========

[2010/09/10 14:07:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/01/19 05:45:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/18 23:06:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/04/25 17:19:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/09/14 00:39:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/03/14 17:49:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/21 01:16:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2005/08/16 19:54:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/04/08 00:46:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2012/01/19 16:57:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/14 03:05:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/07 20:16:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2011/04/25 17:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/03/10 15:01:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/03/28 00:04:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/08 13:15:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/28 20:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/25 01:03:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/09/14 00:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
[2011/12/06 23:19:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\.anki
[2010/01/06 18:54:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\.matplotlib
[2010/09/10 14:38:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Acronis
[2009/05/07 15:25:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Amazon
[2011/03/01 17:34:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\AnvSoft
[2011/09/24 17:22:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\AVG Secure Search
[2011/09/24 17:20:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\AVG2012
[2006/11/06 01:04:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\cYo
[2011/04/21 02:00:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\DAEMON Tools Lite
[2011/05/04 00:44:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\DeviceDoctorSoftware
[2007/06/04 16:48:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\DMCache
[2011/02/22 22:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\EurekaLog
[2010/04/24 21:42:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\FileZilla
[2010/06/22 01:47:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\FreeFLVConverter
[2011/02/16 23:35:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\GetRightToGo
[2008/07/23 16:22:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\GrabPro
[2012/01/10 03:58:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\gtk-2.0
[2009/10/29 03:17:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\ImgBurn
[2007/03/04 23:20:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Leadertech
[2008/06/16 10:20:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\LimeWire
[2009/09/23 04:31:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\MilkShape 3D 1.x.x
[2006/09/25 23:32:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\MPEG Streamclip
[2011/04/25 16:13:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\mplayer
[2006/09/26 23:27:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Opera
[2011/04/19 17:06:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Orbit
[2008/03/07 20:16:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Otto
[2010/12/27 17:10:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\ProgSense
[2006/11/30 20:27:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Publish Providers
[2011/04/09 00:31:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\RenPy
[2011/02/22 22:28:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\RiffTrax
[2011/09/14 00:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\searchqutoolbar
[2007/03/20 23:35:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Softplicity
[2008/01/01 15:55:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Sony
[2008/01/01 14:21:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Sony Setup
[2008/09/29 23:00:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\STOIK
[2008/04/17 11:22:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\TERMINAL Studio
[2011/12/09 06:16:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\uTorrent
[2006/10/01 17:20:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\VersionTracker Pro
[2011/09/17 01:20:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Vso
[2012/01/19 06:28:40 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/19 16:56:13 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-Vinny-Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 24 January 2012 - 07:08 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
libsrone
Posted 25 January 2012 - 12:38 AM

libsrone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi, and thank you for helping me.

Since posting, a SuperAntiSpyware scan found 124 threats, 6 critical and 118 tracking objects.

2 Trojan.Agent/Gen-FakeAlert[Local] FPNSNRTURN.EXE
3 Disabled.TaskManager
1 Adware.Zwangi

I quarantined and deleted them all.

I went into properties for My Documents and unchecked the “hidden” attribute. The files in there are now all visible, including a bunch of ~$ and ~WRL files.

Further scans from SuperAntiSpyware, AVG, Malwarebytes, and Ad-Aware found no threats. My system seemed to operate on regular speed again but my icons were still semi-transparent and hidden files were still visible. I tried going online. After a few minutes, the computer began running slowly again and I saw an unfamiliar red clock icon in the taskbar. I restarted and ran SuperAntiSpyware, which found a ton of new threats. I quarantined and deleted them and disabled my airport connection. After that, an AVG scan found 1 threat: Trojan horse Downloader.2lob.BFVN in Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\9\7ce9e4c9-60211bc1.

I haven’t gone online with that computer since. I’ve been running scans with SuperAntiSpyware, Malwarebytes, AVG, and Ad-Aware and they don’t find any threats.

I’m no longer getting the error messages for svchost or generic host process for win32 services. I continue to get the “unable to create MoHlog.txt file” on startup.

When I close a word document, I get the message “The file Normal.dot already exists. Do you want to replace the existing file?” I click “no” but a “save as” window pops up for the Normal.dot file in C:\Documents and Settings\username\Application Data\Microsoft\Templates. I click “cancel” and get a message saying “Changes have been made that affect the global template, Normal.dot. Do you want to save those changes?”

Icons, including hidden files, still show up semi-transparent, except in the My Documents folder.

I checked the “scan all users” box and ran a quick scan but only one window, OTL.Txt, opened.

OTL logfile created on: 1/19/2012 10:25:42 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Vinny\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.48% Memory free
5.84 Gb Paging File | 4.59 Gb Available in Paging File | 78.48% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 441.96 Gb Total Space | 22.67 Gb Free Space | 5.13% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BANJO | User Name: Vinny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/18 23:49:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinny\Desktop\OTL.exe
PRC - [2012/01/18 23:22:29 | 005,071,216 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\Install\Install.exe
PRC - [2011/12/19 00:27:43 | 000,869,216 | -H-- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/19 00:27:41 | 000,892,768 | -H-- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/08 18:44:22 | 004,616,064 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | -H-- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | -H-- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/14 10:25:41 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/20 03:20:12 | 001,305,408 | -H-- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/09/10 13:52:06 | 002,326,920 | -H-- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/09/12 15:31:36 | 000,357,384 | -H-- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/09/12 15:31:30 | 000,660,520 | -H-- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/09/12 15:30:48 | 005,048,488 | -H-- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/09/12 10:45:48 | 000,036,352 | -H-- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/05/07 16:13:00 | 004,314,464 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe
PRC - [2008/05/07 16:13:00 | 002,245,984 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe
PRC - [2008/05/07 11:30:48 | 001,558,000 | -H-- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
PRC - [2006/04/06 13:58:52 | 001,032,192 | -H-- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/04/06 13:57:54 | 000,380,928 | -H-- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/03/22 23:13:46 | 001,591,808 | -H-- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2006/01/02 16:41:22 | 000,045,056 | -H-- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/04 08:46:24 | 000,172,032 | -H-- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | -H-- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/19 21:58:45 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/01/19 21:58:44 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/01/18 19:14:26 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/01/18 19:14:26 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/01/05 23:29:54 | 002,076,672 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_749594a3\system.xml.dll
MOD - [2012/01/05 23:29:46 | 002,994,176 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_76365581\system.windows.forms.dll
MOD - [2012/01/05 23:29:37 | 000,835,584 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_cb18fa41\system.drawing.dll
MOD - [2012/01/05 23:29:33 | 001,929,216 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_b5719552\system.dll
MOD - [2012/01/05 23:29:06 | 003,289,088 | -H-- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b6c6067f\mscorlib.dll
MOD - [2012/01/05 23:27:39 | 001,335,296 | -H-- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2012/01/05 23:27:38 | 002,039,808 | -H-- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2012/01/05 23:27:36 | 001,245,184 | -H-- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/05 23:27:34 | 000,323,584 | -H-- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2012/01/05 23:27:33 | 000,368,640 | -H-- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2012/01/05 23:27:32 | 000,466,944 | -H-- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/01/05 23:27:31 | 001,216,512 | -H-- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/12/19 00:27:43 | 000,869,216 | -H-- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
MOD - [2011/12/19 00:27:41 | 000,892,768 | -H-- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/11/03 12:06:56 | 000,591,232 | -H-- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/11/03 12:06:56 | 000,430,568 | -H-- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll
MOD - [2011/11/03 12:06:56 | 000,308,560 | -H-- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/05/24 16:21:24 | 006,271,136 | -H-- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/14 10:25:47 | 001,874,904 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/27 11:33:35 | 001,291,264 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/06/15 09:50:44 | 000,093,696 | -H-- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2008/09/12 10:45:48 | 000,036,352 | -H-- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2006/04/06 13:59:08 | 000,073,728 | -H-- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2005/12/19 07:08:42 | 000,086,016 | -H-- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2005/12/19 07:08:30 | 000,757,760 | -H-- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2005/10/13 12:53:36 | 000,090,223 | -H-- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2003/09/10 01:24:00 | 000,020,480 | -H-- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/19 00:27:43 | 000,869,216 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/03 12:06:56 | 002,152,152 | -H-- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 05:25:22 | 004,433,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/02 05:09:08 | 000,192,776 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/20 23:52:44 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/09/10 13:52:06 | 002,326,920 | -H-- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/09/12 15:31:30 | 000,660,520 | -H-- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/05/07 16:13:00 | 004,314,464 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2008/05/07 11:30:48 | 001,558,000 | -H-- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/09/12 17:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/03/07 14:47:46 | 000,076,848 | -H-- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/04/06 13:57:54 | 000,380,928 | -H-- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2002/12/17 17:26:22 | 007,520,337 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 12:06:56 | 000,064,512 | -H-- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/03 12:06:56 | 000,015,232 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/10/07 05:23:48 | 000,230,608 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 00:14:38 | 000,295,248 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | -H-- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/04 23:31:47 | 000,218,688 | -H-- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2010/09/10 13:52:11 | 000,159,168 | -H-- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/09/10 13:51:59 | 000,902,432 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV - [2010/09/10 13:51:56 | 000,570,016 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/09/10 13:51:38 | 000,157,248 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/03/30 23:00:00 | 000,027,760 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2008/05/07 11:30:54 | 000,137,952 | -H-- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2008/01/19 19:12:42 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/19 18:45:40 | 000,038,112 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2008/01/19 18:40:16 | 000,015,088 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | -H-- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/05/23 06:06:36 | 001,578,496 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/03/24 15:34:30 | 001,156,648 | -H-- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/11/02 11:24:34 | 000,424,320 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 16:50:46 | 000,016,128 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 08:32:16 | 000,045,312 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/14 15:58:14 | 000,028,544 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 14:28:38 | 000,307,968 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 16:00:30 | 000,051,328 | -H-- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/09/20 11:44:48 | 000,005,652 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2004/08/10 05:00:00 | 000,040,320 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/10 05:00:00 | 000,012,160 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/02/13 08:46:00 | 000,017,153 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060908
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1374
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..keyword.URL: "http://isearch.avg.c...2:16&sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 22:05:44 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.22\ [2011/12/19 00:27:57 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/04 02:24:44 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/04 02:25:01 | 000,000,000 | -H-D | M]

[2008/09/03 06:05:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Extensions
[2011/10/21 22:30:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions
[2010/05/01 16:07:16 | 000,000,000 | -H-D | M] (Screengrab) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/10/21 22:30:52 | 000,000,000 | -H-D | M] (Rikaichan) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2011/09/14 00:58:51 | 000,000,000 | -H-D | M] (StartNow Toolbar) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/09/14 00:57:01 | 000,000,000 | -H-D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/09/14 00:58:51 | 000,000,000 | -H-D | M] (DealPly) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/09/17 01:52:39 | 000,000,000 | -H-D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\[email protected]
[2011/09/13 22:40:05 | 000,001,945 | -H-- | M] () -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\searchplugins\bing-zugo.xml
[2011/05/28 17:16:32 | 000,001,635 | -H-- | M] () -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\searchplugins\firefox-add-ons.xml
[2011/09/14 00:39:07 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\searchplugins\SearchResults.xml
[2011/09/14 00:48:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/24 15:00:27 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/07/04 00:19:34 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/19 00:27:57 | 000,000,000 | -H-D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\9.0.0.22
[2007/08/26 10:54:34 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/02/25 21:02:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/27 06:38:21 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/09/25 19:12:53 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2011/07/04 00:19:34 | 000,000,000 | -H-D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/12/23 22:05:44 | 000,000,000 | -H-D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/07/04 00:19:16 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/14 00:57:01 | 000,000,000 | -H-D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SAVEVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011/04/14 10:26:02 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/06 10:37:19 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/04 00:19:15 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/19 06:57:38 | 000,310,272 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/11/06 10:37:20 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/19 00:27:39 | 000,003,766 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2009/01/08 11:22:08 | 000,004,212 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\orbitsearch.xml
[2011/09/14 00:39:07 | 000,002,497 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Norton Ghost 14.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Installer] C:\Program Files\CheckPoint\Install\Launcher.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Vinny\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktopChanges = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: ClassicShell = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: erightsoft.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: free.fr ([gpl.download] * in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A49256A0-8EAE-4327-8DAA-A08019055890}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\dimsntfy: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Vinny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vinny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{7b0b78f1-0cbb-11dd-9ccb-0015c5494866}\Shell\Decrypt using DVD Decrypter\Command - "" = C:\Program Files\DVD Decrypter\DVDDecrypter.exe -- [2005/03/20 19:55:47 | 000,772,608 | -H-- | M] (LIGHTNING UK!)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: autotvol - (C:\WINDOWS\system32\autonet1.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 02:21:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/19 02:21:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/18 23:49:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vinny\Desktop\OTL.exe
[2012/01/18 23:24:32 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/01/18 22:55:09 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Vinny\Desktop\mbam-setup-1.60.0.1800.com
[2012/01/18 19:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vinny\Application Data\SUPERAntiSpyware.com
[2012/01/18 19:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/01/18 19:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/01/18 19:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/18 19:03:25 | 014,131,560 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Vinny\Desktop\SUPERAntiSpyware.exe
[2012/01/18 04:57:56 | 000,064,512 | -H-- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/01/18 04:57:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/01/18 03:59:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/17 19:05:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2012/01/17 19:04:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/01/17 19:04:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/17 18:58:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/01/15 22:29:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\Amok Time Fanmix
[2012/01/09 03:27:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\Versus Video Games
[2012/01/09 03:27:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\Dual Dragons
[2012/01/09 03:12:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\VG Rocks
[2012/01/09 03:11:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\Leg Vacuum
[2012/01/09 03:11:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\CarboHydroM
[2012/01/08 05:49:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\[Game - Soundtrack] Genso Suikoden Piano Collection ~Avertunerio Antes Lance Mao~
[2012/01/08 05:05:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\[Game - Soundtrack] Genso Suikoden Orgel Collection
[2012/01/05 23:11:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Vinny\Desktop\dontletthemfoolyou
[2011/04/15 01:55:46 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Documents and Settings\Vinny\Application Data\pcouffin.sys
[2007/05/20 05:31:42 | 000,061,440 | -H-- | C] (Freeware licensed under GPL) -- C:\Program Files\DGVfapi.vfp
[2007/03/15 23:29:16 | 000,781,992 | -H-- | C] (Beepa P/L) -- C:\Program Files\fraps.exe
[2007/03/15 23:27:30 | 000,118,784 | -H-- | C] (Beepa P/L) -- C:\Program Files\fraps.dll
[2007/03/15 23:27:16 | 000,122,880 | -H-- | C] (Beepa P/L) -- C:\Program Files\frapslcd.dll
[2006/12/21 23:01:46 | 000,057,856 | -H-- | C] (Beepa P/L) -- C:\Program Files\fraps64.dll
[2006/12/21 23:01:36 | 000,293,376 | -H-- | C] (Beepa P/L) -- C:\Program Files\fraps64.dat
[2006/11/17 16:18:00 | 000,120,320 | -H-- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[7 C:\Documents and Settings\Vinny\My Documents\*.tmp files -> C:\Documents and Settings\Vinny\My Documents\*.tmp -> ]
[5 C:\Documents and Settings\Vinny\Desktop\*.tmp files -> C:\Documents and Settings\Vinny\Desktop\*.tmp -> ]
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1525 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 22:21:22 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/19 22:06:02 | 046,947,840 | ---- | M] () -- C:\Documents and Settings\Vinny\Desktop\zaSetup_92_102_000_en.exe
[2012/01/19 21:58:36 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Vinny\Desktop\Resume ZoneAlarm Security Install.lnk
[2012/01/19 21:57:03 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-46722641-3523488381-3589522040-1006.job
[2012/01/19 21:57:02 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\Registry Reviver-Vinny-Startup.job
[2012/01/19 21:55:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 18:51:00 | 000,358,315 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/19 16:56:12 | 087,064,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/19 06:28:49 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/19 06:28:49 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/19 06:28:40 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/01/19 02:21:22 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Vinny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/19 02:21:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 00:04:53 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Vinny\Desktop\Shortcut to mbam-setup-1.60.0.1800.com.pif
[2012/01/18 23:49:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vinny\Desktop\OTL.exe
[2012/01/18 22:56:11 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Vinny\Desktop\mbam-setup-1.60.0.1800.com
[2012/01/18 19:12:13 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/18 19:11:14 | 014,131,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Vinny\Desktop\SUPERAntiSpyware.exe
[2012/01/18 04:45:41 | 012,021,760 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\Ad-Aware96Install.msi
[2012/01/17 20:02:34 | 000,000,397 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\51c5c6a8
[2012/01/17 19:20:40 | 000,030,022 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\tumblr_lxke96fCtb1qf9gcq.jpg
[2012/01/13 23:04:01 | 079,836,741 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\No Path.zip
[2012/01/13 00:30:03 | 000,000,776 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\settings.config
[2012/01/12 00:06:42 | 000,194,086 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\TurboVote (Rachel Marie Anderson).pdf
[2012/01/10 01:10:34 | 066,727,368 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\prem1.avi
[2012/01/09 04:21:40 | 069,822,165 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\Genso Suikoden Piano Collection 2.rar
[2012/01/09 03:50:13 | 098,588,278 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\ET-SET.rar
[2012/01/09 03:46:09 | 057,393,968 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\ES-TCAC.rar
[2012/01/09 03:38:54 | 096,519,528 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\DWATRM-ITFR...LAA!.rar
[2012/01/09 03:31:29 | 023,870,054 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\DOE-BTM.rar
[2012/01/09 01:29:30 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/08 05:01:47 | 000,001,492 | -HS- | M] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/08 05:01:47 | 000,001,492 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/06 03:24:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-46722641-3523488381-3589522040-1006.job
[2012/01/05 23:28:43 | 000,483,224 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/05 23:28:43 | 000,089,446 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/05 01:29:27 | 000,081,408 | -H-- | M] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/05 00:19:17 | 000,000,077 | -H-- | M] () -- C:\WINDOWS\huffyuv.ini
[2011/12/31 04:06:46 | 000,000,114 | -H-- | M] () -- C:\WINDOWS\CIV.INI
[2011/12/27 01:29:25 | 036,464,060 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\comeon-divx.zip
[2011/12/23 22:28:03 | 085,207,351 | -H-- | M] () -- C:\Documents and Settings\Vinny\Desktop\Dream Within v2.wmv
[7 C:\Documents and Settings\Vinny\My Documents\*.tmp files -> C:\Documents and Settings\Vinny\My Documents\*.tmp -> ]
[5 C:\Documents and Settings\Vinny\Desktop\*.tmp files -> C:\Documents and Settings\Vinny\Desktop\*.tmp -> ]
[1525 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 22:03:26 | 046,947,840 | ---- | C] () -- C:\Documents and Settings\Vinny\Desktop\zaSetup_92_102_000_en.exe
[2012/01/19 21:58:36 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Vinny\Desktop\Resume ZoneAlarm Security Install.lnk
[2012/01/19 02:21:22 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Vinny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/01/19 02:21:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/19 00:04:53 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Vinny\Desktop\Shortcut to mbam-setup-1.60.0.1800.com.pif
[2012/01/18 22:13:38 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/01/18 22:13:38 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/01/18 19:12:13 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/18 04:44:54 | 012,021,760 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\Ad-Aware96Install.msi
[2012/01/17 20:02:33 | 000,000,422 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1ee5aec9
[2012/01/17 20:02:33 | 000,000,406 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Application Data\c0a48891
[2012/01/17 20:02:33 | 000,000,397 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\51c5c6a8
[2012/01/17 19:20:40 | 000,030,022 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\tumblr_lxke96fCtb1qf9gcq.jpg
[2012/01/13 22:55:07 | 079,836,741 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\No Path.zip
[2012/01/12 00:06:45 | 000,194,086 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\TurboVote (Rachel Marie Anderson).pdf
[2012/01/10 00:56:56 | 066,727,368 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\prem1.avi
[2012/01/09 04:09:11 | 069,822,165 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\Genso Suikoden Piano Collection 2.rar
[2012/01/09 03:40:24 | 098,588,278 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\ET-SET.rar
[2012/01/09 03:40:09 | 057,393,968 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\ES-TCAC.rar
[2012/01/09 03:29:22 | 096,519,528 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\DWATRM-ITFR...LAA!.rar
[2012/01/09 03:28:56 | 023,870,054 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\DOE-BTM.rar
[2012/01/08 05:01:40 | 000,001,492 | -HS- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/08 05:01:40 | 000,001,492 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/08 01:55:11 | 000,227,328 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\MTPAxe.exe
[2012/01/08 01:44:03 | 000,000,776 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\settings.config
[2012/01/05 22:56:41 | 033,105,844 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\clearthearea-astarte.avi
[2011/12/27 01:11:41 | 036,464,060 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\comeon-divx.zip
[2011/12/23 22:11:14 | 085,207,351 | -H-- | C] () -- C:\Documents and Settings\Vinny\Desktop\Dream Within v2.wmv
[2011/04/15 01:55:46 | 000,087,608 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\inst.exe
[2011/04/15 01:55:46 | 000,007,887 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\pcouffin.cat
[2011/04/15 01:55:46 | 000,001,144 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\pcouffin.inf
[2010/11/11 00:02:23 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/11/01 22:50:17 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\CIV.INI
[2010/10/29 02:30:36 | 000,791,112 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/19 02:33:39 | 000,695,642 | -H-- | C] () -- C:\WINDOWS\unins001.exe
[2010/09/19 02:33:39 | 000,001,783 | -H-- | C] () -- C:\WINDOWS\unins001.dat
[2010/09/19 02:33:15 | 000,695,642 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2010/09/19 02:33:15 | 000,001,142 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2010/09/09 18:34:36 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\patchw32.dll
[2010/09/09 18:32:50 | 000,215,144 | RH-- | C] () -- C:\WINDOWS\pw32a.dll
[2010/09/05 14:17:12 | 000,139,264 | -H-- | C] () -- C:\WINDOWS\System32\utvideo.dll
[2010/06/19 03:00:00 | 000,000,279 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\.thetimelineproj.cfg
[2010/05/27 21:24:03 | 000,028,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2010/05/25 22:53:49 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\czyiwa.dat
[2010/05/25 18:31:48 | 000,000,104 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010/04/01 01:31:27 | 001,866,670 | -H-- | C] () -- C:\WINDOWS\System32\libfftw3f-3.dll
[2010/04/01 00:35:41 | 002,371,760 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/04/01 00:35:41 | 000,002,190 | -H-- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Renaissance uPlayer.dat
[2010/02/09 19:37:31 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\prvlcl.dat
[2009/11/30 14:51:19 | 000,001,572 | -H-- | C] () -- C:\Documents and Settings\Vinny\Application Data\home_budget_lite.ini
[2009/08/25 22:43:24 | 000,005,652 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2009/08/17 17:16:10 | 000,122,880 | -H-- | C] () -- C:\WINDOWS\System32\avsfilter.dll
[2009/08/17 17:16:10 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\LoadPluginEx.dll
[2009/08/17 17:16:09 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\warpsharp.dll
[2009/08/17 16:46:52 | 001,627,136 | -H-- | C] () -- C:\WINDOWS\System32\fftw3.dll
[2009/07/23 23:43:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/26 05:55:39 | 000,000,600 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\PUTTY.RND
[2008/09/30 22:05:54 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Irremote.ini
[2008/09/26 19:58:57 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/04 14:48:53 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/03 16:04:12 | 000,237,568 | -H-- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2008/08/06 19:52:58 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/27 20:44:18 | 000,035,365 | -H-- | C] () -- C:\WINDOWS\System32\uninstHelixYUV.exe
[2008/06/27 20:42:00 | 000,815,104 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/27 20:42:00 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/15 19:44:58 | 000,002,296 | -H-- | C] () -- C:\WINDOWS\hpdj5700.ini
[2008/01/15 19:44:12 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/01/10 22:54:32 | 000,000,038 | -H-- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/01/10 21:22:13 | 000,004,159 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\jexqjxsy.dne
[2007/05/28 13:22:42 | 000,022,701 | -H-- | C] () -- C:\Program Files\uninstall.exe
[2007/05/17 21:42:11 | 000,000,552 | -H-- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2007/03/27 16:39:20 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\CF0F9240.DAT
[2007/03/27 16:39:20 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\CF0F9240.DAT
[2006/12/19 06:59:42 | 000,001,860 | -H-- | C] () -- C:\Program Files\README.HTM
[2006/10/22 21:30:26 | 000,057,856 | -H-- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2006/10/22 16:16:56 | 000,000,067 | -H-- | C] () -- C:\WINDOWS\IDMan.INI
[2006/10/01 15:07:36 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/01 15:07:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\C67A36DCD6.sys
[2006/09/26 22:56:27 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/26 03:00:22 | 000,000,039 | -H-- | C] () -- C:\WINDOWS\lagarith.ini
[2006/09/24 23:07:31 | 000,081,408 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/24 15:00:17 | 000,003,691 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/14 00:32:21 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\fusioncache.dat
[2006/09/08 13:30:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/08 13:18:20 | 000,129,024 | -H-- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/09/08 13:17:18 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/09/08 13:15:32 | 000,000,402 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/08 13:14:16 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/08 13:12:10 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/08 13:09:05 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/09/08 12:42:26 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/09/08 12:42:20 | 000,016,480 | -H-- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/09/08 12:42:17 | 000,127,614 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/08 12:41:58 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/09/08 12:41:58 | 000,018,944 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/09/08 12:41:53 | 000,757,760 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/09/08 12:40:47 | 000,000,390 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/02/23 00:06:42 | 000,006,739 | -H-- | C] () -- C:\Program Files\QuickStart.html
[2005/09/15 16:40:22 | 000,160,768 | -H-- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,034,380 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,294,072 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:37 | 000,022,040 | -H-- | C] () -- C:\WINDOWS\System32\_004501_.tmp.dll
[2005/08/16 03:18:37 | 000,022,040 | -H-- | C] () -- C:\WINDOWS\System32\_004381_.tmp.dll
[2005/08/16 03:18:33 | 000,483,224 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,089,446 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:28 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:22 | 000,249,270 | -H-- | C] () -- C:\WINDOWS\System32\_004552_.tmp.dll
[2005/08/16 03:18:22 | 000,249,270 | -H-- | C] () -- C:\WINDOWS\System32\_004413_.tmp.dll
[2005/05/12 08:25:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 16:38:24 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:38:24 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,249,270 | -H-- | C] () -- C:\WINDOWS\System32\_005057_.tmp.dll
[2004/08/10 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,022,040 | -H-- | C] () -- C:\WINDOWS\System32\_005025_.tmp.dll
[2004/08/10 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,001,788 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/09 22:11:42 | 000,185,856 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/27 06:13:54 | 000,421,888 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004/01/27 06:13:14 | 000,061,440 | -H-- | C] () -- C:\WINDOWS\System32\libfaac.dll
[2004/01/05 22:50:40 | 000,245,760 | -H-- | C] () -- C:\WINDOWS\System32\ImxEx.dll
[2003/01/07 14:05:08 | 000,002,695 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/16 07:32:12 | 000,000,077 | -H-- | C] () -- C:\WINDOWS\huffyuv.ini
[2002/06/17 18:36:00 | 000,482,816 | -H-- | C] () -- C:\WINDOWS\System32\VFCodec.dll

========== LOP Check ==========

[2010/09/10 14:07:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2012/01/19 05:45:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/01/18 23:06:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/04/25 17:19:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/09/14 00:39:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/03/14 17:49:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/04/21 01:16:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2005/08/16 19:54:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/04/08 00:46:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Maestro
[2012/01/19 16:57:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/14 03:05:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/07 20:16:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2011/04/25 17:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/03/10 15:01:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/03/28 00:04:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/08 13:15:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/12/28 20:49:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/25 01:03:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/09/14 00:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
[2011/12/06 23:19:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\.anki
[2010/01/06 18:54:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\.matplotlib
[2010/09/10 14:38:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Acronis
[2009/05/07 15:25:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Amazon
[2011/03/01 17:34:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\AnvSoft
[2011/09/24 17:22:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\AVG Secure Search
[2011/09/24 17:20:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\AVG2012
[2006/11/06 01:04:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\cYo
[2011/04/21 02:00:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\DAEMON Tools Lite
[2011/05/04 00:44:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\DeviceDoctorSoftware
[2007/06/04 16:48:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\DMCache
[2011/02/22 22:27:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\EurekaLog
[2010/04/24 21:42:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\FileZilla
[2010/06/22 01:47:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\FreeFLVConverter
[2011/02/16 23:35:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\GetRightToGo
[2008/07/23 16:22:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\GrabPro
[2012/01/10 03:58:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\gtk-2.0
[2009/10/29 03:17:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\ImgBurn
[2007/03/04 23:20:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Leadertech
[2008/06/16 10:20:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\LimeWire
[2009/09/23 04:31:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\MilkShape 3D 1.x.x
[2006/09/25 23:32:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\MPEG Streamclip
[2011/04/25 16:13:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\mplayer
[2006/09/26 23:27:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Opera
[2011/04/19 17:06:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Orbit
[2008/03/07 20:16:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Otto
[2010/12/27 17:10:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\ProgSense
[2006/11/30 20:27:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Publish Providers
[2011/04/09 00:31:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\RenPy
[2011/02/22 22:28:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\RiffTrax
[2011/09/14 00:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\searchqutoolbar
[2007/03/20 23:35:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Softplicity
[2008/01/01 15:55:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Sony
[2008/01/01 14:21:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Sony Setup
[2008/09/29 23:00:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\STOIK
[2008/04/17 11:22:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\TERMINAL Studio
[2011/12/09 06:16:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\uTorrent
[2006/10/01 17:20:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\VersionTracker Pro
[2011/09/17 01:20:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\Vso
[2012/01/19 06:28:40 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/01/19 21:57:02 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\Tasks\Registry Reviver-Vinny-Startup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 362 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C595FF3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

Edited by libsrone, 25 January 2012 - 12:40 AM.

  • 0

#4
Gammo
Posted 25 January 2012 - 11:51 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
[2011/09/14 00:58:51 | 000,000,000 | -H-D | M] (StartNow Toolbar) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/09/14 00:57:01 | 000,000,000 | -H-D | M] (Searchqu Toolbar) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/09/14 00:58:51 | 000,000,000 | -H-D | M] (DealPly) -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2011/09/13 22:40:05 | 000,001,945 | -H-- | M] () -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\searchplugins\bing-zugo.xml
[2011/09/14 00:39:07 | 000,002,497 | -H-- | M] () -- C:\Documents and Settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\searchplugins\SearchResults.xml
[2011/09/14 00:57:01 | 000,000,000 | -H-D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SAVEVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011/09/14 00:39:07 | 000,002,497 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O36 - AppCertDlls: autotvol - (C:\WINDOWS\system32\autonet1.dll) - File not found
[7 C:\Documents and Settings\Vinny\My Documents\*.tmp files -> C:\Documents and Settings\Vinny\My Documents\*.tmp -> ]
[5 C:\Documents and Settings\Vinny\Desktop\*.tmp files -> C:\Documents and Settings\Vinny\Desktop\*.tmp -> ]
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1525 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2012/01/17 20:02:34 | 000,000,397 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\51c5c6a8
[2012/01/08 05:01:47 | 000,001,492 | -HS- | M] () -- C:\Documents and Settings\Vinny\Local Settings\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/08 05:01:47 | 000,001,492 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
[2012/01/17 20:02:33 | 000,000,422 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1ee5aec9
[2012/01/17 20:02:33 | 000,000,406 | -H-- | C] () -- C:\Documents and Settings\NetworkService\Application Data\c0a48891
[2006/09/08 13:15:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/14 00:57:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Vinny\Application Data\searchqutoolbar

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Program Files\Viewpoint
C:\PROGRAM FILES\WINDOWS SAVEVID TOOLBAR

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done





Please download and run Unhide






Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#5
libsrone
Posted 26 January 2012 - 06:57 AM

libsrone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
AVG would only let me disable it for 15 minutes, so I did that, then ran combofix right away, which took 35 minutes. The computer is running at regular speed again. A bunch of the programs in the start menu, and everything in the all programs window, still have generic icons and if I select them, I get a missing shortcut message. Icons are no longer transparent (including the supposed-to-be-hidden ones). I don't get error messages when closing word documents anymore and I'm able to go online without incident.

ComboFix 12-01-23.02 - Vinny 01/26/2012 1:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1396 [GMT -6:00]
Running from: c:\documents and settings\Vinny\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Vinny\Application Data\EurekaLog
c:\documents and settings\Vinny\Application Data\EurekaLog\RiffTrax\RiffTrax_BANJO.elf
c:\documents and settings\Vinny\Application Data\inst.exe
c:\documents and settings\Vinny\defrag.exe
c:\documents and settings\Vinny\DefragPS.dll
c:\documents and settings\Vinny\Templates\ld7057sr6ces33o40m367as3u5j3vxnxa721onvr0e57di
c:\documents and settings\Vinny\WINDOWS
c:\program files\Uninstall.exe
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{77976D5E-C17A-49E5-A91B-D7BFA08301CB}\1033.MST
c:\windows\Downloaded Installations\BMP\{77976D5E-C17A-49E5-A91B-D7BFA08301CB}\BACS.msi
c:\windows\kb913800.exe
c:\windows\system32\_004370_.tmp.dll
c:\windows\system32\_004371_.tmp.dll
c:\windows\system32\_004372_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004380_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004384_.tmp.dll
c:\windows\system32\_004385_.tmp.dll
c:\windows\system32\_004386_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004388_.tmp.dll
c:\windows\system32\_004389_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004393_.tmp.dll
c:\windows\system32\_004394_.tmp.dll
c:\windows\system32\_004395_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004397_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004399_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004401_.tmp.dll
c:\windows\system32\_004402_.tmp.dll
c:\windows\system32\_004403_.tmp.dll
c:\windows\system32\_004404_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004406_.tmp.dll
c:\windows\system32\_004407_.tmp.dll
c:\windows\system32\_004408_.tmp.dll
c:\windows\system32\_004409_.tmp.dll
c:\windows\system32\_004410_.tmp.dll
c:\windows\system32\_004411_.tmp.dll
c:\windows\system32\_004412_.tmp.dll
c:\windows\system32\_004413_.tmp.dll
c:\windows\system32\_004414_.tmp.dll
c:\windows\system32\_004415_.tmp.dll
c:\windows\system32\_004416_.tmp.dll
c:\windows\system32\_004417_.tmp.dll
c:\windows\system32\_004418_.tmp.dll
c:\windows\system32\_004419_.tmp.dll
c:\windows\system32\_004420_.tmp.dll
c:\windows\system32\_004421_.tmp.dll
c:\windows\system32\_004422_.tmp.dll
c:\windows\system32\_004423_.tmp.dll
c:\windows\system32\_004424_.tmp.dll
c:\windows\system32\_004425_.tmp.dll
c:\windows\system32\_004426_.tmp.dll
c:\windows\system32\_004427_.tmp.dll
c:\windows\system32\_004428_.tmp.dll
c:\windows\system32\_004429_.tmp.dll
c:\windows\system32\_004430_.tmp.dll
c:\windows\system32\_004431_.tmp.dll
c:\windows\system32\_004432_.tmp.dll
c:\windows\system32\_004433_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004435_.tmp.dll
c:\windows\system32\_004436_.tmp.dll
c:\windows\system32\_004437_.tmp.dll
c:\windows\system32\_004438_.tmp.dll
c:\windows\system32\_004439_.tmp.dll
c:\windows\system32\_004440_.tmp.dll
c:\windows\system32\_004441_.tmp.dll
c:\windows\system32\_004442_.tmp.dll
c:\windows\system32\_004443_.tmp.dll
c:\windows\system32\_004444_.tmp.dll
c:\windows\system32\_004445_.tmp.dll
c:\windows\system32\_004446_.tmp.dll
c:\windows\system32\_004447_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004450_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004452_.tmp.dll
c:\windows\system32\_004453_.tmp.dll
c:\windows\system32\_004454_.tmp.dll
c:\windows\system32\_004455_.tmp.dll
c:\windows\system32\_004457_.tmp.dll
c:\windows\system32\_004458_.tmp.dll
c:\windows\system32\_004459_.tmp.dll
c:\windows\system32\_004460_.tmp.dll
c:\windows\system32\_004461_.tmp.dll
c:\windows\system32\_004462_.tmp.dll
c:\windows\system32\_004463_.tmp.dll
c:\windows\system32\_004464_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004469_.tmp.dll
c:\windows\system32\_004470_.tmp.dll
c:\windows\system32\_004471_.tmp.dll
c:\windows\system32\_004472_.tmp.dll
c:\windows\system32\_004473_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_004476_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004478_.tmp.dll
c:\windows\system32\_004480_.tmp.dll
c:\windows\system32\_004482_.tmp.dll
c:\windows\system32\_004483_.tmp.dll
c:\windows\system32\_004484_.tmp.dll
c:\windows\system32\_004485_.tmp.dll
c:\windows\system32\_004486_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004490_.tmp.dll
c:\windows\system32\_004491_.tmp.dll
c:\windows\system32\_004492_.tmp.dll
c:\windows\system32\_004493_.tmp.dll
c:\windows\system32\_004494_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004496_.tmp.dll
c:\windows\system32\_004497_.tmp.dll
c:\windows\system32\_004498_.tmp.dll
c:\windows\system32\_004499_.tmp.dll
c:\windows\system32\_004500_.tmp.dll
c:\windows\system32\_004501_.tmp.dll
c:\windows\system32\_004502_.tmp.dll
c:\windows\system32\_004503_.tmp.dll
c:\windows\system32\_004504_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004509_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004512_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004517_.tmp.dll
c:\windows\system32\_004518_.tmp.dll
c:\windows\system32\_004519_.tmp.dll
c:\windows\system32\_004520_.tmp.dll
c:\windows\system32\_004521_.tmp.dll
c:\windows\system32\_004523_.tmp.dll
c:\windows\system32\_004524_.tmp.dll
c:\windows\system32\_004525_.tmp.dll
c:\windows\system32\_004526_.tmp.dll
c:\windows\system32\_004527_.tmp.dll
c:\windows\system32\_004528_.tmp.dll
c:\windows\system32\_004529_.tmp.dll
c:\windows\system32\_004530_.tmp.dll
c:\windows\system32\_004532_.tmp.dll
c:\windows\system32\_004533_.tmp.dll
c:\windows\system32\_004534_.tmp.dll
c:\windows\system32\_004535_.tmp.dll
c:\windows\system32\_004538_.tmp.dll
c:\windows\system32\_004539_.tmp.dll
c:\windows\system32\_004543_.tmp.dll
c:\windows\system32\_004544_.tmp.dll
c:\windows\system32\_004546_.tmp.dll
c:\windows\system32\_004549_.tmp.dll
c:\windows\system32\_004551_.tmp.dll
c:\windows\system32\_004552_.tmp.dll
c:\windows\system32\_004553_.tmp.dll
c:\windows\system32\_004554_.tmp.dll
c:\windows\system32\_004555_.tmp.dll
c:\windows\system32\_004558_.tmp.dll
c:\windows\system32\_004559_.tmp.dll
c:\windows\system32\_004560_.tmp.dll
c:\windows\system32\_004561_.tmp.dll
c:\windows\system32\_004562_.tmp.dll
c:\windows\system32\_004567_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_005014_.tmp.dll
c:\windows\system32\_005015_.tmp.dll
c:\windows\system32\_005016_.tmp.dll
c:\windows\system32\_005017_.tmp.dll
c:\windows\system32\_005024_.tmp.dll
c:\windows\system32\_005025_.tmp.dll
c:\windows\system32\_005026_.tmp.dll
c:\windows\system32\_005027_.tmp.dll
c:\windows\system32\_005029_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005033_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005036_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005038_.tmp.dll
c:\windows\system32\_005040_.tmp.dll
c:\windows\system32\_005043_.tmp.dll
c:\windows\system32\_005044_.tmp.dll
c:\windows\system32\_005048_.tmp.dll
c:\windows\system32\_005049_.tmp.dll
c:\windows\system32\_005051_.tmp.dll
c:\windows\system32\_005054_.tmp.dll
c:\windows\system32\_005056_.tmp.dll
c:\windows\system32\_005057_.tmp.dll
c:\windows\system32\_005058_.tmp.dll
c:\windows\system32\_005059_.tmp.dll
c:\windows\system32\_005060_.tmp.dll
c:\windows\system32\_005063_.tmp.dll
c:\windows\system32\_005064_.tmp.dll
c:\windows\system32\_005065_.tmp.dll
c:\windows\system32\_005066_.tmp.dll
c:\windows\system32\_005067_.tmp.dll
c:\windows\system32\_005072_.tmp.dll
c:\windows\system32\_005074_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2fa1cc3343316a5b.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b14e57f0a70f9af5.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((( Files Created from 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))))
.
.
2012-01-26 06:21 . 2012-01-26 06:21 -------- dc----w- C:\_OTL
2012-01-21 04:22 . 2012-01-21 04:22 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-01-19 08:21 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-19 06:58 . 2012-01-19 06:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-01-19 05:24 . 2012-01-19 05:24 -------- d-----w- c:\program files\CheckPoint
2012-01-19 01:14 . 2012-01-19 01:14 -------- dc----w- c:\documents and settings\Vinny\Application Data\SUPERAntiSpyware.com
2012-01-19 01:12 . 2012-01-19 01:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-19 01:12 . 2012-01-19 01:12 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-18 10:57 . 2011-11-03 18:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-18 08:21 . 2012-01-18 08:21 -------- dcs---w- c:\documents and settings\NetworkService\UserData
2012-01-18 01:04 . 2012-01-18 01:05 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-20 11:31 . 2007-05-20 11:31 61440 -c--a-w- c:\program files\DGVfapi.vfp
2007-03-16 05:29 . 2007-03-16 05:29 781992 ----a-w- c:\program files\fraps.exe
2007-03-16 05:27 . 2007-03-16 05:27 118784 -c--a-w- c:\program files\fraps.dll
2007-03-16 05:27 . 2007-03-16 05:27 122880 -c--a-w- c:\program files\frapslcd.dll
2006-12-22 05:01 . 2006-12-22 05:01 57856 -c--a-w- c:\program files\fraps64.dll
2006-12-22 05:01 . 2006-12-22 05:01 293376 -c--a-w- c:\program files\fraps64.dat
2011-04-14 16:26 . 2011-05-16 07:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-19 06:27 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2011-12-19 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2245984]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-19 892768]
"ZoneAlarm Installer"="c:\program files\CheckPoint\Install\Launcher.exe" [2012-01-19 403088]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 53760]
.
c:\documents and settings\Vinny\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26126:TCP"= 26126:TCP:*:Disabled:dBpoweramp Renaissance UPnP TCP
"26126:UDP"= 26126:UDP:*:Disabled:dBpoweramp Renaissance UPnP UDP
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/18/2012 4:57 AM 64512]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [9/10/2010 1:51 PM 902432]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/21/2011 1:37 AM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9/10/2010 1:52 PM 2326920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 5:00 AM 5120]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [12/19/2011 12:27 AM 869216]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9/10/2010 1:52 PM 159168]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1558000]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [9/8/2010 9:26 PM 27760]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 18:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: erightsoft.net\www
Trusted Zone: free.fr\gpl.download
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B44b552af-9374-4011-83a6-fdd6e534b24d%7D&mid=684c33da4deab31858a920fe0e4f0cd0-c221482c8c73fad4df87dab4034a7ff59ea90047&ds=AVG&v=9.0.0.22&lang=en&pr=fr&d=2011-09-24%2018%3A22%3A16&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
Notify-dimsntfy - (no file)
AddRemove-AMVapp Audio Apps - c:\program files\AMVApp\Audio Apps\uninst.exe
AddRemove-AMVappSupportTools - c:\program files\AMVApp\Support Tools\AMVappSupportTools-uninst.exe
AddRemove-Avisynth Filters - c:\program files\AviSynth 2.5\plugins\uninst.exe
AddRemove-Fraps - c:\program files\uninstall.exe
AddRemove-LosslessCodecs - c:\program files\AMVApp\Lossless Codecs\losslesscodecs-uninst.exe
AddRemove-Sims2Pack Clean Installer - c:\program files\Sims2Pack Clean Installer\uninstall.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-VirtualDubMod - c:\program files\AMVapp\VirtualDubMod\uninst.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-WinGlulxe - c:\program files\WinGlulxe\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-26 01:23
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000BEVT-80A0RT0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A69D2C6
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com.../premiere.html"
"Search"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2a154338-8603-4311-8900-659aef409e1b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,40,02,13,ad,75,b8,fc,03,0e,19,9b,7e,c0,c3,5d,71,ae,29,89,e6,ae,dd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0c,d3,7b,85,7d,18,9d,1c,59,62,25,88,e2,79,a3,25,26,0d,d1,65,0d,
d6,e6,11,5b,5b,6d,ed,2d,7a,8f,cf,e9,52,f1,6d,76,03,21,06,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1124)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\imjp81.ime
c:\windows\system32\imjp81k.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
Completion time: 2012-01-26 01:35:37
ComboFix-quarantined-files.txt 2012-01-26 07:35
.
Pre-Run: 29,709,103,104 bytes free
Post-Run: 29,636,096,000 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /noexecute=optin
.
- - End Of File - - CC202879312FEB6AE37158F6D4812FA8
  • 0

#6
Gammo
Posted 26 January 2012 - 10:15 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, click the "Update" tab and click the "Check For updates" button.
  • Once the updates were downloaded, click the "Scanner" tab, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#7
libsrone
Posted 27 January 2012 - 01:17 AM

libsrone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
After I put up my last post, the window froze while I was surfing tumblr. I brought up the task manager and hit "end task" but firefox wouldn't respond. I tried restarting but the computer got stuck on the logging off screen. Today it's the same thing: if I want to shut down or restart, I have to force a shut down.

Malwarebytes didn't find any threats.


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.27.01

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
Vinny :: BANJO [administrator]

1/27/2012 12:38:22 AM
mbam-log-2012-01-27 (00-38-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197094
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Gammo
Posted 27 January 2012 - 06:36 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Let's run one final scan. :)

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

If you're asked whether you want to download the latest Avast virus definitions, choose "Yes".

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#9
libsrone
Posted 28 January 2012 - 12:43 AM

libsrone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-01-27 22:32:22
-----------------------------
22:32:22.359 OS Version: Windows 5.1.2600 Service Pack 2
22:32:22.359 Number of processors: 2 586 0xF06
22:32:22.359 ComputerName: BANJO UserName: Vinny
22:32:24.906 Initialize success
22:41:17.546 AVAST engine defs: 12012701
22:45:11.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:45:11.125 Disk 0 Vendor: WDC_WD5000BEVT-80A0RT0 01.01A01 Size: 476940MB BusType: 3
22:45:11.125 Device \Driver\atapi -> DriverStartIo 8a5bb2c6
22:45:11.140 Disk 0 MBR read successfully
22:45:11.156 Disk 0 MBR scan
22:45:11.171 Disk 0 MBR:Pihar-C [Rtk]
22:45:11.187 Disk 0 TDL4@MBR code has been found
22:45:11.203 Disk 0 MBR hidden
22:45:11.218 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 243 MB offset 63
22:45:11.250 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 452565 MB offset 498015
22:45:11.296 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 24128 MB offset 927352125
22:45:11.312 Disk 0 MBR [TDL4] **ROOTKIT**
22:45:11.328 Disk 0 trace - called modules:
22:45:11.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a5bb49f]<<
22:45:11.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa96030]
22:45:11.375 3 CLASSPNP.SYS[ba10905b] -> nt!IofCallDriver -> [0x8a3ed658]
22:45:11.390 \Driver\atapi[0x8a9b1ac0] -> IRP_MJ_CREATE -> 0x8a5bb49f
22:45:14.046 AVAST engine scan C:\WINDOWS
22:45:28.328 AVAST engine scan C:\WINDOWS\system32
22:49:31.328 AVAST engine scan C:\WINDOWS\system32\drivers
22:49:55.171 AVAST engine scan C:\Documents and Settings\Vinny
23:20:14.171 AVAST engine scan C:\Documents and Settings\All Users
23:33:27.859 Scan finished successfully
23:34:24.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Vinny\Desktop\MBR.dat"
23:34:24.765 The log file has been saved successfully to "C:\Documents and Settings\Vinny\Desktop\aswMBR.txt"
  • 0

#10
Gammo
Posted 28 January 2012 - 07:24 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Found it!


Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


How is your PC running after doing the above? :thumbsup:
  • 0

Advertisements

#11
libsrone
Posted 30 January 2012 - 01:48 AM

libsrone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Before I ran the scan, I got an AVG message saying it detected 2 threats. I hit quarantine/delete.

When rebooting after the scan, the computer wouldn't go past the logging out stage and I eventually forced a shut down. Afterwards, the computer was up to speed for a while. There were a few bouts of sluggishness that went away after a while so I don't know if they were virus related. I forced a shutdown when the start menu froze onscreen and wouldn't respond. Also, I got a windows security message saying my firewall was off (I thought I'd turned it back on after the combofix scan).

After running tdsskiller, I got another AVG message saying it blocked a threat:
virus name - Win32:FakeAlert-BXM
path - C:\WINDOWS\TEMP\IKIXZKZ.EXE

Here's the tdsskiller log:

23:57:07.0514 0372 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
23:57:08.0029 0372 ============================================================
23:57:08.0029 0372 Current date / time: 2012/01/28 23:57:08.0029
23:57:08.0029 0372 SystemInfo:
23:57:08.0029 0372
23:57:08.0029 0372 OS Version: 5.1.2600 ServicePack: 2.0
23:57:08.0029 0372 Product type: Workstation
23:57:08.0029 0372 ComputerName: BANJO
23:57:08.0029 0372 UserName: Vinny
23:57:08.0029 0372 Windows directory: C:\WINDOWS
23:57:08.0029 0372 System windows directory: C:\WINDOWS
23:57:08.0029 0372 Processor architecture: Intel x86
23:57:08.0029 0372 Number of processors: 2
23:57:08.0029 0372 Page size: 0x1000
23:57:08.0029 0372 Boot type: Normal boot
23:57:08.0029 0372 ============================================================
23:57:12.0154 0372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:57:12.0326 0372 Initialize success
23:58:02.0545 3896 ============================================================
23:58:02.0545 3896 Scan started
23:58:02.0545 3896 Mode: Manual; SigCheck; TDLFS;
23:58:02.0545 3896 ============================================================
23:58:02.0873 3896 Abiosdsk - ok
23:58:02.0951 3896 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:58:04.0701 3896 abp480n5 - ok
23:58:04.0889 3896 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:58:05.0045 3896 ACPI - ok
23:58:05.0201 3896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:58:05.0404 3896 ACPIEC - ok
23:58:05.0498 3896 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:58:05.0670 3896 adpu160m - ok
23:58:05.0873 3896 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
23:58:05.0982 3896 aec - ok
23:58:06.0029 3896 afcdp (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys
23:58:18.0326 3896 afcdp - ok
23:58:18.0545 3896 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:58:18.0654 3896 AFD - ok
23:58:18.0764 3896 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:58:18.0920 3896 agp440 - ok
23:58:19.0061 3896 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:58:19.0217 3896 agpCPQ - ok
23:58:19.0389 3896 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:58:19.0529 3896 Aha154x - ok
23:58:19.0592 3896 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:58:19.0811 3896 aic78u2 - ok
23:58:19.0873 3896 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:58:19.0998 3896 aic78xx - ok
23:58:20.0123 3896 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:58:20.0264 3896 AliIde - ok
23:58:20.0311 3896 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:58:20.0451 3896 alim1541 - ok
23:58:20.0482 3896 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:58:20.0607 3896 amdagp - ok
23:58:20.0639 3896 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:58:20.0764 3896 amsint - ok
23:58:20.0811 3896 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
23:58:20.0904 3896 APPDRV ( UnsignedFile.Multi.Generic ) - warning
23:58:20.0904 3896 APPDRV - detected UnsignedFile.Multi.Generic (1)
23:58:20.0998 3896 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:58:21.0170 3896 Arp1394 - ok
23:58:21.0264 3896 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:58:21.0514 3896 asc - ok
23:58:21.0545 3896 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:58:21.0623 3896 asc3350p - ok
23:58:21.0639 3896 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:58:21.0764 3896 asc3550 - ok
23:58:21.0826 3896 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:58:21.0982 3896 AsyncMac - ok
23:58:22.0092 3896 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:58:22.0170 3896 atapi - ok
23:58:22.0186 3896 Atdisk - ok
23:58:22.0373 3896 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:58:23.0061 3896 ati2mtag - ok
23:58:23.0232 3896 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:58:23.0451 3896 Atmarpc - ok
23:58:23.0514 3896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:58:23.0701 3896 audstub - ok
23:58:23.0826 3896 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
23:58:23.0842 3896 AVGIDSDriver - ok
23:58:23.0920 3896 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
23:58:23.0936 3896 AVGIDSEH - ok
23:58:23.0982 3896 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
23:58:23.0998 3896 AVGIDSFilter - ok
23:58:24.0061 3896 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
23:58:24.0076 3896 AVGIDSShim - ok
23:58:24.0139 3896 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
23:58:24.0170 3896 Avgldx86 - ok
23:58:24.0217 3896 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
23:58:24.0248 3896 Avgmfx86 - ok
23:58:24.0295 3896 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
23:58:24.0342 3896 Avgrkx86 - ok
23:58:24.0389 3896 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
23:58:24.0451 3896 Avgtdix - ok
23:58:24.0529 3896 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:58:24.0639 3896 BCM43XX - ok
23:58:24.0717 3896 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:58:24.0779 3896 bcm4sbxp - ok
23:58:24.0826 3896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:58:25.0045 3896 Beep - ok
23:58:25.0092 3896 bvrp_pci (647c1626114e789c5b8ab8e9c33c04bc) C:\WINDOWS\system32\drivers\bvrp_pci.sys
23:58:25.0217 3896 bvrp_pci ( UnsignedFile.Multi.Generic ) - warning
23:58:25.0217 3896 bvrp_pci - detected UnsignedFile.Multi.Generic (1)
23:58:25.0389 3896 catchme - ok
23:58:25.0545 3896 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:58:25.0779 3896 cbidf - ok
23:58:25.0811 3896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:58:25.0920 3896 cbidf2k - ok
23:58:25.0967 3896 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:58:26.0045 3896 cd20xrnt - ok
23:58:26.0092 3896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:58:26.0248 3896 Cdaudio - ok
23:58:26.0295 3896 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:58:26.0420 3896 Cdfs - ok
23:58:26.0467 3896 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:58:26.0592 3896 Cdrom - ok
23:58:26.0639 3896 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
23:58:26.0686 3896 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
23:58:26.0686 3896 cercsr6 - detected UnsignedFile.Multi.Generic (1)
23:58:26.0701 3896 Changer - ok
23:58:26.0764 3896 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:58:26.0904 3896 CmBatt - ok
23:58:26.0951 3896 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:58:27.0170 3896 CmdIde - ok
23:58:27.0232 3896 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:58:27.0404 3896 Compbatt - ok
23:58:27.0545 3896 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:58:27.0686 3896 Cpqarray - ok
23:58:27.0732 3896 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:58:27.0920 3896 dac2w2k - ok
23:58:27.0967 3896 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:58:28.0123 3896 dac960nt - ok
23:58:28.0186 3896 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:58:28.0248 3896 Disk - ok
23:58:28.0311 3896 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:58:28.0545 3896 dmboot - ok
23:58:28.0732 3896 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
23:58:28.0982 3896 dmio - ok
23:58:29.0014 3896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:58:29.0139 3896 dmload - ok
23:58:29.0201 3896 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:58:29.0279 3896 DMusic - ok
23:58:29.0326 3896 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:58:29.0482 3896 dpti2o - ok
23:58:29.0639 3896 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:58:29.0732 3896 drmkaud - ok
23:58:29.0826 3896 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
23:58:29.0936 3896 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
23:58:29.0936 3896 drvmcdb - detected UnsignedFile.Multi.Generic (1)
23:58:29.0982 3896 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
23:58:30.0014 3896 drvnddm ( UnsignedFile.Multi.Generic ) - warning
23:58:30.0014 3896 drvnddm - detected UnsignedFile.Multi.Generic (1)
23:58:30.0139 3896 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
23:58:30.0201 3896 DSproct ( UnsignedFile.Multi.Generic ) - warning
23:58:30.0201 3896 DSproct - detected UnsignedFile.Multi.Generic (1)
23:58:30.0357 3896 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
23:58:30.0420 3896 dsunidrv - ok
23:58:30.0498 3896 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
23:58:30.0514 3896 dtsoftbus01 - ok
23:58:30.0576 3896 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:58:30.0795 3896 E100B - ok
23:58:30.0920 3896 EverestDriver (898ad7d508f6ade242d94752e09f4152) C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
23:58:30.0936 3896 EverestDriver - ok
23:58:31.0107 3896 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:58:31.0232 3896 Fastfat - ok
23:58:31.0279 3896 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:58:31.0389 3896 Fdc - ok
23:58:31.0436 3896 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:58:31.0670 3896 Fips - ok
23:58:31.0701 3896 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:58:31.0826 3896 Flpydisk - ok
23:58:31.0873 3896 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
23:58:31.0998 3896 FltMgr - ok
23:58:32.0045 3896 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
23:58:32.0170 3896 FsVga - ok
23:58:32.0201 3896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:58:32.0389 3896 Fs_Rec - ok
23:58:32.0436 3896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:58:32.0607 3896 Ftdisk - ok
23:58:32.0654 3896 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:58:32.0686 3896 GEARAspiWDM - ok
23:58:32.0748 3896 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:58:32.0982 3896 Gpc - ok
23:58:33.0154 3896 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:58:33.0217 3896 HDAudBus - ok
23:58:33.0279 3896 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:58:33.0451 3896 HidUsb - ok
23:58:33.0514 3896 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:58:33.0607 3896 hpn - ok
23:58:33.0701 3896 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
23:58:33.0889 3896 HSF_DPV - ok
23:58:34.0045 3896 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
23:58:34.0154 3896 HSXHWAZL - ok
23:58:34.0248 3896 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:58:34.0311 3896 HTTP - ok
23:58:34.0357 3896 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:58:34.0482 3896 i2omgmt - ok
23:58:34.0529 3896 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:58:34.0654 3896 i2omp - ok
23:58:34.0717 3896 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:58:34.0842 3896 i8042prt - ok
23:58:34.0920 3896 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:58:35.0045 3896 Imapi - ok
23:58:35.0107 3896 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:58:35.0295 3896 ini910u - ok
23:58:35.0342 3896 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:58:35.0420 3896 IntelIde - ok
23:58:35.0467 3896 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:58:35.0529 3896 intelppm - ok
23:58:35.0576 3896 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:58:35.0732 3896 Ip6Fw - ok
23:58:35.0764 3896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:58:35.0936 3896 IpFilterDriver - ok
23:58:35.0982 3896 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:58:36.0154 3896 IpInIp - ok
23:58:36.0201 3896 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:58:36.0357 3896 IpNat - ok
23:58:36.0404 3896 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:58:36.0607 3896 IPSec - ok
23:58:36.0639 3896 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:58:36.0732 3896 IRENUM - ok
23:58:36.0779 3896 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:58:36.0936 3896 isapnp - ok
23:58:36.0998 3896 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:58:37.0076 3896 Kbdclass - ok
23:58:37.0123 3896 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
23:58:37.0201 3896 kmixer - ok
23:58:37.0248 3896 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
23:58:37.0404 3896 KSecDD - ok
23:58:37.0529 3896 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
23:58:37.0529 3896 Lavasoft Kernexplorer - ok
23:58:37.0717 3896 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
23:58:37.0717 3896 Lbd - ok
23:58:37.0748 3896 lbrtfdc - ok
23:58:37.0811 3896 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:58:37.0842 3896 mdmxsdk - ok
23:58:37.0904 3896 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:58:37.0967 3896 MHNDRV - ok
23:58:38.0029 3896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:58:38.0186 3896 mnmdd - ok
23:58:38.0248 3896 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:58:38.0326 3896 Modem - ok
23:58:38.0373 3896 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:58:38.0482 3896 Mouclass - ok
23:58:38.0514 3896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:58:38.0639 3896 mouhid - ok
23:58:38.0701 3896 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:58:38.0842 3896 MountMgr - ok
23:58:38.0889 3896 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:58:39.0014 3896 mraid35x - ok
23:58:39.0061 3896 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:58:39.0186 3896 MRxDAV - ok
23:58:39.0232 3896 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:58:39.0357 3896 MRxSmb - ok
23:58:39.0529 3896 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:58:39.0686 3896 Msfs - ok
23:58:39.0732 3896 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:58:39.0826 3896 MSKSSRV - ok
23:58:39.0842 3896 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:58:39.0904 3896 MSPCLOCK - ok
23:58:39.0936 3896 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:58:39.0998 3896 MSPQM - ok
23:58:40.0045 3896 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:58:40.0123 3896 mssmbios - ok
23:58:40.0170 3896 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:58:40.0311 3896 Mup - ok
23:58:40.0357 3896 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:58:40.0482 3896 NDIS - ok
23:58:40.0529 3896 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:58:40.0701 3896 NdisTapi - ok
23:58:40.0748 3896 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:58:40.0811 3896 Ndisuio - ok
23:58:40.0857 3896 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:58:40.0982 3896 NdisWan - ok
23:58:41.0029 3896 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:58:41.0186 3896 NDProxy - ok
23:58:41.0232 3896 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:58:41.0373 3896 NetBIOS - ok
23:58:41.0420 3896 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:58:41.0561 3896 NetBT - ok
23:58:41.0623 3896 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:58:41.0701 3896 NIC1394 - ok
23:58:41.0748 3896 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:58:41.0873 3896 nm - ok
23:58:41.0920 3896 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:58:42.0014 3896 Npfs - ok
23:58:42.0061 3896 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:58:42.0201 3896 Ntfs - ok
23:58:42.0248 3896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:58:42.0436 3896 Null - ok
23:58:42.0514 3896 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:58:42.0764 3896 nv - ok
23:58:42.0936 3896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:58:43.0107 3896 NwlnkFlt - ok
23:58:43.0139 3896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:58:43.0279 3896 NwlnkFwd - ok
23:58:43.0326 3896 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:58:43.0404 3896 ohci1394 - ok
23:58:43.0451 3896 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
23:58:43.0514 3896 omci ( UnsignedFile.Multi.Generic ) - warning
23:58:43.0514 3896 omci - detected UnsignedFile.Multi.Generic (1)
23:58:43.0576 3896 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
23:58:43.0701 3896 Parport - ok
23:58:43.0873 3896 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:58:44.0092 3896 PartMgr - ok
23:58:44.0123 3896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:58:44.0232 3896 ParVdm - ok
23:58:44.0279 3896 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:58:44.0420 3896 PCI - ok
23:58:44.0436 3896 PCIDump - ok
23:58:44.0482 3896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:58:44.0607 3896 PCIIde - ok
23:58:44.0654 3896 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:58:44.0764 3896 Pcmcia - ok
23:58:44.0779 3896 PDCOMP - ok
23:58:44.0795 3896 PDFRAME - ok
23:58:44.0811 3896 PDRELI - ok
23:58:44.0826 3896 PDRFRAME - ok
23:58:44.0857 3896 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:58:45.0029 3896 perc2 - ok
23:58:45.0092 3896 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:58:45.0248 3896 perc2hib - ok
23:58:45.0326 3896 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:58:45.0498 3896 PptpMiniport - ok
23:58:45.0561 3896 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:58:45.0732 3896 PSched - ok
23:58:45.0795 3896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:58:45.0967 3896 Ptilink - ok
23:58:46.0014 3896 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:58:46.0029 3896 PxHelp20 - ok
23:58:46.0092 3896 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:58:46.0279 3896 ql1080 - ok
23:58:46.0420 3896 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:58:46.0607 3896 Ql10wnt - ok
23:58:46.0639 3896 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:58:46.0826 3896 ql12160 - ok
23:58:46.0951 3896 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:58:47.0092 3896 ql1240 - ok
23:58:47.0107 3896 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:58:47.0232 3896 ql1280 - ok
23:58:47.0279 3896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:58:47.0451 3896 RasAcd - ok
23:58:47.0514 3896 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:58:47.0701 3896 Rasl2tp - ok
23:58:47.0748 3896 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:58:47.0936 3896 RasPppoe - ok
23:58:47.0982 3896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:58:48.0186 3896 Raspti - ok
23:58:48.0248 3896 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:58:48.0389 3896 Rdbss - ok
23:58:48.0420 3896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:58:48.0514 3896 RDPCDD - ok
23:58:48.0545 3896 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:58:48.0623 3896 rdpdr - ok
23:58:48.0670 3896 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
23:58:48.0779 3896 RDPWD - ok
23:58:48.0842 3896 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:58:48.0920 3896 redbook - ok
23:58:48.0982 3896 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
23:58:49.0076 3896 rimmptsk - ok
23:58:49.0123 3896 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
23:58:49.0186 3896 rimsptsk - ok
23:58:49.0248 3896 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
23:58:49.0373 3896 rismxdp - ok
23:58:49.0498 3896 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:58:49.0514 3896 SASDIFSV - ok
23:58:49.0529 3896 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:58:49.0545 3896 SASKUTIL - ok
23:58:49.0748 3896 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:58:49.0873 3896 sdbus - ok
23:58:49.0920 3896 Secdrv (f376a1580204e47f37a721e1cbc5582a) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:58:49.0982 3896 Secdrv ( UnsignedFile.Multi.Generic ) - warning
23:58:49.0982 3896 Secdrv - detected UnsignedFile.Multi.Generic (1)
23:58:50.0029 3896 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:58:50.0139 3896 serenum - ok
23:58:50.0186 3896 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
23:58:50.0342 3896 Serial - ok
23:58:50.0529 3896 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:58:50.0686 3896 Sfloppy - ok
23:58:50.0717 3896 Simbad - ok
23:58:50.0748 3896 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:58:50.0920 3896 sisagp - ok
23:58:50.0982 3896 snapman (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys
23:58:50.0998 3896 snapman - ok
23:58:51.0061 3896 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:58:51.0201 3896 Sparrow - ok
23:58:51.0248 3896 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
23:58:51.0357 3896 splitter - ok
23:58:51.0420 3896 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:58:51.0561 3896 sr - ok
23:58:51.0592 3896 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:58:51.0670 3896 Srv - ok
23:58:51.0748 3896 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
23:58:51.0842 3896 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
23:58:51.0842 3896 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
23:58:51.0920 3896 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
23:58:52.0014 3896 ssrtln ( UnsignedFile.Multi.Generic ) - warning
23:58:52.0014 3896 ssrtln - detected UnsignedFile.Multi.Generic (1)
23:58:52.0107 3896 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
23:58:52.0357 3896 STHDA - ok
23:58:52.0529 3896 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:58:52.0654 3896 swenum - ok
23:58:52.0717 3896 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:58:52.0904 3896 swmidi - ok
23:58:52.0951 3896 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:58:53.0092 3896 symc810 - ok
23:58:53.0139 3896 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:58:53.0248 3896 symc8xx - ok
23:58:53.0311 3896 symsnap (66918794b1701990be8510565fbd4bc4) C:\WINDOWS\system32\DRIVERS\symsnap.sys
23:58:53.0326 3896 symsnap - ok
23:58:53.0373 3896 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:58:53.0514 3896 sym_hi - ok
23:58:53.0545 3896 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:58:53.0654 3896 sym_u3 - ok
23:58:53.0701 3896 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:58:53.0795 3896 SynTP - ok
23:58:53.0857 3896 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:58:53.0920 3896 sysaudio - ok
23:58:53.0982 3896 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:58:54.0154 3896 Tcpip - ok
23:58:54.0295 3896 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:58:54.0482 3896 TDPIPE - ok
23:58:54.0561 3896 tdrpman251 (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys
23:58:54.0639 3896 tdrpman251 - ok
23:58:54.0670 3896 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:58:54.0842 3896 TDTCP - ok
23:58:54.0889 3896 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:58:54.0998 3896 TermDD - ok
23:58:55.0061 3896 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
23:58:55.0076 3896 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0076 3896 tfsnboio - detected UnsignedFile.Multi.Generic (1)
23:58:55.0107 3896 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
23:58:55.0139 3896 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0139 3896 tfsncofs - detected UnsignedFile.Multi.Generic (1)
23:58:55.0186 3896 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
23:58:55.0217 3896 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0217 3896 tfsndrct - detected UnsignedFile.Multi.Generic (1)
23:58:55.0264 3896 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
23:58:55.0295 3896 tfsndres ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0295 3896 tfsndres - detected UnsignedFile.Multi.Generic (1)
23:58:55.0357 3896 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
23:58:55.0389 3896 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0389 3896 tfsnifs - detected UnsignedFile.Multi.Generic (1)
23:58:55.0436 3896 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
23:58:55.0467 3896 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0467 3896 tfsnopio - detected UnsignedFile.Multi.Generic (1)
23:58:55.0514 3896 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
23:58:55.0561 3896 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0561 3896 tfsnpool - detected UnsignedFile.Multi.Generic (1)
23:58:55.0670 3896 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
23:58:55.0686 3896 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0686 3896 tfsnudf - detected UnsignedFile.Multi.Generic (1)
23:58:55.0701 3896 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
23:58:55.0717 3896 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
23:58:55.0717 3896 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
23:58:55.0842 3896 timounter (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys
23:58:55.0904 3896 timounter - ok
23:58:56.0014 3896 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:58:56.0217 3896 TosIde - ok
23:58:56.0279 3896 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:58:56.0357 3896 tunmp - ok
23:58:56.0404 3896 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:58:56.0561 3896 Udfs - ok
23:58:56.0592 3896 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:58:56.0654 3896 ultra - ok
23:58:56.0748 3896 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:58:56.0967 3896 Update - ok
23:58:57.0107 3896 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:58:57.0232 3896 USBAAPL - ok
23:58:57.0389 3896 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
23:58:57.0467 3896 usbaudio - ok
23:58:57.0529 3896 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:58:57.0654 3896 usbccgp - ok
23:58:57.0717 3896 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:58:57.0842 3896 usbehci - ok
23:58:57.0904 3896 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:58:58.0092 3896 usbhub - ok
23:58:58.0139 3896 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:58:58.0279 3896 usbprint - ok
23:58:58.0342 3896 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:58:58.0451 3896 usbscan - ok
23:58:58.0514 3896 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:58:58.0639 3896 USBSTOR - ok
23:58:58.0686 3896 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:58:58.0779 3896 usbuhci - ok
23:58:58.0842 3896 v2imount (b4d63048d6358e7c6ab61b98b8cff263) C:\WINDOWS\system32\DRIVERS\v2imount.sys
23:58:58.0857 3896 v2imount - ok
23:58:58.0920 3896 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:58:59.0092 3896 VgaSave - ok
23:58:59.0107 3896 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:58:59.0201 3896 viaagp - ok
23:58:59.0232 3896 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:58:59.0311 3896 ViaIde - ok
23:58:59.0357 3896 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:58:59.0482 3896 VolSnap - ok
23:58:59.0529 3896 VProEventMonitor (e78781b2c86c92a0a738df566460f716) C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys
23:58:59.0529 3896 VProEventMonitor - ok
23:58:59.0592 3896 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:58:59.0779 3896 Wanarp - ok
23:58:59.0795 3896 wanatw - ok
23:58:59.0826 3896 WDICA - ok
23:58:59.0873 3896 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
23:58:59.0967 3896 wdmaud - ok
23:59:00.0014 3896 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\WINDOWS\system32\DRIVERS\wimfltr.sys
23:59:00.0061 3896 WimFltr - ok
23:59:00.0139 3896 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
23:59:00.0232 3896 winachsf - ok
23:59:00.0357 3896 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:59:00.0467 3896 WmiAcpi - ok
23:59:00.0561 3896 WpdUsb (0770acca345b35ef455ac0d96c8b39a0) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:59:00.0670 3896 WpdUsb - ok
23:59:00.0701 3896 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
23:59:00.0889 3896 WS2IFSL - ok
23:59:00.0936 3896 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:59:01.0076 3896 WudfPf - ok
23:59:01.0232 3896 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:59:01.0311 3896 WudfRd - ok
23:59:01.0342 3896 MBR (0x1B8) (f641627a89e49c3881e0f69a3ffd7c69) \Device\Harddisk0\DR0
23:59:01.0357 3896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
23:59:01.0357 3896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
23:59:01.0404 3896 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:59:01.0404 3896 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:59:01.0436 3896 Boot (0x1200) (0b78d4d420b50f006d748ada11e575e5) \Device\Harddisk0\DR0\Partition0
23:59:01.0436 3896 \Device\Harddisk0\DR0\Partition0 - ok
23:59:01.0436 3896 ============================================================
23:59:01.0436 3896 Scan finished
23:59:01.0436 3896 ============================================================
23:59:01.0592 1008 Detected object count: 21
23:59:01.0592 1008 Actual detected object count: 21
23:59:10.0654 1008 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0654 1008 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0654 1008 bvrp_pci ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0654 1008 bvrp_pci ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0654 1008 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0654 1008 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0654 1008 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0654 1008 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0670 1008 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0670 1008 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0670 1008 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0670 1008 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0670 1008 omci ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0670 1008 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0670 1008 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0670 1008 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0670 1008 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0670 1008 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0670 1008 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0670 1008 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0670 1008 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0670 1008 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0670 1008 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0670 1008 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0686 1008 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0686 1008 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0686 1008 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0686 1008 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0686 1008 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0686 1008 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0686 1008 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0686 1008 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0686 1008 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0686 1008 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0686 1008 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0686 1008 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0686 1008 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
23:59:10.0686 1008 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:59:10.0701 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
23:59:10.0701 1008 \Device\Harddisk0\DR0 - ok
23:59:10.0701 1008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
23:59:10.0701 1008 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:59:10.0701 1008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:59:21.0545 1988 Deinitialize success
  • 0

#12
Gammo
Posted 30 January 2012 - 10:43 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please re-run ComboFix. Post the resulting log fig in your next reply. :thumbsup:
  • 0

#13
libsrone
Posted 31 January 2012 - 04:10 AM

libsrone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ETA: Computer seemed to run fine today!

ComboFix 12-01-23.02 - Vinny 01/30/2012 23:58:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1237 [GMT -6:00]
Running from: c:\documents and settings\Vinny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\83f004806845a684.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-29 05:46 . 2012-01-29 05:46 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-27 06:35 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-27 06:35 . 2012-01-27 06:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-26 06:21 . 2012-01-26 06:21 -------- dc----w- C:\_OTL
2012-01-21 04:22 . 2012-01-21 04:22 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-01-19 06:58 . 2012-01-19 06:58 -------- dc----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2012-01-19 05:24 . 2012-01-27 06:08 -------- d-----w- c:\program files\CheckPoint
2012-01-19 01:14 . 2012-01-19 01:14 -------- dc----w- c:\documents and settings\Vinny\Application Data\SUPERAntiSpyware.com
2012-01-19 01:12 . 2012-01-19 01:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-19 01:12 . 2012-01-19 01:12 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-18 10:57 . 2011-11-03 18:06 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-18 08:21 . 2012-01-18 08:21 -------- dcs---w- c:\documents and settings\NetworkService\UserData
2012-01-18 01:04 . 2012-01-18 01:05 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-20 11:31 . 2007-05-20 11:31 61440 -c--a-w- c:\program files\DGVfapi.vfp
2007-03-16 05:29 . 2007-03-16 05:29 781992 ----a-w- c:\program files\fraps.exe
2007-03-16 05:27 . 2007-03-16 05:27 118784 -c--a-w- c:\program files\fraps.dll
2007-03-16 05:27 . 2007-03-16 05:27 122880 -c--a-w- c:\program files\frapslcd.dll
2006-12-22 05:01 . 2006-12-22 05:01 57856 -c--a-w- c:\program files\fraps64.dll
2006-12-22 05:01 . 2006-12-22 05:01 293376 -c--a-w- c:\program files\fraps64.dat
2011-04-14 16:26 . 2011-05-16 07:47 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-26_07.24.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-31 05:32 . 2012-01-31 05:32 16384 c:\windows\Temp\Perflib_Perfdata_928.dat
+ 2012-01-31 05:32 . 2012-01-31 05:32 16384 c:\windows\Temp\Perflib_Perfdata_70c.dat
+ 2012-01-31 05:33 . 2012-01-31 05:33 16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2012-01-31 05:32 . 2012-01-31 05:32 16384 c:\windows\Temp\Perflib_Perfdata_3c0.dat
+ 2012-01-28 04:44 . 2012-01-28 04:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-19 06:27 . 2012-01-28 04:44 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2011-12-19 06:27 . 2011-12-19 06:27 16384 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-01-28 04:44 . 2012-01-28 04:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-12-19 06:27 . 2011-12-19 06:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-28 04:44 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-28 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2245984]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-09-12 5048488]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-09-12 357384]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-28 939872]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-28 928096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-10 53760]
.
c:\documents and settings\Vinny\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26126:TCP"= 26126:TCP:*:Disabled:dBpoweramp Renaissance UPnP TCP
"26126:UDP"= 26126:UDP:*:Disabled:dBpoweramp Renaissance UPnP UDP
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/18/2012 4:57 AM 64512]
R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [9/10/2010 1:51 PM 902432]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/21/2011 1:37 AM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [9/10/2010 1:52 PM 2326920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/10/2004 5:00 AM 5120]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [1/27/2012 10:44 PM 909152]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [9/10/2010 1:52 PM 159168]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1558000]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [9/8/2010 9:26 PM 27760]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 18:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: erightsoft.net\www
Trusted Zone: free.fr\gpl.download
Trusted Zone: musicmatch.com\online
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Vinny\Application Data\Mozilla\Firefox\Profiles\3vdf3rxd.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B44b552af-9374-4011-83a6-fdd6e534b24d%7D&mid=684c33da4deab31858a920fe0e4f0cd0-c221482c8c73fad4df87dab4034a7ff59ea90047&ds=AVG&v=9.0.0.22&lang=en&pr=fr&d=2011-09-24%2018%3A22%3A16&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ZoneAlarm Installer - c:\program files\CheckPoint\Install\Launcher.exe
AddRemove-Sims2Pack Clean Installer - c:\program files\Sims2Pack Clean Installer\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 00:30
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD5000BEVT-80A0RT0 rev.01.01A01 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A5592C6
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\DefaultPreset]
@DACL=(02 0000)
@="DV - NTSC\\Standard 48kHz.prpreset"
.
[HKEY_LOCAL_MACHINE\software\Adobe\Premiere Pro\2.0\Help]
@DACL=(02 0000)
"Support"="http://www.adobe.com.../premiere.html"
"Search"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\search.html"
"Keyboard"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_21_0_0.html"
"HowToUse"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\0_0_0_0.html"
"ExportToDVD"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_19_2_0.html"
"AdobeMediaEncoder"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Contents"="c:\\Program Files\\Adobe\\Adobe Premiere Pro 2.0\\Help\\1_0_0_0.html"
"Registration"="\"http://store.adobe.com/cgi-bin/WebObjects/WEC?pageID=RegMp1\""
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2a154338-8603-4311-8900-659aef409e1b}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009a
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,40,02,13,ad,75,b8,fc,03,0e,19,9b,7e,c0,c3,5d,71,ae,29,89,e6,ae,dd,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):0c,d3,7b,85,7d,18,9d,1c,59,62,25,88,e2,79,a3,25,26,0d,d1,65,0d,
d6,e6,11,5b,5b,6d,ed,2d,7a,8f,cf,e9,52,f1,6d,76,03,21,06,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1304)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\imjp81.ime
c:\windows\system32\imjp81k.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
.
Completion time: 2012-01-31 00:39:28
ComboFix-quarantined-files.txt 2012-01-31 06:39
ComboFix2.txt 2012-01-26 07:35
.
Pre-Run: 29,106,122,752 bytes free
Post-Run: 29,255,012,352 bytes free
.
- - End Of File - - 816C374205343EFC6017A457D6AD9514

Edited by libsrone, 31 January 2012 - 04:33 AM.

  • 0

#14
Gammo
Posted 03 February 2012 - 08:00 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I'm sorry for my late response. Due to an Internet connection problem I wasn't able to reply any sooner.

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Firefox and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

If you decide to use the Firefox browser, the McAfee SiteAdvisor add-on will nicely help to enhance your security. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:
  • 0

#15
libsrone
Posted 05 February 2012 - 05:41 AM

libsrone

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I appreciate all your help!

Thank you!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP