Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Something creating may copies of iexplorer.exe, wltuser.exe comnputer

Started by JohnnieF , Jan 30 2012 10:22 AM

Please log in to reply

#16
JohnnieF

Posted 04 February 2012 - 12:45 PM

Member

Topic Starter
Member
32 posts

--------------- combo fix =======================

ComboFix 12-02-03.02 - Lauras 03/02/2012 15:23:48.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.111 [GMT -5:00]
Running from: c:\documents and settings\Lauras\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Lauras\Desktop\ebooks\7_SUPE~1\7SUPER~1\7SE136~1.exe
c:\documents and settings\All Users\Application Data\agrqaaa.tmp
c:\documents and settings\All Users\Application Data\boxpaaa.tmp
c:\documents and settings\All Users\Application Data\cgrqaaa.tmp
c:\documents and settings\All Users\Application Data\cjdraaa.tmp
c:\documents and settings\All Users\Application Data\dgrqaaa.tmp
c:\documents and settings\All Users\Application Data\djdraaa.tmp
c:\documents and settings\All Users\Application Data\doxpaaa.tmp
c:\documents and settings\All Users\Application Data\egrqaaa.tmp
c:\documents and settings\All Users\Application Data\eoxpaaa.tmp
c:\documents and settings\All Users\Application Data\erjqaaa.tmp
c:\documents and settings\All Users\Application Data\euvqaaa.tmp
c:\documents and settings\All Users\Application Data\fuvqaaa.tmp
c:\documents and settings\All Users\Application Data\gjdraaa.tmp
c:\documents and settings\All Users\Application Data\grjqaaa.tmp
c:\documents and settings\All Users\Application Data\guvqaaa.tmp
c:\documents and settings\All Users\Application Data\huvqaaa.tmp
c:\documents and settings\All Users\Application Data\ifoqaaa.tmp
c:\documents and settings\All Users\Application Data\imslaaa.tmp
c:\documents and settings\All Users\Application Data\iuvqaaa.tmp
c:\documents and settings\All Users\Application Data\jmslaaa.tmp
c:\documents and settings\All Users\Application Data\ktsqaaa.tmp
c:\documents and settings\All Users\Application Data\liaraaa.tmp
c:\documents and settings\All Users\Application Data\ltsqaaa.tmp
c:\documents and settings\All Users\Application Data\mlmraaa.tmp
c:\documents and settings\All Users\Application Data\mmrpaaa.tmp
c:\documents and settings\All Users\Application Data\mtsqaaa.tmp
c:\documents and settings\All Users\Application Data\nlmraaa.tmp
c:\documents and settings\All Users\Application Data\nmrpaaa.tmp
c:\documents and settings\All Users\Application Data\ntsqaaa.tmp
c:\documents and settings\All Users\Application Data\olmraaa.tmp
c:\documents and settings\All Users\Application Data\omrpaaa.tmp
c:\documents and settings\All Users\Application Data\otsqaaa.tmp
c:\documents and settings\All Users\Application Data\pmrpaaa.tmp
c:\documents and settings\All Users\Application Data\ppdqaaa.tmp
c:\documents and settings\All Users\Application Data\qmrpaaa.tmp
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\zddebaa.tmp
c:\documents and settings\Lauras\g2mdlhlpx.exe
c:\documents and settings\Lauras\Local Settings\Application Data\assembly\tmp
c:\program files\Internet Explorer\SETE4.tmp
c:\windows\$NtUninstallKB19978$
c:\windows\$NtUninstallKB19978$\1712049141
c:\windows\$NtUninstallKB19978$\4103322265\@
c:\windows\$NtUninstallKB19978$\4103322265\cfg.ini
c:\windows\$NtUninstallKB19978$\4103322265\Desktop.ini
c:\windows\$NtUninstallKB19978$\4103322265\L\raciboqm
c:\windows\$NtUninstallKB19978$\4103322265\oemid
c:\windows\$NtUninstallKB19978$\4103322265\U\00000001.@
c:\windows\$NtUninstallKB19978$\4103322265\U\00000002.@
c:\windows\$NtUninstallKB19978$\4103322265\U\00000004.@
c:\windows\$NtUninstallKB19978$\4103322265\U\80000000.@
c:\windows\$NtUninstallKB19978$\4103322265\U\80000004.@
c:\windows\$NtUninstallKB19978$\4103322265\U\80000032.@
c:\windows\$NtUninstallKB19978$\4103322265\version
c:\windows\system32\Packet.dll
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\SETFB.tmp
c:\windows\system32\SETFC.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\wpcap.dll
.
c:\windows\system32\winlogon.exe . . . is infected!!
.
c:\windows\system32\svchost.exe . . . is infected!!
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 20:46 . 2012-02-03 20:47 864 ----a-w- c:\documents and settings\All Users\Application Data\yklpaaa.tmp
2012-01-31 04:29 . 2012-01-31 04:29 -------- d-----w- c:\program files\EMCO
2012-01-31 04:28 . 2012-01-31 04:28 -------- d-----w- C:\install
2012-01-30 00:06 . 2012-01-30 00:06 -------- d-sh--w- c:\documents and settings\Testing\IETldCache
2012-01-29 15:31 . 2012-01-29 15:31 -------- d-----w- c:\documents and settings\Lauras\Application Data\ElevatedDiagnostics
2012-01-27 14:39 . 2012-01-27 14:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-27 14:25 . 2012-01-27 14:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-27 14:24 . 2012-01-27 14:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-27 14:10 . 2012-01-27 14:10 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2012-01-27 13:29 . 2012-01-27 13:29 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-01-25 22:55 . 2012-01-25 22:55 -------- d-----w- c:\documents and settings\Lauras\Application Data\PC-FAX TX
2012-01-25 20:49 . 2012-01-25 21:01 -------- d-----w- c:\documents and settings\Lauras\Application Data\ControlCenter4
2012-01-25 20:22 . 2004-08-09 06:42 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2012-01-25 20:22 . 2005-01-17 07:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-25 20:22 . 2010-04-02 05:33 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
2012-01-25 20:22 . 2010-10-14 02:37 103792 ----a-w- c:\windows\system32\BRRBI110.EXE
2012-01-25 20:22 . 2010-03-15 16:20 50176 ----a-w- c:\windows\system32\BRPRTINK.DLL
2012-01-25 20:22 . 2009-11-03 03:06 11520 ----a-w- c:\windows\system32\drivers\BrUsbSib.sys
2012-01-25 20:22 . 2009-11-03 03:06 71424 ----a-w- c:\windows\system32\drivers\BrSerIb.sys
2012-01-25 20:22 . 2010-09-14 10:07 55808 ----a-w- c:\windows\system32\BrUsi11a.dll
2012-01-25 20:22 . 2010-12-21 00:47 1481216 ----a-w- c:\windows\system32\BrWia11a.dll
2012-01-25 20:22 . 2010-04-01 10:28 217088 ----a-w- c:\windows\system32\BrJDec.dll
2012-01-25 20:22 . 2004-10-15 03:50 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- C:\Brother
2012-01-25 20:21 . 2006-07-07 17:40 73728 ------w- c:\windows\system32\BRCrypt.dll
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- c:\program files\Browny02
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ControlCenter4
2012-01-25 20:20 . 2012-01-25 20:21 -------- d-----w- c:\program files\ControlCenter4
2012-01-25 20:20 . 2011-03-01 23:53 118784 ------w- c:\windows\system32\BrMfNt.dll
2012-01-25 20:20 . 2009-10-13 21:59 180224 ------w- c:\windows\system32\BrMuSNMP.dll
2012-01-25 20:20 . 2009-12-08 21:17 225280 ------w- c:\windows\system32\BrfxD05c.dll
2012-01-25 20:19 . 2011-04-08 00:04 3072 ------w- c:\windows\system32\BrDctF2S.dll
2012-01-25 20:19 . 2011-01-27 18:24 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-25 20:19 . 2010-03-16 00:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-25 20:19 . 2007-12-14 03:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-25 20:19 . 2010-02-05 02:42 180224 ----a-w- c:\windows\system32\BROSNMP.DLL
2012-01-25 20:17 . 2012-01-25 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2012-01-25 20:16 . 2012-01-25 20:16 -------- d-----w- c:\documents and settings\Lauras\Application Data\InstallShield
2012-01-25 20:02 . 2012-01-25 20:06 -------- d-----w- c:\program files\MFCJ625D
2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\program files\Starfield
2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\documents and settings\Lauras\Local Settings\Application Data\Workspace
2012-01-25 14:50 . 2012-01-25 14:51 -------- d-----w- c:\program files\Workspace
2012-01-12 21:59 . 2012-01-12 21:59 -------- d-sh--w- c:\documents and settings\Lauras\IECompatCache
2012-01-12 21:48 . 2012-01-12 21:48 -------- d-sh--w- c:\documents and settings\Lauras\PrivacIE
2012-01-12 21:45 . 2012-01-12 21:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-12 21:45 . 2012-01-12 21:45 -------- d-sh--w- c:\documents and settings\Lauras\IETldCache
2012-01-12 21:42 . 2012-01-12 21:42 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-12 21:25 . 2012-01-12 21:30 -------- dc-h--w- c:\windows\ie8
2012-01-12 21:17 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-01-12 21:17 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-12 21:17 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-12 21:17 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-10 20:28 . 2012-01-10 20:29 -------- d-----w- c:\documents and settings\Lauras\Application Data\MobileBlogX
2012-01-10 20:28 . 2012-01-10 20:28 -------- d-----w- c:\program files\MobileBlogX
2012-01-09 19:59 . 2012-01-10 03:09 -------- d-----w- c:\documents and settings\Lauras\Application Data\FileZilla
2012-01-09 19:58 . 2012-01-09 19:58 -------- d-----w- c:\program files\FileZilla FTP Client
2012-01-07 16:29 . 2012-01-07 16:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2011-04-27 17:44 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 03:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 03:42 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 03:42 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 03:42 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Lauras\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2008-01-11 949248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-01-30 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\documents and settings\Lauras\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2011-04-20 22:53 139264 ----a-w- c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2012-01-25 14:50 34496 ----a-w- c:\program files\Workspace\workspaceupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\vbuzzer\\VBuzzer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Documents and Settings\\Lauras\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:*:Disabled:mail
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2001-08-17 2944]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 71424]
R3 BrSerWDM;Brother Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2003-03-14 61952]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2001-08-17 11008]
R3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2001-08-17 10368]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 11520]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [2012-01-05 1187600]
R3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2012-01-30 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2012-01-30 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-01-30 116608]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [2011-01-06 689464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-813497703-1177238915-1003Core.job
- c:\documents and settings\Lauras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 14:37]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-813497703-1177238915-1003UA.job
- c:\documents and settings\Lauras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 14:37]
.
2012-01-12 c:\windows\Tasks\User_Feed_Synchronization-{A255B638-3B36-492C-A237-EB049335EE79}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
2011-06-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: salesforce.com\na6
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 206.248.154.22
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-Run-dplaysvr - c:\documents and settings\Lauras\Application Data\dplaysvr.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-03 15:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,86,d2,b0,8c,c4,42,4e,a4,b0,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,86,d2,b0,8c,c4,42,4e,a4,b0,eb,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FC12EA6D08AA9ED6A50A9AE77F75F1639D329EC9F059C3A4B74BA4384D5215344FBE6DF63B1CBCF86B4BC86A932012AD26C1E922BA7D60F56C4903F64196B6080B41B8C0DC3779DE8625E30A2944CF05CF8C9F663CFE58E6363129D08F5AB4BC3E8D15942E596280B40348CF3E84DDF1A498D004D16AA2AF8CC0FE3090B2EC5C6CB9DB00A4C158D624F3E50D85EA44FEA18C222B0CB00A0B5658FDC7D01A8FF30C02FE56E81492E17A2D41D3E6635CBCB7B64E4F2B28313DF480348B106FA1148943FE2E5A561B234E05F2FA7BBD55BDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407C038D530D6EB34522A36039169EA5106F8D42C9A049C475C3BEB37A0124430EC6514134E36191B665A64AC19420C808DC4E839FD0075A8824A923D5145DB669D04C9F09B59C69C4DC904F10CA69E1A94526FC1F0BF1DC00C9CB0974A39597C79ADA600E8C34D0E7B9CCA4C98AC81A0B5729AD5E3973F3722CE8F8D5F1BCC6060EC2BDA86A145BF9E6A944CB19C7AE890E8BB1B8A0DE506F6F19AF72152AB4F31407EAE0B532F56E83EDE948C762F1D48ECCA48DAD8827B3D0C6444EA72515FCF19E9BFCD6E6BCB1015CDDB22E8AB3A81ABE4A910EBE8BB2B96A172D64879F6A65D5A62ED3A426C4DE3276F345BDE92E8C4C920A9E7D1BC7E7BAA1AC4D4C4D122E663814AB35C58DE11D62CC0669D4CACCBDC9F6BA2DA49761F7D625ACABA01B1053A9B8A0CC98505776B0711D71D617EC82631DB288180D5D439097F9043E64BF9B84296A67C3B876697862EB1791F94B8516F46362C546465A3605F43ABBB6679DC9D1B1C4A97AE21B2C66529B226AB0BAE0D39BFA20D6F8FA5CB6BB1268B802FC8E50A3A6D8A48DE38F4C928ACED8124324C886992C3C3034D4756DF48B69AB8C16A188005D8A5C8C456324AACBF58DAF286CB108A68386449DD99840BEEB828B10DBE23139C1E001E4337E3E0B9F67D2EA75D42803DA24E7031F08B4BBD620428443A0B7EC08897A82338F8564D2849422FDBBF4CD8DD4C3A775C144B7E26C5541A8D559007C59471F856C20240BAF33533AC0229274BDFC4781FF2B06194DB0EAD7BD1F88434F325D6F8AFBAAB0225AC5AF33239E54EFE4F93C22E83E9C0274F308F8549A1BC251962C8603C7ED2F876619FAF00A74D914138930332EFC47F346816A8F81AC608C25935AB2579890080195D8C6654B574A16C205E8E1EBD2E01B09F28E001BFF63D89701A78B3033D60E59F8EB8A575791EC93EE54C754AEF9A7602A440391B3B47D6EFE81F1523A8CC3E1FB1A6AB0165077D067107491078893E55713AFBCD1544B8ED89E3DD5130A230D6A2454751F05147510AB94238ECFD9BF71854D5D0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2956)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
c:\windows\Network Diagnostic\xpnetdiag.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Windows Live\Toolbar\wltuser.exe
.
**************************************************************************
.
Completion time: 2012-02-03 16:08:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 21:07
.
Pre-Run: 33,480,642,560 bytes free
Post-Run: 33,688,616,960 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - 869231FC1015DCD889CD7FCD659A4983

-----------tdskiller 1 =============================

16:13:30.0734 1260 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
16:13:33.0015 1260 ============================================================
16:13:33.0015 1260 Current date / time: 2012/02/03 16:13:33.0015
16:13:33.0015 1260 SystemInfo:
16:13:33.0015 1260
16:13:33.0031 1260 OS Version: 5.1.2600 ServicePack: 3.0
16:13:33.0031 1260 Product type: Workstation
16:13:33.0031 1260 ComputerName: LAURA
16:13:33.0031 1260 UserName: Lauras
16:13:33.0031 1260 Windows directory: C:\WINDOWS
16:13:33.0031 1260 System windows directory: C:\WINDOWS
16:13:33.0031 1260 Processor architecture: Intel x86
16:13:33.0031 1260 Number of processors: 1
16:13:33.0031 1260 Page size: 0x1000
16:13:33.0031 1260 Boot type: Normal boot
16:13:33.0031 1260 ============================================================
16:13:54.0453 1260 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:13:54.0812 1260 \Device\Harddisk0\DR0:
16:13:54.0906 1260 MBR used
16:13:54.0906 1260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
16:13:55.0484 1260 Initialize success
16:13:55.0484 1260 ============================================================
16:13:59.0703 2824 ============================================================
16:13:59.0703 2824 Scan started
16:13:59.0703 2824 Mode: Manual;
16:13:59.0703 2824 ============================================================
16:14:02.0390 2824 Abiosdsk - ok
16:14:02.0453 2824 abp480n5 - ok
16:14:02.0515 2824 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:14:02.0531 2824 ACPI - ok
16:14:02.0578 2824 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:14:02.0578 2824 ACPIEC - ok
16:14:02.0640 2824 adpu160m - ok
16:14:02.0890 2824 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:14:02.0890 2824 aec - ok
16:14:03.0281 2824 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:14:03.0281 2824 AegisP - ok
16:14:03.0515 2824 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:14:03.0656 2824 AFD - ok
16:14:03.0984 2824 Aha154x - ok
16:14:04.0218 2824 aic78u2 - ok
16:14:04.0390 2824 aic78xx - ok
16:14:05.0312 2824 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:14:07.0031 2824 ALCXWDM - ok
16:14:07.0171 2824 AliIde - ok
16:14:07.0453 2824 amsint - ok
16:14:07.0687 2824 asc - ok
16:14:07.0906 2824 asc3350p - ok
16:14:08.0234 2824 asc3550 - ok
16:14:08.0578 2824 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:14:08.0609 2824 AsyncMac - ok
16:14:09.0156 2824 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:14:09.0156 2824 atapi - ok
16:14:09.0828 2824 Atdisk - ok
16:14:10.0406 2824 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:14:10.0437 2824 Atmarpc - ok
16:14:11.0031 2824 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:14:11.0078 2824 audstub - ok
16:14:11.0531 2824 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:14:11.0562 2824 AVGIDSDriver - ok
16:14:11.0953 2824 AVGIDSEH - ok
16:14:12.0468 2824 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:14:12.0484 2824 AVGIDSFilter - ok
16:14:12.0765 2824 AVGIDSShim - ok
16:14:13.0265 2824 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:14:13.0531 2824 Avgldx86 - ok
16:14:16.0187 2824 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:14:16.0281 2824 Avgmfx86 - ok
16:14:17.0031 2824 Avgrkx86 - ok
16:14:17.0453 2824 Avgtdix - ok
16:14:17.0875 2824 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:14:17.0906 2824 BCM43XX - ok
16:14:18.0031 2824 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:14:18.0031 2824 Beep - ok
16:14:18.0171 2824 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
16:14:18.0187 2824 brfilt - ok
16:14:18.0265 2824 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:14:18.0265 2824 BrScnUsb - ok
16:14:18.0359 2824 BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\WINDOWS\system32\DRIVERS\BrSerIb.sys
16:14:18.0406 2824 BrSerIb - ok
16:14:18.0484 2824 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
16:14:18.0484 2824 BrSerWDM - ok
16:14:18.0531 2824 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
16:14:18.0531 2824 BrUsbMdm - ok
16:14:18.0578 2824 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
16:14:18.0578 2824 BrUsbScn - ok
16:14:18.0671 2824 BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys
16:14:18.0687 2824 BrUsbSIb - ok
16:14:19.0031 2824 catchme - ok
16:14:19.0218 2824 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:14:19.0234 2824 cbidf2k - ok
16:14:19.0265 2824 cd20xrnt - ok
16:14:19.0328 2824 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:14:19.0328 2824 Cdaudio - ok
16:14:19.0453 2824 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:14:19.0453 2824 Cdfs - ok
16:14:19.0546 2824 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:14:19.0562 2824 Cdrom - ok
16:14:19.0609 2824 Changer - ok
16:14:19.0750 2824 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:14:19.0750 2824 CmBatt - ok
16:14:19.0828 2824 CmdIde - ok
16:14:19.0906 2824 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:14:19.0906 2824 Compbatt - ok
16:14:20.0000 2824 Cpqarray - ok
16:14:20.0109 2824 dac2w2k - ok
16:14:20.0156 2824 dac960nt - ok
16:14:20.0250 2824 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:14:20.0250 2824 Disk - ok
16:14:20.0531 2824 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:14:20.0625 2824 dmboot - ok
16:14:20.0718 2824 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:14:20.0750 2824 dmio - ok
16:14:20.0796 2824 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:14:20.0812 2824 dmload - ok
16:14:20.0906 2824 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:14:20.0937 2824 DMusic - ok
16:14:21.0109 2824 dpti2o - ok
16:14:21.0171 2824 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:14:21.0203 2824 drmkaud - ok
16:14:21.0421 2824 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:14:21.0468 2824 Fastfat - ok
16:14:21.0593 2824 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:14:21.0640 2824 Fdc - ok
16:14:21.0796 2824 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:14:21.0796 2824 Fips - ok
16:14:21.0828 2824 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:14:21.0828 2824 Flpydisk - ok
16:14:22.0046 2824 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:14:22.0156 2824 FltMgr - ok
16:14:22.0640 2824 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:14:22.0656 2824 fssfltr - ok
16:14:22.0828 2824 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:14:22.0843 2824 Fs_Rec - ok
16:14:24.0296 2824 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:14:24.0406 2824 Ftdisk - ok
16:14:25.0312 2824 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:14:25.0343 2824 Gpc - ok
16:14:26.0062 2824 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:14:26.0156 2824 HidUsb - ok
16:14:29.0859 2824 hpn - ok
16:14:30.0171 2824 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:14:30.0171 2824 HSFHWICH - ok
16:14:30.0343 2824 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:14:30.0562 2824 HSF_DP - ok
16:14:30.0734 2824 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:14:30.0750 2824 HTTP - ok
16:14:30.0890 2824 i2omgmt - ok
16:14:30.0921 2824 i2omp - ok
16:14:30.0984 2824 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:14:31.0000 2824 i8042prt - ok
16:14:31.0968 2824 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:14:32.0546 2824 ialm - ok
16:14:32.0734 2824 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:14:32.0734 2824 Imapi - ok
16:14:32.0796 2824 ini910u - ok
16:14:32.0921 2824 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:14:32.0968 2824 IntelIde - ok
16:14:33.0046 2824 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:14:33.0046 2824 intelppm - ok
16:14:33.0140 2824 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:14:33.0156 2824 Ip6Fw - ok
16:14:33.0390 2824 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:14:33.0390 2824 IpFilterDriver - ok
16:14:33.0609 2824 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:14:33.0609 2824 IpInIp - ok
16:14:33.0703 2824 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:14:33.0703 2824 IpNat - ok
16:14:33.0828 2824 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:14:33.0843 2824 IPSec - ok
16:14:33.0906 2824 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:14:33.0906 2824 IRENUM - ok
16:14:34.0015 2824 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:14:34.0031 2824 isapnp - ok
16:14:34.0109 2824 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:14:34.0140 2824 Kbdclass - ok
16:14:34.0234 2824 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:14:34.0250 2824 kmixer - ok
16:14:34.0359 2824 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:14:34.0359 2824 KSecDD - ok
16:14:34.0562 2824 L8042pr2 (a006d66edb128fb9ab940a903fdf792e) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
16:14:34.0562 2824 L8042pr2 - ok
16:14:34.0703 2824 lbrtfdc - ok
16:14:35.0093 2824 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
16:14:35.0125 2824 LMouFlt2 - ok
16:14:35.0359 2824 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:14:35.0359 2824 mdmxsdk - ok
16:14:35.0625 2824 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
16:14:35.0656 2824 mf - ok
16:14:36.0109 2824 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:14:36.0156 2824 mnmdd - ok
16:14:36.0484 2824 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:14:36.0500 2824 Modem - ok
16:14:36.0828 2824 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:14:36.0828 2824 Mouclass - ok
16:14:37.0406 2824 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:14:37.0421 2824 mouhid - ok
16:14:37.0859 2824 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:14:37.0859 2824 MountMgr - ok
16:14:38.0046 2824 mraid35x - ok
16:14:38.0406 2824 MREMP50 - ok
16:14:38.0437 2824 MREMP50a64 - ok
16:14:38.0453 2824 MRESP50 - ok
16:14:38.0484 2824 MRESP50a64 - ok
16:14:38.0937 2824 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:14:39.0062 2824 MRxDAV - ok
16:14:40.0671 2824 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:14:41.0015 2824 MRxSmb - ok
16:14:41.0531 2824 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:14:41.0546 2824 Msfs - ok
16:14:41.0890 2824 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:14:41.0906 2824 MSKSSRV - ok
16:14:42.0375 2824 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:14:42.0390 2824 MSPCLOCK - ok
16:14:42.0609 2824 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:14:42.0625 2824 MSPQM - ok
16:14:43.0031 2824 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:14:43.0031 2824 mssmbios - ok
16:14:43.0343 2824 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:14:43.0343 2824 Mup - ok
16:14:43.0718 2824 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:14:43.0843 2824 NDIS - ok
16:14:44.0218 2824 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:14:44.0250 2824 NdisTapi - ok
16:14:44.0343 2824 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:14:44.0343 2824 Ndisuio - ok
16:14:44.0437 2824 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:14:44.0468 2824 NdisWan - ok
16:14:44.0578 2824 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:14:44.0640 2824 NDProxy - ok
16:14:44.0828 2824 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:14:44.0953 2824 NetBIOS - ok
16:14:45.0218 2824 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:14:45.0234 2824 NetBT - ok
16:14:45.0515 2824 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:14:45.0515 2824 Npfs - ok
16:14:45.0750 2824 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:14:45.0781 2824 Ntfs - ok
16:14:45.0937 2824 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:14:45.0937 2824 Null - ok
16:14:46.0046 2824 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:14:46.0046 2824 NwlnkFlt - ok
16:14:46.0203 2824 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:14:46.0203 2824 NwlnkFwd - ok
16:14:46.0359 2824 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:14:46.0375 2824 Parport - ok
16:14:46.0531 2824 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:14:46.0531 2824 PartMgr - ok
16:14:46.0765 2824 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:14:46.0765 2824 ParVdm - ok
16:14:46.0968 2824 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:14:46.0968 2824 PCI - ok
16:14:47.0046 2824 PCIDump - ok
16:14:47.0125 2824 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:14:47.0406 2824 PCIIde - ok
16:14:47.0656 2824 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:14:47.0671 2824 Pcmcia - ok
16:14:48.0015 2824 PDCOMP - ok
16:14:48.0093 2824 PDFRAME - ok
16:14:48.0203 2824 PDRELI - ok
16:14:48.0390 2824 PDRFRAME - ok
16:14:48.0562 2824 perc2 - ok
16:14:48.0812 2824 perc2hib - ok
16:14:49.0484 2824 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:14:49.0515 2824 PptpMiniport - ok
16:14:50.0125 2824 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:14:50.0234 2824 PSched - ok
16:14:50.0984 2824 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:14:51.0000 2824 Ptilink - ok
16:14:51.0421 2824 ql1080 - ok
16:14:52.0000 2824 Ql10wnt - ok
16:14:52.0343 2824 ql12160 - ok
16:14:52.0625 2824 ql1240 - ok
16:14:52.0890 2824 ql1280 - ok
16:14:53.0343 2824 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:14:53.0343 2824 RasAcd - ok
16:14:53.0781 2824 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:14:53.0796 2824 Rasl2tp - ok
16:14:54.0343 2824 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:14:54.0390 2824 RasPppoe - ok
16:14:54.0812 2824 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:14:54.0843 2824 Raspti - ok
16:14:55.0765 2824 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:14:56.0000 2824 Rdbss - ok
16:14:57.0187 2824 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:14:57.0250 2824 RDPCDD - ok
16:14:57.0953 2824 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:14:58.0968 2824 rdpdr - ok
16:14:59.0453 2824 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:14:59.0500 2824 RDPWD - ok
16:14:59.0750 2824 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:14:59.0796 2824 redbook - ok
16:15:00.0546 2824 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:15:00.0578 2824 RTL8023xp - ok
16:15:02.0015 2824 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:15:02.0046 2824 rtl8139 - ok
16:15:02.0609 2824 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:15:02.0750 2824 SASDIFSV - ok
16:15:03.0250 2824 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:15:03.0421 2824 SASKUTIL - ok
16:15:04.0156 2824 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:15:04.0203 2824 Secdrv - ok
16:15:04.0718 2824 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:15:04.0718 2824 Serial - ok
16:15:04.0843 2824 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:15:04.0843 2824 Sfloppy - ok
16:15:04.0875 2824 Simbad - ok
16:15:04.0953 2824 Sparrow - ok
16:15:05.0234 2824 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:15:05.0265 2824 splitter - ok
16:15:05.0625 2824 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:15:05.0625 2824 sr - ok
16:15:05.0921 2824 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:15:06.0265 2824 Srv - ok
16:15:07.0062 2824 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:15:07.0093 2824 swenum - ok
16:15:07.0781 2824 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:15:07.0828 2824 swmidi - ok
16:15:08.0078 2824 symc810 - ok
16:15:08.0421 2824 symc8xx - ok
16:15:08.0843 2824 sym_hi - ok
16:15:09.0140 2824 sym_u3 - ok
16:15:10.0750 2824 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:15:10.0828 2824 sysaudio - ok
16:15:11.0406 2824 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:15:11.0828 2824 Tcpip - ok
16:15:12.0437 2824 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:15:12.0437 2824 TDPIPE - ok
16:15:12.0875 2824 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:15:12.0875 2824 TDTCP - ok
16:15:13.0093 2824 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:15:13.0125 2824 TermDD - ok
16:15:13.0406 2824 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:15:13.0437 2824 tifsfilter - ok
16:15:13.0875 2824 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
16:15:14.0125 2824 timounter - ok
16:15:14.0453 2824 TosIde - ok
16:15:16.0781 2824 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:15:16.0781 2824 Udfs - ok
16:15:17.0031 2824 ultra - ok
16:15:17.0406 2824 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:15:17.0531 2824 Update - ok
16:15:17.0687 2824 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:15:17.0718 2824 usbaudio - ok
16:15:18.0171 2824 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:15:18.0203 2824 usbccgp - ok
16:15:18.0703 2824 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:15:18.0718 2824 usbehci - ok
16:15:19.0015 2824 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:15:19.0171 2824 usbhub - ok
16:15:19.0515 2824 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:15:19.0546 2824 usbprint - ok
16:15:19.0890 2824 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:15:19.0890 2824 USBSTOR - ok
16:15:20.0140 2824 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:15:20.0171 2824 usbuhci - ok
16:15:20.0500 2824 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:15:20.0500 2824 VgaSave - ok
16:15:20.0796 2824 ViaIde - ok
16:15:21.0156 2824 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:15:21.0171 2824 VolSnap - ok
16:15:21.0328 2824 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:15:21.0343 2824 Wanarp - ok
16:15:21.0375 2824 WDICA - ok
16:15:21.0546 2824 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:15:21.0562 2824 wdmaud - ok
16:15:21.0781 2824 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:15:22.0281 2824 winachsf - ok
16:15:22.0593 2824 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:15:22.0625 2824 WmiAcpi - ok
16:15:22.0953 2824 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:15:22.0968 2824 WS2IFSL - ok
16:15:23.0203 2824 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:15:23.0218 2824 WudfPf - ok
16:15:23.0265 2824 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:15:23.0281 2824 WudfRd - ok
16:15:23.0359 2824 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:15:24.0156 2824 \Device\Harddisk0\DR0 - ok
16:15:24.0171 2824 Boot (0x1200) (91192bf0aa5f8455e5dd192f05444bab) \Device\Harddisk0\DR0\Partition0
16:15:24.0171 2824 \Device\Harddisk0\DR0\Partition0 - ok
16:15:24.0171 2824 ============================================================
16:15:24.0171 2824 Scan finished
16:15:24.0171 2824 ============================================================
16:15:24.0187 5380 Detected object count: 0
16:15:24.0187 5380 Actual detected object count: 0
16:23:36.0218 2576 Deinitialize success

--------------------- tdskiller 2 =============================

16:25:01.0484 4984 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
16:25:02.0421 4984 ============================================================
16:25:02.0421 4984 Current date / time: 2012/02/03 16:25:02.0421
16:25:02.0421 4984 SystemInfo:
16:25:02.0421 4984
16:25:02.0421 4984 OS Version: 5.1.2600 ServicePack: 3.0
16:25:02.0421 4984 Product type: Workstation
16:25:02.0578 4984 ComputerName: LAURA
16:25:02.0578 4984 UserName: Lauras
16:25:02.0578 4984 Windows directory: C:\WINDOWS
16:25:02.0578 4984 System windows directory: C:\WINDOWS
16:25:02.0578 4984 Processor architecture: Intel x86
16:25:02.0578 4984 Number of processors: 1
16:25:02.0578 4984 Page size: 0x1000
16:25:02.0578 4984 Boot type: Normal boot
16:25:02.0578 4984 ============================================================
16:25:09.0703 4984 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:25:09.0937 4984 \Device\Harddisk0\DR0:
16:25:09.0953 4984 MBR used
16:25:09.0953 4984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
16:25:10.0187 4984 Initialize success
16:25:10.0187 4984 ============================================================
16:25:33.0375 5992 ============================================================
16:25:33.0375 5992 Scan started
16:25:33.0375 5992 Mode: Manual; SigCheck; TDLFS;
16:25:33.0375 5992 ============================================================
16:25:35.0281 5992 Abiosdsk - ok
16:25:35.0671 5992 abp480n5 - ok
16:25:36.0031 5992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:25:40.0640 5992 ACPI - ok
16:25:41.0140 5992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:25:41.0390 5992 ACPIEC - ok
16:25:41.0546 5992 adpu160m - ok
16:25:41.0718 5992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:25:45.0156 5992 aec - ok
16:25:45.0437 5992 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:25:45.0484 5992 AegisP ( UnsignedFile.Multi.Generic ) - warning
16:25:45.0484 5992 AegisP - detected UnsignedFile.Multi.Generic (1)
16:25:45.0906 5992 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:25:46.0218 5992 AFD - ok
16:25:46.0593 5992 Aha154x - ok
16:25:46.0812 5992 aic78u2 - ok
16:25:46.0968 5992 aic78xx - ok
16:25:48.0531 5992 ALCXWDM (8a8909fdd548d84a3e02e04f699ee705) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:25:51.0296 5992 ALCXWDM - ok
16:25:51.0421 5992 AliIde - ok
16:25:51.0437 5992 amsint - ok
16:25:51.0468 5992 asc - ok
16:25:51.0484 5992 asc3350p - ok
16:25:51.0500 5992 asc3550 - ok
16:25:51.0578 5992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:25:51.0750 5992 AsyncMac - ok
16:25:51.0796 5992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:25:51.0984 5992 atapi - ok
16:25:52.0015 5992 Atdisk - ok
16:25:52.0078 5992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:25:52.0250 5992 Atmarpc - ok
16:25:52.0312 5992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:25:52.0515 5992 audstub - ok
16:25:52.0640 5992 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:25:52.0921 5992 AVGIDSDriver - ok
16:25:53.0046 5992 AVGIDSEH - ok
16:25:53.0140 5992 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:25:53.0156 5992 AVGIDSFilter - ok
16:25:53.0218 5992 AVGIDSShim - ok
16:25:53.0484 5992 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:25:53.0500 5992 Avgldx86 - ok
16:25:53.0625 5992 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:25:53.0625 5992 Avgmfx86 - ok
16:25:53.0718 5992 Avgrkx86 - ok
16:25:53.0796 5992 Avgtdix - ok
16:25:53.0968 5992 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:25:54.0562 5992 BCM43XX - ok
16:25:54.0703 5992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:25:54.0890 5992 Beep - ok
16:25:55.0046 5992 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
16:25:55.0218 5992 brfilt - ok
16:25:55.0359 5992 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
16:25:55.0437 5992 BrScnUsb - ok
16:25:55.0562 5992 BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\WINDOWS\system32\DRIVERS\BrSerIb.sys
16:25:55.0625 5992 BrSerIb - ok
16:25:55.0750 5992 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
16:25:55.0796 5992 BrSerWDM - ok
16:25:55.0875 5992 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
16:25:56.0062 5992 BrUsbMdm - ok
16:25:56.0171 5992 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
16:25:56.0390 5992 BrUsbScn - ok
16:25:56.0515 5992 BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys
16:25:56.0531 5992 BrUsbSIb - ok
16:25:56.0687 5992 catchme - ok
16:25:56.0828 5992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:25:57.0000 5992 cbidf2k - ok
16:25:57.0078 5992 cd20xrnt - ok
16:25:57.0171 5992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:25:57.0328 5992 Cdaudio - ok
16:25:57.0468 5992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:25:57.0625 5992 Cdfs - ok
16:25:57.0765 5992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:25:57.0953 5992 Cdrom - ok
16:25:58.0000 5992 Changer - ok
16:25:58.0109 5992 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:25:58.0296 5992 CmBatt - ok
16:25:58.0312 5992 CmdIde - ok
16:25:58.0359 5992 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:25:58.0578 5992 Compbatt - ok
16:25:58.0609 5992 Cpqarray - ok
16:25:58.0656 5992 dac2w2k - ok
16:25:58.0671 5992 dac960nt - ok
16:25:58.0718 5992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:25:58.0906 5992 Disk - ok
16:25:58.0984 5992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:25:59.0250 5992 dmboot - ok
16:25:59.0312 5992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:25:59.0500 5992 dmio - ok
16:25:59.0531 5992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:25:59.0750 5992 dmload - ok
16:25:59.0812 5992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:26:00.0000 5992 DMusic - ok
16:26:00.0031 5992 dpti2o - ok
16:26:00.0078 5992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:26:00.0265 5992 drmkaud - ok
16:26:00.0390 5992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:26:00.0562 5992 Fastfat - ok
16:26:00.0609 5992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:26:00.0812 5992 Fdc - ok
16:26:00.0875 5992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:26:01.0062 5992 Fips - ok
16:26:01.0093 5992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:26:01.0250 5992 Flpydisk - ok
16:26:01.0296 5992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:26:01.0515 5992 FltMgr - ok
16:26:01.0828 5992 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
16:26:01.0843 5992 fssfltr - ok
16:26:01.0968 5992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:26:02.0203 5992 Fs_Rec - ok
16:26:02.0312 5992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:26:02.0765 5992 Ftdisk - ok
16:26:02.0890 5992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:26:03.0109 5992 Gpc - ok
16:26:03.0234 5992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:26:03.0437 5992 HidUsb - ok
16:26:03.0671 5992 hpn - ok
16:26:03.0984 5992 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
16:26:04.0062 5992 HSFHWICH - ok
16:26:04.0281 5992 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
16:26:04.0796 5992 HSF_DP - ok
16:26:04.0984 5992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:26:05.0140 5992 HTTP - ok
16:26:05.0546 5992 i2omgmt - ok
16:26:06.0093 5992 i2omp - ok
16:26:06.0296 5992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:26:06.0546 5992 i8042prt - ok
16:26:13.0609 5992 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:26:28.0468 5992 ialm - ok
16:26:29.0062 5992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:26:29.0375 5992 Imapi - ok
16:26:29.0750 5992 ini910u - ok
16:26:30.0156 5992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:26:30.0468 5992 IntelIde - ok
16:26:31.0484 5992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:26:31.0828 5992 intelppm - ok
16:26:32.0921 5992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:26:33.0687 5992 Ip6Fw - ok
16:26:33.0890 5992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:26:34.0265 5992 IpFilterDriver - ok
16:26:34.0906 5992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:26:35.0421 5992 IpInIp - ok
16:26:36.0234 5992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:26:36.0625 5992 IpNat - ok
16:26:37.0062 5992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:26:37.0328 5992 IPSec - ok
16:26:38.0125 5992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:26:38.0375 5992 IRENUM - ok
16:26:39.0703 5992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:26:40.0546 5992 isapnp - ok
16:26:41.0562 5992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:26:41.0968 5992 Kbdclass - ok
16:26:42.0593 5992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:26:43.0281 5992 kmixer - ok
16:26:43.0656 5992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:26:44.0078 5992 KSecDD - ok
16:26:44.0687 5992 L8042pr2 (a006d66edb128fb9ab940a903fdf792e) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
16:26:45.0000 5992 L8042pr2 - ok
16:26:45.0406 5992 lbrtfdc - ok
16:26:45.0781 5992 LMouFlt2 (03abef1a29addc98c32ed0f336b98e90) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
16:26:45.0875 5992 LMouFlt2 - ok
16:26:46.0218 5992 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
16:26:46.0281 5992 mdmxsdk - ok
16:26:46.0546 5992 mf (a7da20ab18a1bdae28b0f349e57da0d1) C:\WINDOWS\system32\DRIVERS\mf.sys
16:26:46.0765 5992 mf - ok
16:26:46.0921 5992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:26:47.0359 5992 mnmdd - ok
16:26:47.0406 5992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:26:47.0812 5992 Modem - ok
16:26:48.0250 5992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:26:48.0484 5992 Mouclass - ok
16:26:48.0765 5992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:26:52.0109 5992 mouhid - ok
16:26:52.0343 5992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:26:52.0546 5992 MountMgr - ok
16:26:52.0625 5992 mraid35x - ok
16:26:52.0781 5992 MREMP50 - ok
16:26:52.0843 5992 MREMP50a64 - ok
16:26:52.0859 5992 MRESP50 - ok
16:26:52.0906 5992 MRESP50a64 - ok
16:26:53.0218 5992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:26:53.0421 5992 MRxDAV - ok
16:26:53.0859 5992 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:26:54.0281 5992 MRxSmb - ok
16:26:54.0671 5992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:26:54.0890 5992 Msfs - ok
16:26:55.0000 5992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:26:55.0187 5992 MSKSSRV - ok
16:26:55.0234 5992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:26:55.0421 5992 MSPCLOCK - ok
16:26:55.0468 5992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:26:55.0640 5992 MSPQM - ok
16:26:55.0687 5992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:26:55.0906 5992 mssmbios - ok
16:26:55.0984 5992 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:26:56.0015 5992 Mup - ok
16:26:56.0093 5992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:26:56.0296 5992 NDIS - ok
16:26:56.0375 5992 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:26:56.0437 5992 NdisTapi - ok
16:26:56.0484 5992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:26:56.0718 5992 Ndisuio - ok
16:26:56.0796 5992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:26:56.0984 5992 NdisWan - ok
16:26:57.0031 5992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:26:57.0093 5992 NDProxy - ok
16:26:57.0125 5992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:26:57.0312 5992 NetBIOS - ok
16:26:57.0375 5992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:26:57.0562 5992 NetBT - ok
16:26:57.0609 5992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:26:57.0796 5992 Npfs - ok
16:26:57.0890 5992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:26:58.0109 5992 Ntfs - ok
16:26:58.0187 5992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:26:58.0359 5992 Null - ok
16:26:58.0406 5992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:26:58.0593 5992 NwlnkFlt - ok
16:26:58.0671 5992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:26:58.0875 5992 NwlnkFwd - ok
16:26:58.0953 5992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:26:59.0140 5992 Parport - ok
16:26:59.0250 5992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:26:59.0437 5992 PartMgr - ok
16:26:59.0468 5992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:26:59.0640 5992 ParVdm - ok
16:26:59.0687 5992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:26:59.0890 5992 PCI - ok
16:26:59.0906 5992 PCIDump - ok
16:26:59.0968 5992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:27:00.0156 5992 PCIIde - ok
16:27:00.0531 5992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:27:00.0718 5992 Pcmcia - ok
16:27:00.0734 5992 PDCOMP - ok
16:27:00.0750 5992 PDFRAME - ok
16:27:00.0781 5992 PDRELI - ok
16:27:00.0796 5992 PDRFRAME - ok
16:27:00.0843 5992 perc2 - ok
16:27:00.0859 5992 perc2hib - ok
16:27:00.0984 5992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:27:01.0187 5992 PptpMiniport - ok
16:27:01.0218 5992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:27:01.0390 5992 PSched - ok
16:27:01.0500 5992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:27:01.0734 5992 Ptilink - ok
16:27:01.0750 5992 ql1080 - ok
16:27:01.0781 5992 Ql10wnt - ok
16:27:01.0812 5992 ql12160 - ok
16:27:01.0828 5992 ql1240 - ok
16:27:01.0875 5992 ql1280 - ok
16:27:01.0921 5992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:27:02.0140 5992 RasAcd - ok
16:27:02.0203 5992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:27:02.0437 5992 Rasl2tp - ok
16:27:02.0656 5992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:27:03.0046 5992 RasPppoe - ok
16:27:03.0140 5992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:27:03.0390 5992 Raspti - ok
16:27:03.0625 5992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:27:03.0890 5992 Rdbss - ok
16:27:04.0234 5992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:27:04.0578 5992 RDPCDD - ok
16:27:04.0937 5992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:27:05.0234 5992 rdpdr - ok
16:27:05.0828 5992 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:27:06.0125 5992 RDPWD - ok
16:27:06.0671 5992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:27:06.0968 5992 redbook - ok
16:27:07.0890 5992 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:27:08.0765 5992 RTL8023xp - ok
16:27:09.0390 5992 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:27:09.0625 5992 rtl8139 - ok
16:27:09.0906 5992 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:27:09.0937 5992 SASDIFSV - ok
16:27:09.0953 5992 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:27:09.0968 5992 SASKUTIL - ok
16:27:10.0203 5992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:27:15.0562 5992 Secdrv - ok
16:27:15.0953 5992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:27:16.0203 5992 Serial - ok
16:27:16.0437 5992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:27:16.0828 5992 Sfloppy - ok
16:27:17.0031 5992 Simbad - ok
16:27:17.0296 5992 Sparrow - ok
16:27:17.0437 5992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:27:17.0640 5992 splitter - ok
16:27:17.0968 5992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:27:18.0093 5992 sr - ok
16:27:18.0203 5992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:27:18.0468 5992 Srv - ok
16:27:18.0656 5992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:27:18.0875 5992 swenum - ok
16:27:18.0968 5992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:27:19.0265 5992 swmidi - ok
16:27:19.0406 5992 symc810 - ok
16:27:19.0453 5992 symc8xx - ok
16:27:19.0515 5992 sym_hi - ok
16:27:19.0546 5992 sym_u3 - ok
16:27:19.0609 5992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:27:19.0843 5992 sysaudio - ok
16:27:19.0937 5992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:27:20.0265 5992 Tcpip - ok
16:27:20.0609 5992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:27:20.0843 5992 TDPIPE - ok
16:27:20.0906 5992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:27:21.0109 5992 TDTCP - ok
16:27:21.0187 5992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:27:21.0406 5992 TermDD - ok
16:27:21.0484 5992 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
16:27:21.0531 5992 tifsfilter - ok
16:27:21.0609 5992 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
16:27:21.0656 5992 timounter - ok
16:27:21.0781 5992 TosIde - ok
16:27:21.0937 5992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:27:22.0109 5992 Udfs - ok
16:27:22.0281 5992 ultra - ok
16:27:22.0500 5992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:27:22.0765 5992 Update - ok
16:27:22.0906 5992 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
16:27:23.0125 5992 usbaudio - ok
16:27:23.0281 5992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:27:23.0453 5992 usbccgp - ok
16:27:23.0640 5992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:27:23.0859 5992 usbehci - ok
16:27:23.0984 5992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:27:24.0187 5992 usbhub - ok
16:27:25.0781 5992 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:27:26.0015 5992 usbprint - ok
16:27:26.0109 5992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:27:26.0312 5992 USBSTOR - ok
16:27:26.0437 5992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:27:26.0593 5992 usbuhci - ok
16:27:26.0671 5992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:27:26.0859 5992 VgaSave - ok
16:27:26.0875 5992 ViaIde - ok
16:27:26.0921 5992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:27:27.0125 5992 VolSnap - ok
16:27:27.0187 5992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:27:27.0359 5992 Wanarp - ok
16:27:27.0375 5992 WDICA - ok
16:27:27.0453 5992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:27:27.0640 5992 wdmaud - ok
16:27:28.0015 5992 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
16:27:28.0687 5992 winachsf - ok
16:27:29.0343 5992 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:27:29.0546 5992 WmiAcpi - ok
16:27:29.0781 5992 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:27:30.0015 5992 WS2IFSL - ok
16:27:30.0281 5992 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:27:30.0500 5992 WudfPf - ok
16:27:31.0156 5992 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:27:31.0328 5992 WudfRd - ok
16:27:31.0437 5992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:27:32.0296 5992 \Device\Harddisk0\DR0 - ok
16:27:32.0312 5992 Boot (0x1200) (91192bf0aa5f8455e5dd192f05444bab) \Device\Harddisk0\DR0\Partition0
16:27:32.0312 5992 \Device\Harddisk0\DR0\Partition0 - ok
16:27:32.0312 5992 ============================================================
16:27:32.0312 5992 Scan finished
16:27:32.0312 5992 ============================================================
16:27:32.0531 1284 Detected object count: 1
16:27:32.0531 1284 Actual detected object count: 1
16:30:34.0375 1284 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
16:30:34.0375 1284 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:30:42.0468 2436 Deinitialize success

------------------------ aswmbr ------------------------

THE FIX BUTTON WAS NOT ENABLED - IT WAS GREYED OUT

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-03 19:08:00
-----------------------------
19:08:00.406 OS Version: Windows 5.1.2600 Service Pack 3
19:08:00.406 Number of processors: 1 586 0xD08
19:08:00.406 ComputerName: LAURA UserName:
19:08:00.953 Initialize success
19:15:37.437 AVAST engine defs: 12020301
19:15:58.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
19:15:58.593 Disk 0 Vendor: ST960821A 3.01 Size: 57231MB BusType: 3
19:15:58.750 Disk 0 MBR read successfully
19:15:58.750 Disk 0 MBR scan
19:15:59.109 Disk 0 Windows XP default MBR code
19:15:59.156 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
19:15:59.296 Disk 0 scanning sectors +117194175
19:15:59.718 Disk 0 scanning C:\WINDOWS\system32\drivers
19:16:59.609 Service scanning
19:17:11.140 Modules scanning
19:17:40.328 AVAST engine scan C:\
20:10:08.671 File: C:\System Volume Information\_restore{597D382E-49A7-48BA-AA03-FCCA8EAFBC92}\RP12\A0009353.exe **INFECTED** Win32:Patched-AET [Trj]
20:10:09.328 File: C:\System Volume Information\_restore{597D382E-49A7-48BA-AA03-FCCA8EAFBC92}\RP12\A0009354.exe **INFECTED** Win32:Patched-AET [Trj]
20:11:08.031 File: C:\System Volume Information\_restore{597D382E-49A7-48BA-AA03-FCCA8EAFBC92}\RP5\A0005703.com **INFECTED** Win32:Malware-gen
20:32:52.906 File: C:\WINDOWS\explorer.exe **INFECTED** Win32:Patched-AET [Trj]
22:40:29.312 File: C:\WINDOWS\system32\svchost.exe **INFECTED** Win32:Patched-AET [Trj]
22:41:59.437 File: C:\WINDOWS\system32\winlogon.exe **INFECTED** Win32:Patched-AET [Trj]
22:45:03.265 Scan finished successfully
23:04:23.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Lauras\Desktop\MBR.dat"
23:04:23.796 The log file has been saved successfully to "C:\Documents and Settings\Lauras\Desktop\aswMBR.txt"

--------------------------- Malwarebytes ======================

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.04.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lauras :: LAURA [administrator]

03/02/2012 11:32:55 PM
mbam-log-2012-02-03 (23-32-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211439
Time elapsed: 40 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--------------------------- OTL 1 ====================

NO LOG THIS LOCKED UP OVER NIGHT ON THE FIRST STEP

-------------------------- OTL 2 ========================

========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0360db56-c86f-11dd-9e77-000ae4e38c36}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20634968-952b-11e0-a018-000ae4e38c36}\ not found.
File E:\autorun.exe not found.
C:\Documents and Settings\All Users\Application Data\PTdQH2.dat moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
File\Folder C:\WINDOWS\tasks\At*.job not found.
< reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg /c >
C:\Documents and Settings\Lauras\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Lauras\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 02042012_115834

-------------- OTL 3 ===========================

OTL logfile created on: 04/02/2012 12:59:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lauras\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

502.42 Mb Total Physical Memory | 98.29 Mb Available Physical Memory | 19.56% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.27 Gb Free Space | 55.96% Space Free | Partition Type: NTFS

Computer Name: LAURA | User Name: Lauras | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/04 00:36:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lauras\Desktop\OTL.exe
PRC - [2012/01/30 01:19:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/06 14:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe
PRC - [2010/07/12 07:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2008/04/13 22:42:10 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/03/19 18:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AcrSch2Svc)
SRV - [2012/01/30 01:19:39 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/01/05 09:02:10 | 001,187,600 | ---- | M] (Starfield Technologies) [On_Demand | Stopped] -- C:\Program Files\Workspace\offSyncService.exe -- (File Backup)
SRV - [2011/08/18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/06 14:56:50 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe -- (ServicepointService)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/10/12 14:34:01 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2003/03/19 18:43:00 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)

========== Driver Services (SafeList) ==========

DRV - [2012/01/30 01:19:33 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/01/30 01:19:33 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009/11/02 22:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSib.sys -- (BrUsbSIb) Brother Serial USB Driver(WDM)
DRV - [2009/11/02 22:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIb.sys -- (BrSerIb) Brother Serial Interface Driver(WDM)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/10/13 00:27:49 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/10/13 00:27:49 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 22:51:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/04/13 17:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/01/24 15:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/12/22 03:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/15 17:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 17:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 17:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/03/04 01:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/03/04 01:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll (Bell)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Documents and Settings\Lauras\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Documents and Settings\Lauras\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Lauras\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Lauras\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 19:41:08 | 000,000,000 | ---D | M]

[2012/01/25 09:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Lauras\Application Data\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Bell Internet Service Advisor (Enabled) = C:\Program Files\Bell\Internet Service Advisor\nprpspa.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Default = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2012/02/04 11:58:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: salesforce.com ([na6] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1223562432484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1223562562718 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valu...ashax/iefax.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) -C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 23:29:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (c:\progra~1\avg\avg10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (c:\progra~1\avg\avg10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: cdloader - hkey= - key= - C:\Documents and Settings\Lauras\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
MsConfig - StartUpReg: ControlCenter4 - hkey= - key= - C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: Starfield Updater - hkey= - key= - C:\Program Files\Workspace\WorkspaceUpdate.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: ServicepointService - C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: ServicepointService - C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{7e853105-3adf-4199-a079-d87c2afd375f} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/04 12:17:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/04 11:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\Step 6 A Copy the text in the code box
[2012/02/04 00:38:42 | 000,000,000 | ---D | C] -- C:\x_OTL
[2012/02/04 00:37:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lauras\Desktop\OTL.exe
[2012/02/03 23:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/03 23:28:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/03 14:32:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/03 14:28:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/03 14:21:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\REPLY
[2012/02/03 14:16:58 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/03 09:13:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/03 09:13:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/03 09:13:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/03 09:13:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/03 09:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/03 09:13:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/03 09:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 7 Copy the text in the code box
[2012/02/03 09:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 6 Copy the text in the code box
[2012/02/03 09:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 1 disable anti virus
[2012/02/03 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 5 download Malwarebytes
[2012/02/03 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\Step 4 Download aswMBR
[2012/02/03 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\Step 3 Download TDSSKiller
[2012/02/03 09:08:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\step 2 download Combofix
[2012/01/30 23:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EMCO
[2012/01/30 23:29:24 | 000,000,000 | ---D | C] -- C:\Program Files\EMCO
[2012/01/30 23:28:36 | 000,000,000 | ---D | C] -- C:\install
[2012/01/29 16:23:40 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/01/29 12:41:53 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lauras\Recent
[2012/01/29 10:31:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\ElevatedDiagnostics
[2012/01/29 10:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/01/29 10:27:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/01/27 09:26:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/01/27 09:26:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/01/27 09:12:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/01/27 09:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/01/27 08:29:26 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/25 21:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\NetCare
[2012/01/25 17:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\PC-FAX TX
[2012/01/25 15:49:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\ControlCenter4
[2012/01/25 15:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrFaxRx
[2012/01/25 15:22:31 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BRLMW03A.DLL
[2012/01/25 15:22:25 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\WINDOWS\System32\BRLM03A.DLL
[2012/01/25 15:22:24 | 000,103,792 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBI110.EXE
[2012/01/25 15:22:24 | 000,050,176 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BRPRTINK.DLL
[2012/01/25 15:22:21 | 000,071,424 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrSerIb.sys
[2012/01/25 15:22:21 | 000,011,520 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BrUsbSib.sys
[2012/01/25 15:22:12 | 000,055,808 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrUsi11a.dll
[2012/01/25 15:22:06 | 001,481,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrWia11a.dll
[2012/01/25 15:22:06 | 000,217,088 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrJDec.dll
[2012/01/25 15:21:55 | 000,000,000 | ---D | C] -- C:\Brother
[2012/01/25 15:21:43 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\WINDOWS\System32\BRCrypt.dll
[2012/01/25 15:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012/01/25 15:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2012/01/25 15:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012/01/25 15:20:27 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrMuSNMP.dll
[2012/01/25 15:20:27 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\WINDOWS\System32\BrMfNt.dll
[2012/01/25 15:20:20 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BrfxD05c.dll
[2012/01/25 15:19:25 | 000,217,088 | ---- | C] (brother) -- C:\WINDOWS\System32\NSSearch.dll
[2012/01/25 15:19:25 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2.dll
[2012/01/25 15:19:25 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2L.dll
[2012/01/25 15:19:25 | 000,003,072 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\BrDctF2S.dll
[2012/01/25 15:19:03 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2012/01/25 15:17:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2012/01/25 15:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\InstallShield
[2012/01/25 15:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\MFCJ625D
[2012/01/25 09:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Starfield
[2012/01/25 09:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Local Settings\Application Data\Workspace
[2012/01/25 09:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Workspace
[2012/01/12 18:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\mobilemoneymachine
[2012/01/12 16:59:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\IECompatCache
[2012/01/12 16:48:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\PrivacIE
[2012/01/12 16:45:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Lauras\IETldCache
[2012/01/12 16:34:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/01/12 16:25:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/01/12 16:17:09 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/01/12 16:10:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/01/10 17:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Desktop\DESKTOP2
[2012/01/10 15:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mobile Blog X
[2012/01/10 15:28:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\MobileBlogX
[2012/01/10 15:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\MobileBlogX
[2012/01/10 15:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\xp pack
[2012/01/09 14:59:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\Application Data\FileZilla
[2012/01/09 14:58:01 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/01/09 10:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Lauras\My Documents\mobilemoneymachine-zip
[2012/01/07 11:29:57 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/04 12:57:57 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2012/02/04 12:01:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/04 11:58:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/04 00:36:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lauras\Desktop\OTL.exe
[2012/02/03 23:28:21 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 23:04:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\MBR.dat
[2012/02/03 19:13:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/03 14:32:37 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2012/02/03 08:01:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 23:29:55 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Malware Cleaner 4.lnk
[2012/01/30 00:20:03 | 000,002,324 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/28 22:21:52 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2012/01/28 09:37:37 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/28 09:37:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/27 08:29:26 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2012/01/27 08:26:07 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Policies & Principles.url
[2012/01/25 20:11:56 | 000,000,810 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2012/01/25 18:39:40 | 000,247,704 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\NetCareOrderForm.pdf
[2012/01/25 17:57:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Brpcfx.ini
[2012/01/25 17:39:38 | 000,151,728 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Picture2.tif
[2012/01/25 15:26:29 | 000,001,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2012/01/25 15:25:05 | 000,003,303 | ---- | M] () -- C:\WINDOWS\BRPARAM.INI
[2012/01/25 15:22:35 | 000,000,086 | ---- | M] () -- C:\WINDOWS\Brfaxrx.ini
[2012/01/25 14:07:20 | 000,000,234 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Multi-Function Centers Colour Inkjet - Brother Canada.url
[2012/01/25 14:03:16 | 000,000,173 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Speedtest North.url
[2012/01/25 13:41:35 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Primus Canada Bandwidth Speed Test.url
[2012/01/25 09:52:07 | 001,496,800 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\workspaceinstall_pl.exe
[2012/01/24 18:10:43 | 000,244,554 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/20 13:20:49 | 001,062,842 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Product Brochure[1].pdf
[2012/01/17 21:15:09 | 001,300,179 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\genesis-for-beginners[1].pdf
[2012/01/17 12:10:50 | 044,001,262 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\mobileGainingGoogleSEORank.zip
[2012/01/17 12:04:10 | 452,567,206 | ---- | M] () -- C:\Documents and Settings\Lauras\My Documents\MOBILEAnikNiches.zip
[2012/01/16 14:49:51 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Quibids Scam - Scam Advocates.url
[2012/01/13 13:34:04 | 000,000,235 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\The Periodic Table of Videos - University of Nottingham.url
[2012/01/13 13:25:17 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\ChemViews Magazine ChemistryViews.url
[2012/01/13 12:54:45 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Wiley Online Library Products - Wiley Online Library.url
[2012/01/13 12:53:44 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\About Wiley Open Access Home - Wiley Open Access 2011.url
[2012/01/13 12:51:54 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Brain and Behavior - Early View - Wiley Online Library.url
[2012/01/13 11:33:32 | 000,175,113 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\nutraceutical.com.pdf
[2012/01/13 11:12:11 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Nutraceutical.com - Education.url
[2012/01/13 11:07:27 | 000,000,262 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\What are Functional Foods and Nutraceuticals - Agriculture and Agri-Food Canada (AAFC).url
[2012/01/13 10:58:07 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Canadian Compliance, Regulatory, GMP Licensed Warehousing & Graphic Design Source NutraceuticalSource Nutraceutical Canadian Compliance Experts Canadian Product Regulation Canadian Regulation for Produc.url
[2012/01/12 17:01:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A255B638-3B36-492C-A237-EB049335EE79}.job
[2012/01/12 16:45:53 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Lauras\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/12 13:06:07 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/01/11 19:32:20 | 000,545,184 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 19:32:20 | 000,104,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/10 19:10:08 | 000,002,342 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\Google Chrome (2).lnk
[2012/01/10 15:32:51 | 000,000,109 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/10 15:29:39 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mobile Blog X.lnk
[2012/01/07 11:29:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/01/06 22:33:35 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Lauras\Desktop\CellSqueeze Mobile Money... Support Ticket System.url
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/03 23:28:21 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/03 23:04:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\MBR.dat
[2012/02/03 23:03:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2012/02/03 14:32:37 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2012/02/03 14:32:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/03 09:13:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/03 09:13:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/03 09:13:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/03 09:13:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/03 09:13:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/30 23:29:55 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Malware Cleaner 4.lnk
[2012/01/30 00:20:03 | 000,002,324 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/27 12:14:24 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (4).lnk
[2012/01/27 10:22:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/27 08:26:06 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Policies & Principles.url
[2012/01/25 21:49:29 | 000,247,704 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\NetCareOrderForm.pdf
[2012/01/25 17:39:26 | 000,151,728 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Picture2.tif
[2012/01/25 15:26:29 | 000,001,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Brother Creative Center.lnk
[2012/01/25 15:25:35 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/01/25 15:24:50 | 000,003,303 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/01/25 15:22:29 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/01/25 15:22:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/01/25 15:20:25 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/01/25 15:20:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/01/25 13:43:25 | 000,000,234 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Multi-Function Centers Colour Inkjet - Brother Canada.url
[2012/01/25 13:41:35 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Primus Canada Bandwidth Speed Test.url
[2012/01/25 13:40:32 | 000,000,173 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Speedtest North.url
[2012/01/25 09:52:05 | 001,496,800 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\workspaceinstall_pl.exe
[2012/01/20 13:20:49 | 001,062,842 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\MFC-J625DW Product Brochure[1].pdf
[2012/01/17 21:15:08 | 001,300,179 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\genesis-for-beginners[1].pdf
[2012/01/17 12:10:45 | 044,001,262 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\mobileGainingGoogleSEORank.zip
[2012/01/17 12:02:25 | 452,567,206 | ---- | C] () -- C:\Documents and Settings\Lauras\My Documents\MOBILEAnikNiches.zip
[2012/01/16 14:49:50 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Quibids Scam - Scam Advocates.url
[2012/01/13 13:34:01 | 000,000,235 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\The Periodic Table of Videos - University of Nottingham.url
[2012/01/13 13:25:15 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\ChemViews Magazine ChemistryViews.url
[2012/01/13 12:54:45 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Wiley Online Library Products - Wiley Online Library.url
[2012/01/13 12:53:44 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\About Wiley Open Access Home - Wiley Open Access 2011.url
[2012/01/13 12:51:52 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Brain and Behavior - Early View - Wiley Online Library.url
[2012/01/13 11:33:32 | 000,175,113 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\nutraceutical.com.pdf
[2012/01/13 11:12:11 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Nutraceutical.com - Education.url
[2012/01/13 11:07:27 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\What are Functional Foods and Nutraceuticals - Agriculture and Agri-Food Canada (AAFC).url
[2012/01/13 10:58:07 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Canadian Compliance, Regulatory, GMP Licensed Warehousing & Graphic Design Source NutraceuticalSource Nutraceutical Canadian Compliance Experts Canadian Product Regulation Canadian Regulation for Produc.url
[2012/01/12 13:06:07 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/01/10 19:30:46 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (3).lnk
[2012/01/10 19:10:08 | 000,002,342 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\Google Chrome (2).lnk
[2012/01/10 19:08:21 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Lauras\Start Menu\Programs\Internet Explorer (2).lnk
[2012/01/10 15:37:41 | 000,272,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/10 15:32:51 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/10 15:29:39 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mobile Blog X.lnk
[2012/01/06 22:33:34 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Lauras\Desktop\CellSqueeze Mobile Money... Support Ticket System.url
[2011/01/29 21:19:09 | 000,000,813 | ---- | C] () -- C:\WINDOWS\dmt.ini
[2010/02/05 15:10:01 | 000,239,074 | ---- | C] () -- C:\Documents and Settings\Lauras\Local Settings\Application Data\adCenterExcelAddinV5.5_External.config
[2010/02/05 14:49:39 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Lauras\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/31 07:26:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/05/04 14:41:48 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2009/05/04 14:41:48 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2009/05/04 14:41:47 | 000,000,121 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2009/02/05 19:46:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/02/05 19:31:40 | 000,000,029 | ---- | C] () -- C:\WINDOWS\MLI.INI
[2008/11/22 16:24:24 | 000,000,563 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/11/22 16:11:54 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/11/22 16:11:37 | 000,002,204 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2008/11/22 16:10:58 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/11/22 16:10:58 | 000,000,328 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2008/11/22 16:10:58 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/22 16:10:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\mf322def.dat
[2008/11/22 16:10:32 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\brmsi06.BIN
[2008/10/18 19:03:01 | 000,023,353 | ---- | C] () -- C:\Documents and Settings\Lauras\Application Data\Comma Separated Values (Windows).ADR
[2008/10/13 01:18:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2008/10/09 17:46:56 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\FaxHelper.exe
[2008/10/06 22:16:29 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/10/06 22:16:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2008/10/06 21:49:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/10/06 21:49:03 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/06 21:49:00 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2008/10/04 23:32:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/04 23:25:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/04 16:04:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/04 16:03:18 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 22:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/13 22:42:10 | 001,033,728 | ---- | C] () -- C:\WINDOWS\expl.dat
[2008/04/13 22:42:10 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\winl.dat
[2008/04/13 22:42:10 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\svch.dat
[2008/04/13 22:42:10 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\dllc.dat
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/31 00:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/10/19 15:40:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UL.ini
[2004/10/19 13:30:18 | 000,000,160 | ---- | C] () -- C:\WINDOWS\Maritimelife.ini
[2004/06/17 23:20:38 | 000,517,120 | ---- | C] () -- C:\WINDOWS\System32\olexlsf.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,545,184 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,104,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/11/18 10:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Adobe
[2010/01/14 12:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Apple Computer
[2011/01/30 15:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\AVG
[2011/01/30 14:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\AVG10
[2009/03/26 08:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\AVG8
[2011/09/11 09:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Bell
[2009/08/23 10:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Blitware
[2009/02/22 10:46:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Lauras\Application Data\Brother
[2012/01/25 16:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\ControlCenter4
[2009/03/11 21:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\eBookPro6
[2012/01/29 10:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\ElevatedDiagnostics
[2012/01/09 22:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\FileZilla
[2009/12/09 10:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Google
[2008/10/04 23:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Identities
[2012/01/25 15:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\InstallShield
[2008/10/09 18:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Macromedia
[2009/02/05 14:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\magicJackOutlookAddIn
[2011/04/27 12:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Malwarebytes
[2009/11/10 16:56:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Lauras\Application Data\Microsoft
[2011/11/02 18:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\mjusbsp
[2012/01/10 15:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\MobileBlogX
[2008/12/12 22:32:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Motive
[2012/01/25 09:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Mozilla
[2012/01/25 17:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\PC-FAX TX
[2008/11/22 16:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\ScanSoft
[2008/10/21 18:29:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Skype
[2009/02/08 11:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Sun
[2011/04/27 12:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\SUPERAntiSpyware.com
[2009/12/04 18:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Vbuzzer Messenger
[2010/01/13 20:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\Windows Live Writer
[2008/10/12 14:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Lauras\Application Data\WinRAR

< MD5 for: EXPLORER.EXE >
[2008/04/13 22:42:10 | 001,058,816 | ---- | M] (Microsoft Corporation) MD5=AC7D8BCD4279A25765E099885E792CDD -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 22:42:10 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=BB4F48CC2920A1BC7DA7F2BA3977D2A3 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 22:42:10 | 000,545,280 | ---- | M] (Microsoft Corporation) MD5=BC8840F2D09BCDF8F6914D6592E30CFD -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Lauras\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/01/05 04:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/11/04 06:24:17 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

------------------- OTL 3 EXTRAS =================================

OTL Extras logfile created on: 04/02/2012 12:59:11 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Lauras\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

502.42 Mb Total Physical Memory | 98.29 Mb Available Physical Memory | 19.56% Memory free
1.20 Gb Paging File | 0.85 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 31.27 Gb Free Space | 55.96% Space Free | Partition Type: NTFS

Computer Name: LAURA | User Name: Lauras | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"25:TCP" = 25:TCP:*:Disabled:mail

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Disabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\vbuzzer\VBuzzer.exe" = C:\Program Files\vbuzzer\VBuzzer.exe:*:Disabled:VBuzzer Messenger -- (Softroute Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Disabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Documents and Settings\Lauras\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Lauras\Application Data\mjusbsp\magicJack.exe:*:Disabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Disabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe" = C:\Program Files\Bell\Internet Service Advisor\ServicepointService.exe:*:Disabled:Servicepoint Service -- (Radialpoint Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}" = ScanSoft RealSpeak
"{05E740C4-0F88-4673-9DAF-549E41A6CB21}" = AVG 2011
"{0864EFCC-6AC5-4808-990D-63038965B9F2}" = Manulife - LifeWise/Manuvie - Accent-Vie
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}" = OmniPage Pro 12.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32D3C724-3E32-11D9-8211-00B0D075DF5C}" = Diamond View Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}" = Skype™ 3.8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = Fxcbs - MetaTrader 4.00
"{3F4398B7-A082-4AD8-B4F2-B024EDA6601A}" = Manulife - Performax Gold - Performax Or
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4BB32041-2D06-4AED-AF2A-6BE6BF157391}" = Manulife - Personal Accident - Invalidité Accidents
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.76
"{59609F09-6C69-490A-A305-3F29A3EEC912}" = Manulife - Insure Right / Manuvie - Bien s'assurer
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D591284-FA79-4E8D-BDB8-E216C0D4EBB5}" = Manulife - Term
"{70A61BDF-D6DE-4021-877B-04924546BE44}" = Manulife - Concept slideshows
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7806E447-C0FC-4B27-8F6E-59ABF0E5A3AC}" = InstantConference Outlook Conference Manager
"{794C2EE1-448D-416C-B378-3D8B8407AFF8}" = Manulife - Universal Life
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85184706-2E77-11D9-9BE0-000103E0519E}" = Investment Loan / Prêt Placement
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8737AC54-25D5-496F-AD8B-B2EA63195E80}" = Inforce - En vigueur
"{87393F9C-CCA7-4F3E-922D-F2420B0CB6C0}_is1" = EMCO Network Malware Cleaner 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J625DW
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A52FD2D4-9AB2-43B1-8DC7-49A26724F3AF}" = Manulife - Concepts
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2130AE7-83C0-4B03-81EA-6783CCC8528E}" = Manulife - Limited Pay UL / Manuvie - Vu à prime temporaire
"{C33DC9DF-0841-4B28-AD0B-68EF59FAC53C}" = Brother MFL-Pro Suite
"{C45C544E-5047-11D9-8216-00B0D075DF5C}" = Diamond View Launcher
"{C482A936-340B-11D9-9BE1-000103E0519E}" = Manulife One Calculator / Calculateur Manuvie Un
"{C5900E53-D3CC-4C4D-9F76-1102C24D089D}" = Manulife Financial - Health and Dental
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7D602CE-1CCD-41E6-9FC4-99437ED75D47}" = Manulife - Living Benefits
"{DA9294A5-0A4E-11D9-81F5-00B0D075DF5C}" = DVXP
"{E2834CA9-4E7F-4489-BBD9-40E39F1D0D0D}" = Manulife - Launcher
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ECC69E86-3B0E-4010-AA37-414C5D71B7B9}" = RPS CRT
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5F5E26E-67B9-438E-B813-C0CE0DE08309}" = MobileBlogX
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CasinoClassic" = Casino Classic
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP
"FileZilla Client" = FileZilla Client 3.5.3
"FPS_is1" = Money Software Financial Planning Spreadsheets © Professional V
"FreePDI4_is1" = Free Pay Down Debt or Invest Calculator
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QuickPar" = QuickPar 0.9
"RadialpointClientGateway_is1" = Bell Internet Service Advisor 3.7.44
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Vbuzzer" = Vbuzzer Messenger
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2936BA206D985FAE13777719CA18A9A97FD3533C" = Microsoft Advertising Intelligence
"Debt Management Tool v2.0" = Debt Management Tool v2.0
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723
"magicJack" = magicJack
"magicJack Outlook Add-In" = magicJack Outlook Add-In 1.0.3.521
"workspacedesktop" = Workspace Desktop

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/01/2012 12:58:56 AM | Computer Name = LAURA | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error - 30/01/2012 1:11:44 AM | Computer Name = LAURA | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error - 30/01/2012 1:20:06 AM | Computer Name = LAURA | Source = Microsoft Security Client | ID = 5000
Description =

Error - 30/01/2012 1:20:07 AM | Computer Name = LAURA | Source = Microsoft Security Client | ID = 5000
Description =

Error - 30/01/2012 1:27:18 AM | Computer Name = LAURA | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error - 30/01/2012 11:11:32 AM | Computer Name = LAURA | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/01/2012 11:30:15 AM | Computer Name = LAURA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00004a5a.

Error - 31/01/2012 2:41:50 PM | Computer Name = LAURA | Source = Application Error | ID = 1004
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ws2_32.dll, version 5.1.2600.5512, fault address 0x00004a5a.

Error - 04/02/2012 12:34:09 AM | Computer Name = LAURA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x000b3a46.

Error - 04/02/2012 12:54:02 PM | Computer Name = LAURA | Source = Application Error | ID = 1004
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x000b3a46.

[ OSession Events ]
Error - 21/10/2008 4:17:42 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8385
seconds with 4320 seconds of active time. This session ended with a crash.

Error - 19/11/2008 11:02:32 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 37625
seconds with 9120 seconds of active time. This session ended with a crash.

Error - 16/12/2008 3:44:30 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/01/2009 10:43:39 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22311
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/01/2009 1:43:17 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 394
seconds with 240 seconds of active time. This session ended with a crash.

Error - 08/10/2009 3:06:30 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 511963
seconds with 8820 seconds of active time. This session ended with a crash.

Error - 17/03/2010 10:16:43 PM | Computer Name = LAURA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9566
seconds with 2340 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/02/2012 12:15:27 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7034
Description = The Windows User Mode Driver Framework service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/02/2012 1:38:46 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7031
Description = The SAS Core Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 04/02/2012 1:38:46 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7031
Description = The AVG WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 04/02/2012 1:38:50 AM | Computer Name = LAURA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 04/02/2012 12:51:09 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSFilter service depends on the AVGIDSShim service which failed
to start because of the following error: %%1058

Error - 04/02/2012 12:51:09 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSDriver service depends on the AVGIDSFilter service which
failed to start because of the following error: %%1068

Error - 04/02/2012 12:51:09 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1068

Error - 04/02/2012 1:01:53 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSFilter service depends on the AVGIDSShim service which failed
to start because of the following error: %%1058

Error - 04/02/2012 1:01:53 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSDriver service depends on the AVGIDSFilter service which
failed to start because of the following error: %%1068

Error - 04/02/2012 1:01:53 PM | Computer Name = LAURA | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1068

< End of report >

-------------------- the end ----------------------

#17
RKinner

Posted 04 February 2012 - 01:56 PM

Malware Expert

Expert
24,624 posts

You had a version of the ZeroAccess rootkit but this time it brought a friend which is a bit harder to get rid of.

Combofix says these three key windows files are infected:

c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\system32\svchost.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!

aswMBR agrees:

20:32:52.906 File: C:\WINDOWS\explorer.exe **INFECTED** Win32:Patched-AET [Trj]
22:40:29.312 File: C:\WINDOWS\system32\svchost.exe **INFECTED** Win32:Patched-AET [Trj]
22:41:59.437 File: C:\WINDOWS\system32\winlogon.exe **INFECTED** Win32:Patched-AET [Trj]

OTL says you don't have valid copies of them

< MD5 for: EXPLORER.EXE >
[2008/04/13 22:42:10 | 001,058,816 | ---- | M] (Microsoft Corporation) MD5=AC7D8BCD4279A25765E099885E792CDD -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 22:42:10 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=BB4F48CC2920A1BC7DA7F2BA3977D2A3 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 22:42:10 | 000,545,280 | ---- | M] (Microsoft Corporation) MD5=BC8840F2D09BCDF8F6914D6592E30CFD -- C:\WINDOWS\system32\winlogon.exe

Normally we would have other copies from earlier versions but I guess this infection has eaten them.

We could use MBAM's copies for two of them but that wouldn't help since we have no replacement for explorer.exe and it would just reinfect the other two.

I'm going to have to switch over to my XP box to get the files for you so I will close this post. The next post will have the three files as an attachment and instructions on how to use the recovery console to replace the infected files with good one.

#18
JohnnieF

Posted 04 February 2012 - 02:01 PM

Member

Topic Starter
Member
32 posts

Thanks Ron.

I am on a clean XP desktop here if that is any help.

But could I get the files if my machine is running?

#19
RKinner

Posted 04 February 2012 - 02:14 PM

Malware Expert

Expert
24,624 posts

You can. I just copied the three from my PC and didn't have a problem. I renamed them a.exe, b.exe, and c.exe (in alphabetical order) before ziping them so hopefully the malware won't see them. Download and save them to your desktop then right click and Extract all. Move the three files to C:\

I'm going to post this and switch back to my main PC because the instruction are on it.

#20
JohnnieF

Posted 04 February 2012 - 02:20 PM

Member

Topic Starter
Member
32 posts

OK, all three files are in the root of C: on that laptop

#21
RKinner

Posted 04 February 2012 - 02:28 PM

Malware Expert

Expert
24,624 posts

Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from two to 10 seconds. OK

You might want to copy the three files to c:\ and rename them explorer.bad, svchost.bad, winlogon.bad in case something goes wrong and we need to put them back.

Now Reboot. When it gives you a choice between your regular XP and the Recovery Console, hit the down arrow to select the Recovery Console then Enter. You should get a black screen with a C:\> prompt. Type with an Enter after each line:

copy  \a.exe  \windows\explorer.exe

(I use two spaces in the code box so you can see where 1 space goes. It will probably ask you if you want to overwrite the existing file tell it)

copy  \b.exe  \windows\system32\svchost.exe

(It will probably ask you if you want to overwrite the existing file tell it)

copy  \c.exe  \windows\system32\winlogon.exe

It will probably ask you if you want to overwrite the existing file tell it)

exit

Run Combofix again and let's see if it is happy

#22
JohnnieF

Posted 04 February 2012 - 02:53 PM

Member

Topic Starter
Member
32 posts

Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from two to 10 seconds. OK

You might want to copy the three files to c:\ and rename them explorer.bad, svchost.bad, winlogon.bad in case something goes wrong and we need to put them back.

Do you mean the three bad files on the laptop? Or the new ones I moved to the laptop?

#23
RKinner

Posted 04 February 2012 - 02:59 PM

Malware Expert

Expert
24,624 posts

These three:
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\system32\svchost.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!

#24
JohnnieF

Posted 04 February 2012 - 03:14 PM

Member

Topic Starter
Member
32 posts

OK, I have done everything and the new files are in place.

Combofix is running.

Will get back to you with the log file when it finishes.

#25
JohnnieF

Posted 04 February 2012 - 04:53 PM

Member

Topic Starter
Member
32 posts

OK, Combo fix is finished. I spoted at the top of the comand box that it said winlogon was infected and saw near the end where it deleted the three a, b and c files I put in the root also.

It did not delete the three files with the .bad extensions.

Here is the log.

ComboFix 12-02-03.02 - Lauras 04/02/2012 17:34:16.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.184 [GMT -5:00]
Running from: c:\documents and settings\Lauras\Desktop\STAGE 1\step 2 download Combofix\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a.exe
C:\b.exe
C:\c.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-04 to 2012-02-04 )))))))))))))))))))))))))))))))
.
.
2012-02-04 21:03 . 2008-04-13 21:12 507904 ----a-w- c:\windows\system32\winlogon.exe
2012-02-04 21:03 . 2008-04-13 21:12 14336 ----a-w- c:\windows\system32\svchost.exe
2012-02-04 21:02 . 2012-02-04 21:02 1058816 ----a-w- c:\windows\explorer.exe
2012-02-04 05:38 . 2012-02-04 05:38 -------- d-----w- C:\x_OTL
2012-02-04 04:28 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-31 04:29 . 2012-01-31 04:29 -------- d-----w- c:\program files\EMCO
2012-01-31 04:28 . 2012-01-31 04:28 -------- d-----w- C:\install
2012-01-30 00:06 . 2012-01-30 00:06 -------- d-sh--w- c:\documents and settings\Testing\IETldCache
2012-01-29 15:31 . 2012-01-29 15:31 -------- d-----w- c:\documents and settings\Lauras\Application Data\ElevatedDiagnostics
2012-01-27 14:39 . 2012-01-27 14:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-27 14:25 . 2012-01-27 14:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-27 14:24 . 2012-01-27 14:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-27 14:10 . 2012-01-27 14:10 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2012-01-27 13:29 . 2012-01-27 13:29 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-01-25 22:55 . 2012-01-25 22:55 -------- d-----w- c:\documents and settings\Lauras\Application Data\PC-FAX TX
2012-01-25 20:49 . 2012-01-25 21:01 -------- d-----w- c:\documents and settings\Lauras\Application Data\ControlCenter4
2012-01-25 20:22 . 2004-08-09 06:42 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2012-01-25 20:22 . 2005-01-17 07:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-25 20:22 . 2010-04-02 05:33 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
2012-01-25 20:22 . 2010-10-14 02:37 103792 ----a-w- c:\windows\system32\BRRBI110.EXE
2012-01-25 20:22 . 2010-03-15 16:20 50176 ----a-w- c:\windows\system32\BRPRTINK.DLL
2012-01-25 20:22 . 2009-11-03 03:06 11520 ----a-w- c:\windows\system32\drivers\BrUsbSib.sys
2012-01-25 20:22 . 2009-11-03 03:06 71424 ----a-w- c:\windows\system32\drivers\BrSerIb.sys
2012-01-25 20:22 . 2010-09-14 10:07 55808 ----a-w- c:\windows\system32\BrUsi11a.dll
2012-01-25 20:22 . 2010-12-21 00:47 1481216 ----a-w- c:\windows\system32\BrWia11a.dll
2012-01-25 20:22 . 2010-04-01 10:28 217088 ----a-w- c:\windows\system32\BrJDec.dll
2012-01-25 20:22 . 2004-10-15 03:50 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- C:\Brother
2012-01-25 20:21 . 2006-07-07 17:40 73728 ------w- c:\windows\system32\BRCrypt.dll
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- c:\program files\Browny02
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ControlCenter4
2012-01-25 20:20 . 2012-01-25 20:21 -------- d-----w- c:\program files\ControlCenter4
2012-01-25 20:20 . 2011-03-01 23:53 118784 ------w- c:\windows\system32\BrMfNt.dll
2012-01-25 20:20 . 2009-10-13 21:59 180224 ------w- c:\windows\system32\BrMuSNMP.dll
2012-01-25 20:20 . 2009-12-08 21:17 225280 ------w- c:\windows\system32\BrfxD05c.dll
2012-01-25 20:19 . 2011-04-08 00:04 3072 ------w- c:\windows\system32\BrDctF2S.dll
2012-01-25 20:19 . 2011-01-27 18:24 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-25 20:19 . 2010-03-16 00:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-25 20:19 . 2007-12-14 03:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-25 20:19 . 2010-02-05 02:42 180224 ----a-w- c:\windows\system32\BROSNMP.DLL
2012-01-25 20:17 . 2012-01-25 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2012-01-25 20:16 . 2012-01-25 20:16 -------- d-----w- c:\documents and settings\Lauras\Application Data\InstallShield
2012-01-25 20:02 . 2012-01-25 20:06 -------- d-----w- c:\program files\MFCJ625D
2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\program files\Starfield
2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\documents and settings\Lauras\Local Settings\Application Data\Workspace
2012-01-25 14:50 . 2012-01-25 14:51 -------- d-----w- c:\program files\Workspace
2012-01-12 21:59 . 2012-01-12 21:59 -------- d-sh--w- c:\documents and settings\Lauras\IECompatCache
2012-01-12 21:48 . 2012-01-12 21:48 -------- d-sh--w- c:\documents and settings\Lauras\PrivacIE
2012-01-12 21:45 . 2012-01-12 21:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-12 21:45 . 2012-01-12 21:45 -------- d-sh--w- c:\documents and settings\Lauras\IETldCache
2012-01-12 21:42 . 2012-01-12 21:42 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-12 21:25 . 2012-01-12 21:30 -------- dc-h--w- c:\windows\ie8
2012-01-12 21:17 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-01-12 21:17 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-12 21:17 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-12 21:17 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-10 20:28 . 2012-01-10 20:29 -------- d-----w- c:\documents and settings\Lauras\Application Data\MobileBlogX
2012-01-10 20:28 . 2012-01-10 20:28 -------- d-----w- c:\program files\MobileBlogX
2012-01-09 19:59 . 2012-01-10 03:09 -------- d-----w- c:\documents and settings\Lauras\Application Data\FileZilla
2012-01-09 19:58 . 2012-01-09 19:58 -------- d-----w- c:\program files\FileZilla FTP Client
2012-01-07 16:29 . 2012-01-07 16:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2008-04-14 03:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 03:42 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 03:42 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 03:42 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 21:12 . !HASH: COULD NOT OPEN FILE !!!!! . 14336 . . [------] . . c:\windows\system32\svchost.exe
.
[-] 2012-02-04 . AC7D8BCD4279A25765E099885E792CDD . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Lauras\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2008-01-11 949248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-01-30 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\avg\avg10\avgchsvx.exe /sync\0c:\progra~1\avg\avg10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\documents and settings\Lauras\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2011-04-20 22:53 139264 ----a-w- c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2012-01-25 14:50 34496 ----a-w- c:\program files\Workspace\workspaceupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\vbuzzer\\VBuzzer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Documents and Settings\\Lauras\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:*:Disabled:mail
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 4:12 AM 248656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29/06/2010 12:48 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 4:33 AM 269520]
R2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [16/10/2011 8:39 PM 689464]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 12:33 AM 7390560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 3:23 PM 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 3:23 PM 24144]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [22/11/2008 4:11 PM 2944]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [25/01/2012 3:22 PM 71424]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [22/11/2008 4:10 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [22/11/2008 4:11 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [22/11/2008 4:11 PM 10368]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [25/01/2012 3:22 PM 11520]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [25/01/2012 3:21 PM 245760]
S3 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [05/01/2012 9:02 AM 1187600]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 2:59 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 2:59 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-813497703-1177238915-1003Core.job
- c:\documents and settings\Lauras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 14:37]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-813497703-1177238915-1003UA.job
- c:\documents and settings\Lauras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 14:37]
.
2012-01-12 c:\windows\Tasks\User_Feed_Synchronization-{A255B638-3B36-492C-A237-EB049335EE79}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
2011-06-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: salesforce.com\na6
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-04 17:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,86,d2,b0,8c,c4,42,4e,a4,b0,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,86,d2,b0,8c,c4,42,4e,a4,b0,eb,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FC12EA6D08AA9ED6A50A9AE77F75F1639D329EC9F059C3A4B74BA4384D5215344FBE6DF63B1CBCF86B4BC86A932012AD26C1E922BA7D60F56C4903F64196B6080B41B8C0DC3779DE8625E30A2944CF05CF8C9F663CFE58E6363129D08F5AB4BC3E8D15942E596280B40348CF3E84DDF1A498D004D16AA2AF8CC0FE3090B2EC5C6CB9DB00A4C158D624F3E50D85EA44FEA18C222B0CB00A0B5658FDC7D01A8FF30C02FE56E81492E17A2D41D3E6635CBCB7B64E4F2B28313DF480348B106FA1148943FE2E5A561B234E05F2FA7BBD55BDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407C038D530D6EB34522A36039169EA5106F8D42C9A049C475C3BEB37A0124430EC6514134E36191B665A64AC19420C808DC4E839FD0075A8824A923D5145DB669D04C9F09B59C69C4DC904F10CA69E1A94526FC1F0BF1DC00C9CB0974A39597C79ADA600E8C34D0E7B9CCA4C98AC81A0B5729AD5E3973F3722CE8F8D5F1BCC6060EC2BDA86A145BF9E6A944CB19C7AE890E8BB1B8A0DE506F6F19AF72152AB4F31407EAE0B532F56E83EDE948C762F1D48ECCA48DAD8827B3D0C6444EA72515FCF19E9BFCD6E6BCB1015CDDB22E8AB3A81ABE4A910EBE8BB2B96A172D64879F6A65D5A62ED3A426C4DE3276F345BDE92E8C4C920A9E7D1BC7E7BAA1AC4D4C4D122E663814AB35C58DE11D62CC0669D4CACCBDC9F6BA2DA49761F7D625ACABA01B1053A9B8A0CC98505776B0711D71D617EC82631DB288180D5D439097F9043E64BF9B84296A67C3B876697862EB1791F94B8516F46362C546465A3605F43ABBB6679DC9D1B1C4A97AE21B2C66529B226AB0BAE0D39BFA20D6F8FA5CB6BB1268B802FC8E50A3A6D8A48DE38F4C928ACED8124324C886992C3C3034D4756DF48B69AB8C16A188005D8A5C8C456324AACBF58DAF286CB108A68386449DD99840BEEB828B10DBE23139C1E001E4337E3E0B9F67D2EA75D42803DA24E7031F08B4BBD620428443A0B7EC08897A82338F8564D2849422FDBBF4CD8DD4C3A775C144B7E26C5541A8D559007C59471F856C20240BAF33533AC0229274BDFC4781FF2B06194DB0EAD7BD1F88434F325D6F8AFBAAB0225AC5AF33239E54EFE4F93C22E83E9C0274F308F8549A1BC251962C8603C7ED2F876619FAF00A74D914138930332EFC47F346816A8F81AC608C25935AB2579890080195D8C6654B574A16C205E8E1EBD2E01B09F28E001BFF63D89701A78B3033D60E59F8EB8A575791EC93EE54C754AEF9A7602A440391B3B47D6EFE81F1523A8CC3E1FB1A6AB0165077D067107491078893E55713AFBCD1544B8ED89E3DD5130A230D6A2454751F05147510AB94238ECFD9BF71854D5D0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-02-04 17:47:57
ComboFix-quarantined-files.txt 2012-02-04 22:47
ComboFix2.txt 2012-02-04 21:30
.
Pre-Run: 33,628,942,336 bytes free
Post-Run: 33,612,980,224 bytes free
.
- - End Of File - - BC9ABA48E17F7399B2D5EAF2B2EF0C63

#26
RKinner

Posted 04 February 2012 - 05:45 PM

Malware Expert

Expert
24,624 posts

Submit your C:\explorer.bad file to http://www.virustotal.com. Copy and paste the report that you get from them. Perhaps one of the other anti-viruses will know more about it which might give us some clues as to how to get rid of it.

You might try download the zip file on your good PC and extractall then rename them to a.txt, b.txt and c.txt then move them over to the sick one. Maybe it won't see them coming if they do not have .exe on them.

Reboot. When it gives you a choice between your regular XP and the Recovery Console, hit the down arrow to select the Recovery Console then Enter. You should get a black screen with a C:\> prompt. Type with an Enter after each line:

copy  \a.txt  \windows\explorer.exe

(I use two spaces in the code box so you can see where 1 space goes. It will probably ask you if you want to overwrite the existing file tell it)

copy  \b.txt  \windows\system32\svchost.exe

(It will probably ask you if you want to overwrite the existing file tell it)

copy  \c.txt  \windows\system32\winlogon.exe

It will probably ask you if you want to overwrite the existing file tell it)

exit

Run Combofix again and let's see if it is happy

Don't suppose you have an XP CD you could boot from do you? If we can get into the Recovery Console on an XP CD then we can get the files we need off of the disk.

Ron

#27
JohnnieF

Posted 05 February 2012 - 01:02 PM

Member

Topic Starter
Member
32 posts

OK I did the things you asked, and I don't have a windows XP CD but I do have an XP image but no working burner right now. Friend comming over for the football game will bring his laptop and I will burn a cd tonight in case it is needed. Hopefully we won't need it. :)I did the thing with changing the files to a .txt extension and copied them from recovery console to their proper locations. I will post the log from Combofix first and then the results of Virus Total scans on all three files explorer.exe and svchost.exe and winlogon.exe right below that.

I sure hope this worked.

================================================================================================ Combofix ==============================
ComboFix 12-02-03.02 - Lauras 05/02/2012 13:24:48.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.3 [GMT -5:00]
Running from: e:\stage 1\step 2 download Combofix\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a.txt
C:\b.txt
C:\c.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-05 to 2012-02-05 )))))))))))))))))))))))))))))))
.
.
2012-02-05 18:01 . 2008-04-13 21:12 507904 ----a-w- c:\windows\system32\winlogon.exe
2012-02-05 18:01 . 2008-04-13 21:12 14336 ----a-w- c:\windows\system32\svchost.exe
2012-02-05 18:01 . 2008-04-13 21:12 1033728 ----a-w- c:\windows\explorer.exe
2012-02-04 21:02 . 2012-02-04 21:02 1058816 ----a-w- c:\windows\explorer.screwed
2012-02-04 05:38 . 2012-02-04 05:38 -------- d-----w- C:\x_OTL
2012-02-04 04:28 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-31 04:29 . 2012-01-31 04:29 -------- d-----w- c:\program files\EMCO
2012-01-31 04:28 . 2012-01-31 04:28 -------- d-----w- C:\install
2012-01-30 00:06 . 2012-01-30 00:06 -------- d-sh--w- c:\documents and settings\Testing\IETldCache
2012-01-29 15:31 . 2012-01-29 15:31 -------- d-----w- c:\documents and settings\Lauras\Application Data\ElevatedDiagnostics
2012-01-27 14:39 . 2012-01-27 14:39 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-01-27 14:25 . 2012-01-27 14:25 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-27 14:24 . 2012-01-27 14:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-27 14:10 . 2012-01-27 14:10 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2012-01-27 13:29 . 2012-01-27 13:29 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-01-25 22:55 . 2012-01-25 22:55 -------- d-----w- c:\documents and settings\Lauras\Application Data\PC-FAX TX
2012-01-25 20:49 . 2012-01-25 21:01 -------- d-----w- c:\documents and settings\Lauras\Application Data\ControlCenter4
2012-01-25 20:22 . 2004-08-09 06:42 77824 ----a-w- c:\windows\system32\BRLMW03A.DLL
2012-01-25 20:22 . 2005-01-17 07:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-25 20:22 . 2010-04-02 05:33 25299 ----a-w- c:\windows\system32\BRLM03A.DLL
2012-01-25 20:22 . 2010-10-14 02:37 103792 ----a-w- c:\windows\system32\BRRBI110.EXE
2012-01-25 20:22 . 2010-03-15 16:20 50176 ----a-w- c:\windows\system32\BRPRTINK.DLL
2012-01-25 20:22 . 2009-11-03 03:06 11520 ----a-w- c:\windows\system32\drivers\BrUsbSib.sys
2012-01-25 20:22 . 2009-11-03 03:06 71424 ----a-w- c:\windows\system32\drivers\BrSerIb.sys
2012-01-25 20:22 . 2010-09-14 10:07 55808 ----a-w- c:\windows\system32\BrUsi11a.dll
2012-01-25 20:22 . 2010-12-21 00:47 1481216 ----a-w- c:\windows\system32\BrWia11a.dll
2012-01-25 20:22 . 2010-04-01 10:28 217088 ----a-w- c:\windows\system32\BrJDec.dll
2012-01-25 20:22 . 2004-10-15 03:50 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- C:\Brother
2012-01-25 20:21 . 2006-07-07 17:40 73728 ------w- c:\windows\system32\BRCrypt.dll
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- c:\program files\Browny02
2012-01-25 20:21 . 2012-01-25 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\ControlCenter4
2012-01-25 20:20 . 2012-01-25 20:21 -------- d-----w- c:\program files\ControlCenter4
2012-01-25 20:20 . 2011-03-01 23:53 118784 ------w- c:\windows\system32\BrMfNt.dll
2012-01-25 20:20 . 2009-10-13 21:59 180224 ------w- c:\windows\system32\BrMuSNMP.dll
2012-01-25 20:20 . 2009-12-08 21:17 225280 ------w- c:\windows\system32\BrfxD05c.dll
2012-01-25 20:19 . 2011-04-08 00:04 3072 ------w- c:\windows\system32\BrDctF2S.dll
2012-01-25 20:19 . 2011-01-27 18:24 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-25 20:19 . 2010-03-16 00:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-25 20:19 . 2007-12-14 03:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-25 20:19 . 2010-02-05 02:42 180224 ----a-w- c:\windows\system32\BROSNMP.DLL
2012-01-25 20:17 . 2012-01-25 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2012-01-25 20:16 . 2012-01-25 20:16 -------- d-----w- c:\documents and settings\Lauras\Application Data\InstallShield
2012-01-25 20:02 . 2012-01-25 20:06 -------- d-----w- c:\program files\MFCJ625D
2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\program files\Starfield
2012-01-25 14:50 . 2012-01-25 14:50 -------- d-----w- c:\documents and settings\Lauras\Local Settings\Application Data\Workspace
2012-01-25 14:50 . 2012-01-25 14:51 -------- d-----w- c:\program files\Workspace
2012-01-12 21:59 . 2012-01-12 21:59 -------- d-sh--w- c:\documents and settings\Lauras\IECompatCache
2012-01-12 21:48 . 2012-01-12 21:48 -------- d-sh--w- c:\documents and settings\Lauras\PrivacIE
2012-01-12 21:45 . 2012-01-12 21:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-01-12 21:45 . 2012-01-12 21:45 -------- d-sh--w- c:\documents and settings\Lauras\IETldCache
2012-01-12 21:42 . 2012-01-12 21:42 -------- d--h--w- c:\windows\msdownld.tmp
2012-01-12 21:25 . 2012-01-12 21:30 -------- dc-h--w- c:\windows\ie8
2012-01-12 21:17 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-01-12 21:17 . 2011-11-04 19:20 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-01-12 21:17 . 2011-11-04 19:20 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-12 21:17 . 2011-11-04 19:20 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-10 20:28 . 2012-01-10 20:29 -------- d-----w- c:\documents and settings\Lauras\Application Data\MobileBlogX
2012-01-10 20:28 . 2012-01-10 20:28 -------- d-----w- c:\program files\MobileBlogX
2012-01-09 19:59 . 2012-01-10 03:09 -------- d-----w- c:\documents and settings\Lauras\Application Data\FileZilla
2012-01-09 19:58 . 2012-01-09 19:58 -------- d-----w- c:\program files\FileZilla FTP Client
2012-01-07 16:29 . 2012-01-07 16:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2008-04-14 03:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2008-04-13 23:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 03:42 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2008-04-14 03:42 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2008-04-14 03:42 152064 ----a-w- c:\windows\system32\schannel.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-04_21.27.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-05 18:13 . 2012-02-05 18:13 16384 c:\windows\Temp\Perflib_Perfdata_ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Lauras\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2008-01-11 949248]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2012-01-30 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\avg\avg10\avgchsvx.exe /sync\0c:\progra~1\avg\avg10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-08-23 20:03 50592 ----a-w- c:\documents and settings\Lauras\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter4]
2011-04-20 22:53 139264 ----a-w- c:\program files\ControlCenter4\BrCcBoot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Starfield Updater]
2012-01-25 14:50 34496 ----a-w- c:\program files\Workspace\workspaceupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\vbuzzer\\VBuzzer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Documents and Settings\\Lauras\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\Bell\\Internet Service Advisor\\ServicepointService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:*:Disabled:mail
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 4:12 AM 248656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 1:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 1:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29/06/2010 12:48 PM 116608]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 4:33 AM 269520]
R2 ServicepointService;ServicepointService;c:\program files\Bell\Internet Service Advisor\ServicepointService.exe [16/10/2011 8:39 PM 689464]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18/08/2011 12:33 AM 7390560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 3:23 PM 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 3:23 PM 24144]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [22/11/2008 4:11 PM 2944]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [25/01/2012 3:22 PM 71424]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [22/11/2008 4:10 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [22/11/2008 4:11 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [22/11/2008 4:11 PM 10368]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [25/01/2012 3:22 PM 11520]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [25/01/2012 3:21 PM 245760]
S3 File Backup;File Backup Service;c:\program files\Workspace\offSyncService.exe [05/01/2012 9:02 AM 1187600]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 2:59 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 2:59 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 19:59]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-813497703-1177238915-1003Core.job
- c:\documents and settings\Lauras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 14:37]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-813497703-1177238915-1003UA.job
- c:\documents and settings\Lauras\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 14:37]
.
2012-01-12 c:\windows\Tasks\User_Feed_Synchronization-{A255B638-3B36-492C-A237-EB049335EE79}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
2011-06-17 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: salesforce.com\na6
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-05 13:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,86,d2,b0,8c,c4,42,4e,a4,b0,eb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,13,86,d2,b0,8c,c4,42,4e,a4,b0,eb,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FC12EA6D08AA9ED6A50A9AE77F75F1639D329EC9F059C3A4B74BA4384D5215344FBE6DF63B1CBCF86B4BC86A932012AD26C1E922BA7D60F56C4903F64196B6080B41B8C0DC3779DE8625E30A2944CF05CF8C9F663CFE58E6363129D08F5AB4BC3E8D15942E596280B40348CF3E84DDF1A498D004D16AA2AF8CC0FE3090B2EC5C6CB9DB00A4C158D624F3E50D85EA44FEA18C222B0CB00A0B5658FDC7D01A8FF30C02FE56E81492E17A2D41D3E6635CBCB7B64E4F2B28313DF480348B106FA1148943FE2E5A561B234E05F2FA7BBD55BDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A9C6AECB7A5D1407C038D530D6EB34522A36039169EA5106F8D42C9A049C475C3BEB37A0124430EC6514134E36191B665A64AC19420C808DC4E839FD0075A8824A923D5145DB669D04C9F09B59C69C4DC904F10CA69E1A94526FC1F0BF1DC00C9CB0974A39597C79ADA600E8C34D0E7B9CCA4C98AC81A0B5729AD5E3973F3722CE8F8D5F1BCC6060EC2BDA86A145BF9E6A944CB19C7AE890E8BB1B8A0DE506F6F19AF72152AB4F31407EAE0B532F56E83EDE948C762F1D48ECCA48DAD8827B3D0C6444EA72515FCF19E9BFCD6E6BCB1015CDDB22E8AB3A81ABE4A910EBE8BB2B96A172D64879F6A65D5A62ED3A426C4DE3276F345BDE92E8C4C920A9E7D1BC7E7BAA1AC4D4C4D122E663814AB35C58DE11D62CC0669D4CACCBDC9F6BA2DA49761F7D625ACABA01B1053A9B8A0CC98505776B0711D71D617EC82631DB288180D5D439097F9043E64BF9B84296A67C3B876697862EB1791F94B8516F46362C546465A3605F43ABBB6679DC9D1B1C4A97AE21B2C66529B226AB0BAE0D39BFA20D6F8FA5CB6BB1268B802FC8E50A3A6D8A48DE38F4C928ACED8124324C886992C3C3034D4756DF48B69AB8C16A188005D8A5C8C456324AACBF58DAF286CB108A68386449DD99840BEEB828B10DBE23139C1E001E4337E3E0B9F67D2EA75D42803DA24E7031F08B4BBD620428443A0B7EC08897A82338F8564D2849422FDBBF4CD8DD4C3A775C144B7E26C5541A8D559007C59471F856C20240BAF33533AC0229274BDFC4781FF2B06194DB0EAD7BD1F88434F325D6F8AFBAAB0225AC5AF33239E54EFE4F93C22E83E9C0274F308F8549A1BC251962C8603C7ED2F876619FAF00A74D914138930332EFC47F346816A8F81AC608C25935AB2579890080195D8C6654B574A16C205E8E1EBD2E01B09F28E001BFF63D89701A78B3033D60E59F8EB8A575791EC93EE54C754AEF9A7602A440391B3B47D6EFE81F1523A8CC3E1FB1A6AB0165077D067107491078893E55713AFBCD1544B8ED89E3DD5130A230D6A2454751F05147510AB94238ECFD9BF71854D5D0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2012-02-05 13:40:43
ComboFix-quarantined-files.txt 2012-02-05 18:40
ComboFix2.txt 2012-02-04 21:30
.
Pre-Run: 33,616,728,064 bytes free
Post-Run: 33,600,528,384 bytes free
.
- - End Of File - - 0ECE101907B11B7C8390C7B3E841A924

=================================================================================== Virus Total =======================

In order to check the explorer.bad I copied it to my usb drive and moved it to my usb stick to go to my desktop. When I plugged the usb stick into my desktop Microsoft Esentials grabed it and I could not upload it to virus total. Microsoft Esentials offered to clean it for me so I let it. Then I brought it back to the laptop and disconnected my desktops from the network and pluged the laptop into the internet and submitted the three files.

First I submitted the copy microsoft said it had cleaned, which is report 2 below, still showing one trojan.

Next I submitted the orignal we had saved and it is in report 1 below.

Next I checked svchost.exe which is shown in report 3

Then I checked winlogon.exe which is shown in report 4

----------------------------------------------------------------------------- 1 ------------------------

http://www.virustotal.com - this is the orignal explorer.bad that we moved into the root directory in case it was needed

-------------------------------------

SHA256: 67dbeca472b06fd54a9727559a5f04e36bc7cd18e0245f4f4e8839a3e4732b4f
SHA1: d5f6d626cec1aa957a8e39f9bd13b3fcbc5488ca
MD5: ac7d8bcd4279a25765e099885e792cdd
File size: 1.0 MB ( 1058816 bytes )
File name: C:\explorer.bad
File type: Win32 EXE
Detection ratio: 16 / 43
Analysis date: 2012-02-05 16:56:09 UTC ( 2 minutes ago )

--------------------------------------------------------------------
AntiVir TR/Patched.Gen 20120205

Avast Win32:Patched-AET [Trj] 20120205

AVG Win32/Patched 20120205

BitDefender Trojan.Patched.Bamital.E 20120205

Emsisoft Trojan.Patched!IK 20120205

F-Secure Trojan.Patched.Bamital.E 20120205

GData Trojan.Patched.Bamital.E 20120205

Ikarus Trojan.Patched 20120205

K7AntiVirus Virus 20120203

Microsoft Virus:Win32/Bamital.Q 20120205

Panda Suspicious file 20120205

Rising Trojan.Win32.Generic.12ADF86E 20120118

Sophos W32/Footle-A 20120205

Symantec WS.Reputation.1 20120205

TrendMicro PE_BAMITAL.SME 20120205

TrendMicro-HouseCall PE_BAMITAL.SME 20120205

------------------------------------------------------------------------------ 2 ----------------------

http://www.virustotal.com - this is the explorer.bad that microsoft essentials said it had cleaned for me

-------------------------------------

SHA256: 320683f6422d9762ba461977bbdd19859a0d0bd0030531142886a167e0ff71de
SHA1: 9c3dd108b62380ade06ad72c0322607f76b58c60
MD5: c921497ca89b781da93e20219ec15044
File size: 1.0 MB ( 1058816 bytes )
File name: C:\WINDOWS\explorer.bad
File type: Win32 EXE
Detection ratio: 1 / 43
Analysis date: 2012-02-05 16:48:05 UTC ( 3 minutes ago )

----------------------------------------------------------------
Rising Trojan.Win32.Generic.12ADF86E 20120118

-------------------------------------------------------------------------------- 3 ----------------------

http://www.virustotal.com - this is the svchost.exe that from the folder C:\windows\system32

-------------------------------------

CLEAN

-------------------------------------------------------------------------------- 4 ----------------------

http://www.virustotal.com - this is the winlogon.exe that from the folder C:\windows\system32

-------------------------------------

SHA256: a3c6e67168afbce2e19cfe470de182d4d42594420ebf121817cf11dd3b89912b
SHA1: ff8db64b199c31766a9234403c1aa887452922bf
MD5: bc8840f2d09bcdf8f6914d6592e30cfd
File size: 532.5 KB ( 545280 bytes )
File name: C:\WINDOWS\system32\winlogon.exe
File type: Win32 EXE
Detection ratio: 16 / 43
Analysis date: 2012-02-05 17:34:28 UTC ( 1 minute ago )

-----------------------------------------------
AntiVir TR/Patched.Gen 20120205

Antiy-AVL Trojan/Win32.Patched.gen 20120203

Avast Win32:Patched-AET [Trj] 20120205

AVG Win32/Patched 20120205

ByteHero Trojan.Win32.Heur.098 20120126

Emsisoft Trojan.Patched!IK 20120205

GData Win32:Patched-AET 20120205

Ikarus Trojan.Patched 20120205

K7AntiVirus Virus 20120203

Microsoft Virus:Win32/Bamital.Q 20120205

Panda Suspicious file 20120205

Rising Trojan.Win32.Generic.12ADFFB3 20120118

Sophos W32/Footle-A 20120205

Symantec WS.Reputation.1 20120205

TrendMicro PE_BAMITAL.SME 20120205

TrendMicro-HouseCall PE_BAMITAL.SME 20120205

#28
RKinner

Posted 05 February 2012 - 01:26 PM

Malware Expert

Expert
24,624 posts

Looks like it worked that time. Apparently the trick was to use the .txt extensions so the virus didn't notice what we were up to. Combofix is happy now.

We need to clean up System Restore.

Copy the following:


:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

Then let's look for damages:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

I'm worried about your AVG. It looks broken. This is common after a ZA infection. You should:

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.) Tonight or while you are watching the Superbowl let it do a boot-time scan:

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find that weren't in C:\qoobox or C:\_OTL?

Ron

#29
JohnnieF

Posted 05 February 2012 - 01:37 PM

Member

Topic Starter
Member
32 posts

I will start on that right after I eat something.

Do you think Avast is the best protection to use now? I just changed my three machines over to Microsoft Essentials, just because I was sick of AVG thinking everything was a virus. Essentials is much quieter, but that is not necessarialy a good thing.

#30
RKinner

Posted 05 February 2012 - 07:06 PM

Malware Expert

Expert
24,624 posts

I use Avast myself but some people prefer MSSE and other swear by Avira. Don't know anyone on the forum who really likes AVG these days. They used to be really good but seem to have slipped in the last couple of years and their software is very hard to pause and even harder to uninstall. Not that badly rated on the last test I saw tho: http://www.av-test.o...ts/novdec-2011/

I really like Avast's boot-time scan. I've used it to fix problems that other helpers have given up on.

Ron