Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown rootkit causing Google redirects [Solved]

Started by navagator , Jul 24 2012 01:21 AM

  • This topic is locked This topic is locked

#1
navagator
Posted 24 July 2012 - 01:21 AM

navagator

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

I was browsing the web earlier today when an AVG warning box came up and told me that it had caught a trojan, I went ahead and sent it to the virus vault. I thought everything was ok untill later in the day I noticed that my Google search results were being redirected. I then assumed that I had caught a rootkit virus and I ran an AVG rootkit scan, the scan showed an "unknown" rootkit as: IRP hook, \Driver\atapi DriverStartIo -> Ox86CC42FB, object is hidden.

Needless to say AVG could not remove the rootkit.

I went ahead and checked the virus vault to see what the name of the trojan was that I caught earlier in the day, it was: IDP.Trojan.2B7C635D, path file: C:\DOCUMENTS AND SETTINGS\NORMAN\LOCAL SETTINGS\TEMP\0.5879745711049135 .

I really would appreciate any help anyone could provide.

Thank you so much.

Here is my OTL log:

OTL logfile created on: 7/24/2012 1:18:47 AM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Norman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 227.08 Mb Available Physical Memory | 22.22% Memory free
2.40 Gb Paging File | 1.63 Gb Available in Paging File | 67.86% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 74.98 Gb Free Space | 69.05% Space Free | Partition Type: NTFS
Drive D: | 37.01 Gb Total Space | 36.94 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive E: | 561.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: D5468CB1 | User Name: Norman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 01:09:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/21 03:48:40 | 004,368,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/06/03 18:17:01 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/08 02:21:29 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/03 19:48:58 | 001,650,688 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2002/11/08 09:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/13 19:44:05 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
MOD - [2012/06/13 19:44:04 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 19:35:45 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/06/13 19:35:42 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/06/13 19:35:27 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/06/13 19:34:59 | 005,246,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/06/03 18:17:05 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/06/03 18:17:01 | 002,067,328 | ---- | M] () -- C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
MOD - [2012/06/03 18:17:01 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/09 19:25:39 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 19:24:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 19:21:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 19:14:15 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 19:13:45 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Virtual PC Integration Components\vmsrvc.exe -- (1-vmsrvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/20 03:54:35 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcuhub.sys -- (vpcuhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcubus.sys -- (vpcubus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpc-s3.sys -- (vpc-s3)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcgbus.sys -- (vpcbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s3legacy.sys -- (s3legacy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\msvmmouf.sys -- (msvmmouf)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B74313BE-8613-40C7-9E79-C23B7785DDF5}\MpKsld2bc0d3a.sys -- (MpKsld2bc0d3a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{963A8BBC-89F4-42F7-982E-3A8BACEBC87B}\MpKsl937f162e.sys -- (MpKsl937f162e)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F98E526-EE0B-4C76-9A74-C74152DBE752}\MpKsl79c21357.sys -- (MpKsl79c21357)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00F8A698-9DA6-4ECA-B348-F57C84EBA7B8}\MpKsl76e0b04a.sys -- (MpKsl76e0b04a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{742B54FC-84B3-4D0A-84F7-CA1DF5740B9A}\MpKsl25b99d98.sys -- (MpKsl25b99d98)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF98C065-B559-41E8-AAA6-E4F9DE2B6CCF}\MpKsl1fbfab41.sys -- (MpKsl1fbfab41)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1D.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GT890x.SYS -- (GT890x)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ecbA.sys -- (ecbA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\dfa9.sys -- (dfa9)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ubVeo532.sys -- (DCamUSBVeo532)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GT891x1.SYS -- (DCamUSBDXGTech)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dc21x4.sys -- (DC21x4)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctlsb16.sys -- (ctlsb16)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Norman\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\7a64.sys -- (7a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\7695.sys -- (7695)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\72f6.sys -- (72f6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\3908.sys -- (3908)
DRV - File not found [Kernel | System | Stopped] -- System32\drivers\vmsrvc.sys -- (1-driver-vmsrvc)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/14 01:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/09/02 16:45:40 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/18 07:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/18 20:02:00 | 000,329,056 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3c1807pd.sys -- (3c1807pd)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/11/08 09:50:00 | 000,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2002/11/08 09:50:00 | 000,052,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2002/11/08 09:50:00 | 000,041,420 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2002/11/08 09:50:00 | 000,023,838 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2002/03/29 13:58:26 | 000,091,520 | ---- | M] (Hewlett-Packard Co.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppscan.sys -- (PPSCAN)
DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 FA 44 E0 A6 15 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}: "URL" = http://www.google.co...1I7GGHP_enUS454
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-03 18:17:07&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EE51A00C-5523-4AA5-8310-777D241DD5E5}: C:\Documents and Settings\Norman\Local Settings\Application Data\{EE51A00C-5523-4AA5-8310-777D241DD5E5} [2010/02/24 20:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}: C:\Documents and Settings\Norman\Local Settings\Application Data\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7} [2010/02/24 23:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/17 12:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/08 02:22:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 08:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ [2012/06/03 18:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3.3\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/04/08 02:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3.3\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2011/02/01 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Extensions
[2012/04/13 02:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions
[2012/03/10 01:09:05 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/04/13 02:49:51 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions\[email protected]
[2012/04/13 02:49:51 | 000,210,138 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\NORMAN\APPLICATION DATA\MOZILLA\SEAMONKEY\PROFILES\C9U5MKLH.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI

========== Chrome ==========

CHR - homepage: http://www.cnn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.cnn.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/21 17:19:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKCU\..\Toolbar\WebBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O4 - HKLM..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Documents and Settings\Norman\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 File not found
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Lookup on Merriam Webster - Reg Error: Value error. File not found
O8 - Extra context menu item: Lookup on Wikipedia - Reg Error: Value error. File not found
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (Reg Error: Key error.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Family%20Feud%201%20&%202%20Bundle/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} https://www.peoplepc...oad/ppcwebi.cab (PeoplePC Web Installer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.micr...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1265531041843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341345298625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Pet%20Show%20Craze/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://s.userzoom.com/s/UserZoom.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pcsia.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C34B015-D0D4-42A2-AA14-F4B327E74AAF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{559E9134-46C7-4710-A412-50ECD376D6F2}: DhcpNameServer = 10.10.10.3
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Norman\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Norman\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/23 00:25:08 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/23 00:25:09 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/08/12 09:12:03 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 01:09:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
[2012/07/20 02:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Desktop\Tiffany
[2012/07/17 12:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/07/14 12:42:31 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/07/08 17:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Desktop\freezeandcan
[2012/06/27 22:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USPS
[2007/08/20 16:48:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Norman\usbsermptxp.sys
[2007/08/20 16:48:43 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Norman\usbsermpt.sys
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/24 01:10:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 01:09:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
[2012/07/24 00:47:23 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/24 00:33:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/24 00:32:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/24 00:32:56 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/24 00:31:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 00:31:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/24 00:31:21 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/23 18:15:37 | 102,047,786 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/23 17:54:00 | 000,340,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/07/23 15:58:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/07/20 22:23:08 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\Microsoft Office Word 2003.lnk
[2012/07/15 01:34:30 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\dt.dat
[2012/07/12 04:29:14 | 000,026,557 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\FatFaeries.jpg
[2012/07/11 10:51:27 | 000,562,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 02:03:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/27 22:58:36 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/06/27 22:58:24 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Click-N-Ship® for Business.lnk
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/24 00:31:21 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/19 13:06:35 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/15 01:34:30 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\dt.dat
[2012/07/12 04:30:48 | 000,026,557 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\FatFaeries.jpg
[2012/06/27 22:58:24 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Click-N-Ship® for Business.lnk
[2012/04/25 13:03:11 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-YeQD5Xt3SmIoCjr
[2012/04/25 13:03:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-YeQD5Xt3SmIoCj
[2012/04/25 13:01:37 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\YeQD5Xt3SmIoCj
[2012/03/26 13:18:28 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Norman\g2mdlhlpx.exe
[2012/02/15 18:16:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/21 16:54:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/21 16:54:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/21 16:54:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/21 16:54:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/21 16:54:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/08 20:13:11 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\.backup.dm
[2011/09/08 02:17:54 | 000,500,862 | ---- | C] () -- C:\Documents and Settings\Norman\.spyglass.properties
[2011/09/08 02:17:09 | 002,744,105 | ---- | C] () -- C:\Documents and Settings\Norman\.websiteauditor.properties
[2011/09/08 02:10:49 | 000,210,061 | ---- | C] () -- C:\Documents and Settings\Norman\.ranktracker.properties
[2011/09/08 02:04:17 | 000,453,954 | ---- | C] () -- C:\Documents and Settings\Norman\.linkassistant.properties
[2011/02/15 16:00:01 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/11/29 19:43:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/11 02:43:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 21:13:20 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2010/08/29 16:11:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/24 03:19:01 | 000,000,080 | ---- | C] () -- C:\WINDOWS\Muxman.ini
[2010/08/22 22:24:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wiindows3g2.dll
[2010/08/01 23:02:10 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/06/02 02:07:32 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/14 21:06:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\$_hpcst$.hpc
[2008/10/20 01:56:38 | 000,012,635 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\adatyt.dll
[2008/10/20 01:56:38 | 000,011,608 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\soqobypef.vbs
[2008/10/20 01:56:37 | 000,019,457 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ydoxocucu.dat
[2008/10/20 01:56:37 | 000,013,879 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\ewiryri.exe
[2008/10/20 01:56:37 | 000,013,463 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\doniqiw.vbs
[2008/10/19 09:29:41 | 000,017,451 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\ysiriro.pif
[2008/10/19 09:29:40 | 000,019,999 | ---- | C] () -- C:\Program Files\Common Files\efawywafu.scr
[2008/10/19 09:29:40 | 000,019,710 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\emevera.dl
[2008/10/19 09:29:40 | 000,019,487 | ---- | C] () -- C:\Program Files\Common Files\febynira.exe
[2008/10/19 09:29:40 | 000,017,940 | ---- | C] () -- C:\Program Files\Common Files\rynejap.dll
[2008/10/19 09:29:40 | 000,017,115 | ---- | C] () -- C:\Program Files\Common Files\ykusecirix.inf
[2008/10/19 09:29:40 | 000,016,953 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vufinem._dl
[2008/10/19 09:29:40 | 000,016,194 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\iqakaxyr.pif
[2008/10/19 09:29:40 | 000,011,873 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\ulutuguqim.dat
[2008/10/19 09:29:40 | 000,010,281 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\azixybi.inf
[2008/10/18 18:54:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\iexplore.iss
[2008/05/11 10:13:25 | 000,000,000 | --S- | C] () -- C:\Documents and Settings\Norman\Application Data\0048270ca799bb7f327beeb634257fd636bf6e3f0a.dat
[2008/05/11 10:11:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\install.ini
[2007/09/02 16:45:40 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Norman\USB_MOT_BRIT.INF
[2007/09/02 16:45:40 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Norman\USB_MOT_A1000.INF
[2007/09/02 16:45:38 | 000,012,474 | ---- | C] () -- C:\Documents and Settings\Norman\1188769538-oem25.PNF
[2007/09/02 16:45:38 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Norman\1188769538-oem25.inf
[2007/09/02 16:45:37 | 000,014,294 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem23.PNF
[2007/09/02 16:45:37 | 000,012,828 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem24.PNF
[2007/09/02 16:45:37 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem23.inf
[2007/09/02 16:45:37 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem24.inf
[2007/08/20 16:48:43 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Norman\USBMOT2000.INF
[2007/08/20 16:48:43 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Norman\USBMOT2000XP.INF
[2007/08/20 16:48:43 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Norman\USB_CMCS_2000.INF
[2007/08/10 08:21:03 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Norman\presets.ini
[2006/08/24 23:43:22 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Norman\PlayList.bin
[2006/08/24 16:11:01 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\dvd.bmk
[2006/08/24 15:53:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\PFP120JPR.{PB
[2006/08/24 15:53:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\PFP120JCM.{PB
[2006/08/24 14:53:57 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\fusioncache.dat
[2006/08/23 02:22:22 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/12/12 19:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aDaOk02900
[2010/05/15 00:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/11/21 17:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/03 18:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/23 20:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2009/05/09 04:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/02/22 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/02/15 16:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/11/22 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/25 01:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2008/12/08 00:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\engadven
[2010/12/11 04:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2009/05/09 04:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/04/25 22:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/03/22 15:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2012/07/23 18:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/10/26 04:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/21 04:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/10/07 21:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/04/29 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/06/10 02:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/03 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/10 21:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/08/12 00:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/08/11 18:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Team MediaPortal
[2012/06/18 23:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/17 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/01 00:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2011/03/12 19:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Acapela Group
[2010/05/21 16:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AGI
[2010/08/12 00:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Aura4You
[2012/06/04 14:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG
[2011/11/22 14:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG Secure Search
[2011/11/22 14:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG2012
[2009/05/09 04:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG7
[2011/02/15 16:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Canneverbe Limited
[2007/10/15 13:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\CNN
[2010/08/12 00:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\CocoonSoftware
[2011/11/11 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\E8231
[2006/11/22 04:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Earthlink
[2006/09/25 21:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Ignite
[2006/09/24 21:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Image Zone Express
[2010/07/03 11:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\iWin
[2011/09/27 18:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Keynote Systems
[2006/08/16 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Leadertech
[2010/02/03 18:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\LimeWire
[2010/06/06 13:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\PetShowCraze
[2010/06/03 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\PlayFirst
[2011/03/13 18:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Rovio
[2010/06/06 12:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\SpinTop
[2011/01/02 20:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Systenance
[2007/12/04 15:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\TechSmith
[2010/03/22 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Temp
[2012/04/25 13:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\TestApp
[2007/12/19 19:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Video DVD Maker FREE
[2007/02/10 10:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Viewpoint
[2012/03/07 13:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\webex
[2006/08/24 23:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Webshots
[2012/01/31 20:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\wincorebsband

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
Nedklaw
Posted 24 July 2012 - 04:01 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, navagator! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for navagator only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing yor log and I will post back soon. You can run the following tool whilst you are waiting:


Step 1

Download aswMBR.exe (4.5MB) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • aswMBR.txt
  • 0

#3
navagator
Posted 24 July 2012 - 03:39 PM

navagator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

Thank you for your help.

I have ran aswMBR and here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 13:41:24
-----------------------------
13:41:24.921 OS Version: Windows 5.1.2600 Service Pack 3
13:41:24.921 Number of processors: 1 586 0x409
13:41:24.921 ComputerName: D5468CB1 UserName: Norman
13:41:27.015 Initialize success
13:41:41.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:41:41.671 Disk 0 Vendor: ST3160812A 3.ADH Size: 152587MB BusType: 3
13:41:41.671 Device \Driver\atapi -> DriverStartIo 86b422e2
13:41:41.703 Disk 0 MBR read successfully
13:41:41.703 Disk 0 MBR scan
13:41:41.703 Disk 0 unknown MBR code
13:41:41.703 Disk 0 MBR hidden
13:41:41.703 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:41:41.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 111192 MB offset 80325
13:41:41.750 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 37903 MB offset 227801700
13:41:41.765 Disk 0 scanning sectors +305427780
13:41:41.875 Disk 0 scanning C:\WINDOWS\system32\drivers
13:41:54.578 Service scanning
13:42:11.406 Modules scanning
13:42:33.062 Disk 0 trace - called modules:
13:42:33.062 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86b424b1]<<
13:42:33.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8735dab8]
13:42:33.078 3 CLASSPNP.SYS[f7896fd7] -> nt!IofCallDriver -> [0x86f4af18]
13:42:33.078 \Driver\atapi[0x86d8dca8] -> IRP_MJ_CREATE -> 0x86b424b1
13:42:33.078 Scan finished successfully
13:43:14.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Norman\Desktop\MBR.dat"
13:43:14.015 The log file has been saved successfully to "C:\Documents and Settings\Norman\Desktop\aswMBR.txt"
  • 0

#4
Nedklaw
Posted 24 July 2012 - 03:59 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Commands 
[CREATERESTOREPOINT] 

:OTL 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ecbA.sys -- (ecbA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\dfa9.sys -- (dfa9)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\7a64.sys -- (7a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\7695.sys -- (7695)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\72f6.sys -- (72f6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\3908.sys -- (3908)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}: "URL" = http://search.imgag....q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EE51A00C-5523-4AA5-8310-777D241DD5E5}: C:\Documents and Settings\Norman\Local Settings\Application Data\{EE51A00C-5523-4AA5-8310-777D241DD5E5} [2010/02/24 20:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}: C:\Documents and Settings\Norman\Local Settings\Application Data\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7} [2010/02/24 23:30:57 | 000,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
[2012/04/25 13:03:11 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-YeQD5Xt3SmIoCjr
[2012/04/25 13:03:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-YeQD5Xt3SmIoCj
[2012/04/25 13:01:37 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\YeQD5Xt3SmIoCj
[2012/03/26 13:18:28 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Norman\g2mdlhlpx.exe
[2010/08/22 22:24:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\wiindows3g2.dll
[2008/10/20 01:56:38 | 000,012,635 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\adatyt.dll
[2008/10/20 01:56:38 | 000,011,608 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\soqobypef.vbs
[2008/10/20 01:56:37 | 000,019,457 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ydoxocucu.dat
[2008/10/20 01:56:37 | 000,013,879 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\ewiryri.exe
[2008/10/20 01:56:37 | 000,013,463 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\doniqiw.vbs
[2008/10/19 09:29:41 | 000,017,451 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\ysiriro.pif
[2008/10/19 09:29:40 | 000,019,999 | ---- | C] () -- C:\Program Files\Common Files\efawywafu.scr
[2008/10/19 09:29:40 | 000,019,710 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\emevera.dl
[2008/10/19 09:29:40 | 000,019,487 | ---- | C] () -- C:\Program Files\Common Files\febynira.exe
[2008/10/19 09:29:40 | 000,017,940 | ---- | C] () -- C:\Program Files\Common Files\rynejap.dll
[2008/10/19 09:29:40 | 000,017,115 | ---- | C] () -- C:\Program Files\Common Files\ykusecirix.inf
[2008/10/19 09:29:40 | 000,016,953 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vufinem._dl
[2008/10/19 09:29:40 | 000,016,194 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\iqakaxyr.pif
[2008/10/19 09:29:40 | 000,011,873 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\ulutuguqim.dat
[2008/10/19 09:29:40 | 000,010,281 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\azixybi.inf
[2008/10/18 18:54:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\iexplore.iss
[2008/05/11 10:13:25 | 000,000,000 | --S- | C] () -- C:\Documents and Settings\Norman\Application Data\0048270ca799bb7f327beeb634257fd636bf6e3f0a.dat
[2010/12/12 19:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aDaOk02900
[2011/11/21 17:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/09 04:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/10/07 21:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2009/05/09 04:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG7
[2011/11/11 21:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\E8231
[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Are you still getting redirects after running the fix?


Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt
  • Answer to my question
  • 0

#5
navagator
Posted 24 July 2012 - 05:12 PM

navagator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

I ran the RunFix and then the Quick Scan and have the logs below.

I still have the redirects.

Here are the logs:


All processes killed
========== COMMANDS ==========
Error creating restore point.
========== OTL ==========
Service ecbA stopped successfully!
Service ecbA deleted successfully!
File C:\WINDOWS\system32\ecbA.sys not found.
Service dfa9 stopped successfully!
Service dfa9 deleted successfully!
File C:\WINDOWS\system32\dfa9.sys not found.
Service 7a64 stopped successfully!
Service 7a64 deleted successfully!
File C:\WINDOWS\system32\7a64.sys not found.
Service 7695 stopped successfully!
Service 7695 deleted successfully!
File C:\WINDOWS\system32\7695.sys not found.
Service 72f6 stopped successfully!
Service 72f6 deleted successfully!
File C:\WINDOWS\system32\72f6.sys not found.
Service 3908 stopped successfully!
Service 3908 deleted successfully!
File C:\WINDOWS\system32\3908.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EE51A00C-5523-4AA5-8310-777D241DD5E5}: C:\Documents and Settings\Norman\Local Settings\Application Data\{EE51A00C-5523-4AA5-8310-777D241DD5E5} not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}: C:\Documents and Settings\Norman\Local Settings\Application Data\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7} not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\-YeQD5Xt3SmIoCjr moved successfully.
C:\Documents and Settings\All Users\Application Data\-YeQD5Xt3SmIoCj moved successfully.
C:\Documents and Settings\All Users\Application Data\YeQD5Xt3SmIoCj moved successfully.
C:\Documents and Settings\Norman\g2mdlhlpx.exe moved successfully.
C:\WINDOWS\system32\wiindows3g2.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\adatyt.dll moved successfully.
C:\Documents and Settings\Norman\Application Data\soqobypef.vbs moved successfully.
C:\Documents and Settings\All Users\Application Data\ydoxocucu.dat moved successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\ewiryri.exe moved successfully.
C:\Documents and Settings\Norman\Application Data\doniqiw.vbs moved successfully.
C:\Documents and Settings\Norman\Application Data\ysiriro.pif moved successfully.
C:\Program Files\Common Files\efawywafu.scr moved successfully.
C:\Documents and Settings\All Users\Application Data\emevera.dl moved successfully.
C:\Program Files\Common Files\febynira.exe moved successfully.
C:\Program Files\Common Files\rynejap.dll moved successfully.
C:\Program Files\Common Files\ykusecirix.inf moved successfully.
C:\Documents and Settings\All Users\Application Data\vufinem._dl moved successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\iqakaxyr.pif moved successfully.
C:\Documents and Settings\Norman\Application Data\ulutuguqim.dat moved successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\azixybi.inf moved successfully.
C:\Documents and Settings\Norman\Application Data\iexplore.iss moved successfully.
C:\Documents and Settings\Norman\Application Data\0048270ca799bb7f327beeb634257fd636bf6e3f0a.dat moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\aDaOk02900\ not found.
C:\Documents and Settings\All Users\Application Data\Alwil Software folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg7 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\tur\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\tur\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\tur\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\tur folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\swe\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\swe\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\swe\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\swe folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\spa\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\spa\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\spa\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\spa folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\slo\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\slo\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\slo\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\slo folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\rus\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\rus\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\rus\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\rus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\por-BR\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\por-BR\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\por-BR\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\por-BR folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\por\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\por\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\por\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\por folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\pol\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\pol\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\pol\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\pol folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\nor\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\nor\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\nor\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\nor folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\js folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\jpn\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\jpn\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\jpn\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\jpn folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\ita\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\ita\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\ita\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\ita folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\images folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\hun\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\hun\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\hun\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\hun folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\gre\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\gre\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\gre\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\gre folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\ger\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\ger\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\ger\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\ger folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\fre\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\fre\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\fre\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\fre folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\fin\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\fin\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\fin\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\fin folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\eng\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\eng\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\eng\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\eng folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\dut\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\dut\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\dut\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\dut folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\css folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\chi-TW\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\chi-TW\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\chi-TW\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\chi-TW folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\chi\UpsServices folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\chi\UpsPeriodic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\chi\NewVersion folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO\chi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\PROINFO folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\NPS folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download\0x04015000 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\Download folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus\CfgData folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security\Panda Cloud Antivirus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Panda Security folder moved successfully.
C:\Documents and Settings\Norman\Application Data\AVG7 folder moved successfully.
C:\Documents and Settings\Norman\Application Data\E8231 folder moved successfully.
C:\WINDOWS\003131_.tmp deleted successfully.
C:\WINDOWS\SET14C.tmp deleted successfully.
C:\WINDOWS\SET14F.tmp deleted successfully.
C:\WINDOWS\SET15B.tmp deleted successfully.
C:\WINDOWS\SET54.tmp deleted successfully.
C:\WINDOWS\SET57.tmp deleted successfully.
C:\WINDOWS\SET63.tmp deleted successfully.
C:\WINDOWS\~GLC0000.TMP deleted successfully.
C:\WINDOWS\~GLC0001.TMP deleted successfully.
C:\WINDOWS\~GLH0000.TMP deleted successfully.
C:\WINDOWS\~GLH0001.TMP deleted successfully.
C:\WINDOWS\~GLH0002.TMP deleted successfully.
C:\WINDOWS\~GLH0003.TMP deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Norman\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Norman\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 776 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 625 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 4118 bytes

User: Norman
->Temp folder emptied: 830513 bytes
->Temporary Internet Files folder emptied: 245018553 bytes
->Java cache emptied: 102177114 bytes
->Google Chrome cache emptied: 6177630 bytes
->Flash cache emptied: 146472 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35505 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 263138135 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34046 bytes
RecycleBin emptied: 774473108 bytes

Total Files Cleaned = 1,328.00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07242012_174251

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Norman\Local Settings\Temp\Temporary Internet Files\Content.IE5\7P2GQ01B\7YWnY96yoa79KffwaUTQer7tZljOf8ynnVvadSeOMQWswzCS_i0YsUEcQpoEJrm5UQPMpRhDpgV8RtKAzZ32BB0yb3ZBtj8lq8Csz2K5vy9Oz_3IMUFjeZLZSod9tBCi2ZYqSX7Yhc6PaBqugLH6YyMVcedC9lKP[1].jpg not found!
C:\Documents and Settings\Norman\Local Settings\Temp\WCESLog.log moved successfully.

PendingFileRenameOperations files...
File C:\Documents and Settings\Norman\Local Settings\Temp\Temporary Internet Files\Content.IE5\7P2GQ01B\7YWnY96yoa79KffwaUTQer7tZljOf8ynnVvadSeOMQWswzCS_i0YsUEcQpoEJrm5UQPMpRhDpgV8RtKAzZ32BB0yb3ZBtj8lq8Csz2K5vy9Oz_3IMUFjeZLZSod9tBCi2ZYqSX7Yhc6PaBqugLH6YyMVcedC9lKP[1].jpg not found!
File C:\Documents and Settings\Norman\Local Settings\Temp\WCESLog.log not found!

Registry entries deleted on Reboot...


and


OTL logfile created on: 7/24/2012 5:54:41 PM - Run 2
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Norman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 509.61 Mb Available Physical Memory | 49.87% Memory free
2.40 Gb Paging File | 1.97 Gb Available in Paging File | 81.78% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 76.25 Gb Free Space | 70.22% Space Free | Partition Type: NTFS
Drive D: | 37.01 Gb Total Space | 36.94 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive E: | 561.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: D5468CB1 | User Name: Norman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 01:09:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/06/03 18:17:01 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/08 02:21:29 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/03 19:48:58 | 001,650,688 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2002/11/08 09:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/13 19:44:05 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
MOD - [2012/06/13 19:44:04 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/03 18:17:05 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/06/03 18:17:01 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/09 19:25:39 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 19:24:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 19:21:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 19:14:15 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 19:13:45 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Virtual PC Integration Components\vmsrvc.exe -- (1-vmsrvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/20 03:54:35 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcuhub.sys -- (vpcuhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcubus.sys -- (vpcubus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpc-s3.sys -- (vpc-s3)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcgbus.sys -- (vpcbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s3legacy.sys -- (s3legacy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\msvmmouf.sys -- (msvmmouf)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B74313BE-8613-40C7-9E79-C23B7785DDF5}\MpKsld2bc0d3a.sys -- (MpKsld2bc0d3a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{963A8BBC-89F4-42F7-982E-3A8BACEBC87B}\MpKsl937f162e.sys -- (MpKsl937f162e)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F98E526-EE0B-4C76-9A74-C74152DBE752}\MpKsl79c21357.sys -- (MpKsl79c21357)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00F8A698-9DA6-4ECA-B348-F57C84EBA7B8}\MpKsl76e0b04a.sys -- (MpKsl76e0b04a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{742B54FC-84B3-4D0A-84F7-CA1DF5740B9A}\MpKsl25b99d98.sys -- (MpKsl25b99d98)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF98C065-B559-41E8-AAA6-E4F9DE2B6CCF}\MpKsl1fbfab41.sys -- (MpKsl1fbfab41)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1D.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GT890x.SYS -- (GT890x)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ubVeo532.sys -- (DCamUSBVeo532)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GT891x1.SYS -- (DCamUSBDXGTech)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dc21x4.sys -- (DC21x4)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctlsb16.sys -- (ctlsb16)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Norman\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
DRV - File not found [Kernel | System | Stopped] -- System32\drivers\vmsrvc.sys -- (1-driver-vmsrvc)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/14 01:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/09/02 16:45:40 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/18 07:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/18 20:02:00 | 000,329,056 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3c1807pd.sys -- (3c1807pd)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/11/08 09:50:00 | 000,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2002/11/08 09:50:00 | 000,052,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2002/11/08 09:50:00 | 000,041,420 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2002/11/08 09:50:00 | 000,023,838 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2002/03/29 13:58:26 | 000,091,520 | ---- | M] (Hewlett-Packard Co.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppscan.sys -- (PPSCAN)
DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 FA 44 E0 A6 15 CB 01 [binary data]
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\SearchScopes,DefaultScope = {76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\SearchScopes\{76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}: "URL" = http://www.google.co...1I7GGHP_enUS454
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-03 18:17:07&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EE51A00C-5523-4AA5-8310-777D241DD5E5}: C:\Documents and Settings\Norman\Local Settings\Application Data\{EE51A00C-5523-4AA5-8310-777D241DD5E5} [2010/02/24 20:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}: C:\Documents and Settings\Norman\Local Settings\Application Data\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7} [2010/02/24 23:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/17 12:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/08 02:22:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 08:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ [2012/06/03 18:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3.3\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/04/08 02:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3.3\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2011/02/01 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Extensions
[2012/04/13 02:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions
[2012/03/10 01:09:05 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/04/13 02:49:51 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions\[email protected]
[2012/04/13 02:49:51 | 000,210,138 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\NORMAN\APPLICATION DATA\MOZILLA\SEAMONKEY\PROFILES\C9U5MKLH.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI

========== Chrome ==========

CHR - homepage: http://www.cnn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.cnn.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/21 17:19:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\Toolbar\ShellBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\Toolbar\WebBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O4 - HKLM..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Norman\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 File not found
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Lookup on Merriam Webster - Reg Error: Value error. File not found
O8 - Extra context menu item: Lookup on Wikipedia - Reg Error: Value error. File not found
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (Reg Error: Key error.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Family%20Feud%201%20&%202%20Bundle/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} https://www.peoplepc...oad/ppcwebi.cab (PeoplePC Web Installer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.micr...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1265531041843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341345298625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Pet%20Show%20Craze/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://s.userzoom.com/s/UserZoom.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pcsia.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C34B015-D0D4-42A2-AA14-F4B327E74AAF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{559E9134-46C7-4710-A412-50ECD376D6F2}: DhcpNameServer = 10.10.10.3
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Norman\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Norman\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/23 00:25:08 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/23 00:25:09 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/08/12 09:12:03 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/24 17:42:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/24 13:25:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Norman\Desktop\aswMBR.exe
[2012/07/24 01:09:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
[2012/07/20 02:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Desktop\Tiffany
[2012/07/17 12:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/07/14 12:42:31 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/07/08 17:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Desktop\freezeandcan
[2012/06/27 22:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USPS
[2007/08/20 16:48:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Norman\usbsermptxp.sys
[2007/08/20 16:48:43 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Norman\usbsermpt.sys

========== Files - Modified Within 30 Days ==========

[2012/07/24 17:59:24 | 102,099,525 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/24 17:53:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/24 17:52:50 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/24 17:52:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/24 17:51:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/24 17:50:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/24 17:50:36 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 17:47:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/24 17:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 13:43:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\MBR.dat
[2012/07/24 13:25:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Norman\Desktop\aswMBR.exe
[2012/07/24 01:09:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
[2012/07/23 17:54:00 | 000,340,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/07/23 15:58:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/07/20 22:23:08 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\Microsoft Office Word 2003.lnk
[2012/07/15 01:34:30 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\dt.dat
[2012/07/12 04:29:14 | 000,026,557 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\FatFaeries.jpg
[2012/07/11 10:51:27 | 000,562,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 02:03:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/27 22:58:36 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/06/27 22:58:24 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Click-N-Ship® for Business.lnk

========== Files Created - No Company Name ==========

[2012/07/24 00:31:21 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/19 13:06:35 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/15 01:34:30 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\dt.dat
[2012/07/12 04:30:48 | 000,026,557 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\FatFaeries.jpg
[2012/06/27 22:58:24 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Click-N-Ship® for Business.lnk
[2012/02/15 18:16:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/21 16:54:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/21 16:54:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/21 16:54:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/21 16:54:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/21 16:54:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/08 20:13:11 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\.backup.dm
[2011/09/08 02:17:54 | 000,500,862 | ---- | C] () -- C:\Documents and Settings\Norman\.spyglass.properties
[2011/09/08 02:17:09 | 002,744,105 | ---- | C] () -- C:\Documents and Settings\Norman\.websiteauditor.properties
[2011/09/08 02:10:49 | 000,210,061 | ---- | C] () -- C:\Documents and Settings\Norman\.ranktracker.properties
[2011/09/08 02:04:17 | 000,453,954 | ---- | C] () -- C:\Documents and Settings\Norman\.linkassistant.properties
[2011/02/15 16:00:01 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/11/29 19:43:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/11 02:43:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 21:13:20 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2010/08/29 16:11:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/24 03:19:01 | 000,000,080 | ---- | C] () -- C:\WINDOWS\Muxman.ini
[2010/08/01 23:02:10 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/06/02 02:07:32 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/14 21:06:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\$_hpcst$.hpc
[2008/05/11 10:11:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\install.ini
[2007/09/02 16:45:40 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Norman\USB_MOT_BRIT.INF
[2007/09/02 16:45:40 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Norman\USB_MOT_A1000.INF
[2007/09/02 16:45:38 | 000,012,474 | ---- | C] () -- C:\Documents and Settings\Norman\1188769538-oem25.PNF
[2007/09/02 16:45:38 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Norman\1188769538-oem25.inf
[2007/09/02 16:45:37 | 000,014,294 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem23.PNF
[2007/09/02 16:45:37 | 000,012,828 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem24.PNF
[2007/09/02 16:45:37 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem23.inf
[2007/09/02 16:45:37 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem24.inf
[2007/08/20 16:48:43 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Norman\USBMOT2000.INF
[2007/08/20 16:48:43 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Norman\USBMOT2000XP.INF
[2007/08/20 16:48:43 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Norman\USB_CMCS_2000.INF
[2007/08/10 08:21:03 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Norman\presets.ini
[2006/08/24 23:43:22 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Norman\PlayList.bin
[2006/08/24 16:11:01 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\dvd.bmk
[2006/08/24 15:53:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\PFP120JPR.{PB
[2006/08/24 15:53:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\PFP120JCM.{PB
[2006/08/24 14:53:57 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\fusioncache.dat
[2006/08/23 02:22:22 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/12/12 19:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aDaOk02900
[2010/05/15 00:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2012/06/03 18:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/23 20:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/02/22 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/02/15 16:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/11/22 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/25 01:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2008/12/08 00:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\engadven
[2010/12/11 04:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2009/05/09 04:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/04/25 22:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/03/22 15:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2012/07/24 17:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/10/26 04:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/21 04:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/04/29 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/06/10 02:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/03 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/10 21:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/08/12 00:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/08/11 18:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Team MediaPortal
[2012/06/18 23:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/17 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/01 00:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2009/05/09 04:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2011/03/12 19:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Acapela Group
[2010/05/21 16:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AGI
[2010/08/12 00:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Aura4You
[2012/06/04 14:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG
[2011/11/22 14:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG Secure Search
[2011/11/22 14:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG2012
[2011/02/15 16:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Canneverbe Limited
[2007/10/15 13:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\CNN
[2010/08/12 00:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\CocoonSoftware
[2006/11/22 04:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Earthlink
[2006/09/25 21:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Ignite
[2006/09/24 21:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Image Zone Express
[2010/07/03 11:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\iWin
[2011/09/27 18:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Keynote Systems
[2006/08/16 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Leadertech
[2010/02/03 18:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\LimeWire
[2010/06/06 13:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\PetShowCraze
[2010/06/03 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\PlayFirst
[2011/03/13 18:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Rovio
[2010/06/06 12:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\SpinTop
[2011/01/02 20:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Systenance
[2007/12/04 15:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\TechSmith
[2010/03/22 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Temp
[2012/04/25 13:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\TestApp
[2007/12/19 19:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Video DVD Maker FREE
[2007/02/10 10:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Viewpoint
[2012/03/07 13:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\webex
[2006/08/24 23:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Webshots
[2012/01/31 20:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\wincorebsband

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#6
Nedklaw
Posted 25 July 2012 - 07:50 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Download the latest version of TDSSKiller from here and save it to your desktop.

  • Double-click on TDSSKiller.exe to run the application, then click on Change Parameters.

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image

  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer 3 options.
  • Ensure Cure is selected, then click Continue --> Reboot Computer to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 2

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image


Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Commands 
[CREATERESTOREPOINT] 

:OTL 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:43902
[2010/12/12 19:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aDaOk02900
[2009/05/09 04:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7

:Reg
[HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions]
"{EE51A00C-5523-4AA5-8310-777D241DD5E5}"=-
"{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}"=-

:Files
C:\Documents and Settings\Norman\Local Settings\Application Data\{EE51A00C-5523-4AA5-8310-777D241DD5E5}
C:\Documents and Settings\Norman\Local Settings\Application Data\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}
ipconfig /flushdns /c

:Commands 
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Are you still getting redirects after running TDSSKiller and OTL?


Things I want to see in your next reply

  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • OTL Fix Log
  • OTL.txt
  • Answer to my question
  • 0

#7
navagator
Posted 25 July 2012 - 12:36 PM

navagator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I followed your instructions and everything seems to be fine now, no more redirects. I also ran an AVG rootkit scan and it came up clean.

Is there anything else I need to do?

Thank you sooooooooooooooooooooooooooooo much.

Here are the logs:

11:29:35.0609 2928 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:29:35.0953 2928 ============================================================
11:29:35.0953 2928 Current date / time: 2012/07/25 11:29:35.0953
11:29:35.0953 2928 SystemInfo:
11:29:35.0953 2928
11:29:35.0953 2928 OS Version: 5.1.2600 ServicePack: 3.0
11:29:35.0953 2928 Product type: Workstation
11:29:35.0953 2928 ComputerName: D5468CB1
11:29:35.0953 2928 UserName: Norman
11:29:35.0953 2928 Windows directory: C:\WINDOWS
11:29:35.0953 2928 System windows directory: C:\WINDOWS
11:29:35.0953 2928 Processor architecture: Intel x86
11:29:35.0953 2928 Number of processors: 1
11:29:35.0953 2928 Page size: 0x1000
11:29:35.0953 2928 Boot type: Normal boot
11:29:35.0953 2928 ============================================================
11:29:39.0156 2928 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:29:39.0156 2928 ============================================================
11:29:39.0156 2928 \Device\Harddisk0\DR0:
11:29:39.0156 2928 MBR partitions:
11:29:39.0156 2928 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xD92C09F
11:29:39.0156 2928 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD93FA64, BlocksNum 0x4A07AE0
11:29:39.0156 2928 ============================================================
11:29:39.0218 2928 C: <-> \Device\Harddisk0\DR0\Partition0
11:29:39.0265 2928 D: <-> \Device\Harddisk0\DR0\Partition1
11:29:39.0265 2928 ============================================================
11:29:39.0265 2928 Initialize success
11:29:39.0265 2928 ============================================================
11:29:48.0640 2428 ============================================================
11:29:48.0640 2428 Scan started
11:29:48.0640 2428 Mode: Manual; SigCheck; TDLFS;
11:29:48.0640 2428 ============================================================
11:29:48.0921 2428 1-driver-vmsrvc - ok
11:29:48.0984 2428 1-vmsrvc - ok
11:29:49.0046 2428 3c1807pd (20598faa1765af9495760c368b7156f0) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
11:29:49.0843 2428 3c1807pd - ok
11:29:49.0859 2428 Abiosdsk - ok
11:29:49.0906 2428 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:29:50.0859 2428 abp480n5 - ok
11:29:50.0937 2428 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:29:51.0125 2428 ACPI - ok
11:29:51.0171 2428 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:29:51.0359 2428 ACPIEC - ok
11:29:51.0468 2428 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:29:51.0515 2428 AdobeFlashPlayerUpdateSvc - ok
11:29:51.0531 2428 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:29:51.0734 2428 adpu160m - ok
11:29:51.0750 2428 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:29:51.0937 2428 aec - ok
11:29:52.0000 2428 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:29:52.0062 2428 AFD - ok
11:29:52.0171 2428 AGCoreService (3ddfe25e488975383b6ab9424cf8d812) C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
11:29:52.0187 2428 AGCoreService ( UnsignedFile.Multi.Generic ) - warning
11:29:52.0187 2428 AGCoreService - detected UnsignedFile.Multi.Generic (1)
11:29:52.0234 2428 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:29:52.0406 2428 agp440 - ok
11:29:52.0421 2428 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:29:52.0609 2428 agpCPQ - ok
11:29:52.0656 2428 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:29:52.0765 2428 Aha154x - ok
11:29:52.0812 2428 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:29:53.0015 2428 aic78u2 - ok
11:29:53.0062 2428 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:29:53.0265 2428 aic78xx - ok
11:29:53.0296 2428 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
11:29:53.0484 2428 Alerter - ok
11:29:53.0531 2428 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
11:29:53.0687 2428 ALG - ok
11:29:53.0718 2428 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:29:53.0937 2428 AliIde - ok
11:29:53.0984 2428 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:29:54.0140 2428 alim1541 - ok
11:29:54.0171 2428 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:29:54.0375 2428 amdagp - ok
11:29:54.0406 2428 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:29:54.0515 2428 amsint - ok
11:29:54.0703 2428 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
11:29:54.0734 2428 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
11:29:54.0734 2428 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
11:29:54.0750 2428 AppMgmt - ok
11:29:54.0796 2428 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:29:55.0000 2428 asc - ok
11:29:55.0031 2428 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:29:55.0109 2428 asc3350p - ok
11:29:55.0140 2428 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:29:55.0343 2428 asc3550 - ok
11:29:55.0546 2428 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:29:55.0593 2428 aspnet_state - ok
11:29:55.0640 2428 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:29:55.0828 2428 AsyncMac - ok
11:29:55.0875 2428 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:29:56.0031 2428 atapi - ok
11:29:56.0046 2428 Atdisk - ok
11:29:56.0093 2428 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:29:56.0265 2428 Atmarpc - ok
11:29:56.0328 2428 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
11:29:56.0515 2428 AudioSrv - ok
11:29:56.0562 2428 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:29:56.0734 2428 audstub - ok
11:29:56.0796 2428 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
11:29:56.0812 2428 AvgArCln ( UnsignedFile.Multi.Generic ) - warning
11:29:56.0812 2428 AvgArCln - detected UnsignedFile.Multi.Generic (1)
11:29:57.0125 2428 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
11:29:57.0437 2428 AVGIDSAgent - ok
11:29:57.0578 2428 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
11:30:09.0093 2428 AVGIDSDriver - ok
11:30:09.0156 2428 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
11:30:09.0171 2428 AVGIDSFilter - ok
11:30:09.0218 2428 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
11:30:09.0250 2428 AVGIDSHX - ok
11:30:09.0296 2428 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
11:30:09.0312 2428 AVGIDSShim - ok
11:30:09.0375 2428 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
11:30:09.0406 2428 Avgldx86 - ok
11:30:09.0453 2428 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
11:30:09.0484 2428 Avgmfx86 - ok
11:30:09.0500 2428 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
11:30:09.0515 2428 Avgrkx86 - ok
11:30:09.0609 2428 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
11:30:09.0656 2428 Avgtdix - ok
11:30:09.0781 2428 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
11:30:09.0812 2428 avgwd - ok
11:30:09.0843 2428 bdfdll - ok
11:30:09.0859 2428 BDFsDrv - ok
11:30:09.0859 2428 BDRsDrv - ok
11:30:09.0921 2428 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:30:10.0125 2428 Beep - ok
11:30:10.0203 2428 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
11:30:10.0625 2428 BITS - ok
11:30:10.0718 2428 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
11:30:10.0781 2428 Bonjour Service - ok
11:30:10.0828 2428 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
11:30:11.0015 2428 Browser - ok
11:30:11.0015 2428 BW2NDIS5 - ok
11:30:11.0031 2428 catchme - ok
11:30:11.0078 2428 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:30:11.0281 2428 cbidf - ok
11:30:11.0281 2428 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:30:11.0484 2428 cbidf2k - ok
11:30:11.0531 2428 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:30:11.0687 2428 CCDECODE - ok
11:30:11.0718 2428 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:30:11.0828 2428 cd20xrnt - ok
11:30:11.0890 2428 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:30:12.0093 2428 Cdaudio - ok
11:30:12.0125 2428 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:30:12.0281 2428 Cdfs - ok
11:30:12.0312 2428 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:30:12.0468 2428 Cdrom - ok
11:30:12.0484 2428 Changer - ok
11:30:12.0531 2428 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
11:30:12.0703 2428 CiSvc - ok
11:30:12.0750 2428 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
11:30:12.0937 2428 ClipSrv - ok
11:30:13.0078 2428 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:30:13.0156 2428 clr_optimization_v2.0.50727_32 - ok
11:30:13.0218 2428 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:30:13.0421 2428 CmdIde - ok
11:30:13.0437 2428 COMSysApp - ok
11:30:13.0468 2428 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:30:13.0687 2428 Cpqarray - ok
11:30:13.0890 2428 cpuz132 - ok
11:30:14.0203 2428 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
11:30:14.0359 2428 CryptSvc - ok
11:30:14.0375 2428 ctlsb16 - ok
11:30:14.0437 2428 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:30:14.0656 2428 dac2w2k - ok
11:30:14.0687 2428 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:30:14.0890 2428 dac960nt - ok
11:30:14.0890 2428 DC21x4 - ok
11:30:14.0906 2428 DCamUSBDXGTech - ok
11:30:14.0921 2428 DCamUSBVeo532 - ok
11:30:14.0968 2428 DcCam (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
11:30:15.0031 2428 DcCam - ok
11:30:15.0078 2428 DcFpoint (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
11:30:15.0109 2428 DcFpoint - ok
11:30:15.0171 2428 DCFS2K (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
11:30:15.0218 2428 DCFS2K - ok
11:30:15.0250 2428 DcLps (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
11:30:15.0312 2428 DcLps - ok
11:30:15.0390 2428 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:30:15.0468 2428 DcomLaunch - ok
11:30:15.0515 2428 DcPTP (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
11:30:15.0578 2428 DcPTP - ok
11:30:15.0703 2428 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
11:30:15.0875 2428 Dhcp - ok
11:30:15.0937 2428 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:30:16.0093 2428 Disk - ok
11:30:16.0109 2428 dmadmin - ok
11:30:16.0171 2428 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:30:16.0421 2428 dmboot - ok
11:30:16.0468 2428 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:30:16.0671 2428 dmio - ok
11:30:16.0703 2428 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:30:16.0890 2428 dmload - ok
11:30:16.0937 2428 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
11:30:17.0125 2428 dmserver - ok
11:30:17.0171 2428 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:30:17.0343 2428 DMusic - ok
11:30:17.0390 2428 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
11:30:17.0453 2428 Dnscache - ok
11:30:17.0500 2428 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
11:30:17.0671 2428 Dot3svc - ok
11:30:17.0718 2428 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:30:17.0921 2428 dpti2o - ok
11:30:17.0968 2428 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:30:18.0140 2428 drmkaud - ok
11:30:18.0171 2428 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:30:18.0359 2428 E100B - ok
11:30:18.0406 2428 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
11:30:18.0593 2428 EapHost - ok
11:30:18.0640 2428 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
11:30:18.0796 2428 ERSvc - ok
11:30:18.0859 2428 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:30:18.0906 2428 Eventlog - ok
11:30:18.0968 2428 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
11:30:19.0031 2428 EventSystem - ok
11:30:19.0078 2428 Exportit (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
11:30:19.0140 2428 Exportit - ok
11:30:19.0203 2428 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:30:19.0375 2428 Fastfat - ok
11:30:19.0421 2428 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:30:19.0500 2428 FastUserSwitchingCompatibility - ok
11:30:19.0546 2428 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
11:30:19.0734 2428 Fax - ok
11:30:19.0750 2428 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:30:19.0937 2428 Fdc - ok
11:30:19.0953 2428 FilterService - ok
11:30:20.0140 2428 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:30:20.0343 2428 Fips - ok
11:30:20.0375 2428 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:30:20.0562 2428 Flpydisk - ok
11:30:20.0609 2428 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:30:20.0781 2428 FltMgr - ok
11:30:20.0906 2428 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:30:20.0937 2428 FontCache3.0.0.0 - ok
11:30:21.0000 2428 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:30:21.0187 2428 Fs_Rec - ok
11:30:21.0234 2428 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:30:21.0453 2428 Ftdisk - ok
11:30:21.0500 2428 GearAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
11:30:21.0531 2428 GearAspiWDM - ok
11:30:21.0578 2428 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
11:30:21.0593 2428 giveio ( UnsignedFile.Multi.Generic ) - warning
11:30:21.0593 2428 giveio - detected UnsignedFile.Multi.Generic (1)
11:30:21.0640 2428 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:30:21.0812 2428 Gpc - ok
11:30:21.0828 2428 GT890x - ok
11:30:21.0968 2428 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:30:22.0000 2428 gupdate - ok
11:30:22.0015 2428 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:30:22.0031 2428 gupdatem - ok
11:30:22.0140 2428 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:30:22.0312 2428 helpsvc - ok
11:30:22.0328 2428 HidServ - ok
11:30:22.0375 2428 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:30:22.0531 2428 HidUsb - ok
11:30:22.0578 2428 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
11:30:22.0750 2428 hkmsvc - ok
11:30:22.0796 2428 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:30:22.0984 2428 hpn - ok
11:30:23.0046 2428 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:30:23.0109 2428 HTTP - ok
11:30:23.0156 2428 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
11:30:23.0328 2428 HTTPFilter - ok
11:30:23.0359 2428 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:30:23.0515 2428 i2omgmt - ok
11:30:23.0546 2428 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:30:23.0734 2428 i2omp - ok
11:30:23.0812 2428 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:30:23.0968 2428 i8042prt - ok
11:30:24.0078 2428 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:30:24.0250 2428 ialm - ok
11:30:24.0453 2428 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:30:24.0515 2428 idsvc - ok
11:30:24.0640 2428 IKFileSec (ff9f262494fc23d77a6148d49d87d2de) C:\WINDOWS\system32\drivers\ikfilesec.sys
11:30:24.0671 2428 IKFileSec - ok
11:30:24.0687 2428 IKSysFlt (7e359671fd9595ecb1b0a33fb4184b19) C:\WINDOWS\system32\drivers\iksysflt.sys
11:30:24.0718 2428 IKSysFlt - ok
11:30:24.0765 2428 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\WINDOWS\system32\drivers\iksyssec.sys
11:30:24.0781 2428 IKSysSec - ok
11:30:24.0859 2428 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:30:25.0031 2428 Imapi - ok
11:30:25.0093 2428 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
11:30:25.0265 2428 ImapiService - ok
11:30:25.0312 2428 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:30:25.0531 2428 ini910u - ok
11:30:25.0562 2428 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:30:25.0703 2428 IntelIde - ok
11:30:25.0750 2428 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:30:25.0906 2428 intelppm - ok
11:30:25.0968 2428 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:30:26.0156 2428 Ip6Fw - ok
11:30:26.0203 2428 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:30:26.0421 2428 IpFilterDriver - ok
11:30:26.0468 2428 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:30:26.0625 2428 IpInIp - ok
11:30:26.0671 2428 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:30:26.0843 2428 IpNat - ok
11:30:26.0953 2428 iPod Service (1cb96e83fd76eb5580451cef29e24303) C:\Program Files\iPod\bin\iPodService.exe
11:30:27.0000 2428 iPod Service - ok
11:30:27.0062 2428 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:30:27.0234 2428 IPSec - ok
11:30:27.0281 2428 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:30:27.0453 2428 IRENUM - ok
11:30:27.0484 2428 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:30:27.0640 2428 isapnp - ok
11:30:27.0781 2428 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
11:30:27.0828 2428 JavaQuickStarterService - ok
11:30:27.0890 2428 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:30:28.0062 2428 Kbdclass - ok
11:30:28.0125 2428 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:30:28.0281 2428 kbdhid - ok
11:30:28.0296 2428 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:30:28.0484 2428 kmixer - ok
11:30:28.0609 2428 Kodak AiO Network Discovery Service (10c0f6417eccbee2b74301ece9a0efbe) C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
11:30:28.0656 2428 Kodak AiO Network Discovery Service - ok
11:30:28.0703 2428 KodakCCS (b3f86266f372a97624f5d132da6e97e6) C:\WINDOWS\system32\drivers\KodakCCS.exe
11:30:28.0765 2428 KodakCCS - ok
11:30:28.0812 2428 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:30:28.0906 2428 KSecDD - ok
11:30:28.0953 2428 L8042PR2 (733ececf4371ac99410ee0f00bfd51e7) C:\WINDOWS\system32\Drivers\l8042pr2.sys
11:30:29.0000 2428 L8042PR2 - ok
11:30:29.0078 2428 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
11:30:29.0156 2428 lanmanserver - ok
11:30:29.0234 2428 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
11:30:29.0328 2428 lanmanworkstation - ok
11:30:29.0375 2428 Lavasoft Kernexplorer - ok
11:30:29.0390 2428 Lbd - ok
11:30:29.0390 2428 lbrtfdc - ok
11:30:29.0453 2428 LHidFlt2 (5bc552b8a4bb668ac169a24d7ff5b9b8) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
11:30:29.0500 2428 LHidFlt2 - ok
11:30:29.0531 2428 LHidUsb (387cb1e73b17656f406fc13dc17eda6a) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
11:30:29.0625 2428 LHidUsb - ok
11:30:29.0671 2428 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
11:30:29.0843 2428 LmHosts - ok
11:30:29.0906 2428 LMouFlt2 (128f0b4cd156872d440ae77202923a32) C:\WINDOWS\system32\Drivers\LMouFlt2.sys
11:30:29.0937 2428 LMouFlt2 - ok
11:30:30.0015 2428 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
11:30:30.0125 2428 ltmodem5 - ok
11:30:30.0140 2428 LVRS - ok
11:30:30.0156 2428 LVUSBSta - ok
11:30:30.0156 2428 LVUVC - ok
11:30:30.0265 2428 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:30:30.0312 2428 MDM - ok
11:30:30.0328 2428 MEMSWEEP2 - ok
11:30:30.0375 2428 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
11:30:30.0562 2428 Messenger - ok
11:30:30.0625 2428 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:30:30.0812 2428 mnmdd - ok
11:30:30.0859 2428 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
11:30:31.0031 2428 mnmsrvc - ok
11:30:31.0078 2428 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:30:31.0250 2428 Modem - ok
11:30:31.0296 2428 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
11:30:31.0390 2428 motmodem - ok
11:30:31.0453 2428 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:30:31.0656 2428 Mouclass - ok
11:30:31.0734 2428 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:30:31.0921 2428 mouhid - ok
11:30:31.0968 2428 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:30:32.0140 2428 MountMgr - ok
11:30:32.0250 2428 MpKsl1fbfab41 - ok
11:30:32.0250 2428 MpKsl25b99d98 - ok
11:30:32.0265 2428 MpKsl76e0b04a - ok
11:30:32.0265 2428 MpKsl79c21357 - ok
11:30:32.0281 2428 MpKsl937f162e - ok
11:30:32.0296 2428 MpKsld2bc0d3a - ok
11:30:32.0328 2428 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:30:32.0546 2428 mraid35x - ok
11:30:32.0593 2428 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:30:32.0781 2428 MRxDAV - ok
11:30:32.0843 2428 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:30:32.0921 2428 MRxSmb - ok
11:30:32.0984 2428 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
11:30:33.0156 2428 MSDTC - ok
11:30:33.0218 2428 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:30:33.0390 2428 Msfs - ok
11:30:33.0390 2428 MSIServer - ok
11:30:33.0437 2428 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:30:33.0609 2428 MSKSSRV - ok
11:30:33.0656 2428 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:30:33.0843 2428 MSPCLOCK - ok
11:30:33.0875 2428 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:30:34.0031 2428 MSPQM - ok
11:30:34.0078 2428 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:30:34.0234 2428 mssmbios - ok
11:30:34.0281 2428 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:30:34.0468 2428 MSTEE - ok
11:30:34.0468 2428 msvmmouf - ok
11:30:34.0531 2428 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:30:34.0593 2428 Mup - ok
11:30:34.0640 2428 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:30:34.0812 2428 NABTSFEC - ok
11:30:34.0875 2428 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
11:30:35.0062 2428 napagent - ok
11:30:35.0125 2428 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:30:35.0312 2428 NDIS - ok
11:30:35.0359 2428 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:30:35.0515 2428 NdisIP - ok
11:30:35.0546 2428 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:30:35.0609 2428 NdisTapi - ok
11:30:35.0656 2428 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:30:35.0828 2428 Ndisuio - ok
11:30:35.0859 2428 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:30:36.0031 2428 NdisWan - ok
11:30:36.0078 2428 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:30:36.0171 2428 NDProxy - ok
11:30:36.0187 2428 Net Driver HPZ12 - ok
11:30:36.0218 2428 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:30:36.0406 2428 NetBIOS - ok
11:30:36.0453 2428 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:30:36.0671 2428 NetBT - ok
11:30:36.0718 2428 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:30:36.0937 2428 NetDDE - ok
11:30:36.0937 2428 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
11:30:37.0093 2428 NetDDEdsdm - ok
11:30:37.0140 2428 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:30:37.0328 2428 Netlogon - ok
11:30:37.0390 2428 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
11:30:37.0546 2428 Netman - ok
11:30:37.0750 2428 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
11:30:37.0796 2428 NetSvc ( UnsignedFile.Multi.Generic ) - warning
11:30:37.0796 2428 NetSvc - detected UnsignedFile.Multi.Generic (1)
11:30:37.0937 2428 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:30:37.0968 2428 NetTcpPortSharing - ok
11:30:37.0984 2428 NielGfx - ok
11:30:38.0000 2428 nielprt - ok
11:30:38.0078 2428 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
11:30:38.0140 2428 Nla - ok
11:30:38.0234 2428 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
11:30:38.0281 2428 NMSAccess - ok
11:30:38.0328 2428 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:30:38.0500 2428 Npfs - ok
11:30:38.0546 2428 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:30:38.0734 2428 Ntfs - ok
11:30:38.0781 2428 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:30:38.0937 2428 NtLmSsp - ok
11:30:39.0000 2428 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
11:30:39.0203 2428 NtmsSvc - ok
11:30:39.0234 2428 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:30:39.0453 2428 Null - ok
11:30:39.0578 2428 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:30:39.0781 2428 nv - ok
11:30:39.0921 2428 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:30:40.0156 2428 NwlnkFlt - ok
11:30:40.0187 2428 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:30:40.0406 2428 NwlnkFwd - ok
11:30:40.0515 2428 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:30:40.0546 2428 ose - ok
11:30:40.0609 2428 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:30:40.0781 2428 Parport - ok
11:30:40.0796 2428 Partizan - ok
11:30:40.0828 2428 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:30:40.0984 2428 PartMgr - ok
11:30:41.0031 2428 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:30:41.0250 2428 ParVdm - ok
11:30:41.0296 2428 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:30:41.0484 2428 PCI - ok
11:30:41.0484 2428 PCIDump - ok
11:30:41.0500 2428 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:30:41.0734 2428 PCIIde - ok
11:30:41.0781 2428 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:30:41.0968 2428 Pcmcia - ok
11:30:41.0984 2428 PDCOMP - ok
11:30:41.0984 2428 PDFRAME - ok
11:30:42.0000 2428 PDRELI - ok
11:30:42.0015 2428 PDRFRAME - ok
11:30:42.0062 2428 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:30:42.0265 2428 perc2 - ok
11:30:42.0328 2428 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:30:42.0531 2428 perc2hib - ok
11:30:42.0609 2428 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:30:42.0640 2428 PlugPlay - ok
11:30:42.0656 2428 Pml Driver HPZ12 - ok
11:30:42.0687 2428 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\WINDOWS\system32\DRIVERS\pneteth.sys
11:30:42.0734 2428 pneteth ( UnsignedFile.Multi.Generic ) - warning
11:30:42.0734 2428 pneteth - detected UnsignedFile.Multi.Generic (1)
11:30:42.0765 2428 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:30:42.0921 2428 PolicyAgent - ok
11:30:42.0968 2428 PPSCAN (1b94638b09adcef3aa522b50c0b85b69) C:\WINDOWS\system32\drivers\PPSCAN.sys
11:30:43.0000 2428 PPSCAN ( UnsignedFile.Multi.Generic ) - warning
11:30:43.0000 2428 PPSCAN - detected UnsignedFile.Multi.Generic (1)
11:30:43.0062 2428 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:30:43.0234 2428 PptpMiniport - ok
11:30:43.0250 2428 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:30:43.0406 2428 ProtectedStorage - ok
11:30:43.0421 2428 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:30:43.0593 2428 PSched - ok
11:30:43.0640 2428 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:30:43.0828 2428 Ptilink - ok
11:30:43.0875 2428 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:30:43.0906 2428 PxHelp20 - ok
11:30:43.0968 2428 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:30:44.0171 2428 ql1080 - ok
11:30:44.0203 2428 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:30:44.0421 2428 Ql10wnt - ok
11:30:44.0468 2428 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:30:44.0656 2428 ql12160 - ok
11:30:44.0671 2428 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:30:44.0875 2428 ql1240 - ok
11:30:44.0921 2428 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:30:45.0140 2428 ql1280 - ok
11:30:45.0203 2428 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:30:45.0390 2428 RasAcd - ok
11:30:45.0453 2428 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
11:30:45.0640 2428 RasAuto - ok
11:30:45.0671 2428 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:30:45.0812 2428 Rasl2tp - ok
11:30:45.0859 2428 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
11:30:46.0031 2428 RasMan - ok
11:30:46.0046 2428 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:30:46.0218 2428 RasPppoe - ok
11:30:46.0250 2428 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:30:46.0468 2428 Raspti - ok
11:30:46.0515 2428 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:30:46.0687 2428 Rdbss - ok
11:30:46.0718 2428 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:30:46.0921 2428 RDPCDD - ok
11:30:46.0968 2428 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:30:47.0125 2428 rdpdr - ok
11:30:47.0203 2428 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:30:47.0312 2428 RDPWD - ok
11:30:47.0343 2428 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
11:30:47.0546 2428 RDSessMgr - ok
11:30:47.0562 2428 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:30:47.0750 2428 redbook - ok
11:30:47.0812 2428 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
11:30:47.0984 2428 RemoteAccess - ok
11:30:48.0031 2428 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
11:30:48.0203 2428 RemoteRegistry - ok
11:30:48.0250 2428 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
11:30:48.0406 2428 RpcLocator - ok
11:30:48.0484 2428 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
11:30:48.0531 2428 RpcSs - ok
11:30:48.0578 2428 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
11:30:48.0812 2428 RSVP - ok
11:30:48.0828 2428 s3legacy - ok
11:30:48.0875 2428 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
11:30:49.0031 2428 SamSs - ok
11:30:49.0187 2428 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:30:49.0218 2428 SASDIFSV - ok
11:30:49.0234 2428 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:30:49.0265 2428 SASKUTIL - ok
11:30:49.0312 2428 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
11:30:49.0500 2428 SCardSvr - ok
11:30:49.0562 2428 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
11:30:49.0750 2428 Schedule - ok
11:30:49.0796 2428 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:30:49.0984 2428 Secdrv - ok
11:30:50.0031 2428 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
11:30:50.0187 2428 seclogon - ok
11:30:50.0328 2428 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
11:30:50.0437 2428 senfilt - ok
11:30:50.0515 2428 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
11:30:50.0671 2428 SENS - ok
11:30:50.0687 2428 Ser2pl - ok
11:30:50.0718 2428 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:30:50.0890 2428 serenum - ok
11:30:50.0937 2428 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:30:51.0093 2428 Serial - ok
11:30:51.0187 2428 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:30:51.0359 2428 Sfloppy - ok
11:30:51.0437 2428 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
11:30:51.0625 2428 SharedAccess - ok
11:30:51.0687 2428 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:30:51.0734 2428 ShellHWDetection - ok
11:30:51.0750 2428 Simbad - ok
11:30:51.0796 2428 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:30:51.0953 2428 sisagp - ok
11:30:52.0093 2428 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:30:52.0281 2428 SLIP - ok
11:30:52.0343 2428 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
11:30:52.0406 2428 smwdm - ok
11:30:52.0453 2428 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:30:52.0546 2428 Sparrow - ok
11:30:52.0593 2428 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:30:52.0750 2428 splitter - ok
11:30:52.0796 2428 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:30:52.0906 2428 Spooler - ok
11:30:52.0937 2428 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:30:53.0125 2428 sr - ok
11:30:53.0203 2428 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
11:30:53.0375 2428 srservice - ok
11:30:53.0437 2428 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:30:53.0515 2428 Srv - ok
11:30:53.0578 2428 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
11:30:53.0765 2428 SSDPSRV - ok
11:30:53.0796 2428 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
11:30:53.0812 2428 StarOpen ( UnsignedFile.Multi.Generic ) - warning
11:30:53.0812 2428 StarOpen - detected UnsignedFile.Multi.Generic (1)
11:30:53.0843 2428 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
11:30:54.0046 2428 stisvc - ok
11:30:54.0093 2428 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:30:54.0281 2428 streamip - ok
11:30:54.0312 2428 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:30:54.0515 2428 swenum - ok
11:30:54.0546 2428 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:30:54.0703 2428 swmidi - ok
11:30:54.0718 2428 SwPrv - ok
11:30:54.0781 2428 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:30:54.0984 2428 symc810 - ok
11:30:55.0015 2428 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:30:55.0218 2428 symc8xx - ok
11:30:55.0234 2428 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:30:55.0437 2428 sym_hi - ok
11:30:55.0468 2428 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:30:55.0671 2428 sym_u3 - ok
11:30:55.0703 2428 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:30:55.0875 2428 sysaudio - ok
11:30:55.0921 2428 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
11:30:56.0125 2428 SysmonLog - ok
11:30:56.0187 2428 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
11:30:56.0375 2428 TapiSrv - ok
11:30:56.0437 2428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:30:56.0531 2428 Tcpip - ok
11:30:56.0593 2428 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:30:56.0781 2428 TDPIPE - ok
11:30:56.0828 2428 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:30:57.0015 2428 TDTCP - ok
11:30:57.0046 2428 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:30:57.0203 2428 TermDD - ok
11:30:57.0265 2428 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
11:30:57.0421 2428 TermService - ok
11:30:57.0484 2428 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
11:30:57.0515 2428 Themes - ok
11:30:57.0531 2428 TlntSvr - ok
11:30:57.0578 2428 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:30:57.0796 2428 TosIde - ok
11:30:57.0843 2428 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
11:30:58.0031 2428 TrkWks - ok
11:30:58.0078 2428 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:30:58.0250 2428 Udfs - ok
11:30:58.0312 2428 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:30:58.0421 2428 ultra - ok
11:30:58.0468 2428 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:30:58.0656 2428 Update - ok
11:30:58.0703 2428 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
11:30:58.0875 2428 upnphost - ok
11:30:58.0921 2428 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
11:30:59.0125 2428 UPS - ok
11:30:59.0187 2428 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:30:59.0343 2428 usbaudio - ok
11:30:59.0390 2428 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:30:59.0609 2428 usbccgp - ok
11:30:59.0625 2428 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:30:59.0796 2428 usbehci - ok
11:30:59.0828 2428 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:31:00.0015 2428 usbhub - ok
11:31:00.0062 2428 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:31:00.0281 2428 usbprint - ok
11:31:00.0328 2428 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:31:00.0484 2428 usbscan - ok
11:31:00.0546 2428 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
11:31:00.0578 2428 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
11:31:00.0578 2428 usbsermpt - detected UnsignedFile.Multi.Generic (1)
11:31:00.0625 2428 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
11:31:00.0781 2428 usbsermptxp - ok
11:31:00.0828 2428 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:31:01.0000 2428 USBSTOR - ok
11:31:01.0031 2428 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:31:01.0187 2428 usbuhci - ok
11:31:01.0234 2428 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:31:01.0406 2428 usbvideo - ok
11:31:01.0468 2428 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
11:31:01.0656 2428 USB_RNDIS - ok
11:31:01.0703 2428 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
11:31:01.0890 2428 usb_rndisx - ok
11:31:01.0937 2428 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
11:31:02.0140 2428 USRpdA - ok
11:31:02.0203 2428 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:31:02.0359 2428 VgaSave - ok
11:31:02.0406 2428 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:31:02.0593 2428 viaagp - ok
11:31:02.0640 2428 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:31:02.0812 2428 ViaIde - ok
11:31:02.0875 2428 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:31:03.0031 2428 VolSnap - ok
11:31:03.0046 2428 vpc-s3 - ok
11:31:03.0062 2428 vpcbus - ok
11:31:03.0078 2428 vpcubus - ok
11:31:03.0093 2428 vpcuhub - ok
11:31:03.0140 2428 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
11:31:03.0328 2428 VSS - ok
11:31:03.0453 2428 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
11:31:03.0578 2428 vToolbarUpdater11.0.2 - ok
11:31:03.0671 2428 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
11:31:03.0843 2428 W32Time - ok
11:31:03.0953 2428 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:31:04.0125 2428 Wanarp - ok
11:31:04.0171 2428 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
11:31:04.0265 2428 wanatw - ok
11:31:04.0312 2428 wceusbsh (b85b448fd2c398970382a28e47cf4bc6) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
11:31:04.0484 2428 wceusbsh - ok
11:31:04.0562 2428 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
11:31:04.0609 2428 Wdf01000 - ok
11:31:04.0625 2428 WDICA - ok
11:31:04.0671 2428 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:31:04.0906 2428 wdmaud - ok
11:31:04.0953 2428 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
11:31:05.0125 2428 WebClient - ok
11:31:05.0250 2428 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:31:05.0468 2428 winmgmt - ok
11:31:05.0546 2428 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
11:31:05.0593 2428 WinUSB - ok
11:31:05.0625 2428 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:31:05.0750 2428 WmdmPmSN - ok
11:31:05.0812 2428 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
11:31:05.0890 2428 Wmi - ok
11:31:05.0953 2428 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:31:06.0156 2428 WmiApSrv - ok
11:31:06.0328 2428 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:31:06.0468 2428 WMPNetworkSvc - ok
11:31:06.0671 2428 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:31:06.0937 2428 WS2IFSL - ok
11:31:06.0984 2428 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
11:31:07.0171 2428 wscsvc - ok
11:31:07.0203 2428 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:31:07.0359 2428 WSTCODEC - ok
11:31:07.0406 2428 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
11:31:07.0625 2428 wuauserv - ok
11:31:07.0687 2428 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:31:07.0781 2428 WudfPf - ok
11:31:07.0796 2428 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:31:07.0875 2428 WudfRd - ok
11:31:07.0906 2428 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:31:07.0968 2428 WudfSvc - ok
11:31:08.0031 2428 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
11:31:08.0234 2428 WZCSVC - ok
11:31:08.0281 2428 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
11:31:08.0484 2428 xmlprov - ok
11:31:08.0593 2428 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
11:31:08.0656 2428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:31:08.0656 2428 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:31:08.0703 2428 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:31:08.0703 2428 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:31:08.0765 2428 Boot (0x1200) (b104393d64bc5709f8a55506caadb481) \Device\Harddisk0\DR0\Partition0
11:31:08.0765 2428 \Device\Harddisk0\DR0\Partition0 - ok
11:31:08.0828 2428 Boot (0x1200) (6dad720ef5d38f8dc5ce358b47371a7b) \Device\Harddisk0\DR0\Partition1
11:31:08.0828 2428 \Device\Harddisk0\DR0\Partition1 - ok
11:31:08.0828 2428 ============================================================
11:31:08.0828 2428 Scan finished
11:31:08.0828 2428 ============================================================
11:31:08.0953 1612 Detected object count: 11
11:31:08.0953 1612 Actual detected object count: 11
11:35:06.0203 1612 AGCoreService ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0203 1612 AGCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:06.0203 1612 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0218 1612 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:06.0218 1612 AvgArCln ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0218 1612 AvgArCln ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:06.0218 1612 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0218 1612 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:06.0218 1612 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0218 1612 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:06.0234 1612 pneteth ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0234 1612 pneteth ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:06.0234 1612 PPSCAN ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0234 1612 PPSCAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:06.0234 1612 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0234 1612 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:06.0234 1612 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
11:35:06.0234 1612 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:35:07.0343 1612 \Device\Harddisk0\DR0\# - copied to quarantine
11:35:07.0343 1612 \Device\Harddisk0\DR0 - copied to quarantine
11:35:07.0515 1612 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:35:07.0515 1612 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:35:07.0546 1612 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:35:07.0562 1612 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:35:07.0578 1612 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:35:07.0671 1612 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:35:07.0687 1612 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:35:07.0812 1612 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:35:07.0812 1612 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:35:07.0843 1612 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:35:07.0843 1612 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:35:07.0859 1612 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:35:07.0875 1612 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:35:07.0953 1612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:35:08.0046 1612 \Device\Harddisk0\DR0 - ok
11:35:09.0953 1612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:35:09.0953 1612 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:35:09.0953 1612 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:35:30.0531 3320 Deinitialize success

and

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Folder C:\Documents and Settings\All Users\Application Data\aDaOk02900\ not found.
C:\Documents and Settings\LocalService\Application Data\AVG7 folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{EE51A00C-5523-4AA5-8310-777D241DD5E5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE51A00C-5523-4AA5-8310-777D241DD5E5}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}\ not found.
========== FILES ==========
C:\Documents and Settings\Norman\Local Settings\Application Data\{EE51A00C-5523-4AA5-8310-777D241DD5E5}\chrome\content folder moved successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\{EE51A00C-5523-4AA5-8310-777D241DD5E5}\chrome folder moved successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\{EE51A00C-5523-4AA5-8310-777D241DD5E5} folder moved successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}\chrome\content folder moved successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7}\chrome folder moved successfully.
C:\Documents and Settings\Norman\Local Settings\Application Data\{68FC3F9C-4C5F-4D6D-9CAE-87A69A1E04F7} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Norman\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Norman\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Norman
->Temp folder emptied: 882478 bytes
->Temporary Internet Files folder emptied: 128343130 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 27319 bytes

User: Owner
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53191 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1344600 bytes

Total Files Cleaned = 125.00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07252012_115052

Files\Folders moved on Reboot...
C:\Documents and Settings\Norman\Local Settings\Temp\WCESLog.log moved successfully.
C:\Documents and Settings\Norman\Local Settings\Temp\~DF4C09.tmp moved successfully.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\KVLHZEYQ\page__pid__2181867[1].txt moved successfully.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\E472O0YA\fastbutton[1].txt moved successfully.
C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...
File C:\Documents and Settings\Norman\Local Settings\Temp\WCESLog.log not found!
File C:\Documents and Settings\Norman\Local Settings\Temp\~DF4C09.tmp not found!
File C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\KVLHZEYQ\page__pid__2181867[1].txt not found!
File C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\Content.IE5\E472O0YA\fastbutton[1].txt not found!
File C:\Documents and Settings\Norman\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat not found!

Registry entries deleted on Reboot...

and

OTL logfile created on: 7/25/2012 12:04:16 PM - Run 3
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Documents and Settings\Norman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 316.33 Mb Available Physical Memory | 30.95% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 73.97% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.59 Gb Total Space | 76.20 Gb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive D: | 37.01 Gb Total Space | 36.94 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
Drive E: | 561.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: D5468CB1 | User Name: Norman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/24 01:09:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/06/03 18:17:01 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/08 02:21:29 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 06:42:30 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/03 19:48:58 | 001,650,688 | ---- | M] (Webshots.com) -- C:\Program Files\Webshots\Webshots.scr
PRC - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2002/11/08 09:50:00 | 000,019,968 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\LOGI_MWX.EXE


========== Modules (No Company Name) ==========

MOD - [2012/06/13 19:44:05 | 000,141,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\badd66e1d2b8416e9bb868ad059203c6\System.Configuration.Install.ni.dll
MOD - [2012/06/13 19:44:04 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/03 18:17:05 | 000,130,944 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/06/03 18:17:01 | 002,067,328 | ---- | M] () -- C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
MOD - [2012/06/03 18:17:01 | 001,116,544 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/09 19:25:39 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\29bce0113d611084a9329349e33528ac\System.EnterpriseServices.ni.dll
MOD - [2012/05/09 19:24:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 19:21:32 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 19:14:15 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 19:13:45 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2005/10/05 03:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Virtual PC Integration Components\vmsrvc.exe -- (1-vmsrvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/03 18:17:04 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/04/20 03:54:35 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 10:57:48 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe -- (AGCoreService)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/08/05 13:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2005/03/30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcuhub.sys -- (vpcuhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcubus.sys -- (vpcubus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpc-s3.sys -- (vpc-s3)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpcgbus.sys -- (vpcbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ser2pl.sys -- (Ser2pl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\s3legacy.sys -- (s3legacy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\msvmmouf.sys -- (msvmmouf)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B74313BE-8613-40C7-9E79-C23B7785DDF5}\MpKsld2bc0d3a.sys -- (MpKsld2bc0d3a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{963A8BBC-89F4-42F7-982E-3A8BACEBC87B}\MpKsl937f162e.sys -- (MpKsl937f162e)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F98E526-EE0B-4C76-9A74-C74152DBE752}\MpKsl79c21357.sys -- (MpKsl79c21357)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00F8A698-9DA6-4ECA-B348-F57C84EBA7B8}\MpKsl76e0b04a.sys -- (MpKsl76e0b04a)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{742B54FC-84B3-4D0A-84F7-CA1DF5740B9A}\MpKsl25b99d98.sys -- (MpKsl25b99d98)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FF98C065-B559-41E8-AAA6-E4F9DE2B6CCF}\MpKsl1fbfab41.sys -- (MpKsl1fbfab41)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\1D.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvc.sys -- (LVUVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GT890x.SYS -- (GT890x)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ubVeo532.sys -- (DCamUSBVeo532)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\GT891x1.SYS -- (DCamUSBDXGTech)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dc21x4.sys -- (DC21x4)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ctlsb16.sys -- (ctlsb16)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Norman\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\BW2NDIS5.sys -- (BW2NDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys -- (BDRsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys -- (BDFsDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender10\bdfdll.sys -- (bdfdll)
DRV - File not found [Kernel | System | Stopped] -- System32\drivers\vmsrvc.sys -- (1-driver-vmsrvc)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/08/25 12:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 12:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 12:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/14 01:26:50 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2007/09/02 16:45:40 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/18 07:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/11/18 20:02:00 | 000,329,056 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3c1807pd.sys -- (3c1807pd)
DRV - [2005/06/16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005/03/31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005/03/31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005/03/31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005/03/31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005/03/31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)
DRV - [2002/11/08 09:50:00 | 000,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2002/11/08 09:50:00 | 000,052,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2002/11/08 09:50:00 | 000,041,420 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2002/11/08 09:50:00 | 000,023,838 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2002/03/29 13:58:26 | 000,091,520 | ---- | M] (Hewlett-Packard Co.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\ppscan.sys -- (PPSCAN)
DRV - [2001/08/17 13:28:26 | 000,113,762 | ---- | M] (U.S. Robotics Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USRpdA.sys -- (USRpdA)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 FA 44 E0 A6 15 CB 01 [binary data]
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\SearchScopes,DefaultScope = {76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\SearchScopes\{76AF3F48-AA9F-4811-A0E3-57E0CE390FF8}: "URL" = http://www.google.co...1I7GGHP_enUS454
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-03 18:17:07&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cnn.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/04/10 22:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/07/17 12:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/08 02:22:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 08:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.0.0.9\ [2012/06/03 18:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3.3\extensions\\Components: C:\Program Files\SeaMonkey\components [2012/04/08 02:21:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3.3\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins

[2011/02/01 16:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Norman\Application Data\Mozilla\Extensions
[2012/04/13 02:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions
[2012/03/10 01:09:05 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/04/13 02:49:51 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Norman\Application Data\Mozilla\SeaMonkey\Profiles\c9u5mklh.default\extensions\[email protected]
[2012/04/13 02:49:51 | 000,210,138 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\NORMAN\APPLICATION DATA\MOZILLA\SEAMONKEY\PROFILES\C9U5MKLH.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI

========== Chrome ==========

CHR - homepage: http://www.cnn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.cnn.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\Norman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/21 17:19:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\Toolbar\ShellBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O3 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..\Toolbar\WebBrowser: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)
O4 - HKLM..\Run: [3c1807pd] C:\WINDOWS\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Norman\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7617\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228 File not found
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Lookup on Merriam Webster - Reg Error: Value error. File not found
O8 - Extra context menu item: Lookup on Wikipedia - Reg Error: Value error. File not found
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2012/04/19 22:37:54 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-3250714072-1143876464-4062717417-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (Reg Error: Key error.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Family%20Feud%201%20&%202%20Bundle/Images/stg_drm.ocx (Reg Error: Key error.)
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} https://www.peoplepc...oad/ppcwebi.cab (PeoplePC Web Installer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.micr...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (Reg Error: Key error.)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1265531041843 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341345298625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Pet%20Show%20Craze/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E7637F18-B2C8-43E4-BCFE-BC3437DF469F} https://s.userzoom.com/s/UserZoom.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../pcpitstop2.dll (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pcsia.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C34B015-D0D4-42A2-AA14-F4B327E74AAF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{559E9134-46C7-4710-A412-50ECD376D6F2}: DhcpNameServer = 10.10.10.3
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (EXPLORER.EXE) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Norman\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Norman\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/23 00:25:08 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/23 00:25:09 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/08/12 09:12:03 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 11:35:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/25 11:27:50 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Norman\Desktop\tdsskiller.exe
[2012/07/24 17:42:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/24 13:25:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Norman\Desktop\aswMBR.exe
[2012/07/24 01:09:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
[2012/07/20 02:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Desktop\Tiffany
[2012/07/17 12:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/07/14 12:42:31 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/07/08 17:35:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norman\Desktop\freezeandcan
[2012/06/27 22:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\USPS
[2007/08/20 16:48:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Norman\usbsermptxp.sys
[2007/08/20 16:48:43 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Norman\usbsermpt.sys

========== Files - Modified Within 30 Days ==========

[2012/07/25 12:10:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 12:01:42 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/25 12:01:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/25 12:01:23 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/25 12:00:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/25 12:00:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 12:00:13 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 11:47:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/25 11:27:52 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Norman\Desktop\tdsskiller.exe
[2012/07/25 08:19:27 | 102,141,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/24 13:43:14 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\MBR.dat
[2012/07/24 13:25:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Norman\Desktop\aswMBR.exe
[2012/07/24 01:09:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Norman\Desktop\OTL.exe
[2012/07/23 17:54:00 | 000,340,057 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/07/23 15:58:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/07/20 22:23:08 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\Microsoft Office Word 2003.lnk
[2012/07/15 01:34:30 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\dt.dat
[2012/07/12 04:29:14 | 000,026,557 | ---- | M] () -- C:\Documents and Settings\Norman\Desktop\FatFaeries.jpg
[2012/07/11 10:51:27 | 000,562,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/11 02:03:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/27 22:58:36 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2012/06/27 22:58:24 | 000,001,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Click-N-Ship® for Business.lnk

========== Files Created - No Company Name ==========

[2012/07/24 00:31:21 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/19 13:06:35 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3250714072-1143876464-4062717417-1006.job
[2012/07/15 01:34:30 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\dt.dat
[2012/07/12 04:30:48 | 000,026,557 | ---- | C] () -- C:\Documents and Settings\Norman\Desktop\FatFaeries.jpg
[2012/06/27 22:58:24 | 000,001,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Click-N-Ship® for Business.lnk
[2012/02/15 18:16:19 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/21 16:54:51 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/21 16:54:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/21 16:54:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/21 16:54:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/21 16:54:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/08 20:13:11 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\.backup.dm
[2011/09/08 02:17:54 | 000,500,862 | ---- | C] () -- C:\Documents and Settings\Norman\.spyglass.properties
[2011/09/08 02:17:09 | 002,744,105 | ---- | C] () -- C:\Documents and Settings\Norman\.websiteauditor.properties
[2011/09/08 02:10:49 | 000,210,061 | ---- | C] () -- C:\Documents and Settings\Norman\.ranktracker.properties
[2011/09/08 02:04:17 | 000,453,954 | ---- | C] () -- C:\Documents and Settings\Norman\.linkassistant.properties
[2011/02/15 16:00:01 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/11/29 19:43:01 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/10/11 02:43:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 21:13:20 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2010/08/29 16:11:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/08/24 03:19:01 | 000,000,080 | ---- | C] () -- C:\WINDOWS\Muxman.ini
[2010/08/01 23:02:10 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/06/02 02:07:32 | 000,000,278 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/14 21:06:05 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\$_hpcst$.hpc
[2008/05/11 10:11:34 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\install.ini
[2007/09/02 16:45:40 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Norman\USB_MOT_BRIT.INF
[2007/09/02 16:45:40 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Norman\USB_MOT_A1000.INF
[2007/09/02 16:45:38 | 000,012,474 | ---- | C] () -- C:\Documents and Settings\Norman\1188769538-oem25.PNF
[2007/09/02 16:45:38 | 000,005,798 | ---- | C] () -- C:\Documents and Settings\Norman\1188769538-oem25.inf
[2007/09/02 16:45:37 | 000,014,294 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem23.PNF
[2007/09/02 16:45:37 | 000,012,828 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem24.PNF
[2007/09/02 16:45:37 | 000,007,194 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem23.inf
[2007/09/02 16:45:37 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Norman\1188769537-oem24.inf
[2007/08/20 16:48:43 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Norman\USBMOT2000.INF
[2007/08/20 16:48:43 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Norman\USBMOT2000XP.INF
[2007/08/20 16:48:43 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Norman\USB_CMCS_2000.INF
[2007/08/10 08:21:03 | 000,000,021 | ---- | C] () -- C:\Documents and Settings\Norman\presets.ini
[2006/08/24 23:43:22 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Norman\PlayList.bin
[2006/08/24 16:11:01 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\dvd.bmk
[2006/08/24 15:53:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\PFP120JPR.{PB
[2006/08/24 15:53:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Norman\Application Data\PFP120JCM.{PB
[2006/08/24 14:53:57 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\fusioncache.dat
[2006/08/23 02:22:22 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Norman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2010/12/12 19:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aDaOk02900
[2010/05/15 00:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2012/06/03 18:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/23 20:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/02/22 13:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/02/15 16:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/11/22 14:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/12/25 01:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2008/12/08 00:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\engadven
[2010/12/11 04:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2009/05/09 04:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2012/04/25 22:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2010/03/22 15:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2012/07/25 08:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/10/26 04:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/21 04:30:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/04/29 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/06/10 02:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2010/06/03 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/10 21:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2010/08/12 00:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/08/11 18:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Team MediaPortal
[2012/06/18 23:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/07/17 10:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/01 00:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2011/03/12 19:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Acapela Group
[2010/05/21 16:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AGI
[2010/08/12 00:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Aura4You
[2012/06/04 14:14:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG
[2011/11/22 14:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG Secure Search
[2011/11/22 14:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\AVG2012
[2011/02/15 16:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Canneverbe Limited
[2007/10/15 13:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\CNN
[2010/08/12 00:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\CocoonSoftware
[2006/11/22 04:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Earthlink
[2006/09/25 21:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Ignite
[2006/09/24 21:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Image Zone Express
[2010/07/03 11:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\iWin
[2011/09/27 18:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Keynote Systems
[2006/08/16 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Leadertech
[2010/02/03 18:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\LimeWire
[2010/06/06 13:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\PetShowCraze
[2010/06/03 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\PlayFirst
[2011/03/13 18:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Rovio
[2010/06/06 12:53:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\SpinTop
[2011/01/02 20:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Systenance
[2007/12/04 15:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\TechSmith
[2010/03/22 23:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Temp
[2012/04/25 13:47:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\TestApp
[2007/12/19 19:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Video DVD Maker FREE
[2007/02/10 10:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Viewpoint
[2012/03/07 13:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\webex
[2006/08/24 23:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\Webshots
[2012/01/31 20:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Norman\Application Data\wincorebsband

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#8
Nedklaw
Posted 26 July 2012 - 07:43 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
We still have a few things to do. I have to delete one stubborn folder and then perform a sweep for orphans to catch any remaining malware. We also need to remove a TDSS file system which the rootkit used for storing its files.

How is your system running? Are you experiencing any problems?


Step 1

Run TDSSKiller using the same instructions as before and when you get to the following screen, the TDSS File System needs to be changed from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.


Step 2

  • Click Start and then click Control Panel.
  • Click Appearance and Themes and then click Folder Options.
  • On the View tab, under Hidden files and folders, click Show hidden files and folders.
  • Delete the following folder - C:\Documents and Settings\All Users\Application Data\aDaOk02900
  • After deleting the folder, empty the Recycle Bin and hide your files and folders again.

Step 3

Posted Image
  • Run Malwarebytes' Anti-Malware.
  • Update Malwarebytes' Anti-Malware.
  • Once the program has updated, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 4

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
  • Click Scan. (This scan can take several hours, so please be patient).
  • Once the scan is completed, you may close the window.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

  • Answers to my questions
  • TDSSKiller.[Version]_[Date]_[Time]_log.txt
  • MBAM Log
  • log.txt
  • 0

#9
navagator
Posted 26 July 2012 - 04:17 PM

navagator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,


Everything seems to be working fine.

Here are the logs:

14:28:22.0566 2548 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
14:28:22.0909 2548 ============================================================
14:28:22.0909 2548 Current date / time: 2012/07/26 14:28:22.0909
14:28:22.0909 2548 SystemInfo:
14:28:22.0909 2548
14:28:22.0909 2548 OS Version: 5.1.2600 ServicePack: 3.0
14:28:22.0909 2548 Product type: Workstation
14:28:22.0909 2548 ComputerName: D5468CB1
14:28:22.0909 2548 UserName: Norman
14:28:22.0909 2548 Windows directory: C:\WINDOWS
14:28:22.0909 2548 System windows directory: C:\WINDOWS
14:28:22.0909 2548 Processor architecture: Intel x86
14:28:22.0909 2548 Number of processors: 1
14:28:22.0909 2548 Page size: 0x1000
14:28:22.0909 2548 Boot type: Normal boot
14:28:22.0909 2548 ============================================================
14:28:27.0034 2548 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:28:27.0066 2548 ============================================================
14:28:27.0066 2548 \Device\Harddisk0\DR0:
14:28:27.0097 2548 MBR partitions:
14:28:27.0097 2548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0xD92C09F
14:28:27.0097 2548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD93FA64, BlocksNum 0x4A07AE0
14:28:27.0097 2548 ============================================================
14:28:27.0362 2548 C: <-> \Device\Harddisk0\DR0\Partition0
14:28:27.0581 2548 D: <-> \Device\Harddisk0\DR0\Partition1
14:28:27.0581 2548 ============================================================
14:28:27.0581 2548 Initialize success
14:28:27.0581 2548 ============================================================
14:30:22.0847 0256 ============================================================
14:30:22.0847 0256 Scan started
14:30:22.0847 0256 Mode: Manual; SigCheck; TDLFS;
14:30:22.0847 0256 ============================================================
14:30:23.0128 0256 1-driver-vmsrvc - ok
14:30:23.0175 0256 1-vmsrvc - ok
14:30:23.0237 0256 3c1807pd (20598faa1765af9495760c368b7156f0) C:\WINDOWS\system32\DRIVERS\3c1807pd.sys
14:30:23.0894 0256 3c1807pd - ok
14:30:23.0894 0256 Abiosdsk - ok
14:30:23.0941 0256 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
14:30:24.0519 0256 abp480n5 - ok
14:30:24.0566 0256 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:30:24.0737 0256 ACPI - ok
14:30:24.0800 0256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:30:24.0972 0256 ACPIEC - ok
14:30:25.0081 0256 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:30:25.0175 0256 AdobeFlashPlayerUpdateSvc - ok
14:30:25.0222 0256 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:30:25.0409 0256 adpu160m - ok
14:30:25.0456 0256 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:30:25.0612 0256 aec - ok
14:30:25.0659 0256 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:30:25.0769 0256 AFD - ok
14:30:25.0862 0256 AGCoreService (3ddfe25e488975383b6ab9424cf8d812) C:\Program Files\AGI\core\4.2.0.10753\AGCoreService.exe
14:30:26.0019 0256 AGCoreService ( UnsignedFile.Multi.Generic ) - warning
14:30:26.0019 0256 AGCoreService - detected UnsignedFile.Multi.Generic (1)
14:30:26.0066 0256 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
14:30:26.0253 0256 agp440 - ok
14:30:26.0284 0256 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
14:30:26.0487 0256 agpCPQ - ok
14:30:26.0534 0256 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
14:30:26.0644 0256 Aha154x - ok
14:30:26.0691 0256 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:30:26.0894 0256 aic78u2 - ok
14:30:26.0925 0256 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:30:27.0128 0256 aic78xx - ok
14:30:27.0175 0256 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:30:27.0362 0256 Alerter - ok
14:30:27.0409 0256 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
14:30:27.0566 0256 ALG - ok
14:30:27.0612 0256 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:30:27.0816 0256 AliIde - ok
14:30:27.0862 0256 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
14:30:28.0034 0256 alim1541 - ok
14:30:28.0050 0256 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
14:30:28.0253 0256 amdagp - ok
14:30:28.0300 0256 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
14:30:28.0394 0256 amsint - ok
14:30:28.0581 0256 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
14:30:28.0691 0256 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - warning
14:30:28.0691 0256 Apple Mobile Device - detected UnsignedFile.Multi.Generic (1)
14:30:28.0691 0256 AppMgmt - ok
14:30:28.0737 0256 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
14:30:28.0941 0256 asc - ok
14:30:28.0987 0256 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
14:30:29.0066 0256 asc3350p - ok
14:30:29.0112 0256 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
14:30:29.0331 0256 asc3550 - ok
14:30:29.0456 0256 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:30:29.0519 0256 aspnet_state - ok
14:30:29.0550 0256 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:30:29.0753 0256 AsyncMac - ok
14:30:29.0784 0256 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:30:29.0956 0256 atapi - ok
14:30:29.0972 0256 Atdisk - ok
14:30:30.0019 0256 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:30:30.0222 0256 Atmarpc - ok
14:30:30.0269 0256 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:30:30.0456 0256 AudioSrv - ok
14:30:30.0487 0256 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:30:30.0675 0256 audstub - ok
14:30:30.0722 0256 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
14:30:30.0784 0256 AvgArCln ( UnsignedFile.Multi.Generic ) - warning
14:30:30.0784 0256 AvgArCln - detected UnsignedFile.Multi.Generic (1)
14:30:31.0097 0256 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:30:31.0456 0256 AVGIDSAgent - ok
14:30:31.0597 0256 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
14:30:31.0909 0256 AVGIDSDriver - ok
14:30:31.0941 0256 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
14:30:31.0956 0256 AVGIDSFilter - ok
14:30:32.0003 0256 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
14:30:32.0034 0256 AVGIDSHX - ok
14:30:32.0066 0256 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
14:30:32.0081 0256 AVGIDSShim - ok
14:30:32.0128 0256 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:30:32.0159 0256 Avgldx86 - ok
14:30:32.0175 0256 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:30:32.0206 0256 Avgmfx86 - ok
14:30:32.0237 0256 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:30:32.0253 0256 Avgrkx86 - ok
14:30:32.0300 0256 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:30:32.0347 0256 Avgtdix - ok
14:30:32.0441 0256 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:30:32.0487 0256 avgwd - ok
14:30:32.0534 0256 bdfdll - ok
14:30:32.0534 0256 BDFsDrv - ok
14:30:32.0550 0256 BDRsDrv - ok
14:30:32.0597 0256 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:30:32.0800 0256 Beep - ok
14:30:32.0847 0256 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:30:33.0253 0256 BITS - ok
14:30:33.0347 0256 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
14:30:33.0394 0256 Bonjour Service - ok
14:30:33.0441 0256 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:30:33.0612 0256 Browser - ok
14:30:33.0628 0256 BW2NDIS5 - ok
14:30:33.0628 0256 catchme - ok
14:30:33.0675 0256 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
14:30:33.0878 0256 cbidf - ok
14:30:33.0894 0256 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:30:34.0081 0256 cbidf2k - ok
14:30:34.0128 0256 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:30:34.0284 0256 CCDECODE - ok
14:30:34.0316 0256 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
14:30:34.0409 0256 cd20xrnt - ok
14:30:34.0456 0256 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:30:34.0691 0256 Cdaudio - ok
14:30:34.0722 0256 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:30:34.0878 0256 Cdfs - ok
14:30:34.0894 0256 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:30:35.0066 0256 Cdrom - ok
14:30:35.0081 0256 Changer - ok
14:30:35.0112 0256 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
14:30:35.0284 0256 CiSvc - ok
14:30:35.0331 0256 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
14:30:35.0519 0256 ClipSrv - ok
14:30:35.0628 0256 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:30:35.0737 0256 clr_optimization_v2.0.50727_32 - ok
14:30:35.0800 0256 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:30:35.0987 0256 CmdIde - ok
14:30:36.0003 0256 COMSysApp - ok
14:30:36.0034 0256 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14:30:36.0269 0256 Cpqarray - ok
14:30:36.0487 0256 cpuz132 - ok
14:30:36.0534 0256 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:30:36.0737 0256 CryptSvc - ok
14:30:36.0753 0256 ctlsb16 - ok
14:30:36.0800 0256 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
14:30:37.0019 0256 dac2w2k - ok
14:30:37.0066 0256 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14:30:37.0269 0256 dac960nt - ok
14:30:37.0269 0256 DC21x4 - ok
14:30:37.0284 0256 DCamUSBDXGTech - ok
14:30:37.0300 0256 DCamUSBVeo532 - ok
14:30:37.0331 0256 DcCam (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
14:30:37.0441 0256 DcCam - ok
14:30:37.0487 0256 DcFpoint (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
14:30:37.0519 0256 DcFpoint - ok
14:30:37.0566 0256 DCFS2K (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
14:30:37.0597 0256 DCFS2K - ok
14:30:37.0644 0256 DcLps (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
14:30:37.0691 0256 DcLps - ok
14:30:37.0753 0256 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:30:37.0816 0256 DcomLaunch - ok
14:30:37.0878 0256 DcPTP (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
14:30:37.0956 0256 DcPTP - ok
14:30:38.0019 0256 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:30:38.0191 0256 Dhcp - ok
14:30:38.0237 0256 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:30:38.0409 0256 Disk - ok
14:30:38.0409 0256 dmadmin - ok
14:30:38.0487 0256 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:30:38.0706 0256 dmboot - ok
14:30:38.0769 0256 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:30:38.0941 0256 dmio - ok
14:30:38.0987 0256 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:30:39.0191 0256 dmload - ok
14:30:39.0237 0256 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:30:39.0441 0256 dmserver - ok
14:30:39.0472 0256 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:30:39.0628 0256 DMusic - ok
14:30:39.0675 0256 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
14:30:39.0800 0256 Dnscache - ok
14:30:39.0847 0256 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:30:40.0066 0256 Dot3svc - ok
14:30:40.0112 0256 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:30:40.0347 0256 dpti2o - ok
14:30:40.0394 0256 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:30:40.0566 0256 drmkaud - ok
14:30:40.0612 0256 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:30:40.0706 0256 E100B - ok
14:30:40.0753 0256 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:30:40.0956 0256 EapHost - ok
14:30:41.0003 0256 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
14:30:41.0159 0256 ERSvc - ok
14:30:41.0222 0256 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:30:41.0284 0256 Eventlog - ok
14:30:41.0331 0256 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:30:41.0503 0256 EventSystem - ok
14:30:41.0581 0256 Exportit (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
14:30:41.0659 0256 Exportit - ok
14:30:41.0722 0256 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:30:41.0894 0256 Fastfat - ok
14:30:41.0941 0256 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:30:42.0081 0256 FastUserSwitchingCompatibility - ok
14:30:42.0144 0256 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
14:30:42.0331 0256 Fax - ok
14:30:42.0362 0256 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:30:42.0534 0256 Fdc - ok
14:30:42.0550 0256 FilterService - ok
14:30:42.0597 0256 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:30:42.0769 0256 Fips - ok
14:30:42.0816 0256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:30:43.0003 0256 Flpydisk - ok
14:30:43.0050 0256 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:30:43.0206 0256 FltMgr - ok
14:30:43.0331 0256 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:30:43.0378 0256 FontCache3.0.0.0 - ok
14:30:43.0456 0256 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:30:43.0706 0256 Fs_Rec - ok
14:30:43.0769 0256 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:30:43.0972 0256 Ftdisk - ok
14:30:44.0019 0256 GearAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
14:30:44.0050 0256 GearAspiWDM - ok
14:30:44.0097 0256 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
14:30:44.0112 0256 giveio ( UnsignedFile.Multi.Generic ) - warning
14:30:44.0112 0256 giveio - detected UnsignedFile.Multi.Generic (1)
14:30:44.0144 0256 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:30:44.0331 0256 Gpc - ok
14:30:44.0347 0256 GT890x - ok
14:30:44.0519 0256 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:30:44.0550 0256 gupdate - ok
14:30:44.0550 0256 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
14:30:44.0581 0256 gupdatem - ok
14:30:44.0659 0256 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:30:44.0878 0256 helpsvc - ok
14:30:44.0894 0256 HidServ - ok
14:30:44.0941 0256 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:30:45.0144 0256 HidUsb - ok
14:30:45.0191 0256 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:30:45.0394 0256 hkmsvc - ok
14:30:45.0425 0256 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
14:30:45.0628 0256 hpn - ok
14:30:45.0691 0256 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:30:45.0800 0256 HTTP - ok
14:30:45.0831 0256 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:30:46.0050 0256 HTTPFilter - ok
14:30:46.0081 0256 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
14:30:46.0237 0256 i2omgmt - ok
14:30:46.0284 0256 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
14:30:46.0472 0256 i2omp - ok
14:30:46.0519 0256 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:30:46.0675 0256 i8042prt - ok
14:30:46.0784 0256 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
14:30:47.0003 0256 ialm - ok
14:30:47.0175 0256 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:30:47.0269 0256 idsvc - ok
14:30:47.0487 0256 IKFileSec (ff9f262494fc23d77a6148d49d87d2de) C:\WINDOWS\system32\drivers\ikfilesec.sys
14:30:47.0534 0256 IKFileSec - ok
14:30:47.0597 0256 IKSysFlt (7e359671fd9595ecb1b0a33fb4184b19) C:\WINDOWS\system32\drivers\iksysflt.sys
14:30:47.0628 0256 IKSysFlt - ok
14:30:47.0644 0256 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\WINDOWS\system32\drivers\iksyssec.sys
14:30:47.0675 0256 IKSysSec - ok
14:30:47.0722 0256 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:30:47.0894 0256 Imapi - ok
14:30:47.0941 0256 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:30:48.0128 0256 ImapiService - ok
14:30:48.0175 0256 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
14:30:48.0409 0256 ini910u - ok
14:30:48.0456 0256 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:30:48.0612 0256 IntelIde - ok
14:30:48.0691 0256 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:30:48.0862 0256 intelppm - ok
14:30:48.0894 0256 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:30:49.0081 0256 Ip6Fw - ok
14:30:49.0128 0256 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:30:49.0347 0256 IpFilterDriver - ok
14:30:49.0394 0256 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:30:49.0550 0256 IpInIp - ok
14:30:49.0597 0256 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:30:49.0769 0256 IpNat - ok
14:30:49.0925 0256 iPod Service (1cb96e83fd76eb5580451cef29e24303) C:\Program Files\iPod\bin\iPodService.exe
14:30:49.0987 0256 iPod Service - ok
14:30:50.0019 0256 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:30:50.0237 0256 IPSec - ok
14:30:50.0284 0256 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:30:50.0519 0256 IRENUM - ok
14:30:50.0566 0256 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:30:50.0722 0256 isapnp - ok
14:30:50.0847 0256 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
14:30:50.0878 0256 JavaQuickStarterService - ok
14:30:50.0909 0256 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:30:51.0066 0256 Kbdclass - ok
14:30:51.0112 0256 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:30:51.0253 0256 kbdhid - ok
14:30:51.0300 0256 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:30:51.0472 0256 kmixer - ok
14:30:51.0612 0256 Kodak AiO Network Discovery Service (10c0f6417eccbee2b74301ece9a0efbe) C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
14:30:51.0659 0256 Kodak AiO Network Discovery Service - ok
14:30:51.0706 0256 KodakCCS (b3f86266f372a97624f5d132da6e97e6) C:\WINDOWS\system32\drivers\KodakCCS.exe
14:30:51.0769 0256 KodakCCS - ok
14:30:51.0831 0256 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:30:51.0941 0256 KSecDD - ok
14:30:51.0987 0256 L8042PR2 (733ececf4371ac99410ee0f00bfd51e7) C:\WINDOWS\system32\Drivers\l8042pr2.sys
14:30:52.0066 0256 L8042PR2 - ok
14:30:52.0112 0256 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
14:30:52.0222 0256 lanmanserver - ok
14:30:52.0269 0256 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
14:30:52.0441 0256 lanmanworkstation - ok
14:30:52.0472 0256 Lavasoft Kernexplorer - ok
14:30:52.0487 0256 Lbd - ok
14:30:52.0487 0256 lbrtfdc - ok
14:30:52.0566 0256 LHidFlt2 (5bc552b8a4bb668ac169a24d7ff5b9b8) C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
14:30:52.0644 0256 LHidFlt2 - ok
14:30:52.0659 0256 LHidUsb (387cb1e73b17656f406fc13dc17eda6a) C:\WINDOWS\system32\Drivers\LHidUsb.Sys
14:30:52.0769 0256 LHidUsb - ok
14:30:52.0831 0256 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:30:53.0081 0256 LmHosts - ok
14:30:53.0128 0256 LMouFlt2 (128f0b4cd156872d440ae77202923a32) C:\WINDOWS\system32\Drivers\LMouFlt2.sys
14:30:53.0159 0256 LMouFlt2 - ok
14:30:53.0222 0256 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
14:30:53.0394 0256 ltmodem5 - ok
14:30:53.0409 0256 LVRS - ok
14:30:53.0425 0256 LVUSBSta - ok
14:30:53.0441 0256 LVUVC - ok
14:30:53.0534 0256 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
14:30:53.0566 0256 MDM - ok
14:30:53.0581 0256 MEMSWEEP2 - ok
14:30:53.0612 0256 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
14:30:53.0816 0256 Messenger - ok
14:30:53.0878 0256 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:30:54.0081 0256 mnmdd - ok
14:30:54.0128 0256 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
14:30:54.0300 0256 mnmsrvc - ok
14:30:54.0347 0256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:30:54.0503 0256 Modem - ok
14:30:54.0550 0256 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
14:30:54.0644 0256 motmodem - ok
14:30:54.0675 0256 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:30:54.0847 0256 Mouclass - ok
14:30:54.0909 0256 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:30:55.0097 0256 mouhid - ok
14:30:55.0128 0256 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:30:55.0284 0256 MountMgr - ok
14:30:55.0409 0256 MpKsl1fbfab41 - ok
14:30:55.0409 0256 MpKsl25b99d98 - ok
14:30:55.0425 0256 MpKsl76e0b04a - ok
14:30:55.0425 0256 MpKsl79c21357 - ok
14:30:55.0441 0256 MpKsl937f162e - ok
14:30:55.0456 0256 MpKsld2bc0d3a - ok
14:30:55.0519 0256 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:30:55.0737 0256 mraid35x - ok
14:30:55.0769 0256 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:30:55.0941 0256 MRxDAV - ok
14:30:55.0987 0256 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:30:56.0066 0256 MRxSmb - ok
14:30:56.0128 0256 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:30:56.0300 0256 MSDTC - ok
14:30:56.0347 0256 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:30:56.0550 0256 Msfs - ok
14:30:56.0566 0256 MSIServer - ok
14:30:56.0597 0256 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:30:56.0784 0256 MSKSSRV - ok
14:30:56.0816 0256 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:30:57.0003 0256 MSPCLOCK - ok
14:30:57.0034 0256 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:30:57.0191 0256 MSPQM - ok
14:30:57.0222 0256 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:30:57.0378 0256 mssmbios - ok
14:30:57.0425 0256 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:30:57.0612 0256 MSTEE - ok
14:30:57.0628 0256 msvmmouf - ok
14:30:57.0675 0256 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:30:57.0722 0256 Mup - ok
14:30:57.0784 0256 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:30:57.0956 0256 NABTSFEC - ok
14:30:58.0019 0256 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:30:58.0206 0256 napagent - ok
14:30:58.0237 0256 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:30:58.0409 0256 NDIS - ok
14:30:58.0456 0256 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:30:58.0612 0256 NdisIP - ok
14:30:58.0659 0256 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:30:58.0784 0256 NdisTapi - ok
14:30:58.0831 0256 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:30:59.0003 0256 Ndisuio - ok
14:30:59.0034 0256 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:30:59.0206 0256 NdisWan - ok
14:30:59.0237 0256 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:30:59.0378 0256 NDProxy - ok
14:30:59.0394 0256 Net Driver HPZ12 - ok
14:30:59.0425 0256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:30:59.0612 0256 NetBIOS - ok
14:30:59.0644 0256 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:30:59.0800 0256 NetBT - ok
14:30:59.0862 0256 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:31:00.0066 0256 NetDDE - ok
14:31:00.0066 0256 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
14:31:00.0222 0256 NetDDEdsdm - ok
14:31:00.0253 0256 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:31:00.0425 0256 Netlogon - ok
14:31:00.0487 0256 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:31:00.0644 0256 Netman - ok
14:31:00.0816 0256 NetSvc (02d0798f376fcbd0210eda58476d0b1b) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
14:31:00.0925 0256 NetSvc ( UnsignedFile.Multi.Generic ) - warning
14:31:00.0925 0256 NetSvc - detected UnsignedFile.Multi.Generic (1)
14:31:01.0066 0256 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:31:01.0112 0256 NetTcpPortSharing - ok
14:31:01.0128 0256 NielGfx - ok
14:31:01.0144 0256 nielprt - ok
14:31:01.0191 0256 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
14:31:01.0237 0256 Nla - ok
14:31:01.0300 0256 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
14:31:01.0362 0256 NMSAccess - ok
14:31:01.0409 0256 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:31:01.0581 0256 Npfs - ok
14:31:01.0612 0256 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:31:01.0800 0256 Ntfs - ok
14:31:01.0847 0256 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:31:02.0003 0256 NtLmSsp - ok
14:31:02.0066 0256 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
14:31:02.0269 0256 NtmsSvc - ok
14:31:02.0331 0256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:31:02.0534 0256 Null - ok
14:31:02.0659 0256 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:31:02.0878 0256 nv - ok
14:31:03.0003 0256 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:31:03.0237 0256 NwlnkFlt - ok
14:31:03.0269 0256 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:31:03.0487 0256 NwlnkFwd - ok
14:31:03.0581 0256 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:31:03.0612 0256 ose - ok
14:31:03.0659 0256 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:31:03.0831 0256 Parport - ok
14:31:03.0847 0256 Partizan - ok
14:31:03.0862 0256 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:31:04.0019 0256 PartMgr - ok
14:31:04.0066 0256 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:31:04.0300 0256 ParVdm - ok
14:31:04.0347 0256 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:31:04.0503 0256 PCI - ok
14:31:04.0519 0256 PCIDump - ok
14:31:04.0566 0256 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:31:04.0769 0256 PCIIde - ok
14:31:04.0816 0256 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:31:05.0003 0256 Pcmcia - ok
14:31:05.0019 0256 PDCOMP - ok
14:31:05.0019 0256 PDFRAME - ok
14:31:05.0034 0256 PDRELI - ok
14:31:05.0050 0256 PDRFRAME - ok
14:31:05.0097 0256 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
14:31:05.0316 0256 perc2 - ok
14:31:05.0362 0256 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
14:31:05.0550 0256 perc2hib - ok
14:31:05.0597 0256 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
14:31:05.0628 0256 PlugPlay - ok
14:31:05.0644 0256 Pml Driver HPZ12 - ok
14:31:05.0691 0256 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\WINDOWS\system32\DRIVERS\pneteth.sys
14:31:05.0800 0256 pneteth ( UnsignedFile.Multi.Generic ) - warning
14:31:05.0800 0256 pneteth - detected UnsignedFile.Multi.Generic (1)
14:31:05.0847 0256 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:31:05.0987 0256 PolicyAgent - ok
14:31:06.0050 0256 PPSCAN (1b94638b09adcef3aa522b50c0b85b69) C:\WINDOWS\system32\drivers\PPSCAN.sys
14:31:06.0112 0256 PPSCAN ( UnsignedFile.Multi.Generic ) - warning
14:31:06.0112 0256 PPSCAN - detected UnsignedFile.Multi.Generic (1)
14:31:06.0144 0256 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:31:06.0300 0256 PptpMiniport - ok
14:31:06.0331 0256 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:31:06.0487 0256 ProtectedStorage - ok
14:31:06.0503 0256 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:31:06.0675 0256 PSched - ok
14:31:06.0722 0256 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:31:06.0925 0256 Ptilink - ok
14:31:06.0956 0256 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:31:06.0987 0256 PxHelp20 - ok
14:31:07.0034 0256 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
14:31:07.0237 0256 ql1080 - ok
14:31:07.0284 0256 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
14:31:07.0503 0256 Ql10wnt - ok
14:31:07.0550 0256 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
14:31:07.0722 0256 ql12160 - ok
14:31:07.0753 0256 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
14:31:07.0956 0256 ql1240 - ok
14:31:07.0987 0256 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
14:31:08.0191 0256 ql1280 - ok
14:31:08.0253 0256 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:31:08.0425 0256 RasAcd - ok
14:31:08.0503 0256 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:31:08.0691 0256 RasAuto - ok
14:31:08.0706 0256 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:31:08.0862 0256 Rasl2tp - ok
14:31:08.0909 0256 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:31:09.0066 0256 RasMan - ok
14:31:09.0097 0256 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:31:09.0253 0256 RasPppoe - ok
14:31:09.0300 0256 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:31:09.0503 0256 Raspti - ok
14:31:09.0550 0256 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:31:09.0722 0256 Rdbss - ok
14:31:09.0737 0256 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:31:09.0972 0256 RDPCDD - ok
14:31:10.0019 0256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:31:10.0206 0256 rdpdr - ok
14:31:10.0269 0256 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
14:31:10.0362 0256 RDPWD - ok
14:31:10.0409 0256 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:31:10.0581 0256 RDSessMgr - ok
14:31:10.0597 0256 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:31:10.0753 0256 redbook - ok
14:31:10.0800 0256 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:31:10.0987 0256 RemoteAccess - ok
14:31:11.0019 0256 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
14:31:11.0206 0256 RemoteRegistry - ok
14:31:11.0237 0256 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
14:31:11.0409 0256 RpcLocator - ok
14:31:11.0472 0256 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
14:31:11.0519 0256 RpcSs - ok
14:31:11.0566 0256 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:31:11.0800 0256 RSVP - ok
14:31:11.0816 0256 s3legacy - ok
14:31:11.0847 0256 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:31:12.0003 0256 SamSs - ok
14:31:12.0112 0256 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:31:12.0175 0256 SASDIFSV - ok
14:31:12.0191 0256 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:31:12.0237 0256 SASKUTIL - ok
14:31:12.0284 0256 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:31:12.0472 0256 SCardSvr - ok
14:31:12.0519 0256 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:31:12.0691 0256 Schedule - ok
14:31:12.0737 0256 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:31:12.0987 0256 Secdrv - ok
14:31:13.0019 0256 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:31:13.0191 0256 seclogon - ok
14:31:13.0269 0256 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
14:31:13.0378 0256 senfilt - ok
14:31:13.0425 0256 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:31:13.0581 0256 SENS - ok
14:31:13.0597 0256 Ser2pl - ok
14:31:13.0628 0256 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:31:13.0784 0256 serenum - ok
14:31:13.0816 0256 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:31:13.0987 0256 Serial - ok
14:31:14.0019 0256 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:31:14.0191 0256 Sfloppy - ok
14:31:14.0237 0256 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:31:14.0441 0256 SharedAccess - ok
14:31:14.0487 0256 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:31:14.0519 0256 ShellHWDetection - ok
14:31:14.0534 0256 Simbad - ok
14:31:14.0581 0256 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
14:31:14.0737 0256 sisagp - ok
14:31:14.0769 0256 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:31:14.0925 0256 SLIP - ok
14:31:14.0987 0256 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
14:31:15.0034 0256 smwdm - ok
14:31:15.0081 0256 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
14:31:15.0191 0256 Sparrow - ok
14:31:15.0237 0256 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:31:15.0394 0256 splitter - ok
14:31:15.0441 0256 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:31:15.0566 0256 Spooler - ok
14:31:15.0581 0256 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:31:15.0753 0256 sr - ok
14:31:15.0800 0256 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:31:15.0972 0256 srservice - ok
14:31:16.0019 0256 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:31:16.0128 0256 Srv - ok
14:31:16.0191 0256 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:31:16.0394 0256 SSDPSRV - ok
14:31:16.0441 0256 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
14:31:16.0487 0256 StarOpen ( UnsignedFile.Multi.Generic ) - warning
14:31:16.0487 0256 StarOpen - detected UnsignedFile.Multi.Generic (1)
14:31:16.0550 0256 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:31:16.0737 0256 stisvc - ok
14:31:16.0769 0256 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:31:16.0956 0256 streamip - ok
14:31:17.0003 0256 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:31:17.0206 0256 swenum - ok
14:31:17.0222 0256 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:31:17.0394 0256 swmidi - ok
14:31:17.0394 0256 SwPrv - ok
14:31:17.0441 0256 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
14:31:17.0628 0256 symc810 - ok
14:31:17.0659 0256 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:31:17.0878 0256 symc8xx - ok
14:31:17.0894 0256 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:31:18.0112 0256 sym_hi - ok
14:31:18.0159 0256 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:31:18.0394 0256 sym_u3 - ok
14:31:18.0441 0256 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:31:18.0644 0256 sysaudio - ok
14:31:18.0675 0256 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:31:18.0862 0256 SysmonLog - ok
14:31:18.0909 0256 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:31:19.0081 0256 TapiSrv - ok
14:31:19.0144 0256 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:31:19.0206 0256 Tcpip - ok
14:31:19.0269 0256 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:31:19.0456 0256 TDPIPE - ok
14:31:19.0487 0256 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:31:19.0675 0256 TDTCP - ok
14:31:19.0691 0256 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:31:19.0862 0256 TermDD - ok
14:31:19.0925 0256 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:31:20.0097 0256 TermService - ok
14:31:20.0144 0256 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
14:31:20.0175 0256 Themes - ok
14:31:20.0191 0256 TlntSvr - ok
14:31:20.0237 0256 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
14:31:20.0456 0256 TosIde - ok
14:31:20.0503 0256 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:31:20.0691 0256 TrkWks - ok
14:31:20.0737 0256 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:31:20.0909 0256 Udfs - ok
14:31:20.0956 0256 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
14:31:21.0050 0256 ultra - ok
14:31:21.0112 0256 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:31:21.0300 0256 Update - ok
14:31:21.0331 0256 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:31:21.0519 0256 upnphost - ok
14:31:21.0566 0256 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:31:21.0722 0256 UPS - ok
14:31:21.0784 0256 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
14:31:21.0972 0256 usbaudio - ok
14:31:22.0003 0256 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:31:22.0159 0256 usbccgp - ok
14:31:22.0175 0256 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:31:22.0347 0256 usbehci - ok
14:31:22.0394 0256 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:31:22.0597 0256 usbhub - ok
14:31:22.0628 0256 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:31:22.0847 0256 usbprint - ok
14:31:22.0878 0256 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:31:23.0097 0256 usbscan - ok
14:31:23.0144 0256 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
14:31:23.0206 0256 usbsermpt ( UnsignedFile.Multi.Generic ) - warning
14:31:23.0206 0256 usbsermpt - detected UnsignedFile.Multi.Generic (1)
14:31:23.0253 0256 usbsermptxp (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys
14:31:23.0409 0256 usbsermptxp - ok
14:31:23.0456 0256 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:31:23.0612 0256 USBSTOR - ok
14:31:23.0644 0256 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:31:23.0816 0256 usbuhci - ok
14:31:23.0878 0256 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:31:24.0034 0256 usbvideo - ok
14:31:24.0081 0256 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
14:31:24.0269 0256 USB_RNDIS - ok
14:31:24.0316 0256 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:31:24.0503 0256 usb_rndisx - ok
14:31:24.0550 0256 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys
14:31:24.0784 0256 USRpdA - ok
14:31:24.0831 0256 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:31:24.0987 0256 VgaSave - ok
14:31:25.0034 0256 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
14:31:25.0222 0256 viaagp - ok
14:31:25.0269 0256 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:31:25.0425 0256 ViaIde - ok
14:31:25.0472 0256 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:31:25.0675 0256 VolSnap - ok
14:31:25.0691 0256 vpc-s3 - ok
14:31:25.0706 0256 vpcbus - ok
14:31:25.0722 0256 vpcubus - ok
14:31:25.0737 0256 vpcuhub - ok
14:31:25.0784 0256 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:31:25.0972 0256 VSS - ok
14:31:26.0097 0256 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
14:31:26.0191 0256 vToolbarUpdater11.0.2 - ok
14:31:26.0237 0256 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:31:26.0409 0256 W32Time - ok
14:31:26.0487 0256 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:31:26.0659 0256 Wanarp - ok
14:31:26.0706 0256 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:31:26.0784 0256 wanatw - ok
14:31:26.0831 0256 wceusbsh (b85b448fd2c398970382a28e47cf4bc6) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
14:31:27.0003 0256 wceusbsh - ok
14:31:27.0066 0256 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:31:27.0128 0256 Wdf01000 - ok
14:31:27.0128 0256 WDICA - ok
14:31:27.0191 0256 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:31:27.0362 0256 wdmaud - ok
14:31:27.0409 0256 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:31:27.0581 0256 WebClient - ok
14:31:27.0691 0256 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:31:27.0862 0256 winmgmt - ok
14:31:27.0941 0256 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
14:31:27.0972 0256 WinUSB - ok
14:31:28.0034 0256 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:31:28.0128 0256 WmdmPmSN - ok
14:31:28.0191 0256 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
14:31:28.0269 0256 Wmi - ok
14:31:28.0331 0256 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:31:28.0519 0256 WmiApSrv - ok
14:31:28.0753 0256 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
14:31:28.0862 0256 WMPNetworkSvc - ok
14:31:28.0972 0256 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:31:29.0175 0256 WS2IFSL - ok
14:31:29.0222 0256 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
14:31:29.0378 0256 wscsvc - ok
14:31:29.0425 0256 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:31:29.0597 0256 WSTCODEC - ok
14:31:29.0644 0256 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:31:29.0847 0256 wuauserv - ok
14:31:29.0894 0256 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:31:29.0987 0256 WudfPf - ok
14:31:30.0003 0256 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:31:30.0081 0256 WudfRd - ok
14:31:30.0112 0256 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
14:31:30.0175 0256 WudfSvc - ok
14:31:30.0237 0256 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:31:30.0441 0256 WZCSVC - ok
14:31:30.0472 0256 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:31:30.0675 0256 xmlprov - ok
14:31:30.0800 0256 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
14:31:31.0456 0256 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
14:31:31.0472 0256 \Device\Harddisk0\DR0 - detected TDSS File System (1)
14:31:31.0534 0256 Boot (0x1200) (b104393d64bc5709f8a55506caadb481) \Device\Harddisk0\DR0\Partition0
14:31:31.0534 0256 \Device\Harddisk0\DR0\Partition0 - ok
14:31:31.0597 0256 Boot (0x1200) (6dad720ef5d38f8dc5ce358b47371a7b) \Device\Harddisk0\DR0\Partition1
14:31:31.0597 0256 \Device\Harddisk0\DR0\Partition1 - ok
14:31:31.0597 0256 ============================================================
14:31:31.0597 0256 Scan finished
14:31:31.0597 0256 ============================================================
14:31:31.0753 4056 Detected object count: 10
14:31:31.0753 4056 Actual detected object count: 10
14:32:19.0503 4056 AGCoreService ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0503 4056 AGCoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0503 4056 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0503 4056 Apple Mobile Device ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0503 4056 AvgArCln ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0503 4056 AvgArCln ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0534 4056 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0534 4056 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0534 4056 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0534 4056 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0566 4056 pneteth ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0566 4056 pneteth ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0597 4056 PPSCAN ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0597 4056 PPSCAN ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0597 4056 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0597 4056 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0628 4056 usbsermpt ( UnsignedFile.Multi.Generic ) - skipped by user
14:32:19.0628 4056 usbsermpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:32:19.0769 4056 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:32:19.0800 4056 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:32:19.0816 4056 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:32:19.0831 4056 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:32:19.0847 4056 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:32:19.0894 4056 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:32:19.0909 4056 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:32:19.0909 4056 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:32:19.0925 4056 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:32:19.0972 4056 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:32:20.0019 4056 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:32:20.0034 4056 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:32:20.0034 4056 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:32:20.0034 4056 \Device\Harddisk0\DR0\TDLFS - deleted
14:32:20.0034 4056 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
14:32:35.0206 2204 Deinitialize success

and

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.14

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Norman :: D5468CB1 [administrator]

7/26/2012 2:39:46 PM
mbam-log-2012-07-26 (14-39-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229004
Time elapsed: 24 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

and

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1ee60fdbb9489946b804ed436649baba
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-26 09:56:38
# local_time=2012-07-26 04:56:38 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 75863379 75863379 0 0
# compatibility_mode=768 16777215 100 0 20440965 20440965 0 0
# compatibility_mode=1024 16777175 100 0 2332180 2332180 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=124616
# found=20
# cleaned=20
# scan_time=5946
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.07.2012_11.29.35\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.07.2012_11.29.35\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.07.2012_11.29.35\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.07.2012_11.29.35\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.07.2012_11.29.35\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.07.2012_11.29.35\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.07.2012_11.29.35\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\25.07.2012_11.29.35\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.28.22\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.28.22\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.28.22\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.28.22\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.28.22\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.28.22\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.28.22\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\26.07.2012_14.28.22\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#10
Nedklaw
Posted 27 July 2012 - 07:06 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
Congratulations your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Combofix Uninstall

Click START then RUN.
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Posted Image


Installing a Firewall

You have no firewall installed on your computer.

A firewall is necessary on your computer because it can stop attackers from compromising your system and taking over it. It acts as a barrier between the internet and your computer. Hackers discover new security holes in a software or operating system long before the software company does and therefore many people get hacked before a security patch is released. By using a firewall, the majority of these security holes will not be accessible as the firewall will block the attempt.

Here are some links to some free firewalls:

Note: A firewall does not completely protect you against viruses so it is recommended you also have an antivirus program running on your computer as well. Do not run more than 1 firewall on your computer at one time.


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following: 

    :Commands
[emptytemp]
[CLEARALLRESTOREPOINTS] 
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Click on Start.
  • Right-click My Computer.
  • Select Properties.
  • Click on the Automatic Updates Tab.
  • Place a checkmark in the circle next to Automatic (recommended) near the green shield.
  • Click Apply > OK.

Posted Image
Adobe Reader - Make sure you have the latest version of Adobe Reader. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.3.300.268) and Adobe Shockwave Player (11.6.5.635) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start > Run.
  • Type Inetcpl.cpl & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:


Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

Advertisements

#11
navagator
Posted 27 July 2012 - 12:20 PM

navagator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi,

I seem to be having a problem with uninstalling Combofix. When I typed "Combofix /Uninstall" in the run box a windows box came up with the message "Windows cannot find 'Combofix'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search". I tried it a couple more times with the same result. So, I tried a file search for "Combofix" and I came up with 4 text files: ComboFix, ComboFix-quarantined-files, ComboFix2, and ComboFix3.

What should I do?


I noticed that you recommended a firewall. I have the Windows firewall enabled, is it a good firewall or should I install one of the ones you mentioned?

Thank you.
  • 0

#12
Nedklaw
Posted 28 July 2012 - 01:49 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

If ComboFix.exe is on your desktop, copy and paste the following line into the Run box:

"C:\Documents and Settings\Norman\Desktop\ComboFix.exe" /u

If ComboFix is not on your desktop still, download it again, and run the command. You may need to disable your protection software as you did during the fix.


Step 2

I don't recommend the firewall that comes built into Windows XP. It doesn't block everything that may try to get in and the entire firewall is written to the registry. As various kinds of malware hack the registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions.

If you do choose to install a third party firewall then it is important that you disable the Windows Firewall. Having multiple firewalls can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection.

To turn off Windows Firewall:

  • Type Firewall.cpl into the Run box and then click OK.
  • On the General tab, click Off.
  • Click OK.

  • 0

#13
navagator
Posted 29 July 2012 - 01:01 AM

navagator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix.exe isn't on my desktop, so I downloaded a new copy of it. I then copied and pasted the run command "C:\Documents and Settings\Norman\Desktop\ComboFix.exe" /u into the run box and clicked ok, it then opened the ComboFix disclaimer box. It says at the top of the box "Please review the disclaimer before running ComboFix", if I hit the "I Agree" button will ComboFix run? Do you want it to run?

I installed ZoneAlarm and I think it's going to work for me, it slowed things down a little bit but not too bad.

Thanks
  • 0

#14
Nedklaw
Posted 29 July 2012 - 03:20 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box.
  • In the Run box, type in Combofix /Uninstall (Notice the space between the "x" and "/") then click OK.

    Posted Image
  • Follow the prompts on the screen.
  • A message should appear confirming that ComboFix was uninstalled.

Step 2

We'll now defrag your computer which should help to speed things up. Ensure you have turned off the Windows Firewall as running multiple firewalls can cause slowness in computer speed.

Download and run Puran Disc Defragmenter.
For the first run I would recommend selecting Boot Time Defrag and Disk Check.
If asked to install Babylon, say No.
  • 0

#15
navagator
Posted 30 July 2012 - 02:07 AM

navagator

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'm afraid I'm still having trouble uninstalling ComboFix.

I opened the run box and pasted in the command "Combofix /Uninstall" and clicked ok, I then received the "Windows cannot find 'Combofix'. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search." message again.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP