Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware Infection [Closed]


  • This topic is locked This topic is locked

#1
zprez2

zprez2

    Member

  • Member
  • PipPip
  • 23 posts
Hi,

I'm not sure how I got infected but I seem to have something pretty tenacious attacking my system. I've tried cleaning with AVG, Ad Aware and Malwarebytes and am now having problems booting my computer, getting to various sites, etc, etc, etc, Malwarebytes did clean a trojan.vundo, trojan.cinmus adware BD Search and something called rogue mulitple infections and it is now blocking attempts to connect to other sites which I am not sure if that is related or supposed to happen. My computer at one point was telling me that svchost process has stopped working every time I tried to do the microsoft updates along with something related to flash. I apologize but I didn't think to write down exactly what it said.


In any case- SOMEthing is completely driving my system haywire and I could really use some help in tracking it down and eliminating it with extreme prejudice. The copy of the OTL log is:


OTL logfile created on: 8/2/2012 9:06:57 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 30.03% Memory free
5.74 Gb Paging File | 2.92 Gb Available in Paging File | 50.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 52.61 Gb Free Space | 36.46% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 111.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/07/30 20:36:06 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/07/18 09:12:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/30 09:10:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/03 04:55:56 | 000,526,896 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\MsnVane.exe
PRC - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 20:36:05 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/07/18 09:12:29 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/11/03 22:26:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MOD - [2008/08/30 05:59:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/01/03 05:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2008/01/03 05:00:38 | 000,125,488 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\egisMsnHook.dll
MOD - [2008/01/03 04:55:56 | 000,526,896 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\MsnVane.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/07/31 18:15:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 09:12:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/03 22:53:44 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/27 03:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/02/05 16:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/08/30 07:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/06 12:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 12:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{18753C55-2E0A-4E3D-8421-49478172BD78}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{228B9FB4-D1A7-4F25-8DAF-BF1D2D8B69E8}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{489B22BB-F873-4164-BD36-E782C2A0F37B}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4B09461A-0962-4647-AE77-F9FDD7330821}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{89CAE871-499D-4396-BB94-2975D89A4555}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{8B5676B5-E933-48C5-BAC3-F097EFE112B0}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{C7B41550-D9B0-4A8E-B60B-08EB5B29DA18}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...c=browsersearch
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60289
IE - HKCU\..\SearchScopes\{21D49723-EF6C-400C-9946-0DC88AC0F9F9}: "URL" = http://www.wowarmory...&searchType=all
IE - HKCU\..\SearchScopes\{3514A3CF-0279-4A20-890F-C3436A1A2CEC}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{557E4C2A-3B59-48AE-B678-3945E5824A28}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...n=utf8kb_oem_dg
IE - HKCU\..\SearchScopes\{BBA6EF3E-B299-4DA9-B43B-28992846BD77}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...ms}&tbid=160289
IE - HKCU\..\SearchScopes\{C5D2C5A0-2F48-4FF4-896B-8A43D46D6A1E}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{CC62AE98-74E4-4C13-B5D9-F3153071B54C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D53976D3-36B3-4403-8A39-1AC9FFC5B5D9}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-acer
IE - HKCU\..\SearchScopes\{E9727A69-2837-4221-A09D-3B405A0F0B99}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{FC36377B-B379-4502-9C6D-2DAFD464A805}: "URL" = http://www.dealio.co...d={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...94&searchterm="
FF - prefs.js..keyword.URL: "http://dts.search-re...emid=2&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/05 14:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 17:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions
[2012/06/21 16:37:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 16:37:10 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\searchplugins\Search_Results.xml
[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 13:21:43 | 000,011,658 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.XPI
[2012/02/29 12:35:09 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/12/04 13:54:02 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/03/16 06:51:01 | 000,091,838 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 09:12:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 19:27:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 19:27:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DeskbarBHO) - {BFBB7543-916C-449a-9DC6-C9A516A6162F} - C:\Program Files\Ixquick Deskbar\deskbar.dll (Deskbar)
O2 - BHO: (IXQUICKTB Class) - {C5CAA6CD-8EE4-40a3-92E0-385561406C50} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (&Egis Option Pack) - {312105C4-2E13-4E10-AF72-F9D79BA077E6} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDsWebmailtb.dll (Egis Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ixquick Toolbar) - {70F241F6-52AB-4D45-993E-C1C09920095B} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ixquick Toolbar) - {70F241F6-52AB-4D45-993E-C1C09920095B} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] "C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100429.exe" -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; IEMB3; .NET CLR 3.5.30729; .NET CLR 3.0.30729; IEMB3) File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/01 19:35:16 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/01 16:54:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/30 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/30 10:12:54 | 004,587,128 | ---- | C] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/30 09:05:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/23 07:32:45 | 000,000,000 | ---D | C] -- C:\Users\John\Playboy
[2012/07/10 19:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/08 15:41:26 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\My Received Files
[2012/07/08 15:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2012/07/08 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\PackageAware
[2012/07/06 14:40:44 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\RealNetworks
[2012/07/04 07:23:31 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Macromedia
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/02 21:15:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/02 21:00:43 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/02 21:00:43 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/02 20:58:51 | 000,002,587 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Office Word 2007.lnk
[2012/08/02 20:20:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/02 19:45:43 | 102,845,173 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/02 19:41:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/02 19:41:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 19:41:15 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/02 19:40:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/02 19:40:34 | 2952,257,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/02 00:24:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:34 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/07/30 10:46:11 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/30 10:12:55 | 004,587,128 | ---- | M] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/29 18:16:12 | 230,775,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/29 17:53:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/29 17:53:53 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/22 10:48:16 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/07/21 17:27:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/07/11 19:33:39 | 000,001,739 | ---- | M] () -- C:\Users\John\Desktop\Kindle.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/01 16:54:34 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:36:12 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 20:33:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 13:18:28 | 2952,257,536 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/07 13:50:25 | 000,000,128 | ---- | C] () -- C:\Users\John\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/11/12 17:25:21 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2011/05/25 10:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/25 10:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/12 11:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/04 12:41:56 | 000,012,288 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 20:29:46 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2009/05/09 16:36:19 | 000,000,760 | ---- | C] () -- C:\Users\John\AppData\Roaming\setup_ldm.iss
[2008/11/22 13:42:50 | 000,004,915 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/18 15:22:58 | 000,000,632 | RHS- | C] () -- C:\Users\John\ntuser.pol

========== LOP Check ==========

[2008/05/02 21:56:22 | 000,000,000 | -HSD | M] -- C:\Users\John\AppData\Roaming\.#
[2008/04/17 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer
[2008/02/26 03:11:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
[2012/04/29 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity
[2010/11/03 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/11/01 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2008/05/02 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Big Fish Games
[2012/03/26 06:40:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre
[2008/04/23 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DisplayTune
[2011/12/11 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EazyPlanet
[2008/05/11 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
[2009/04/24 23:02:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Eyeblaster
[2009/03/24 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/04/22 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\funkitron
[2009/04/25 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Gaijin Ent
[2008/04/17 22:37:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gemsweeperextractedgfx
[2010/08/25 09:58:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iWin
[2008/04/17 21:16:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2008/04/17 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Lexmark Productivity Studio
[2008/06/09 18:57:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire
[2012/01/31 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PeerNetworking
[2008/05/02 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Pi Eye Games
[2012/05/25 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TeamViewer
[2009/10/20 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2010/08/11 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\thriXXX
[2011/12/04 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2009/07/24 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\VersionTracker Pro
[2009/04/24 14:59:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ZEMNOTT
[2012/07/30 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/02 00:24:02 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/02 00:40:15 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D21BAD68
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7FF7BEBC
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BAC9506D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DEF96BC8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:92C45D1A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C83B0187

< End of report >
  • 0

Advertisements


#2
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
http://www.geekstogo...-nasty-invader/

Hi,

This was originally posted Friday August 2 about this time. We'd really appreciate any help you can give us. Zprez2 is actually my other half and this is the first time he's used geekstogo. I've used you on about three occasions over the course of the last 5 years and I know the help you give is top notch :) I'm guessing that whatever he's got is pretty complicated so that's why we haven't gotten a response as of yet.

Unfortunately, like some people, he tried alot of different things before admitting to me that he had a serious problem with his computer. He didn't wirte down everything that he did nor did he write down exactly what errors he was getting. The errors I originally posted were what I got when he finally let me on his computer to see exactly what he'd done.

I immediately came to you ;)

Hope to hear from you soon and thanks :)

mumsmenagerie
  • 0

#3
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hello zprez2 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Sorry for the delay,
Since it's been a few days, I would like to see some fresh logs, so please run these for me:

Step 1
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log it produces in your next reply.

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:
  • Fresh OTL log
  • aswMBR log

  • 0

#4
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi Crowbar,

Congratulations on making it so far in GeekU. Your help is greatly appreciated and welcomed. Since you're asking for patience, I'm going to be the one actually working on Zprez's computer with you. My name is mumsmenagerie. Patience is not exactly his strong suit ;). But he has other redeeming qualities - so I keep him :). In any case, glad you and your instructor are here to help.

Here is the OTL Log you requested followed by the the ASW log.

OTL logfile created on: 8/6/2012 7:42:47 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 34.44% Memory free
5.74 Gb Paging File | 3.49 Gb Available in Paging File | 60.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 54.88 Gb Free Space | 38.03% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 111.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/02 22:15:09 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/07/18 09:12:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/30 09:10:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/02 22:15:09 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/18 09:12:29 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 22:15:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 09:12:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/03 22:53:44 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/27 03:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/02/05 16:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2008/08/30 07:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/06 12:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 12:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{18753C55-2E0A-4E3D-8421-49478172BD78}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{228B9FB4-D1A7-4F25-8DAF-BF1D2D8B69E8}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{489B22BB-F873-4164-BD36-E782C2A0F37B}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4B09461A-0962-4647-AE77-F9FDD7330821}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{89CAE871-499D-4396-BB94-2975D89A4555}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{8B5676B5-E933-48C5-BAC3-F097EFE112B0}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{C7B41550-D9B0-4A8E-B60B-08EB5B29DA18}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...c=browsersearch
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60289
IE - HKCU\..\SearchScopes\{21D49723-EF6C-400C-9946-0DC88AC0F9F9}: "URL" = http://www.wowarmory...&searchType=all
IE - HKCU\..\SearchScopes\{3514A3CF-0279-4A20-890F-C3436A1A2CEC}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{557E4C2A-3B59-48AE-B678-3945E5824A28}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...n=utf8kb_oem_dg
IE - HKCU\..\SearchScopes\{BBA6EF3E-B299-4DA9-B43B-28992846BD77}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...ms}&tbid=160289
IE - HKCU\..\SearchScopes\{C5D2C5A0-2F48-4FF4-896B-8A43D46D6A1E}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{CC62AE98-74E4-4C13-B5D9-F3153071B54C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D53976D3-36B3-4403-8A39-1AC9FFC5B5D9}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-acer
IE - HKCU\..\SearchScopes\{E9727A69-2837-4221-A09D-3B405A0F0B99}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{FC36377B-B379-4502-9C6D-2DAFD464A805}: "URL" = http://www.dealio.co...d={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com...94&searchterm="
FF - prefs.js..keyword.URL: "http://dts.search-re...emid=2&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/05 14:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 17:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions
[2012/06/21 16:37:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 16:37:10 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\searchplugins\Search_Results.xml
[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 13:21:43 | 000,011,658 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.XPI
[2012/02/29 12:35:09 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/12/04 13:54:02 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/03/16 06:51:01 | 000,091,838 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 09:12:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 19:27:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 19:27:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DeskbarBHO) - {BFBB7543-916C-449a-9DC6-C9A516A6162F} - C:\Program Files\Ixquick Deskbar\deskbar.dll (Deskbar)
O2 - BHO: (IXQUICKTB Class) - {C5CAA6CD-8EE4-40a3-92E0-385561406C50} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (&Egis Option Pack) - {312105C4-2E13-4E10-AF72-F9D79BA077E6} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDsWebmailtb.dll (Egis Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ixquick Toolbar) - {70F241F6-52AB-4D45-993E-C1C09920095B} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ixquick Toolbar) - {70F241F6-52AB-4D45-993E-C1C09920095B} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] "C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100429.exe" -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; IEMB3; .NET CLR 3.5.30729; .NET CLR 3.0.30729; IEMB3) File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: AVG_TRAY - hkey= - key= - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - File not found
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: Logitech Hardware Abstraction Layer - hkey= - key= - C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: WPCUMI - hkey= - key= - File not found
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 08:51:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Weathervein 2
[2012/08/01 19:35:16 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/01 16:54:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/30 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/30 10:12:54 | 004,587,128 | ---- | C] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/30 09:05:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/23 07:32:45 | 000,000,000 | ---D | C] -- C:\Users\John\Playboy
[2012/07/10 19:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/08 15:41:26 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\My Received Files
[2012/07/08 15:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2012/07/08 15:40:16 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\PackageAware
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/06 19:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 19:26:25 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/06 17:52:19 | 103,125,647 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/06 10:12:04 | 000,002,587 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Office Word 2007.lnk
[2012/08/05 19:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/05 19:15:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/05 18:32:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/05 18:24:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/05 17:51:47 | 000,361,714 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/05 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/05 11:33:31 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/05 11:33:31 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/05 11:26:15 | 000,381,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/05 11:26:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 11:25:28 | 2950,180,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 10:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/03 08:57:27 | 000,000,902 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/03 08:45:41 | 000,000,104 | ---- | M] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:34 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 10:12:55 | 004,587,128 | ---- | M] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/29 18:16:12 | 230,775,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/29 17:53:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/29 17:53:53 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/22 10:48:16 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/07/21 17:27:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/07/11 19:33:39 | 000,001,739 | ---- | M] () -- C:\Users\John\Desktop\Kindle.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/03 08:45:41 | 000,000,104 | ---- | C] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 16:54:34 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:36:12 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 20:33:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 13:18:28 | 2950,180,864 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/07 13:50:25 | 000,000,128 | ---- | C] () -- C:\Users\John\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/11/12 17:25:21 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2011/05/25 10:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/25 10:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/12 11:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/04 12:41:56 | 000,012,288 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 20:29:46 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2009/05/09 16:36:19 | 000,000,760 | ---- | C] () -- C:\Users\John\AppData\Roaming\setup_ldm.iss
[2008/11/22 13:42:50 | 000,004,915 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/18 15:22:58 | 000,000,632 | RHS- | C] () -- C:\Users\John\ntuser.pol

========== LOP Check ==========

[2008/05/02 21:56:22 | 000,000,000 | -HSD | M] -- C:\Users\John\AppData\Roaming\.#
[2008/04/17 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer
[2008/02/26 03:11:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
[2012/04/29 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity
[2010/11/03 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/11/01 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2008/05/02 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Big Fish Games
[2012/03/26 06:40:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre
[2008/04/23 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DisplayTune
[2011/12/11 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EazyPlanet
[2008/05/11 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
[2009/04/24 23:02:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Eyeblaster
[2009/03/24 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/04/22 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\funkitron
[2009/04/25 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Gaijin Ent
[2008/04/17 22:37:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gemsweeperextractedgfx
[2010/08/25 09:58:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iWin
[2008/04/17 21:16:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2008/04/17 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Lexmark Productivity Studio
[2008/06/09 18:57:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire
[2012/01/31 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PeerNetworking
[2008/05/02 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Pi Eye Games
[2012/05/25 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TeamViewer
[2009/10/20 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2010/08/11 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\thriXXX
[2011/12/04 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2009/07/24 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\VersionTracker Pro
[2009/04/24 14:59:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ZEMNOTT
[2012/08/05 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/05 18:24:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/05 19:58:15 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.HTML >
[2009/02/12 12:08:15 | 000,010,503 | ---- | M] () MD5=5B05B532AE1A9EFF80FBFC3C0754E081 -- C:\Users\John\sitebuilder\sites\awolamerica\services.html
[2009/02/12 12:08:15 | 000,009,810 | ---- | M] () MD5=AA9F6AF39FEBC2E559E238EB146D0385 -- C:\Users\John\sitebuilder\sites\awolamerica\sitebuilder\preview\services.html

< MD5 for: SERVICES.ICO >
[2005/12/14 18:21:08 | 000,007,318 | ---- | M] () MD5=9443DA63ACDF55D7D153D6B22E40722E -- C:\Program Files\Yahoo!\Common\Icons\services.ico

< MD5 for: SERVICES.LNK >
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/08/05 19:27:58 | 000,000,351 | ---- | M] () MD5=F3FA405A80AA66AC6A24E76E1F979150 -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KY2Y6JHC\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D21BAD68
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7FF7BEBC
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:7715B65F
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BAC9506D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DEF96BC8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:92C45D1A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C83B0187

< End of report >



and this is ASW:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 20:05:56
-----------------------------
20:05:56.536 OS Version: Windows 6.0.6002 Service Pack 2
20:05:56.536 Number of processors: 2 586 0x6B02
20:05:56.538 ComputerName: JOHN-PC UserName: John
20:05:59.354 Initialize success
20:06:15.701 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:06:15.704 Disk 0 Vendor: WDC_WD3200AAJS-22B4A0 01.03A01 Size: 305245MB BusType: 3
20:06:15.709 Disk 0 MBR read successfully
20:06:15.712 Disk 0 MBR scan
20:06:15.716 Disk 0 unknown MBR code
20:06:15.721 Disk 0 MBR hidden
20:06:15.725 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE 0 MB offset 50
20:06:15.730 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
20:06:15.743 Disk 0 Partition 3 80 (A) 06 FAT16 NTFS 147757 MB offset 20467712
20:06:15.771 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 147493 MB offset 323074048
20:06:15.777 Disk 0 scanning sectors +625139712
20:06:15.839 Disk 0 scanning C:\Windows\system32\drivers
20:06:21.189 Service scanning
20:06:34.872 Modules scanning
20:06:39.377 Disk 0 trace - called modules:
20:06:39.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x867374b1]<<
20:06:39.398 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857699a8]
20:06:39.406 3 CLASSPNP.SYS[89da58b3] -> nt!IofCallDriver -> [0x85627f08]
20:06:39.414 5 acpi.sys[826176bc] -> nt!IofCallDriver -> [0x8561bb98]
20:06:39.423 \Driver\atapi[0x8675df38] -> IRP_MJ_CREATE -> 0x867374b1
20:06:39.432 Scan finished successfully
20:07:03.872 Disk 0 MBR has been saved successfully to "C:\Users\John\Desktop\MBR.dat"
20:07:03.884 The log file has been saved successfully to "C:\Users\John\Desktop\aswMBR1.txt"
  • 0

#5
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hi mumsmenagerie,
You are welcome, and thank you for helping me inch a little closer to graduating some day :)

Did this computer previously have Norton and Avast! for an Anti Virus sometime in the past?

Can you post the MalwareBytes log for me?
Run MalwareBytes, click on the Logs tab, and double click newest log file in that list. The log should open in a Notepad window.
Please paste that into your next post.

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • Bearshare
  • Limewire
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Step 1

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
    DRV - [2009/02/05 16:06:59 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...nType=tb50trie7
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...c=browsersearch
    IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.c...rms}&tbid=60289
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...ms}&tbid=160289
    IE - HKCU\..\SearchScopes\{FC36377B-B379-4502-9C6D-2DAFD464A805}: "URL" = http://www.dealio.co...d={searchTerms}
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=893&systemid=2&sr=0&q="
    FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={FB22ACE0-6E30-4B46-9CCA-10A59AE8455B}&Version=3.6.5&Vintage=20120625&Defaultbrowserid=30&Productid=2875&Vendorid=6413&Offerid=6894&searchterm="
    O2 - BHO: (DeskbarBHO) - {BFBB7543-916C-449a-9DC6-C9A516A6162F} - C:\Program Files\Ixquick Deskbar\deskbar.dll (Deskbar)
    O2 - BHO: (IXQUICKTB Class) - {C5CAA6CD-8EE4-40a3-92E0-385561406C50} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
    O3 - HKLM\..\Toolbar: (Ixquick Toolbar) - {70F241F6-52AB-4D45-993E-C1C09920095B} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ixquick Toolbar) - {70F241F6-52AB-4D45-993E-C1C09920095B} - C:\Program Files\Ixquick Toolbar\ix_quick.dll (IE Toolbar)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
    [2008/05/02 21:56:22 | 000,000,000 | -HSD | M] -- C:\Users\John\AppData\Roaming\.#
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D21BAD68
    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:7FF7BEBC
    @Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:7715B65F
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:BAC9506D
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DEF96BC8
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:861A898F
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:92C45D1A
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C83B0187
    :commands
    [emptytemp]
    [reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

In your next reply I would like to see:
  • OTL quickscan log
  • MalwareBytes log from previous run
  • Answer to questions

  • 0

#6
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sheesh!!! Here's something that may be pertinent that I didn't know - the initial startup is a mess. It defaults to "other user" and asks for a name and password. I have to do a hard shut down and then when I get the option to run startup fix or start normally - I have to start normally in order to be able to get into this computer - startup fix only takes me to other user again. Today is the first time I tried to turn in on but APrez says he has been having to do this for the last several days.

Anyway, Here's MalwareBytes log. I did not quarantine or do anything else- just ran it to get the log. I'll run the OTL fix and post it next.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHN-PC [administrator]

Protection: Enabled

8/7/2012 9:15:09 PM
mbam-log-2012-08-07 (21-33-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209557
Time elapsed: 14 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> No action taken.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> No action taken.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> No action taken.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> No action taken.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> No action taken.
HKLM\SOFTWARE\Baidu (PUP.Baidu) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#7
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Well.... whatever you did fixed the start up problem. When OTL did the restart - it came up correctly.

As far as the answers to your questions:

Did this computer previously have Norton and Avast! for an Anti Virus sometime in the past? He honestly can't remember but I'm thinking he's tried them before.

Can you post the MalwareBytes log for me? Already done.


I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.

Bearshare
Limewire


Now this one, I have to laugh at: Bearshare is probably what caused the problem to begin with... and I quote "It looks pretty reliable and safe, it's all over the internet" but then when he tried to uninstall it - he couldn't find it to uninstall. I tried to warn him.... Which is why we have his and hers computers.

He's probably tried limewire as well.

So the answer is YES, please help me get them off and get this computer up to speed and protected properly - because Zprez also thinks that if one anti-virus is good - more than one is better and we both know that they usually cancel each other out in some areas and just slow down everything.

Here is the OTL Log:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Service SymIMMP stopped successfully!
Service SymIMMP deleted successfully!
File system32\DRIVERS\SymIM.sys not found.
Service SymIM stopped successfully!
Service SymIM deleted successfully!
File system32\DRIVERS\SymIM.sys not found.
Error: Unable to stop service aswMonFlt!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswMonFlt deleted successfully.
C:\Windows\System32\drivers\aswMonFlt.sys moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FC36377B-B379-4502-9C6D-2DAFD464A805}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC36377B-B379-4502-9C6D-2DAFD464A805}\ not found.
Prefs.js: "http://dts.search-re...emid=2&sr=0&q=" removed from keyword.URL
Prefs.js: "http://click.w3i.com...94&searchterm=" removed from extensions.netassistant.keyword.url
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFBB7543-916C-449a-9DC6-C9A516A6162F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFBB7543-916C-449a-9DC6-C9A516A6162F}\ deleted successfully.
C:\Program Files\Ixquick Deskbar\deskbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5CAA6CD-8EE4-40a3-92E0-385561406C50}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5CAA6CD-8EE4-40a3-92E0-385561406C50}\ deleted successfully.
C:\Program Files\Ixquick Toolbar\ix_quick.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{70F241F6-52AB-4D45-993E-C1C09920095B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70F241F6-52AB-4D45-993E-C1C09920095B}\ deleted successfully.
File C:\Program Files\Ixquick Toolbar\ix_quick.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{70F241F6-52AB-4D45-993E-C1C09920095B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70F241F6-52AB-4D45-993E-C1C09920095B}\ not found.
File C:\Program Files\Ixquick Toolbar\ix_quick.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\Users\John\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\TEMP:D21BAD68 deleted successfully.
ADS C:\ProgramData\TEMP:7FF7BEBC deleted successfully.
ADS C:\ProgramData\TEMP:7715B65F deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:BAC9506D deleted successfully.
ADS C:\ProgramData\TEMP:DEF96BC8 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:92C45D1A deleted successfully.
ADS C:\ProgramData\TEMP:C83B0187 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 155412965 bytes
->Temporary Internet Files folder emptied: 28059156 bytes
->Java cache emptied: 1376267 bytes
->FireFox cache emptied: 76234256 bytes
->Google Chrome cache emptied: 6361066 bytes
->Apple Safari cache emptied: 2263040 bytes
->Flash cache emptied: 1104716 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2010981201 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 109727 bytes

Total Files Cleaned = 2,176.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 08072012_214154

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.
C:\Windows\temp\flaB04C.tmp moved successfully.

PendingFileRenameOperations files...
[2012/08/07 21:57:21 | 000,000,000 | ---- | M] () C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt : Unable to obtain MD5
[2012/08/07 21:57:22 | 000,000,084 | ---- | M] () C:\Windows\temp\CLDigitalHome\PCMMediaServer.log : Unable to obtain MD5
File C:\Windows\temp\flaB04C.tmp not found!

Registry entries deleted on Reboot...
  • 0

#8
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts

Well.... whatever you did fixed the start up problem. When OTL did the restart - it came up correctly.

:)

Now this one, I have to laugh at: Bearshare is probably what caused the problem to begin with... and I quote "It looks pretty reliable and safe, it's all over the internet" but then when he tried to uninstall it - he couldn't find it to uninstall. I tried to warn him.... Which is why we have his and hers computers.

Actually the programs are just fine, the problem is the files that you download with the P2P program. This is a major avenue for the bad guys to get into your computer. You are most likely correct, torrent files just may be the cause of all the problems.
We can deal with the uninstall later after we make sure all the bad stuff had been cleared, make sure for now that they are not being used.

because Zprez also thinks that if one anti-virus is good - more than one is better and we both know that they usually cancel each other out in some areas and just slow down everything.

You are %100 right, multiple av's are never good.

Step 1
Please download and run the following:
Norton Removal Tool

Avast Removal Utility

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 4
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

In your next reply I would like to see:
  • MalwareBytes log
  • OTL log
  • Farbar Service Scanner log FSS.txt

Edited by Crowbar, 08 August 2012 - 02:48 PM.

  • 0

#9
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Well, I'm not getting the extras log from OTL. But here's what you asked for:

1. OTL log #1
2. Malwarebytes
3. OTL log #2
4. FSS log

P.S. Malwarebytes keeps popping up telling me it's blocked acsess suspicious to a potentially suspicious website 206.161.121.123 from: various ports type: outgoing process: servicehost.exe - is this a bad thing? I'm assuming so...but I'll take your word for it as well :) Since it only seems to get active when I type - I'm thinking keystroke logger or is my common sense faulty tonite? I'm somewhere past exhausted right now...school registrations.


OTL#1

OTL logfile created on: 8/8/2012 8:10:03 PM - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 47.83% Memory free
5.74 Gb Paging File | 4.19 Gb Available in Paging File | 73.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 57.44 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 111.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/30 09:10:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2008/08/30 05:59:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 22:15:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 09:12:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/03 22:53:44 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/27 03:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/08/30 07:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/06 12:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 12:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{18753C55-2E0A-4E3D-8421-49478172BD78}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{228B9FB4-D1A7-4F25-8DAF-BF1D2D8B69E8}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{489B22BB-F873-4164-BD36-E782C2A0F37B}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4B09461A-0962-4647-AE77-F9FDD7330821}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{89CAE871-499D-4396-BB94-2975D89A4555}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{8B5676B5-E933-48C5-BAC3-F097EFE112B0}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{C7B41550-D9B0-4A8E-B60B-08EB5B29DA18}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{21D49723-EF6C-400C-9946-0DC88AC0F9F9}: "URL" = http://www.wowarmory...&searchType=all
IE - HKCU\..\SearchScopes\{3514A3CF-0279-4A20-890F-C3436A1A2CEC}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{557E4C2A-3B59-48AE-B678-3945E5824A28}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...n=utf8kb_oem_dg
IE - HKCU\..\SearchScopes\{BBA6EF3E-B299-4DA9-B43B-28992846BD77}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{C5D2C5A0-2F48-4FF4-896B-8A43D46D6A1E}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{CC62AE98-74E4-4C13-B5D9-F3153071B54C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D53976D3-36B3-4403-8A39-1AC9FFC5B5D9}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-acer
IE - HKCU\..\SearchScopes\{E9727A69-2837-4221-A09D-3B405A0F0B99}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/05 14:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 17:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions
[2012/06/21 16:37:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 16:37:10 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\searchplugins\Search_Results.xml
[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 13:21:43 | 000,011,658 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.XPI
[2012/02/29 12:35:09 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/12/04 13:54:02 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/03/16 06:51:01 | 000,091,838 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 09:12:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 19:27:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 19:27:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (&Egis Option Pack) - {312105C4-2E13-4E10-AF72-F9D79BA077E6} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDsWebmailtb.dll (Egis Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] "C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100429.exe" -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; IEMB3; .NET CLR 3.5.30729; .NET CLR 3.0.30729; IEMB3) File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 19:55:55 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswclear.exe
[2012/08/07 21:41:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/06 20:04:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/08/06 08:51:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Weathervein 2
[2012/08/01 19:35:16 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/01 16:54:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/30 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/30 10:12:54 | 004,587,128 | ---- | C] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/30 09:05:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/23 07:32:45 | 000,000,000 | ---D | C] -- C:\Users\John\Playboy
[2012/07/10 19:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 20:15:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/08 20:03:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 20:03:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 20:03:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 20:02:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 20:02:37 | 2952,257,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 20:01:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/08 19:55:57 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswclear.exe
[2012/08/08 19:48:52 | 000,920,096 | ---- | M] () -- C:\Users\John\Desktop\Norton_Removal_Tool.exe
[2012/08/08 19:30:06 | 000,002,587 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Office Word 2007.lnk
[2012/08/08 19:20:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 18:29:01 | 103,245,975 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/08 18:24:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/06 20:07:03 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2012/08/06 20:05:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/08/05 17:51:47 | 000,361,714 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/05 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/05 11:33:31 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/05 11:33:31 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/05 11:26:15 | 000,381,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/04 10:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/03 08:57:27 | 000,000,902 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/03 08:45:41 | 000,000,104 | ---- | M] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:34 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 10:12:55 | 004,587,128 | ---- | M] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/29 18:16:12 | 230,775,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/29 17:53:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/29 17:53:53 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/22 10:48:16 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/07/21 17:27:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/07/11 19:33:39 | 000,001,739 | ---- | M] () -- C:\Users\John\Desktop\Kindle.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 20:02:36 | 2952,257,536 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/08 19:48:50 | 000,920,096 | ---- | C] () -- C:\Users\John\Desktop\Norton_Removal_Tool.exe
[2012/08/06 20:07:03 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2012/08/03 08:45:41 | 000,000,104 | ---- | C] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 16:54:34 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:36:12 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 20:33:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/07 13:50:25 | 000,000,128 | ---- | C] () -- C:\Users\John\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/11/12 17:25:21 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2011/05/25 10:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/25 10:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/12 11:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/04 12:41:56 | 000,012,288 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 20:29:46 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2009/05/09 16:36:19 | 000,000,760 | ---- | C] () -- C:\Users\John\AppData\Roaming\setup_ldm.iss
[2008/11/22 13:42:50 | 000,004,915 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/18 15:22:58 | 000,000,632 | RHS- | C] () -- C:\Users\John\ntuser.pol

========== LOP Check ==========

[2008/04/17 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer
[2008/02/26 03:11:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
[2012/04/29 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity
[2010/11/03 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/11/01 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2008/05/02 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Big Fish Games
[2012/03/26 06:40:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre
[2008/04/23 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DisplayTune
[2011/12/11 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EazyPlanet
[2008/05/11 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
[2009/04/24 23:02:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Eyeblaster
[2009/03/24 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/04/22 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\funkitron
[2009/04/25 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Gaijin Ent
[2008/04/17 22:37:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gemsweeperextractedgfx
[2010/08/25 09:58:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iWin
[2008/04/17 21:16:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2008/04/17 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Lexmark Productivity Studio
[2008/06/09 18:57:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire
[2012/01/31 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PeerNetworking
[2008/05/02 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Pi Eye Games
[2012/05/25 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TeamViewer
[2009/10/20 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2010/08/11 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\thriXXX
[2011/12/04 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2009/07/24 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\VersionTracker Pro
[2009/04/24 14:59:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ZEMNOTT
[2012/08/05 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/08 18:24:03 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/08 19:57:25 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHN-PC [administrator]

Protection: Enabled

8/8/2012 8:28:12 PM
mbam-log-2012-08-08 (20-28-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213587
Time elapsed: 16 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Baidu (PUP.Baidu) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL#2

OTL logfile created on: 8/8/2012 8:50:40 PM - Run 5
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 44.25% Memory free
5.74 Gb Paging File | 4.18 Gb Available in Paging File | 72.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 57.09 Gb Free Space | 39.57% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 111.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/07/18 09:12:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/30 09:10:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 09:12:29 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/01/18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2008/08/30 05:59:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/11/16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 22:15:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 09:12:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/03 22:53:44 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/27 03:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/08/30 07:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/06 12:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 12:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{18753C55-2E0A-4E3D-8421-49478172BD78}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{228B9FB4-D1A7-4F25-8DAF-BF1D2D8B69E8}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{489B22BB-F873-4164-BD36-E782C2A0F37B}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4B09461A-0962-4647-AE77-F9FDD7330821}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{89CAE871-499D-4396-BB94-2975D89A4555}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{8B5676B5-E933-48C5-BAC3-F097EFE112B0}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{C7B41550-D9B0-4A8E-B60B-08EB5B29DA18}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{21D49723-EF6C-400C-9946-0DC88AC0F9F9}: "URL" = http://www.wowarmory...&searchType=all
IE - HKCU\..\SearchScopes\{3514A3CF-0279-4A20-890F-C3436A1A2CEC}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{557E4C2A-3B59-48AE-B678-3945E5824A28}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...n=utf8kb_oem_dg
IE - HKCU\..\SearchScopes\{BBA6EF3E-B299-4DA9-B43B-28992846BD77}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{C5D2C5A0-2F48-4FF4-896B-8A43D46D6A1E}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{CC62AE98-74E4-4C13-B5D9-F3153071B54C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D53976D3-36B3-4403-8A39-1AC9FFC5B5D9}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-acer
IE - HKCU\..\SearchScopes\{E9727A69-2837-4221-A09D-3B405A0F0B99}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/05 14:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 17:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions
[2012/06/21 16:37:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 16:37:10 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\searchplugins\Search_Results.xml
[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 13:21:43 | 000,011,658 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.XPI
[2012/02/29 12:35:09 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/12/04 13:54:02 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/03/16 06:51:01 | 000,091,838 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 09:12:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 19:27:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 19:27:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (&Egis Option Pack) - {312105C4-2E13-4E10-AF72-F9D79BA077E6} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDsWebmailtb.dll (Egis Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] "C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100429.exe" -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; IEMB3; .NET CLR 3.5.30729; .NET CLR 3.0.30729; IEMB3) File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 19:55:55 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswclear.exe
[2012/08/07 21:41:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/06 20:04:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/08/06 08:51:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Weathervein 2
[2012/08/01 19:35:16 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/01 16:54:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/30 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/30 10:12:54 | 004,587,128 | ---- | C] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/30 09:05:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/23 07:32:45 | 000,000,000 | ---D | C] -- C:\Users\John\Playboy
[2012/07/10 19:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 20:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 20:15:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/08 20:03:38 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 20:03:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 20:03:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 20:02:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 20:02:37 | 2952,257,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 20:01:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/08 19:55:57 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswclear.exe
[2012/08/08 19:48:52 | 000,920,096 | ---- | M] () -- C:\Users\John\Desktop\Norton_Removal_Tool.exe
[2012/08/08 19:30:06 | 000,002,587 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Office Word 2007.lnk
[2012/08/08 18:29:01 | 103,245,975 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/08 18:24:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/06 20:07:03 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2012/08/06 20:05:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/08/05 17:51:47 | 000,361,714 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/05 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/05 11:33:31 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/05 11:33:31 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/05 11:26:15 | 000,381,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/04 10:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/03 08:57:27 | 000,000,902 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/03 08:45:41 | 000,000,104 | ---- | M] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:34 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 10:12:55 | 004,587,128 | ---- | M] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/29 18:16:12 | 230,775,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/29 17:53:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/29 17:53:53 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/22 10:48:16 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/07/21 17:27:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/07/11 19:33:39 | 000,001,739 | ---- | M] () -- C:\Users\John\Desktop\Kindle.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 20:02:36 | 2952,257,536 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/08 19:48:50 | 000,920,096 | ---- | C] () -- C:\Users\John\Desktop\Norton_Removal_Tool.exe
[2012/08/06 20:07:03 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2012/08/03 08:45:41 | 000,000,104 | ---- | C] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 16:54:34 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:36:12 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 20:33:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/07 13:50:25 | 000,000,128 | ---- | C] () -- C:\Users\John\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/11/12 17:25:21 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2011/05/25 10:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/25 10:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/12 11:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/04 12:41:56 | 000,012,288 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 20:29:46 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2009/05/09 16:36:19 | 000,000,760 | ---- | C] () -- C:\Users\John\AppData\Roaming\setup_ldm.iss
[2008/11/22 13:42:50 | 000,004,915 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/18 15:22:58 | 000,000,632 | RHS- | C] () -- C:\Users\John\ntuser.pol

========== LOP Check ==========

[2008/04/17 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer
[2008/02/26 03:11:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
[2012/04/29 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity
[2010/11/03 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/11/01 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2008/05/02 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Big Fish Games
[2012/03/26 06:40:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre
[2008/04/23 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DisplayTune
[2011/12/11 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EazyPlanet
[2008/05/11 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
[2009/04/24 23:02:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Eyeblaster
[2009/03/24 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/04/22 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\funkitron
[2009/04/25 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Gaijin Ent
[2008/04/17 22:37:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gemsweeperextractedgfx
[2010/08/25 09:58:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iWin
[2008/04/17 21:16:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2008/04/17 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Lexmark Productivity Studio
[2008/06/09 18:57:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire
[2012/01/31 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PeerNetworking
[2008/05/02 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Pi Eye Games
[2012/05/25 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TeamViewer
[2009/10/20 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2010/08/11 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\thriXXX
[2011/12/04 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2009/07/24 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\VersionTracker Pro
[2009/04/24 14:59:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ZEMNOTT
[2012/08/05 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/08 18:24:03 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/08 19:57:25 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

FSS Scan

Farbar Service Scanner Version: 06-08-2012
Ran by John (administrator) on 08-08-2012 at 21:00:09
Running from "C:\Users\John\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#10
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hi -
Can you verify that the System Restore is up and running?

  • Open System by clicking the Start button Picture of the Start button, clicking Control Panel, clicking System and Maintenance, and then clicking System.
  • In the left pane, click System Protection. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
The IP that Malwarebytes is blocking seems to be harmless. It's probably best to turn off that feature in MalwareBytes as it's rather agressive and generates false positives.
Right Click in the icon in the system tray and Uncheck Web Blocking
Next open up MalwareBytes and go to the Protection tab and uncheck Start malicious website blocking when protection module starts

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com...n=utf8kb_oem_dg
    FF - prefs.js..browser.startup.homepage: "https://www.ixquick.com/"
    [2012/06/20 13:21:43 | 000,011,658 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.XPI
    :commands
    [emptytemp]
    [reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply I would like to see:
  • OTL log
  • TDSS killer log
  • Was system restore turned on?

  • 0

Advertisements


#11
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi,

Thanks for telling me how to turn off that annoying pop up! I'll get right to the point tonite - no questions - although I have about a hundred stored up!!!

Well, I checked the restore point and the C drive was checked but, when I ran your OTL fix I got the following log saying it wasn't on:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ not found.
Prefs.js: "https://www.ixquick.com/" removed from browser.startup.homepage
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 20037272 bytes
->Temporary Internet Files folder emptied: 69586097 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 130635975 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2054 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104669254 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 87776 bytes

Total Files Cleaned = 310.00 mb

Then I ran OTL and got this:

OTL logfile created on: 8/9/2012 7:24:56 PM - Run 6
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 56.49% Memory free
5.70 Gb Paging File | 4.58 Gb Available in Paging File | 80.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 56.86 Gb Free Space | 39.40% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 111.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/07/18 09:12:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/30 09:10:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 09:12:29 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/08/30 05:59:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 22:15:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 09:12:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/03 22:53:44 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/27 03:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/08/30 07:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/06 12:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 12:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{18753C55-2E0A-4E3D-8421-49478172BD78}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{228B9FB4-D1A7-4F25-8DAF-BF1D2D8B69E8}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{489B22BB-F873-4164-BD36-E782C2A0F37B}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4B09461A-0962-4647-AE77-F9FDD7330821}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{89CAE871-499D-4396-BB94-2975D89A4555}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{8B5676B5-E933-48C5-BAC3-F097EFE112B0}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{C7B41550-D9B0-4A8E-B60B-08EB5B29DA18}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{21D49723-EF6C-400C-9946-0DC88AC0F9F9}: "URL" = http://www.wowarmory...&searchType=all
IE - HKCU\..\SearchScopes\{3514A3CF-0279-4A20-890F-C3436A1A2CEC}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{557E4C2A-3B59-48AE-B678-3945E5824A28}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\..\SearchScopes\{BBA6EF3E-B299-4DA9-B43B-28992846BD77}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{C5D2C5A0-2F48-4FF4-896B-8A43D46D6A1E}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{CC62AE98-74E4-4C13-B5D9-F3153071B54C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D53976D3-36B3-4403-8A39-1AC9FFC5B5D9}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-acer
IE - HKCU\..\SearchScopes\{E9727A69-2837-4221-A09D-3B405A0F0B99}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/05 14:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 17:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/08/09 19:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions
[2012/06/21 16:37:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 16:37:10 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\searchplugins\Search_Results.xml
[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 12:35:09 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/12/04 13:54:02 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/03/16 06:51:01 | 000,091,838 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 09:12:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 19:27:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 19:27:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (&Egis Option Pack) - {312105C4-2E13-4E10-AF72-F9D79BA077E6} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDsWebmailtb.dll (Egis Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] "C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100429.exe" -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; IEMB3; .NET CLR 3.5.30729; .NET CLR 3.0.30729; IEMB3) File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 20:59:25 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\John\Desktop\FSS.exe
[2012/08/08 19:55:55 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswclear.exe
[2012/08/07 21:41:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/06 20:04:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/08/06 08:51:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Weathervein 2
[2012/08/01 19:35:16 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/01 16:54:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/30 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/30 10:12:54 | 004,587,128 | ---- | C] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/30 09:05:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/23 07:32:45 | 000,000,000 | ---D | C] -- C:\Users\John\Playboy
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 19:22:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 19:22:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 19:21:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 19:18:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 19:17:52 | 2952,257,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 19:15:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 18:24:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/09 18:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 17:05:18 | 103,499,138 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/09 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/09 10:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/09 10:00:27 | 000,002,587 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Office Word 2007.lnk
[2012/08/08 20:59:28 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\John\Desktop\FSS.exe
[2012/08/08 20:01:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/08 19:55:57 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswclear.exe
[2012/08/08 19:48:52 | 000,920,096 | ---- | M] () -- C:\Users\John\Desktop\Norton_Removal_Tool.exe
[2012/08/06 20:07:03 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2012/08/06 20:05:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/08/05 17:51:47 | 000,361,714 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/05 11:33:31 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/05 11:33:31 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/05 11:26:15 | 000,381,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/03 08:57:27 | 000,000,902 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/03 08:45:41 | 000,000,104 | ---- | M] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:34 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 10:12:55 | 004,587,128 | ---- | M] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/29 18:16:12 | 230,775,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/29 17:53:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/29 17:53:53 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/22 10:48:16 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/07/21 17:27:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/07/11 19:33:39 | 000,001,739 | ---- | M] () -- C:\Users\John\Desktop\Kindle.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 20:02:36 | 2952,257,536 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/08 19:48:50 | 000,920,096 | ---- | C] () -- C:\Users\John\Desktop\Norton_Removal_Tool.exe
[2012/08/06 20:07:03 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2012/08/03 08:45:41 | 000,000,104 | ---- | C] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 16:54:34 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:36:12 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 20:33:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/07 13:50:25 | 000,000,128 | ---- | C] () -- C:\Users\John\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/11/12 17:25:21 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2011/05/25 10:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/25 10:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/12 11:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/04 12:41:56 | 000,012,288 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 20:29:46 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2009/05/09 16:36:19 | 000,000,760 | ---- | C] () -- C:\Users\John\AppData\Roaming\setup_ldm.iss
[2008/11/22 13:42:50 | 000,004,915 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/18 15:22:58 | 000,000,632 | RHS- | C] () -- C:\Users\John\ntuser.pol

========== LOP Check ==========

[2008/04/17 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer
[2008/02/26 03:11:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
[2012/04/29 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity
[2010/11/03 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/11/01 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2008/05/02 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Big Fish Games
[2012/03/26 06:40:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre
[2008/04/23 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DisplayTune
[2011/12/11 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EazyPlanet
[2008/05/11 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
[2009/04/24 23:02:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Eyeblaster
[2009/03/24 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/04/22 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\funkitron
[2009/04/25 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Gaijin Ent
[2008/04/17 22:37:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gemsweeperextractedgfx
[2010/08/25 09:58:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iWin
[2008/04/17 21:16:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2008/04/17 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Lexmark Productivity Studio
[2008/06/09 18:57:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire
[2012/01/31 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PeerNetworking
[2008/05/02 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Pi Eye Games
[2012/05/25 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TeamViewer
[2009/10/20 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2010/08/11 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\thriXXX
[2011/12/04 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2009/07/24 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\VersionTracker Pro
[2009/04/24 14:59:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ZEMNOTT
[2012/08/09 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/09 18:24:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/09 19:16:53 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Then the TDSS file:


19:33:48.0970 3276 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:33:49.0477 3276 ============================================================
19:33:49.0477 3276 Current date / time: 2012/08/09 19:33:49.0477
19:33:49.0477 3276 SystemInfo:
19:33:49.0477 3276
19:33:49.0477 3276 OS Version: 6.0.6002 ServicePack: 2.0
19:33:49.0477 3276 Product type: Workstation
19:33:49.0477 3276 ComputerName: JOHN-PC
19:33:49.0477 3276 UserName: John
19:33:49.0477 3276 Windows directory: C:\Windows
19:33:49.0477 3276 System windows directory: C:\Windows
19:33:49.0477 3276 Processor architecture: Intel x86
19:33:49.0477 3276 Number of processors: 2
19:33:49.0477 3276 Page size: 0x1000
19:33:49.0477 3276 Boot type: Normal boot
19:33:49.0477 3276 ============================================================
19:33:50.0982 3276 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:33:51.0040 3276 ============================================================
19:33:51.0040 3276 \Device\Harddisk0\DR0:
19:33:51.0040 3276 MBR partitions:
19:33:51.0040 3276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x12096800
19:33:51.0040 3276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1341B800, BlocksNum 0x12012800
19:33:51.0040 3276 ============================================================
19:33:51.0067 3276 C: <-> \Device\Harddisk0\DR0\Partition0
19:33:51.0107 3276 D: <-> \Device\Harddisk0\DR0\Partition1
19:33:51.0107 3276 ============================================================
19:33:51.0107 3276 Initialize success
19:33:51.0107 3276 ============================================================
19:35:01.0084 1540 ============================================================
19:35:01.0084 1540 Scan started
19:35:01.0084 1540 Mode: Manual; SigCheck; TDLFS;
19:35:01.0084 1540 ============================================================
19:35:01.0549 1540 Acer HomeMedia Connect Service (517d30057c726c797764bfd70a55d82a) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
19:35:01.0675 1540 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - warning
19:35:01.0676 1540 Acer HomeMedia Connect Service - detected UnsignedFile.Multi.Generic (1)
19:35:01.0737 1540 AcerMemUsageCheckService (e91f2444df54e725ddbbddb7fbce71f5) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
19:35:01.0767 1540 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - warning
19:35:01.0767 1540 AcerMemUsageCheckService - detected UnsignedFile.Multi.Generic (1)
19:35:01.0935 1540 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:35:01.0955 1540 ACPI - ok
19:35:02.0033 1540 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:02.0049 1540 AdobeFlashPlayerUpdateSvc - ok
19:35:02.0083 1540 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:35:02.0113 1540 adp94xx - ok
19:35:02.0143 1540 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:35:02.0163 1540 adpahci - ok
19:35:02.0176 1540 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:35:02.0194 1540 adpu160m - ok
19:35:02.0213 1540 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:35:02.0227 1540 adpu320 - ok
19:35:02.0302 1540 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:35:02.0369 1540 AeLookupSvc - ok
19:35:02.0482 1540 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:35:02.0506 1540 AFD - ok
19:35:02.0531 1540 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:35:02.0545 1540 agp440 - ok
19:35:02.0577 1540 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:35:02.0590 1540 aic78xx - ok
19:35:02.0607 1540 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:35:02.0651 1540 ALG - ok
19:35:02.0667 1540 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:35:02.0681 1540 aliide - ok
19:35:02.0700 1540 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:35:02.0715 1540 amdagp - ok
19:35:02.0731 1540 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:35:02.0743 1540 amdide - ok
19:35:02.0753 1540 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:35:02.0793 1540 AmdK7 - ok
19:35:02.0810 1540 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
19:35:02.0859 1540 AmdK8 - ok
19:35:02.0898 1540 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:35:02.0919 1540 Appinfo - ok
19:35:02.0943 1540 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:35:02.0957 1540 arc - ok
19:35:02.0973 1540 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:35:02.0987 1540 arcsas - ok
19:35:03.0006 1540 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:03.0041 1540 AsyncMac - ok
19:35:03.0078 1540 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:35:03.0091 1540 atapi - ok
19:35:03.0162 1540 Ati External Event Utility (8eb7658b655713347c0127526e8f7941) C:\Windows\system32\Ati2evxx.exe
19:35:03.0211 1540 Ati External Event Utility - ok
19:35:03.0421 1540 atikmdag (3f785fe4b890ebc17e1f4df684da060d) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:03.0575 1540 atikmdag - ok
19:35:03.0704 1540 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:35:03.0759 1540 AtiPcie - ok
19:35:03.0807 1540 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:35:03.0846 1540 AudioEndpointBuilder - ok
19:35:03.0851 1540 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:35:03.0876 1540 Audiosrv - ok
19:35:04.0333 1540 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
19:35:04.0533 1540 AVGIDSAgent - ok
19:35:04.0698 1540 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:35:04.0740 1540 AVGIDSDriver - ok
19:35:04.0795 1540 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:35:04.0805 1540 AVGIDSEH - ok
19:35:04.0818 1540 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:35:04.0829 1540 AVGIDSFilter - ok
19:35:04.0862 1540 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:35:04.0873 1540 AVGIDSShim - ok
19:35:04.0937 1540 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
19:35:04.0956 1540 Avgldx86 - ok
19:35:05.0003 1540 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:35:05.0015 1540 Avgmfx86 - ok
19:35:05.0020 1540 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:35:05.0034 1540 Avgrkx86 - ok
19:35:05.0082 1540 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
19:35:05.0102 1540 Avgtdix - ok
19:35:05.0196 1540 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
19:35:05.0213 1540 avgwd - ok
19:35:05.0254 1540 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:35:05.0301 1540 Beep - ok
19:35:05.0348 1540 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:35:05.0403 1540 BFE - ok
19:35:05.0473 1540 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:35:05.0535 1540 BITS - ok
19:35:05.0549 1540 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:35:05.0589 1540 blbdrive - ok
19:35:05.0623 1540 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:35:05.0638 1540 bowser - ok
19:35:05.0666 1540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:35:05.0695 1540 BrFiltLo - ok
19:35:05.0699 1540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:35:05.0719 1540 BrFiltUp - ok
19:35:05.0766 1540 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:35:05.0798 1540 Browser - ok
19:35:05.0809 1540 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:35:05.0867 1540 Brserid - ok
19:35:05.0880 1540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:35:05.0924 1540 BrSerWdm - ok
19:35:05.0929 1540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:35:05.0984 1540 BrUsbMdm - ok
19:35:06.0006 1540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:35:06.0065 1540 BrUsbSer - ok
19:35:06.0089 1540 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:35:06.0153 1540 BTHMODEM - ok
19:35:06.0189 1540 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:06.0220 1540 cdfs - ok
19:35:06.0247 1540 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:06.0268 1540 cdrom - ok
19:35:06.0303 1540 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:35:06.0336 1540 CertPropSvc - ok
19:35:06.0356 1540 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:35:06.0386 1540 circlass - ok
19:35:06.0417 1540 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:35:06.0441 1540 CLFS - ok
19:35:06.0495 1540 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:06.0508 1540 clr_optimization_v2.0.50727_32 - ok
19:35:06.0602 1540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:06.0617 1540 clr_optimization_v4.0.30319_32 - ok
19:35:06.0642 1540 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:35:06.0657 1540 cmdide - ok
19:35:06.0667 1540 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
19:35:06.0681 1540 Compbatt - ok
19:35:06.0685 1540 COMSysApp - ok
19:35:06.0704 1540 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:35:06.0717 1540 crcdisk - ok
19:35:06.0725 1540 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:35:06.0753 1540 Crusoe - ok
19:35:06.0800 1540 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:35:06.0841 1540 CryptSvc - ok
19:35:06.0910 1540 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:35:06.0961 1540 DcomLaunch - ok
19:35:06.0990 1540 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:35:07.0009 1540 DfsC - ok
19:35:07.0143 1540 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:35:07.0230 1540 DFSR - ok
19:35:07.0358 1540 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:35:07.0401 1540 Dhcp - ok
19:35:07.0506 1540 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:35:07.0519 1540 disk - ok
19:35:07.0569 1540 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:35:07.0586 1540 Dnscache - ok
19:35:07.0608 1540 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:35:07.0649 1540 dot3svc - ok
19:35:07.0677 1540 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:35:07.0719 1540 DPS - ok
19:35:07.0749 1540 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:35:07.0781 1540 drmkaud - ok
19:35:07.0878 1540 DTSRVC (65663bb1a4c187e750787587e4a105c5) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
19:35:07.0894 1540 DTSRVC ( UnsignedFile.Multi.Generic ) - warning
19:35:07.0894 1540 DTSRVC - detected UnsignedFile.Multi.Generic (1)
19:35:07.0961 1540 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:07.0989 1540 DXGKrnl - ok
19:35:08.0018 1540 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:35:08.0049 1540 E1G60 - ok
19:35:08.0088 1540 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:35:08.0119 1540 EapHost - ok
19:35:08.0168 1540 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:35:08.0182 1540 Ecache - ok
19:35:08.0280 1540 eDataSecurity Service (668dca122ffc7f10beca6055e15ffabd) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
19:35:08.0300 1540 eDataSecurity Service - ok
19:35:08.0368 1540 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:35:08.0384 1540 ehRecvr - ok
19:35:08.0399 1540 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:35:08.0413 1540 ehSched - ok
19:35:08.0418 1540 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:35:08.0445 1540 ehstart - ok
19:35:08.0572 1540 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:35:08.0602 1540 elxstor - ok
19:35:08.0650 1540 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:35:08.0673 1540 EMDMgmt - ok
19:35:08.0693 1540 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:35:08.0722 1540 ErrDev - ok
19:35:08.0807 1540 eSettingsService (a9745687a57cdd71237915859aba8dac) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
19:35:08.0828 1540 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
19:35:08.0828 1540 eSettingsService - detected UnsignedFile.Multi.Generic (1)
19:35:08.0880 1540 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:35:08.0904 1540 EventSystem - ok
19:35:08.0945 1540 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:35:08.0969 1540 exfat - ok
19:35:08.0990 1540 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:35:09.0035 1540 fastfat - ok
19:35:09.0079 1540 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:35:09.0112 1540 fdc - ok
19:35:09.0142 1540 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:35:09.0166 1540 fdPHost - ok
19:35:09.0172 1540 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:35:09.0215 1540 FDResPub - ok
19:35:09.0224 1540 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:35:09.0240 1540 FileInfo - ok
19:35:09.0254 1540 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:35:09.0300 1540 Filetrace - ok
19:35:09.0320 1540 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:09.0362 1540 flpydisk - ok
19:35:09.0399 1540 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:35:09.0414 1540 FltMgr - ok
19:35:09.0514 1540 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
19:35:09.0573 1540 FontCache - ok
19:35:09.0651 1540 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:09.0664 1540 FontCache3.0.0.0 - ok
19:35:09.0724 1540 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
19:35:09.0735 1540 fssfltr - ok
19:35:09.0881 1540 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:35:09.0964 1540 fsssvc - ok
19:35:10.0102 1540 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:35:10.0129 1540 Fs_Rec - ok
19:35:10.0144 1540 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:35:10.0157 1540 gagp30kx - ok
19:35:10.0194 1540 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:35:10.0205 1540 GEARAspiWDM - ok
19:35:10.0253 1540 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:35:10.0292 1540 gpsvc - ok
19:35:10.0408 1540 gupdate1c99506fc579578 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:10.0421 1540 gupdate1c99506fc579578 - ok
19:35:10.0441 1540 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:10.0453 1540 gupdatem - ok
19:35:10.0515 1540 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:35:10.0528 1540 gusvc - ok
19:35:10.0574 1540 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:35:10.0605 1540 HdAudAddService - ok
19:35:10.0660 1540 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:10.0716 1540 HDAudBus - ok
19:35:10.0742 1540 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:35:10.0803 1540 HidBth - ok
19:35:10.0840 1540 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:35:10.0896 1540 HidIr - ok
19:35:10.0924 1540 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:35:10.0942 1540 hidserv - ok
19:35:10.0981 1540 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:35:11.0021 1540 HidUsb - ok
19:35:11.0058 1540 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:35:11.0085 1540 hkmsvc - ok
19:35:11.0097 1540 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:35:11.0112 1540 HpCISSs - ok
19:35:11.0160 1540 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:35:11.0207 1540 HTTP - ok
19:35:11.0219 1540 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:35:11.0232 1540 i2omp - ok
19:35:11.0259 1540 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:11.0278 1540 i8042prt - ok
19:35:11.0301 1540 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:35:11.0323 1540 iaStorV - ok
19:35:11.0425 1540 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:11.0459 1540 idsvc - ok
19:35:11.0476 1540 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:35:11.0488 1540 iirsp - ok
19:35:11.0525 1540 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:35:11.0561 1540 IKEEXT - ok
19:35:11.0589 1540 int15 - ok
19:35:11.0711 1540 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
19:35:11.0805 1540 IntcAzAudAddService - ok
19:35:11.0950 1540 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:35:11.0964 1540 intelide - ok
19:35:11.0995 1540 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:35:12.0027 1540 intelppm - ok
19:35:12.0056 1540 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:35:12.0093 1540 IPBusEnum - ok
19:35:12.0125 1540 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:12.0170 1540 IpFilterDriver - ok
19:35:12.0206 1540 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:35:12.0236 1540 iphlpsvc - ok
19:35:12.0240 1540 IpInIp - ok
19:35:12.0265 1540 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:35:12.0300 1540 IPMIDRV - ok
19:35:12.0317 1540 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:35:12.0344 1540 IPNAT - ok
19:35:12.0356 1540 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:35:12.0382 1540 IRENUM - ok
19:35:12.0399 1540 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:35:12.0411 1540 isapnp - ok
19:35:12.0452 1540 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:35:12.0469 1540 iScsiPrt - ok
19:35:12.0481 1540 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:35:12.0492 1540 iteatapi - ok
19:35:12.0503 1540 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:35:12.0517 1540 iteraid - ok
19:35:12.0580 1540 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:12.0606 1540 kbdclass - ok
19:35:12.0631 1540 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:12.0662 1540 kbdhid - ok
19:35:12.0696 1540 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:35:12.0727 1540 KeyIso - ok
19:35:12.0765 1540 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:35:12.0786 1540 KSecDD - ok
19:35:12.0832 1540 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:35:12.0889 1540 KtmRm - ok
19:35:12.0922 1540 L8042mou (8a5993705add14352c9a279fa8338334) C:\Windows\system32\DRIVERS\L8042mou.Sys
19:35:12.0934 1540 L8042mou - ok
19:35:12.0986 1540 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:35:13.0014 1540 LanmanServer - ok
19:35:13.0047 1540 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:35:13.0064 1540 LanmanWorkstation - ok
19:35:13.0266 1540 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
19:35:13.0424 1540 Lavasoft Ad-Aware Service - ok
19:35:13.0470 1540 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:35:13.0482 1540 Lavasoft Kernexplorer - ok
19:35:13.0642 1540 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
19:35:13.0653 1540 Lbd - ok
19:35:13.0728 1540 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
19:35:13.0751 1540 LBTServ - ok
19:35:13.0792 1540 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:35:13.0804 1540 LHidFilt - ok
19:35:13.0830 1540 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:35:13.0859 1540 lltdio - ok
19:35:13.0916 1540 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:35:13.0965 1540 lltdsvc - ok
19:35:13.0987 1540 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:35:14.0047 1540 lmhosts - ok
19:35:14.0077 1540 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:35:14.0089 1540 LMouFilt - ok
19:35:14.0102 1540 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\Windows\system32\DRIVERS\LMouKE.Sys
19:35:14.0116 1540 LMouKE - ok
19:35:14.0136 1540 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:35:14.0150 1540 LSI_FC - ok
19:35:14.0165 1540 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:35:14.0179 1540 LSI_SAS - ok
19:35:14.0207 1540 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:35:14.0222 1540 LSI_SCSI - ok
19:35:14.0251 1540 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:35:14.0277 1540 luafv - ok
19:35:14.0308 1540 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\Windows\system32\Drivers\LUsbFilt.Sys
19:35:14.0319 1540 LUsbFilt - ok
19:35:14.0371 1540 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\Windows\system32\DRIVERS\lvpopflt.sys
19:35:14.0390 1540 lvpopflt - ok
19:35:14.0444 1540 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
19:35:14.0458 1540 LVPr2Mon - ok
19:35:14.0554 1540 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
19:35:14.0566 1540 LVPrcSrv - ok
19:35:14.0605 1540 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
19:35:14.0624 1540 LVRS - ok
19:35:14.0846 1540 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
19:35:15.0014 1540 LVUVC - ok
19:35:15.0178 1540 lxddCATSCustConnectService (deb8a241d5671f7d4188f86e2aeb6960) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
19:35:15.0193 1540 lxddCATSCustConnectService - ok
19:35:15.0205 1540 lxdd_device - ok
19:35:15.0262 1540 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
19:35:15.0274 1540 MBAMProtector - ok
19:35:15.0353 1540 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:35:15.0380 1540 MBAMService - ok
19:35:15.0475 1540 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
19:35:15.0489 1540 McComponentHostService - ok
19:35:15.0518 1540 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:35:15.0544 1540 Mcx2Svc - ok
19:35:15.0576 1540 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:35:15.0588 1540 megasas - ok
19:35:15.0620 1540 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:35:15.0650 1540 MegaSR - ok
19:35:15.0681 1540 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:35:15.0720 1540 MMCSS - ok
19:35:15.0744 1540 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:35:15.0768 1540 Modem - ok
19:35:15.0813 1540 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
19:35:15.0853 1540 MODEMCSA - ok
19:35:15.0881 1540 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:35:15.0917 1540 monitor - ok
19:35:15.0933 1540 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:35:15.0946 1540 mouclass - ok
19:35:15.0951 1540 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:35:15.0987 1540 mouhid - ok
19:35:16.0000 1540 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:35:16.0013 1540 MountMgr - ok
19:35:16.0065 1540 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:35:16.0080 1540 MozillaMaintenance - ok
19:35:16.0111 1540 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:35:16.0125 1540 mpio - ok
19:35:16.0137 1540 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:35:16.0166 1540 mpsdrv - ok
19:35:16.0207 1540 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:35:16.0256 1540 MpsSvc - ok
19:35:16.0266 1540 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:35:16.0278 1540 Mraid35x - ok
19:35:16.0309 1540 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:35:16.0336 1540 MRxDAV - ok
19:35:16.0375 1540 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:16.0403 1540 mrxsmb - ok
19:35:16.0456 1540 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:16.0479 1540 mrxsmb10 - ok
19:35:16.0491 1540 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:16.0507 1540 mrxsmb20 - ok
19:35:16.0524 1540 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:35:16.0538 1540 msahci - ok
19:35:16.0553 1540 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:35:16.0566 1540 msdsm - ok
19:35:16.0598 1540 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:35:16.0638 1540 MSDTC - ok
19:35:16.0664 1540 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:35:16.0708 1540 Msfs - ok
19:35:16.0736 1540 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:35:16.0749 1540 msisadrv - ok
19:35:16.0777 1540 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:35:16.0805 1540 MSiSCSI - ok
19:35:16.0809 1540 msiserver - ok
19:35:16.0821 1540 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:35:16.0860 1540 MSKSSRV - ok
19:35:16.0874 1540 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:16.0919 1540 MSPCLOCK - ok
19:35:16.0938 1540 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:35:16.0963 1540 MSPQM - ok
19:35:16.0997 1540 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:35:17.0022 1540 MsRPC - ok
19:35:17.0036 1540 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:17.0048 1540 mssmbios - ok
19:35:17.0058 1540 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:35:17.0094 1540 MSTEE - ok
19:35:17.0115 1540 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:35:17.0128 1540 Mup - ok
19:35:17.0153 1540 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:35:17.0196 1540 napagent - ok
19:35:17.0229 1540 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:35:17.0273 1540 NativeWifiP - ok
19:35:17.0315 1540 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:35:17.0337 1540 NDIS - ok
19:35:17.0364 1540 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:17.0393 1540 NdisTapi - ok
19:35:17.0409 1540 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:17.0440 1540 Ndisuio - ok
19:35:17.0481 1540 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:17.0524 1540 NdisWan - ok
19:35:17.0549 1540 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:35:17.0575 1540 NDProxy - ok
19:35:17.0591 1540 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:35:17.0626 1540 NetBIOS - ok
19:35:17.0662 1540 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:35:17.0728 1540 netbt - ok
19:35:17.0762 1540 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:35:17.0777 1540 Netlogon - ok
19:35:17.0813 1540 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:35:17.0858 1540 Netman - ok
19:35:17.0891 1540 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:35:17.0921 1540 netprofm - ok
19:35:18.0006 1540 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:18.0019 1540 NetTcpPortSharing - ok
19:35:18.0049 1540 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:35:18.0062 1540 nfrd960 - ok
19:35:18.0085 1540 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:35:18.0131 1540 NlaSvc - ok
19:35:18.0160 1540 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:35:18.0200 1540 Npfs - ok
19:35:18.0223 1540 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:35:18.0248 1540 nsi - ok
19:35:18.0263 1540 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:35:18.0300 1540 nsiproxy - ok
19:35:18.0372 1540 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:35:18.0438 1540 Ntfs - ok
19:35:18.0462 1540 NTIDrvr (d7c908f27717fb1e1e16ccdffe35e7e2) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:35:18.0474 1540 NTIDrvr - ok
19:35:18.0481 1540 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:35:18.0526 1540 ntrigdigi - ok
19:35:18.0537 1540 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:35:18.0562 1540 Null - ok
19:35:18.0576 1540 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:35:18.0589 1540 nvraid - ok
19:35:18.0600 1540 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:35:18.0613 1540 nvstor - ok
19:35:18.0627 1540 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:35:18.0642 1540 nv_agp - ok
19:35:18.0648 1540 NwlnkFlt - ok
19:35:18.0655 1540 NwlnkFwd - ok
19:35:18.0765 1540 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:35:18.0792 1540 odserv - ok
19:35:18.0820 1540 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:18.0855 1540 ohci1394 - ok
19:35:18.0895 1540 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:18.0907 1540 ose - ok
19:35:18.0978 1540 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:35:19.0023 1540 p2pimsvc - ok
19:35:19.0031 1540 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:35:19.0056 1540 p2psvc - ok
19:35:19.0111 1540 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:35:19.0147 1540 Parport - ok
19:35:19.0183 1540 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:35:19.0196 1540 partmgr - ok
19:35:19.0224 1540 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:35:19.0268 1540 Parvdm - ok
19:35:19.0304 1540 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:35:19.0331 1540 PcaSvc - ok
19:35:19.0381 1540 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:35:19.0396 1540 pci - ok
19:35:19.0404 1540 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:35:19.0418 1540 pciide - ok
19:35:19.0442 1540 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:35:19.0455 1540 pcmcia - ok
19:35:19.0479 1540 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
19:35:19.0489 1540 PdiPorts - ok
19:35:19.0584 1540 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:35:19.0680 1540 PEAUTH - ok
19:35:19.0905 1540 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:35:19.0978 1540 pla - ok
19:35:20.0135 1540 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:35:20.0168 1540 PlugPlay - ok
19:35:20.0261 1540 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:35:20.0291 1540 PNRPAutoReg - ok
19:35:20.0302 1540 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:35:20.0328 1540 PNRPsvc - ok
19:35:20.0371 1540 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:35:20.0416 1540 PolicyAgent - ok
19:35:20.0471 1540 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:35:20.0504 1540 PptpMiniport - ok
19:35:20.0518 1540 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:35:20.0551 1540 Processor - ok
19:35:20.0584 1540 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:35:20.0622 1540 ProfSvc - ok
19:35:20.0654 1540 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:35:20.0672 1540 ProtectedStorage - ok
19:35:20.0686 1540 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:35:20.0709 1540 PSched - ok
19:35:20.0720 1540 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
19:35:20.0732 1540 PSDFilter - ok
19:35:20.0746 1540 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
19:35:20.0756 1540 PSDNServ - ok
19:35:20.0775 1540 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:35:20.0798 1540 psdvdisk - ok
19:35:20.0843 1540 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:35:20.0854 1540 PxHelp20 - ok
19:35:20.0935 1540 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:35:20.0978 1540 ql2300 - ok
19:35:21.0017 1540 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:35:21.0030 1540 ql40xx - ok
19:35:21.0069 1540 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:35:21.0099 1540 QWAVE - ok
19:35:21.0112 1540 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:35:21.0134 1540 QWAVEdrv - ok
19:35:21.0152 1540 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:35:21.0180 1540 RasAcd - ok
19:35:21.0197 1540 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:35:21.0243 1540 RasAuto - ok
19:35:21.0268 1540 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:21.0313 1540 Rasl2tp - ok
19:35:21.0364 1540 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:35:21.0402 1540 RasMan - ok
19:35:21.0432 1540 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:21.0463 1540 RasPppoe - ok
19:35:21.0476 1540 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:35:21.0500 1540 RasSstp - ok
19:35:21.0518 1540 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:35:21.0563 1540 rdbss - ok
19:35:21.0595 1540 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:21.0620 1540 RDPCDD - ok
19:35:21.0649 1540 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:35:21.0677 1540 rdpdr - ok
19:35:21.0683 1540 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:35:21.0717 1540 RDPENCDD - ok
19:35:21.0746 1540 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:35:21.0790 1540 RDPWD - ok
19:35:21.0828 1540 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:35:21.0854 1540 RemoteAccess - ok
19:35:21.0870 1540 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:35:21.0898 1540 RemoteRegistry - ok
19:35:21.0963 1540 RichVideo (c1c132455200ad4704142442c89d0fa4) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:35:21.0971 1540 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:35:21.0971 1540 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:35:22.0006 1540 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:35:22.0026 1540 RpcLocator - ok
19:35:22.0127 1540 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:35:22.0159 1540 RpcSs - ok
19:35:22.0216 1540 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:35:22.0260 1540 rspndr - ok
19:35:22.0295 1540 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:35:22.0308 1540 SamSs - ok
19:35:22.0325 1540 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:35:22.0338 1540 sbp2port - ok
19:35:22.0372 1540 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:35:22.0407 1540 SCardSvr - ok
19:35:22.0461 1540 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:35:22.0510 1540 Schedule - ok
19:35:22.0528 1540 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:35:22.0548 1540 SCPolicySvc - ok
19:35:22.0568 1540 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:35:22.0585 1540 SDRSVC - ok
19:35:22.0596 1540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:35:22.0647 1540 secdrv - ok
19:35:22.0694 1540 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:35:22.0760 1540 seclogon - ok
19:35:22.0853 1540 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:35:22.0880 1540 SENS - ok
19:35:22.0910 1540 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:35:22.0954 1540 Serenum - ok
19:35:22.0992 1540 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:35:23.0033 1540 Serial - ok
19:35:23.0055 1540 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:35:23.0080 1540 sermouse - ok
19:35:23.0105 1540 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:35:23.0134 1540 SessionEnv - ok
19:35:23.0148 1540 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:35:23.0180 1540 sffdisk - ok
19:35:23.0193 1540 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:35:23.0221 1540 sffp_mmc - ok
19:35:23.0236 1540 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:35:23.0260 1540 sffp_sd - ok
19:35:23.0265 1540 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:35:23.0327 1540 sfloppy - ok
19:35:23.0368 1540 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:35:23.0396 1540 SharedAccess - ok
19:35:23.0446 1540 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:35:23.0481 1540 ShellHWDetection - ok
19:35:23.0507 1540 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:35:23.0519 1540 sisagp - ok
19:35:23.0528 1540 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:35:23.0542 1540 SiSRaid2 - ok
19:35:23.0561 1540 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:35:23.0578 1540 SiSRaid4 - ok
19:35:23.0766 1540 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:35:23.0889 1540 slsvc - ok
19:35:24.0012 1540 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:35:24.0046 1540 SLUINotify - ok
19:35:24.0100 1540 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:35:24.0120 1540 Smb - ok
19:35:24.0212 1540 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
19:35:24.0282 1540 smserial - ok
19:35:24.0317 1540 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:35:24.0345 1540 SNMPTRAP - ok
19:35:24.0381 1540 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:35:24.0394 1540 spldr - ok
19:35:24.0441 1540 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:35:24.0456 1540 Spooler - ok
19:35:24.0502 1540 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:35:24.0522 1540 srv - ok
19:35:24.0568 1540 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:35:24.0591 1540 srv2 - ok
19:35:24.0635 1540 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:35:24.0662 1540 srvnet - ok
19:35:24.0700 1540 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:35:24.0751 1540 SSDPSRV - ok
19:35:24.0779 1540 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:35:24.0806 1540 SstpSvc - ok
19:35:24.0864 1540 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:35:24.0908 1540 stisvc - ok
19:35:24.0946 1540 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:35:24.0959 1540 swenum - ok
19:35:25.0000 1540 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:35:25.0034 1540 swprv - ok
19:35:25.0065 1540 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:35:25.0076 1540 Symc8xx - ok
19:35:25.0090 1540 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:35:25.0103 1540 Sym_hi - ok
19:35:25.0113 1540 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:35:25.0126 1540 Sym_u3 - ok
19:35:25.0176 1540 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:35:25.0208 1540 SysMain - ok
19:35:25.0235 1540 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:35:25.0251 1540 TabletInputService - ok
19:35:25.0283 1540 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:35:25.0313 1540 TapiSrv - ok
19:35:25.0333 1540 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:35:25.0360 1540 TBS - ok
19:35:25.0434 1540 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:35:25.0478 1540 Tcpip - ok
19:35:25.0493 1540 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:35:25.0533 1540 Tcpip6 - ok
19:35:25.0554 1540 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:35:25.0567 1540 tcpipreg - ok
19:35:25.0597 1540 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:35:25.0632 1540 TDPIPE - ok
19:35:25.0649 1540 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:35:25.0696 1540 TDTCP - ok
19:35:25.0728 1540 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:35:25.0758 1540 tdx - ok
19:35:25.0797 1540 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:35:25.0810 1540 TermDD - ok
19:35:25.0850 1540 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:35:25.0895 1540 TermService - ok
19:35:25.0946 1540 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:35:25.0964 1540 Themes - ok
19:35:25.0989 1540 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:35:26.0015 1540 THREADORDER - ok
19:35:26.0044 1540 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:35:26.0090 1540 TrkWks - ok
19:35:26.0132 1540 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:35:26.0171 1540 TrustedInstaller - ok
19:35:26.0204 1540 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:26.0240 1540 tssecsrv - ok
19:35:26.0275 1540 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:35:26.0305 1540 tunmp - ok
19:35:26.0339 1540 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:35:26.0352 1540 tunnel - ok
19:35:26.0367 1540 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
19:35:26.0373 1540 tvicport ( UnsignedFile.Multi.Generic ) - warning
19:35:26.0373 1540 tvicport - detected UnsignedFile.Multi.Generic (1)
19:35:26.0393 1540 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:35:26.0406 1540 uagp35 - ok
19:35:26.0425 1540 UBHelper (54b233f82b7b5a731550b565e045ade2) C:\Windows\system32\drivers\UBHelper.sys
19:35:26.0437 1540 UBHelper - ok
19:35:26.0464 1540 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:35:26.0485 1540 udfs - ok
19:35:26.0519 1540 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:35:26.0546 1540 UI0Detect - ok
19:35:26.0560 1540 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:35:26.0574 1540 uliagpkx - ok
19:35:26.0598 1540 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:35:26.0614 1540 uliahci - ok
19:35:26.0635 1540 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:35:26.0648 1540 UlSata - ok
19:35:26.0668 1540 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:35:26.0682 1540 ulsata2 - ok
19:35:26.0703 1540 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:35:26.0728 1540 umbus - ok
19:35:26.0754 1540 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:35:26.0784 1540 upnphost - ok
19:35:26.0817 1540 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:35:26.0837 1540 usbaudio - ok
19:35:26.0849 1540 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:26.0886 1540 usbccgp - ok
19:35:26.0902 1540 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:35:26.0955 1540 usbcir - ok
19:35:27.0007 1540 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:35:27.0026 1540 usbehci - ok
19:35:27.0053 1540 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:35:27.0094 1540 usbhub - ok
19:35:27.0110 1540 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:35:27.0142 1540 usbohci - ok
19:35:27.0163 1540 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:35:27.0193 1540 usbprint - ok
19:35:27.0228 1540 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:35:27.0260 1540 usbscan - ok
19:35:27.0276 1540 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:27.0306 1540 USBSTOR - ok
19:35:27.0318 1540 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:27.0349 1540 usbuhci - ok
19:35:27.0383 1540 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:35:27.0437 1540 usbvideo - ok
19:35:27.0467 1540 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:35:27.0501 1540 UxSms - ok
19:35:27.0544 1540 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:35:27.0582 1540 vds - ok
19:35:27.0598 1540 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:27.0624 1540 vga - ok
19:35:27.0635 1540 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:35:27.0669 1540 VgaSave - ok
19:35:27.0689 1540 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:35:27.0703 1540 viaagp - ok
19:35:27.0737 1540 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:35:27.0764 1540 ViaC7 - ok
19:35:27.0775 1540 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:35:27.0787 1540 viaide - ok
19:35:27.0910 1540 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
19:35:27.0952 1540 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
19:35:27.0952 1540 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
19:35:28.0010 1540 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:35:28.0023 1540 volmgr - ok
19:35:28.0054 1540 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:35:28.0075 1540 volmgrx - ok
19:35:28.0133 1540 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:35:28.0156 1540 volsnap - ok
19:35:28.0190 1540 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:35:28.0204 1540 vsmraid - ok
19:35:28.0286 1540 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:35:28.0365 1540 VSS - ok
19:35:28.0408 1540 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:35:28.0433 1540 W32Time - ok
19:35:28.0475 1540 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:35:28.0519 1540 WacomPen - ok
19:35:28.0534 1540 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:28.0555 1540 Wanarp - ok
19:35:28.0561 1540 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:28.0582 1540 Wanarpv6 - ok
19:35:28.0616 1540 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:35:28.0639 1540 wcncsvc - ok
19:35:28.0660 1540 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:35:28.0692 1540 WcsPlugInService - ok
19:35:28.0709 1540 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:35:28.0722 1540 Wd - ok
19:35:28.0763 1540 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:35:28.0789 1540 Wdf01000 - ok
19:35:28.0811 1540 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:35:28.0841 1540 WdiServiceHost - ok
19:35:28.0845 1540 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:35:28.0879 1540 WdiSystemHost - ok
19:35:28.0900 1540 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:35:28.0926 1540 WebClient - ok
19:35:28.0968 1540 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:35:28.0984 1540 Wecsvc - ok
19:35:29.0005 1540 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:35:29.0028 1540 wercplsupport - ok
19:35:29.0058 1540 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:35:29.0080 1540 WerSvc - ok
19:35:29.0166 1540 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:35:29.0182 1540 WinDefend - ok
19:35:29.0193 1540 WinHttpAutoProxySvc - ok
19:35:29.0255 1540 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:35:29.0291 1540 Winmgmt - ok
19:35:29.0377 1540 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:35:29.0432 1540 WinRM - ok
19:35:29.0486 1540 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:35:29.0531 1540 Wlansvc - ok
19:35:29.0616 1540 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:35:29.0628 1540 wlcrasvc - ok
19:35:29.0796 1540 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:35:29.0853 1540 wlidsvc - ok
19:35:29.0984 1540 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:35:30.0016 1540 WmiAcpi - ok
19:35:30.0072 1540 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:35:30.0104 1540 wmiApSrv - ok
19:35:30.0216 1540 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:35:30.0265 1540 WMPNetworkSvc - ok
19:35:30.0302 1540 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:35:30.0333 1540 WPCSvc - ok
19:35:30.0365 1540 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:35:30.0381 1540 WPDBusEnum - ok
19:35:30.0515 1540 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:35:30.0542 1540 WPFFontCache_v0400 - ok
19:35:30.0573 1540 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:35:30.0618 1540 ws2ifsl - ok
19:35:30.0648 1540 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:35:30.0676 1540 wscsvc - ok
19:35:30.0680 1540 WSearch - ok
19:35:30.0795 1540 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:35:30.0859 1540 wuauserv - ok
19:35:30.0945 1540 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:35:30.0982 1540 wudfsvc - ok
19:35:31.0058 1540 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
19:35:31.0082 1540 yukonwlh - ok
19:35:31.0111 1540 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
19:35:31.0116 1540 zntport ( UnsignedFile.Multi.Generic ) - warning
19:35:31.0116 1540 zntport - detected UnsignedFile.Multi.Generic (1)
19:35:31.0139 1540 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
19:35:31.0200 1540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:35:31.0200 1540 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:35:31.0255 1540 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:35:31.0255 1540 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:35:31.0259 1540 Boot (0x1200) (72b43a870368b2040cb448c98d70f2d5) \Device\Harddisk0\DR0\Partition0
19:35:31.0260 1540 \Device\Harddisk0\DR0\Partition0 - ok
19:35:31.0286 1540 Boot (0x1200) (78e048f9eac6b8338039b60418117da0) \Device\Harddisk0\DR0\Partition1
19:35:31.0287 1540 \Device\Harddisk0\DR0\Partition1 - ok
19:35:31.0288 1540 ============================================================
19:35:31.0288 1540 Scan finished
19:35:31.0288 1540 ============================================================
19:35:31.0302 0380 Detected object count: 10
19:35:31.0302 0380 Actual detected object count: 10
19:36:22.0667 0380 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0667 0380 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0667 0380 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0667 0380 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0671 0380 DTSRVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0671 0380 DTSRVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0674 0380 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0674 0380 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0676 0380 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0676 0380 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0679 0380 tvicport ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0679 0380 tvicport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0681 0380 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0681 0380 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0684 0380 zntport ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0684 0380 zntport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:25.0317 0380 \Device\Harddisk0\DR0\# - copied to quarantine
19:36:25.0318 0380 \Device\Harddisk0\DR0 - copied to quarantine
19:36:25.0342 0380 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:36:25.0351 0380 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:36:25.0354 0380 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:36:25.0358 0380 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:36:25.0362 0380 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:36:25.0376 0380 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:36:25.0385 0380 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:36:25.0386 0380 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:36:25.0388 0380 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:36:25.0423 0380 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:36:25.0426 0380 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:36:25.0428 0380 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:36:25.0444 0380 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:36:25.0446 0380 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:36:25.0448 0380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:36:25.0451 0380 \Device\Harddisk0\DR0 - ok
19:36:25.0978 0380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:36:25.0978 0380 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:36:25.0978 0380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:37:10.0366 1984 Deinitialize success
  • 0

#12
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi,

Thanks for telling me how to turn off that annoying pop up! I'll get right to the point tonite - no questions - although I have about a hundred stored up!!!

Well, I checked the restore point and the C drive was checked but, when I ran your OTL fix I got the following log saying it wasn't on:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}\ not found.
Prefs.js: "https://www.ixquick.com/" removed from browser.startup.homepage
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\{1266764D-FC4F-4FA7-B63B-884D53B1680F}.xpi moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 20037272 bytes
->Temporary Internet Files folder emptied: 69586097 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 130635975 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2054 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 104669254 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 87776 bytes

Total Files Cleaned = 310.00 mb

Then I ran OTL and got this:

OTL logfile created on: 8/9/2012 7:24:56 PM - Run 6
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\John\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 56.49% Memory free
5.70 Gb Paging File | 4.58 Gb Available in Paging File | 80.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 56.86 Gb Free Space | 39.40% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 143.93 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive E: | 111.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
PRC - [2012/07/18 09:12:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/30 09:10:31 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 09:12:29 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2008/08/30 05:59:02 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 22:15:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 09:12:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/02 08:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/25 21:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 04:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 21:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/22 16:43:40 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2007/10/17 13:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/05/25 04:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 04:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/04 09:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/03 22:53:44 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/27 03:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/08/30 07:58:16 | 003,929,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/06 12:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 12:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/04/11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2006/11/16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKLM\..\SearchScopes\{18753C55-2E0A-4E3D-8421-49478172BD78}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{228B9FB4-D1A7-4F25-8DAF-BF1D2D8B69E8}: "URL" = http://search.yahoo....Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{489B22BB-F873-4164-BD36-E782C2A0F37B}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{4B09461A-0962-4647-AE77-F9FDD7330821}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{89CAE871-499D-4396-BB94-2975D89A4555}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{8B5676B5-E933-48C5-BAC3-F097EFE112B0}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKLM\..\SearchScopes\{C7B41550-D9B0-4A8E-B60B-08EB5B29DA18}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\John\Pictures
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{21D49723-EF6C-400C-9946-0DC88AC0F9F9}: "URL" = http://www.wowarmory...&searchType=all
IE - HKCU\..\SearchScopes\{3514A3CF-0279-4A20-890F-C3436A1A2CEC}: "URL" = http://answers.yahoo...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{557E4C2A-3B59-48AE-B678-3945E5824A28}: "URL" = http://local.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GCNV_en
IE - HKCU\..\SearchScopes\{BBA6EF3E-B299-4DA9-B43B-28992846BD77}: "URL" = http://shopping.yaho...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{C5D2C5A0-2F48-4FF4-896B-8A43D46D6A1E}: "URL" = http://images.search...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{CC62AE98-74E4-4C13-B5D9-F3153071B54C}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{D53976D3-36B3-4403-8A39-1AC9FFC5B5D9}: "URL" = http://video.yahoo.c...Terms}&fr=yie7c
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-acer
IE - HKCU\..\SearchScopes\{E9727A69-2837-4221-A09D-3B405A0F0B99}: "URL" = http://news.search.y...Terms}&fr=yie7c
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/05 14:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/29 11:57:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/29 17:46:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Extensions
[2012/08/09 19:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions
[2012/06/21 16:37:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/21 16:37:10 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/20 06:39:12 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\extensions\[email protected]
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\m694glti.default\searchplugins\Search_Results.xml
[2012/07/09 09:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/29 12:35:09 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2011/12/04 13:54:02 | 000,254,273 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\{CE6E6E3B-84DD-4CAC-9F63-8D2AE4F30A4B}.XPI
[2012/03/16 06:51:01 | 000,091,838 | ---- | M] () (No name found) -- C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M694GLTI.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 09:12:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/29 19:27:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/08 15:41:41 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/01/29 19:27:37 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (&Egis Option Pack) - {312105C4-2E13-4E10-AF72-F9D79BA077E6} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDsWebmailtb.dll (Egis Incorporated)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] "C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1100429.exe" -Update -1100429 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; IEMB3; .NET CLR 3.5.30729; .NET CLR 3.0.30729; IEMB3) File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\John\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 20:59:25 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\John\Desktop\FSS.exe
[2012/08/08 19:55:55 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswclear.exe
[2012/08/07 21:41:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/06 20:04:34 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/08/06 08:51:36 | 000,000,000 | ---D | C] -- C:\Users\John\Documents\Weathervein 2
[2012/08/01 19:35:16 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/01 16:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/01 16:54:32 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/01 16:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/30 20:37:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/07/30 10:12:54 | 004,587,128 | ---- | C] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/30 09:05:43 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/23 07:32:45 | 000,000,000 | ---D | C] -- C:\Users\John\Playboy
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 19:22:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 19:22:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 19:21:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/09 19:18:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 19:17:52 | 2952,257,536 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 19:15:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 18:24:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/09 18:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/09 17:05:18 | 103,499,138 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/09 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/09 10:46:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/08/09 10:00:27 | 000,002,587 | ---- | M] () -- C:\Users\John\Desktop\Microsoft Office Word 2007.lnk
[2012/08/08 20:59:28 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\John\Desktop\FSS.exe
[2012/08/08 20:01:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/08/08 19:55:57 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswclear.exe
[2012/08/08 19:48:52 | 000,920,096 | ---- | M] () -- C:\Users\John\Desktop\Norton_Removal_Tool.exe
[2012/08/06 20:07:03 | 000,000,512 | ---- | M] () -- C:\Users\John\Desktop\MBR.dat
[2012/08/06 20:05:03 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
[2012/08/05 17:51:47 | 000,361,714 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/05 11:33:31 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/05 11:33:31 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/05 11:26:15 | 000,381,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/03 08:57:27 | 000,000,902 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/08/03 08:45:41 | 000,000,104 | ---- | M] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 19:35:17 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
[2012/08/01 16:54:34 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/07/30 20:37:56 | 000,001,911 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 10:12:55 | 004,587,128 | ---- | M] (Lavasoft Limited) -- C:\Users\John\Desktop\Adaware_Installer.exe
[2012/07/29 18:16:12 | 230,775,801 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/29 17:53:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/29 17:53:53 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/22 10:48:16 | 000,000,680 | ---- | M] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2012/07/21 17:27:29 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/07/11 19:33:39 | 000,001,739 | ---- | M] () -- C:\Users\John\Desktop\Kindle.lnk
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 20:02:36 | 2952,257,536 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/08 19:48:50 | 000,920,096 | ---- | C] () -- C:\Users\John\Desktop\Norton_Removal_Tool.exe
[2012/08/06 20:07:03 | 000,000,512 | ---- | C] () -- C:\Users\John\Desktop\MBR.dat
[2012/08/03 08:45:41 | 000,000,104 | ---- | C] () -- C:\Users\John\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/01 16:54:34 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/30 20:36:12 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/07/30 20:33:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/07 13:50:25 | 000,000,128 | ---- | C] () -- C:\Users\John\AppData\Roaming\Earthquakes Meter_Settings.ini
[2011/11/12 17:25:21 | 000,000,680 | ---- | C] () -- C:\Users\John\AppData\Local\d3d9caps.dat
[2011/05/25 10:22:08 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/05/25 10:22:08 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/12/12 11:45:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/10/04 12:41:56 | 000,012,288 | ---- | C] () -- C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/20 20:29:46 | 000,000,000 | ---- | C] () -- C:\Users\John\AppData\Roaming\wklnhst.dat
[2009/05/09 16:36:19 | 000,000,760 | ---- | C] () -- C:\Users\John\AppData\Roaming\setup_ldm.iss
[2008/11/22 13:42:50 | 000,004,915 | ---- | C] () -- C:\ProgramData\lxdd
[2008/05/18 15:22:58 | 000,000,632 | RHS- | C] () -- C:\Users\John\ntuser.pol

========== LOP Check ==========

[2008/04/17 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer
[2008/02/26 03:11:52 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Acer GameZone Console
[2012/04/29 18:09:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Audacity
[2010/11/03 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG
[2010/11/01 08:11:07 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\AVG10
[2008/05/02 20:46:08 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Big Fish Games
[2012/03/26 06:40:40 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\calibre
[2008/04/23 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\DisplayTune
[2011/12/11 14:10:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\EazyPlanet
[2008/05/11 10:47:49 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\eSobi
[2009/04/24 23:02:04 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Eyeblaster
[2009/03/24 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/04/22 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\funkitron
[2009/04/25 18:44:59 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Gaijin Ent
[2008/04/17 22:37:57 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\gemsweeperextractedgfx
[2010/08/25 09:58:30 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\iWin
[2008/04/17 21:16:23 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Leadertech
[2008/04/17 22:12:39 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Lexmark Productivity Studio
[2008/06/09 18:57:15 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\LimeWire
[2012/01/31 22:27:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\PeerNetworking
[2008/05/02 21:48:48 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Pi Eye Games
[2012/05/25 00:58:33 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\TeamViewer
[2009/10/20 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Template
[2010/08/11 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\thriXXX
[2011/12/04 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\Thunderbird
[2009/07/24 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\VersionTracker Pro
[2009/04/24 14:59:44 | 000,000,000 | ---D | M] -- C:\Users\John\AppData\Roaming\ZEMNOTT
[2012/08/09 15:24:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000Core.job
[2012/08/09 18:24:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915483471-3835760120-257278320-1000UA.job
[2012/08/09 19:16:53 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Then the TDSS file:


19:33:48.0970 3276 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:33:49.0477 3276 ============================================================
19:33:49.0477 3276 Current date / time: 2012/08/09 19:33:49.0477
19:33:49.0477 3276 SystemInfo:
19:33:49.0477 3276
19:33:49.0477 3276 OS Version: 6.0.6002 ServicePack: 2.0
19:33:49.0477 3276 Product type: Workstation
19:33:49.0477 3276 ComputerName: JOHN-PC
19:33:49.0477 3276 UserName: John
19:33:49.0477 3276 Windows directory: C:\Windows
19:33:49.0477 3276 System windows directory: C:\Windows
19:33:49.0477 3276 Processor architecture: Intel x86
19:33:49.0477 3276 Number of processors: 2
19:33:49.0477 3276 Page size: 0x1000
19:33:49.0477 3276 Boot type: Normal boot
19:33:49.0477 3276 ============================================================
19:33:50.0982 3276 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:33:51.0040 3276 ============================================================
19:33:51.0040 3276 \Device\Harddisk0\DR0:
19:33:51.0040 3276 MBR partitions:
19:33:51.0040 3276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x12096800
19:33:51.0040 3276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1341B800, BlocksNum 0x12012800
19:33:51.0040 3276 ============================================================
19:33:51.0067 3276 C: <-> \Device\Harddisk0\DR0\Partition0
19:33:51.0107 3276 D: <-> \Device\Harddisk0\DR0\Partition1
19:33:51.0107 3276 ============================================================
19:33:51.0107 3276 Initialize success
19:33:51.0107 3276 ============================================================
19:35:01.0084 1540 ============================================================
19:35:01.0084 1540 Scan started
19:35:01.0084 1540 Mode: Manual; SigCheck; TDLFS;
19:35:01.0084 1540 ============================================================
19:35:01.0549 1540 Acer HomeMedia Connect Service (517d30057c726c797764bfd70a55d82a) C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
19:35:01.0675 1540 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - warning
19:35:01.0676 1540 Acer HomeMedia Connect Service - detected UnsignedFile.Multi.Generic (1)
19:35:01.0737 1540 AcerMemUsageCheckService (e91f2444df54e725ddbbddb7fbce71f5) C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
19:35:01.0767 1540 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - warning
19:35:01.0767 1540 AcerMemUsageCheckService - detected UnsignedFile.Multi.Generic (1)
19:35:01.0935 1540 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:35:01.0955 1540 ACPI - ok
19:35:02.0033 1540 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:02.0049 1540 AdobeFlashPlayerUpdateSvc - ok
19:35:02.0083 1540 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:35:02.0113 1540 adp94xx - ok
19:35:02.0143 1540 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:35:02.0163 1540 adpahci - ok
19:35:02.0176 1540 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:35:02.0194 1540 adpu160m - ok
19:35:02.0213 1540 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:35:02.0227 1540 adpu320 - ok
19:35:02.0302 1540 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:35:02.0369 1540 AeLookupSvc - ok
19:35:02.0482 1540 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:35:02.0506 1540 AFD - ok
19:35:02.0531 1540 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:35:02.0545 1540 agp440 - ok
19:35:02.0577 1540 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:35:02.0590 1540 aic78xx - ok
19:35:02.0607 1540 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:35:02.0651 1540 ALG - ok
19:35:02.0667 1540 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:35:02.0681 1540 aliide - ok
19:35:02.0700 1540 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:35:02.0715 1540 amdagp - ok
19:35:02.0731 1540 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:35:02.0743 1540 amdide - ok
19:35:02.0753 1540 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:35:02.0793 1540 AmdK7 - ok
19:35:02.0810 1540 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
19:35:02.0859 1540 AmdK8 - ok
19:35:02.0898 1540 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:35:02.0919 1540 Appinfo - ok
19:35:02.0943 1540 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:35:02.0957 1540 arc - ok
19:35:02.0973 1540 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:35:02.0987 1540 arcsas - ok
19:35:03.0006 1540 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:03.0041 1540 AsyncMac - ok
19:35:03.0078 1540 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:35:03.0091 1540 atapi - ok
19:35:03.0162 1540 Ati External Event Utility (8eb7658b655713347c0127526e8f7941) C:\Windows\system32\Ati2evxx.exe
19:35:03.0211 1540 Ati External Event Utility - ok
19:35:03.0421 1540 atikmdag (3f785fe4b890ebc17e1f4df684da060d) C:\Windows\system32\DRIVERS\atikmdag.sys
19:35:03.0575 1540 atikmdag - ok
19:35:03.0704 1540 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:35:03.0759 1540 AtiPcie - ok
19:35:03.0807 1540 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:35:03.0846 1540 AudioEndpointBuilder - ok
19:35:03.0851 1540 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:35:03.0876 1540 Audiosrv - ok
19:35:04.0333 1540 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
19:35:04.0533 1540 AVGIDSAgent - ok
19:35:04.0698 1540 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:35:04.0740 1540 AVGIDSDriver - ok
19:35:04.0795 1540 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:35:04.0805 1540 AVGIDSEH - ok
19:35:04.0818 1540 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:35:04.0829 1540 AVGIDSFilter - ok
19:35:04.0862 1540 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
19:35:04.0873 1540 AVGIDSShim - ok
19:35:04.0937 1540 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
19:35:04.0956 1540 Avgldx86 - ok
19:35:05.0003 1540 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
19:35:05.0015 1540 Avgmfx86 - ok
19:35:05.0020 1540 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
19:35:05.0034 1540 Avgrkx86 - ok
19:35:05.0082 1540 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
19:35:05.0102 1540 Avgtdix - ok
19:35:05.0196 1540 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe
19:35:05.0213 1540 avgwd - ok
19:35:05.0254 1540 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:35:05.0301 1540 Beep - ok
19:35:05.0348 1540 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:35:05.0403 1540 BFE - ok
19:35:05.0473 1540 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:35:05.0535 1540 BITS - ok
19:35:05.0549 1540 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:35:05.0589 1540 blbdrive - ok
19:35:05.0623 1540 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:35:05.0638 1540 bowser - ok
19:35:05.0666 1540 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:35:05.0695 1540 BrFiltLo - ok
19:35:05.0699 1540 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:35:05.0719 1540 BrFiltUp - ok
19:35:05.0766 1540 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:35:05.0798 1540 Browser - ok
19:35:05.0809 1540 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:35:05.0867 1540 Brserid - ok
19:35:05.0880 1540 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:35:05.0924 1540 BrSerWdm - ok
19:35:05.0929 1540 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:35:05.0984 1540 BrUsbMdm - ok
19:35:06.0006 1540 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:35:06.0065 1540 BrUsbSer - ok
19:35:06.0089 1540 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:35:06.0153 1540 BTHMODEM - ok
19:35:06.0189 1540 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:35:06.0220 1540 cdfs - ok
19:35:06.0247 1540 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:35:06.0268 1540 cdrom - ok
19:35:06.0303 1540 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:35:06.0336 1540 CertPropSvc - ok
19:35:06.0356 1540 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:35:06.0386 1540 circlass - ok
19:35:06.0417 1540 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:35:06.0441 1540 CLFS - ok
19:35:06.0495 1540 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:06.0508 1540 clr_optimization_v2.0.50727_32 - ok
19:35:06.0602 1540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:06.0617 1540 clr_optimization_v4.0.30319_32 - ok
19:35:06.0642 1540 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:35:06.0657 1540 cmdide - ok
19:35:06.0667 1540 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
19:35:06.0681 1540 Compbatt - ok
19:35:06.0685 1540 COMSysApp - ok
19:35:06.0704 1540 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:35:06.0717 1540 crcdisk - ok
19:35:06.0725 1540 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:35:06.0753 1540 Crusoe - ok
19:35:06.0800 1540 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:35:06.0841 1540 CryptSvc - ok
19:35:06.0910 1540 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:35:06.0961 1540 DcomLaunch - ok
19:35:06.0990 1540 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:35:07.0009 1540 DfsC - ok
19:35:07.0143 1540 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:35:07.0230 1540 DFSR - ok
19:35:07.0358 1540 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:35:07.0401 1540 Dhcp - ok
19:35:07.0506 1540 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:35:07.0519 1540 disk - ok
19:35:07.0569 1540 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:35:07.0586 1540 Dnscache - ok
19:35:07.0608 1540 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:35:07.0649 1540 dot3svc - ok
19:35:07.0677 1540 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:35:07.0719 1540 DPS - ok
19:35:07.0749 1540 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:35:07.0781 1540 drmkaud - ok
19:35:07.0878 1540 DTSRVC (65663bb1a4c187e750787587e4a105c5) C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
19:35:07.0894 1540 DTSRVC ( UnsignedFile.Multi.Generic ) - warning
19:35:07.0894 1540 DTSRVC - detected UnsignedFile.Multi.Generic (1)
19:35:07.0961 1540 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:35:07.0989 1540 DXGKrnl - ok
19:35:08.0018 1540 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:35:08.0049 1540 E1G60 - ok
19:35:08.0088 1540 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:35:08.0119 1540 EapHost - ok
19:35:08.0168 1540 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:35:08.0182 1540 Ecache - ok
19:35:08.0280 1540 eDataSecurity Service (668dca122ffc7f10beca6055e15ffabd) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
19:35:08.0300 1540 eDataSecurity Service - ok
19:35:08.0368 1540 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:35:08.0384 1540 ehRecvr - ok
19:35:08.0399 1540 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:35:08.0413 1540 ehSched - ok
19:35:08.0418 1540 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:35:08.0445 1540 ehstart - ok
19:35:08.0572 1540 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:35:08.0602 1540 elxstor - ok
19:35:08.0650 1540 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:35:08.0673 1540 EMDMgmt - ok
19:35:08.0693 1540 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:35:08.0722 1540 ErrDev - ok
19:35:08.0807 1540 eSettingsService (a9745687a57cdd71237915859aba8dac) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
19:35:08.0828 1540 eSettingsService ( UnsignedFile.Multi.Generic ) - warning
19:35:08.0828 1540 eSettingsService - detected UnsignedFile.Multi.Generic (1)
19:35:08.0880 1540 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:35:08.0904 1540 EventSystem - ok
19:35:08.0945 1540 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:35:08.0969 1540 exfat - ok
19:35:08.0990 1540 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:35:09.0035 1540 fastfat - ok
19:35:09.0079 1540 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:35:09.0112 1540 fdc - ok
19:35:09.0142 1540 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:35:09.0166 1540 fdPHost - ok
19:35:09.0172 1540 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:35:09.0215 1540 FDResPub - ok
19:35:09.0224 1540 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:35:09.0240 1540 FileInfo - ok
19:35:09.0254 1540 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:35:09.0300 1540 Filetrace - ok
19:35:09.0320 1540 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:09.0362 1540 flpydisk - ok
19:35:09.0399 1540 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:35:09.0414 1540 FltMgr - ok
19:35:09.0514 1540 FontCache (452feaab2a8dbb42ed751754cb2594f5) C:\Windows\system32\FntCache.dll
19:35:09.0573 1540 FontCache - ok
19:35:09.0651 1540 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:09.0664 1540 FontCache3.0.0.0 - ok
19:35:09.0724 1540 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
19:35:09.0735 1540 fssfltr - ok
19:35:09.0881 1540 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:35:09.0964 1540 fsssvc - ok
19:35:10.0102 1540 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:35:10.0129 1540 Fs_Rec - ok
19:35:10.0144 1540 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:35:10.0157 1540 gagp30kx - ok
19:35:10.0194 1540 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:35:10.0205 1540 GEARAspiWDM - ok
19:35:10.0253 1540 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:35:10.0292 1540 gpsvc - ok
19:35:10.0408 1540 gupdate1c99506fc579578 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:10.0421 1540 gupdate1c99506fc579578 - ok
19:35:10.0441 1540 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
19:35:10.0453 1540 gupdatem - ok
19:35:10.0515 1540 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:35:10.0528 1540 gusvc - ok
19:35:10.0574 1540 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:35:10.0605 1540 HdAudAddService - ok
19:35:10.0660 1540 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:10.0716 1540 HDAudBus - ok
19:35:10.0742 1540 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:35:10.0803 1540 HidBth - ok
19:35:10.0840 1540 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:35:10.0896 1540 HidIr - ok
19:35:10.0924 1540 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:35:10.0942 1540 hidserv - ok
19:35:10.0981 1540 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:35:11.0021 1540 HidUsb - ok
19:35:11.0058 1540 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:35:11.0085 1540 hkmsvc - ok
19:35:11.0097 1540 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:35:11.0112 1540 HpCISSs - ok
19:35:11.0160 1540 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:35:11.0207 1540 HTTP - ok
19:35:11.0219 1540 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:35:11.0232 1540 i2omp - ok
19:35:11.0259 1540 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:11.0278 1540 i8042prt - ok
19:35:11.0301 1540 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:35:11.0323 1540 iaStorV - ok
19:35:11.0425 1540 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:11.0459 1540 idsvc - ok
19:35:11.0476 1540 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:35:11.0488 1540 iirsp - ok
19:35:11.0525 1540 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:35:11.0561 1540 IKEEXT - ok
19:35:11.0589 1540 int15 - ok
19:35:11.0711 1540 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
19:35:11.0805 1540 IntcAzAudAddService - ok
19:35:11.0950 1540 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:35:11.0964 1540 intelide - ok
19:35:11.0995 1540 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:35:12.0027 1540 intelppm - ok
19:35:12.0056 1540 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:35:12.0093 1540 IPBusEnum - ok
19:35:12.0125 1540 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:12.0170 1540 IpFilterDriver - ok
19:35:12.0206 1540 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:35:12.0236 1540 iphlpsvc - ok
19:35:12.0240 1540 IpInIp - ok
19:35:12.0265 1540 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:35:12.0300 1540 IPMIDRV - ok
19:35:12.0317 1540 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:35:12.0344 1540 IPNAT - ok
19:35:12.0356 1540 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:35:12.0382 1540 IRENUM - ok
19:35:12.0399 1540 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:35:12.0411 1540 isapnp - ok
19:35:12.0452 1540 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:35:12.0469 1540 iScsiPrt - ok
19:35:12.0481 1540 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:35:12.0492 1540 iteatapi - ok
19:35:12.0503 1540 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:35:12.0517 1540 iteraid - ok
19:35:12.0580 1540 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:12.0606 1540 kbdclass - ok
19:35:12.0631 1540 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:35:12.0662 1540 kbdhid - ok
19:35:12.0696 1540 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:35:12.0727 1540 KeyIso - ok
19:35:12.0765 1540 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:35:12.0786 1540 KSecDD - ok
19:35:12.0832 1540 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:35:12.0889 1540 KtmRm - ok
19:35:12.0922 1540 L8042mou (8a5993705add14352c9a279fa8338334) C:\Windows\system32\DRIVERS\L8042mou.Sys
19:35:12.0934 1540 L8042mou - ok
19:35:12.0986 1540 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:35:13.0014 1540 LanmanServer - ok
19:35:13.0047 1540 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:35:13.0064 1540 LanmanWorkstation - ok
19:35:13.0266 1540 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
19:35:13.0424 1540 Lavasoft Ad-Aware Service - ok
19:35:13.0470 1540 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:35:13.0482 1540 Lavasoft Kernexplorer - ok
19:35:13.0642 1540 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
19:35:13.0653 1540 Lbd - ok
19:35:13.0728 1540 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
19:35:13.0751 1540 LBTServ - ok
19:35:13.0792 1540 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:35:13.0804 1540 LHidFilt - ok
19:35:13.0830 1540 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:35:13.0859 1540 lltdio - ok
19:35:13.0916 1540 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:35:13.0965 1540 lltdsvc - ok
19:35:13.0987 1540 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:35:14.0047 1540 lmhosts - ok
19:35:14.0077 1540 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:35:14.0089 1540 LMouFilt - ok
19:35:14.0102 1540 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\Windows\system32\DRIVERS\LMouKE.Sys
19:35:14.0116 1540 LMouKE - ok
19:35:14.0136 1540 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:35:14.0150 1540 LSI_FC - ok
19:35:14.0165 1540 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:35:14.0179 1540 LSI_SAS - ok
19:35:14.0207 1540 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:35:14.0222 1540 LSI_SCSI - ok
19:35:14.0251 1540 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:35:14.0277 1540 luafv - ok
19:35:14.0308 1540 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\Windows\system32\Drivers\LUsbFilt.Sys
19:35:14.0319 1540 LUsbFilt - ok
19:35:14.0371 1540 lvpopflt (cbf0bf6af73a704211bbb52efacaa8a0) C:\Windows\system32\DRIVERS\lvpopflt.sys
19:35:14.0390 1540 lvpopflt - ok
19:35:14.0444 1540 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
19:35:14.0458 1540 LVPr2Mon - ok
19:35:14.0554 1540 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
19:35:14.0566 1540 LVPrcSrv - ok
19:35:14.0605 1540 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
19:35:14.0624 1540 LVRS - ok
19:35:14.0846 1540 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
19:35:15.0014 1540 LVUVC - ok
19:35:15.0178 1540 lxddCATSCustConnectService (deb8a241d5671f7d4188f86e2aeb6960) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe
19:35:15.0193 1540 lxddCATSCustConnectService - ok
19:35:15.0205 1540 lxdd_device - ok
19:35:15.0262 1540 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
19:35:15.0274 1540 MBAMProtector - ok
19:35:15.0353 1540 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:35:15.0380 1540 MBAMService - ok
19:35:15.0475 1540 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
19:35:15.0489 1540 McComponentHostService - ok
19:35:15.0518 1540 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:35:15.0544 1540 Mcx2Svc - ok
19:35:15.0576 1540 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:35:15.0588 1540 megasas - ok
19:35:15.0620 1540 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:35:15.0650 1540 MegaSR - ok
19:35:15.0681 1540 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:35:15.0720 1540 MMCSS - ok
19:35:15.0744 1540 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:35:15.0768 1540 Modem - ok
19:35:15.0813 1540 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
19:35:15.0853 1540 MODEMCSA - ok
19:35:15.0881 1540 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:35:15.0917 1540 monitor - ok
19:35:15.0933 1540 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:35:15.0946 1540 mouclass - ok
19:35:15.0951 1540 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:35:15.0987 1540 mouhid - ok
19:35:16.0000 1540 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:35:16.0013 1540 MountMgr - ok
19:35:16.0065 1540 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:35:16.0080 1540 MozillaMaintenance - ok
19:35:16.0111 1540 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:35:16.0125 1540 mpio - ok
19:35:16.0137 1540 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:35:16.0166 1540 mpsdrv - ok
19:35:16.0207 1540 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:35:16.0256 1540 MpsSvc - ok
19:35:16.0266 1540 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:35:16.0278 1540 Mraid35x - ok
19:35:16.0309 1540 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:35:16.0336 1540 MRxDAV - ok
19:35:16.0375 1540 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:16.0403 1540 mrxsmb - ok
19:35:16.0456 1540 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:16.0479 1540 mrxsmb10 - ok
19:35:16.0491 1540 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:16.0507 1540 mrxsmb20 - ok
19:35:16.0524 1540 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:35:16.0538 1540 msahci - ok
19:35:16.0553 1540 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:35:16.0566 1540 msdsm - ok
19:35:16.0598 1540 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:35:16.0638 1540 MSDTC - ok
19:35:16.0664 1540 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:35:16.0708 1540 Msfs - ok
19:35:16.0736 1540 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:35:16.0749 1540 msisadrv - ok
19:35:16.0777 1540 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:35:16.0805 1540 MSiSCSI - ok
19:35:16.0809 1540 msiserver - ok
19:35:16.0821 1540 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:35:16.0860 1540 MSKSSRV - ok
19:35:16.0874 1540 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:16.0919 1540 MSPCLOCK - ok
19:35:16.0938 1540 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:35:16.0963 1540 MSPQM - ok
19:35:16.0997 1540 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:35:17.0022 1540 MsRPC - ok
19:35:17.0036 1540 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:17.0048 1540 mssmbios - ok
19:35:17.0058 1540 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:35:17.0094 1540 MSTEE - ok
19:35:17.0115 1540 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:35:17.0128 1540 Mup - ok
19:35:17.0153 1540 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:35:17.0196 1540 napagent - ok
19:35:17.0229 1540 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:35:17.0273 1540 NativeWifiP - ok
19:35:17.0315 1540 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:35:17.0337 1540 NDIS - ok
19:35:17.0364 1540 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:17.0393 1540 NdisTapi - ok
19:35:17.0409 1540 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:17.0440 1540 Ndisuio - ok
19:35:17.0481 1540 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:17.0524 1540 NdisWan - ok
19:35:17.0549 1540 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:35:17.0575 1540 NDProxy - ok
19:35:17.0591 1540 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:35:17.0626 1540 NetBIOS - ok
19:35:17.0662 1540 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:35:17.0728 1540 netbt - ok
19:35:17.0762 1540 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:35:17.0777 1540 Netlogon - ok
19:35:17.0813 1540 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:35:17.0858 1540 Netman - ok
19:35:17.0891 1540 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:35:17.0921 1540 netprofm - ok
19:35:18.0006 1540 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:18.0019 1540 NetTcpPortSharing - ok
19:35:18.0049 1540 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:35:18.0062 1540 nfrd960 - ok
19:35:18.0085 1540 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:35:18.0131 1540 NlaSvc - ok
19:35:18.0160 1540 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:35:18.0200 1540 Npfs - ok
19:35:18.0223 1540 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:35:18.0248 1540 nsi - ok
19:35:18.0263 1540 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:35:18.0300 1540 nsiproxy - ok
19:35:18.0372 1540 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:35:18.0438 1540 Ntfs - ok
19:35:18.0462 1540 NTIDrvr (d7c908f27717fb1e1e16ccdffe35e7e2) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:35:18.0474 1540 NTIDrvr - ok
19:35:18.0481 1540 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:35:18.0526 1540 ntrigdigi - ok
19:35:18.0537 1540 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:35:18.0562 1540 Null - ok
19:35:18.0576 1540 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:35:18.0589 1540 nvraid - ok
19:35:18.0600 1540 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:35:18.0613 1540 nvstor - ok
19:35:18.0627 1540 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:35:18.0642 1540 nv_agp - ok
19:35:18.0648 1540 NwlnkFlt - ok
19:35:18.0655 1540 NwlnkFwd - ok
19:35:18.0765 1540 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:35:18.0792 1540 odserv - ok
19:35:18.0820 1540 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:18.0855 1540 ohci1394 - ok
19:35:18.0895 1540 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:18.0907 1540 ose - ok
19:35:18.0978 1540 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:35:19.0023 1540 p2pimsvc - ok
19:35:19.0031 1540 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:35:19.0056 1540 p2psvc - ok
19:35:19.0111 1540 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:35:19.0147 1540 Parport - ok
19:35:19.0183 1540 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:35:19.0196 1540 partmgr - ok
19:35:19.0224 1540 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:35:19.0268 1540 Parvdm - ok
19:35:19.0304 1540 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:35:19.0331 1540 PcaSvc - ok
19:35:19.0381 1540 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:35:19.0396 1540 pci - ok
19:35:19.0404 1540 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:35:19.0418 1540 pciide - ok
19:35:19.0442 1540 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:35:19.0455 1540 pcmcia - ok
19:35:19.0479 1540 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys
19:35:19.0489 1540 PdiPorts - ok
19:35:19.0584 1540 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:35:19.0680 1540 PEAUTH - ok
19:35:19.0905 1540 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:35:19.0978 1540 pla - ok
19:35:20.0135 1540 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:35:20.0168 1540 PlugPlay - ok
19:35:20.0261 1540 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:35:20.0291 1540 PNRPAutoReg - ok
19:35:20.0302 1540 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:35:20.0328 1540 PNRPsvc - ok
19:35:20.0371 1540 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:35:20.0416 1540 PolicyAgent - ok
19:35:20.0471 1540 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:35:20.0504 1540 PptpMiniport - ok
19:35:20.0518 1540 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:35:20.0551 1540 Processor - ok
19:35:20.0584 1540 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:35:20.0622 1540 ProfSvc - ok
19:35:20.0654 1540 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:35:20.0672 1540 ProtectedStorage - ok
19:35:20.0686 1540 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:35:20.0709 1540 PSched - ok
19:35:20.0720 1540 PSDFilter (18de162f9b83079c24cd96f59292f5ed) C:\Windows\system32\DRIVERS\psdfilter.sys
19:35:20.0732 1540 PSDFilter - ok
19:35:20.0746 1540 PSDNServ (bc1457a28e76ab3106d43802ac22a627) C:\Windows\system32\DRIVERS\PSDNServ.sys
19:35:20.0756 1540 PSDNServ - ok
19:35:20.0775 1540 psdvdisk (ac151e5b0943304e368c98ec78b5fc4f) C:\Windows\system32\DRIVERS\PSDVdisk.sys
19:35:20.0798 1540 psdvdisk - ok
19:35:20.0843 1540 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
19:35:20.0854 1540 PxHelp20 - ok
19:35:20.0935 1540 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:35:20.0978 1540 ql2300 - ok
19:35:21.0017 1540 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:35:21.0030 1540 ql40xx - ok
19:35:21.0069 1540 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:35:21.0099 1540 QWAVE - ok
19:35:21.0112 1540 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:35:21.0134 1540 QWAVEdrv - ok
19:35:21.0152 1540 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:35:21.0180 1540 RasAcd - ok
19:35:21.0197 1540 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:35:21.0243 1540 RasAuto - ok
19:35:21.0268 1540 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:21.0313 1540 Rasl2tp - ok
19:35:21.0364 1540 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:35:21.0402 1540 RasMan - ok
19:35:21.0432 1540 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:21.0463 1540 RasPppoe - ok
19:35:21.0476 1540 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:35:21.0500 1540 RasSstp - ok
19:35:21.0518 1540 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:35:21.0563 1540 rdbss - ok
19:35:21.0595 1540 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:21.0620 1540 RDPCDD - ok
19:35:21.0649 1540 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:35:21.0677 1540 rdpdr - ok
19:35:21.0683 1540 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:35:21.0717 1540 RDPENCDD - ok
19:35:21.0746 1540 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:35:21.0790 1540 RDPWD - ok
19:35:21.0828 1540 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:35:21.0854 1540 RemoteAccess - ok
19:35:21.0870 1540 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:35:21.0898 1540 RemoteRegistry - ok
19:35:21.0963 1540 RichVideo (c1c132455200ad4704142442c89d0fa4) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:35:21.0971 1540 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:35:21.0971 1540 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:35:22.0006 1540 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:35:22.0026 1540 RpcLocator - ok
19:35:22.0127 1540 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:35:22.0159 1540 RpcSs - ok
19:35:22.0216 1540 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:35:22.0260 1540 rspndr - ok
19:35:22.0295 1540 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe
19:35:22.0308 1540 SamSs - ok
19:35:22.0325 1540 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:35:22.0338 1540 sbp2port - ok
19:35:22.0372 1540 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:35:22.0407 1540 SCardSvr - ok
19:35:22.0461 1540 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:35:22.0510 1540 Schedule - ok
19:35:22.0528 1540 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:35:22.0548 1540 SCPolicySvc - ok
19:35:22.0568 1540 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:35:22.0585 1540 SDRSVC - ok
19:35:22.0596 1540 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:35:22.0647 1540 secdrv - ok
19:35:22.0694 1540 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:35:22.0760 1540 seclogon - ok
19:35:22.0853 1540 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:35:22.0880 1540 SENS - ok
19:35:22.0910 1540 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:35:22.0954 1540 Serenum - ok
19:35:22.0992 1540 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:35:23.0033 1540 Serial - ok
19:35:23.0055 1540 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:35:23.0080 1540 sermouse - ok
19:35:23.0105 1540 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:35:23.0134 1540 SessionEnv - ok
19:35:23.0148 1540 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:35:23.0180 1540 sffdisk - ok
19:35:23.0193 1540 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:35:23.0221 1540 sffp_mmc - ok
19:35:23.0236 1540 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:35:23.0260 1540 sffp_sd - ok
19:35:23.0265 1540 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:35:23.0327 1540 sfloppy - ok
19:35:23.0368 1540 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:35:23.0396 1540 SharedAccess - ok
19:35:23.0446 1540 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:35:23.0481 1540 ShellHWDetection - ok
19:35:23.0507 1540 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:35:23.0519 1540 sisagp - ok
19:35:23.0528 1540 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:35:23.0542 1540 SiSRaid2 - ok
19:35:23.0561 1540 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:35:23.0578 1540 SiSRaid4 - ok
19:35:23.0766 1540 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:35:23.0889 1540 slsvc - ok
19:35:24.0012 1540 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:35:24.0046 1540 SLUINotify - ok
19:35:24.0100 1540 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:35:24.0120 1540 Smb - ok
19:35:24.0212 1540 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys
19:35:24.0282 1540 smserial - ok
19:35:24.0317 1540 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:35:24.0345 1540 SNMPTRAP - ok
19:35:24.0381 1540 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:35:24.0394 1540 spldr - ok
19:35:24.0441 1540 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:35:24.0456 1540 Spooler - ok
19:35:24.0502 1540 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:35:24.0522 1540 srv - ok
19:35:24.0568 1540 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:35:24.0591 1540 srv2 - ok
19:35:24.0635 1540 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:35:24.0662 1540 srvnet - ok
19:35:24.0700 1540 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:35:24.0751 1540 SSDPSRV - ok
19:35:24.0779 1540 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:35:24.0806 1540 SstpSvc - ok
19:35:24.0864 1540 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:35:24.0908 1540 stisvc - ok
19:35:24.0946 1540 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:35:24.0959 1540 swenum - ok
19:35:25.0000 1540 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:35:25.0034 1540 swprv - ok
19:35:25.0065 1540 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:35:25.0076 1540 Symc8xx - ok
19:35:25.0090 1540 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:35:25.0103 1540 Sym_hi - ok
19:35:25.0113 1540 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:35:25.0126 1540 Sym_u3 - ok
19:35:25.0176 1540 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:35:25.0208 1540 SysMain - ok
19:35:25.0235 1540 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:35:25.0251 1540 TabletInputService - ok
19:35:25.0283 1540 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:35:25.0313 1540 TapiSrv - ok
19:35:25.0333 1540 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:35:25.0360 1540 TBS - ok
19:35:25.0434 1540 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:35:25.0478 1540 Tcpip - ok
19:35:25.0493 1540 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:35:25.0533 1540 Tcpip6 - ok
19:35:25.0554 1540 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:35:25.0567 1540 tcpipreg - ok
19:35:25.0597 1540 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:35:25.0632 1540 TDPIPE - ok
19:35:25.0649 1540 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:35:25.0696 1540 TDTCP - ok
19:35:25.0728 1540 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:35:25.0758 1540 tdx - ok
19:35:25.0797 1540 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:35:25.0810 1540 TermDD - ok
19:35:25.0850 1540 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:35:25.0895 1540 TermService - ok
19:35:25.0946 1540 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:35:25.0964 1540 Themes - ok
19:35:25.0989 1540 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:35:26.0015 1540 THREADORDER - ok
19:35:26.0044 1540 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:35:26.0090 1540 TrkWks - ok
19:35:26.0132 1540 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:35:26.0171 1540 TrustedInstaller - ok
19:35:26.0204 1540 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:26.0240 1540 tssecsrv - ok
19:35:26.0275 1540 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:35:26.0305 1540 tunmp - ok
19:35:26.0339 1540 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:35:26.0352 1540 tunnel - ok
19:35:26.0367 1540 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
19:35:26.0373 1540 tvicport ( UnsignedFile.Multi.Generic ) - warning
19:35:26.0373 1540 tvicport - detected UnsignedFile.Multi.Generic (1)
19:35:26.0393 1540 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:35:26.0406 1540 uagp35 - ok
19:35:26.0425 1540 UBHelper (54b233f82b7b5a731550b565e045ade2) C:\Windows\system32\drivers\UBHelper.sys
19:35:26.0437 1540 UBHelper - ok
19:35:26.0464 1540 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:35:26.0485 1540 udfs - ok
19:35:26.0519 1540 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:35:26.0546 1540 UI0Detect - ok
19:35:26.0560 1540 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:35:26.0574 1540 uliagpkx - ok
19:35:26.0598 1540 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:35:26.0614 1540 uliahci - ok
19:35:26.0635 1540 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:35:26.0648 1540 UlSata - ok
19:35:26.0668 1540 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:35:26.0682 1540 ulsata2 - ok
19:35:26.0703 1540 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:35:26.0728 1540 umbus - ok
19:35:26.0754 1540 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:35:26.0784 1540 upnphost - ok
19:35:26.0817 1540 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:35:26.0837 1540 usbaudio - ok
19:35:26.0849 1540 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:26.0886 1540 usbccgp - ok
19:35:26.0902 1540 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:35:26.0955 1540 usbcir - ok
19:35:27.0007 1540 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:35:27.0026 1540 usbehci - ok
19:35:27.0053 1540 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:35:27.0094 1540 usbhub - ok
19:35:27.0110 1540 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:35:27.0142 1540 usbohci - ok
19:35:27.0163 1540 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:35:27.0193 1540 usbprint - ok
19:35:27.0228 1540 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:35:27.0260 1540 usbscan - ok
19:35:27.0276 1540 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:27.0306 1540 USBSTOR - ok
19:35:27.0318 1540 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:27.0349 1540 usbuhci - ok
19:35:27.0383 1540 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:35:27.0437 1540 usbvideo - ok
19:35:27.0467 1540 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:35:27.0501 1540 UxSms - ok
19:35:27.0544 1540 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:35:27.0582 1540 vds - ok
19:35:27.0598 1540 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:27.0624 1540 vga - ok
19:35:27.0635 1540 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:35:27.0669 1540 VgaSave - ok
19:35:27.0689 1540 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:35:27.0703 1540 viaagp - ok
19:35:27.0737 1540 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:35:27.0764 1540 ViaC7 - ok
19:35:27.0775 1540 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:35:27.0787 1540 viaide - ok
19:35:27.0910 1540 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
19:35:27.0952 1540 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
19:35:27.0952 1540 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
19:35:28.0010 1540 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:35:28.0023 1540 volmgr - ok
19:35:28.0054 1540 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:35:28.0075 1540 volmgrx - ok
19:35:28.0133 1540 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:35:28.0156 1540 volsnap - ok
19:35:28.0190 1540 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:35:28.0204 1540 vsmraid - ok
19:35:28.0286 1540 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:35:28.0365 1540 VSS - ok
19:35:28.0408 1540 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:35:28.0433 1540 W32Time - ok
19:35:28.0475 1540 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:35:28.0519 1540 WacomPen - ok
19:35:28.0534 1540 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:28.0555 1540 Wanarp - ok
19:35:28.0561 1540 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:35:28.0582 1540 Wanarpv6 - ok
19:35:28.0616 1540 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:35:28.0639 1540 wcncsvc - ok
19:35:28.0660 1540 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:35:28.0692 1540 WcsPlugInService - ok
19:35:28.0709 1540 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:35:28.0722 1540 Wd - ok
19:35:28.0763 1540 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:35:28.0789 1540 Wdf01000 - ok
19:35:28.0811 1540 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:35:28.0841 1540 WdiServiceHost - ok
19:35:28.0845 1540 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:35:28.0879 1540 WdiSystemHost - ok
19:35:28.0900 1540 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:35:28.0926 1540 WebClient - ok
19:35:28.0968 1540 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:35:28.0984 1540 Wecsvc - ok
19:35:29.0005 1540 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:35:29.0028 1540 wercplsupport - ok
19:35:29.0058 1540 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:35:29.0080 1540 WerSvc - ok
19:35:29.0166 1540 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:35:29.0182 1540 WinDefend - ok
19:35:29.0193 1540 WinHttpAutoProxySvc - ok
19:35:29.0255 1540 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:35:29.0291 1540 Winmgmt - ok
19:35:29.0377 1540 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:35:29.0432 1540 WinRM - ok
19:35:29.0486 1540 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:35:29.0531 1540 Wlansvc - ok
19:35:29.0616 1540 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:35:29.0628 1540 wlcrasvc - ok
19:35:29.0796 1540 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:35:29.0853 1540 wlidsvc - ok
19:35:29.0984 1540 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:35:30.0016 1540 WmiAcpi - ok
19:35:30.0072 1540 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:35:30.0104 1540 wmiApSrv - ok
19:35:30.0216 1540 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:35:30.0265 1540 WMPNetworkSvc - ok
19:35:30.0302 1540 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:35:30.0333 1540 WPCSvc - ok
19:35:30.0365 1540 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:35:30.0381 1540 WPDBusEnum - ok
19:35:30.0515 1540 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:35:30.0542 1540 WPFFontCache_v0400 - ok
19:35:30.0573 1540 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:35:30.0618 1540 ws2ifsl - ok
19:35:30.0648 1540 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:35:30.0676 1540 wscsvc - ok
19:35:30.0680 1540 WSearch - ok
19:35:30.0795 1540 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:35:30.0859 1540 wuauserv - ok
19:35:30.0945 1540 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:35:30.0982 1540 wudfsvc - ok
19:35:31.0058 1540 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
19:35:31.0082 1540 yukonwlh - ok
19:35:31.0111 1540 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
19:35:31.0116 1540 zntport ( UnsignedFile.Multi.Generic ) - warning
19:35:31.0116 1540 zntport - detected UnsignedFile.Multi.Generic (1)
19:35:31.0139 1540 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
19:35:31.0200 1540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:35:31.0200 1540 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:35:31.0255 1540 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:35:31.0255 1540 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:35:31.0259 1540 Boot (0x1200) (72b43a870368b2040cb448c98d70f2d5) \Device\Harddisk0\DR0\Partition0
19:35:31.0260 1540 \Device\Harddisk0\DR0\Partition0 - ok
19:35:31.0286 1540 Boot (0x1200) (78e048f9eac6b8338039b60418117da0) \Device\Harddisk0\DR0\Partition1
19:35:31.0287 1540 \Device\Harddisk0\DR0\Partition1 - ok
19:35:31.0288 1540 ============================================================
19:35:31.0288 1540 Scan finished
19:35:31.0288 1540 ============================================================
19:35:31.0302 0380 Detected object count: 10
19:35:31.0302 0380 Actual detected object count: 10
19:36:22.0667 0380 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0667 0380 Acer HomeMedia Connect Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0667 0380 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0667 0380 AcerMemUsageCheckService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0671 0380 DTSRVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0671 0380 DTSRVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0674 0380 eSettingsService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0674 0380 eSettingsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0676 0380 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0676 0380 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0679 0380 tvicport ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0679 0380 tvicport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0681 0380 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0681 0380 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:22.0684 0380 zntport ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:22.0684 0380 zntport ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:25.0317 0380 \Device\Harddisk0\DR0\# - copied to quarantine
19:36:25.0318 0380 \Device\Harddisk0\DR0 - copied to quarantine
19:36:25.0342 0380 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:36:25.0351 0380 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:36:25.0354 0380 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:36:25.0358 0380 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
19:36:25.0362 0380 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
19:36:25.0376 0380 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:36:25.0385 0380 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:36:25.0386 0380 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:36:25.0388 0380 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:36:25.0423 0380 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:36:25.0426 0380 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:36:25.0428 0380 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:36:25.0444 0380 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:36:25.0446 0380 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:36:25.0448 0380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:36:25.0451 0380 \Device\Harddisk0\DR0 - ok
19:36:25.0978 0380 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
19:36:25.0978 0380 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:36:25.0978 0380 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
19:37:10.0366 1984 Deinitialize success
  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hi there,
I saw that about your system restore, and I am looking to get it back working again.
My job is going to get crazy for the next 2 days so I might not get to post as often as I like for that time period. I will do my best not to leave you hanging :)
How is the computer behaving at this point?

Step 1
I would like you to re-run TDSSkiller and this time please select Delete only for the TDSS File System entry(s)

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    sc queryex sdrsvc /c
    
    
  • Click the None button
  • Then click the Run Fix button at the top
Post the resulting log file please.

Step 3
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply I would like to see:
  • OTL fix log
  • ESET virus scan log
  • How is the computer behaving?

  • 0

#14
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry to here that work is getting hectic - but I can definitely relate!!! I'll just check periodically to see if you have anything more for me to do.

I ran TDSS and then deleted one TDSS file system - there were other things left over - but at first glance they seemed to be a normal part of this particular system.

This is the log of the OTL fix.
========== FILES ==========
< sc queryex sdrsvc /c >
SERVICE_NAME: sdrsvc
TYPE : 10 WIN32_OWN_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1077 (0x435)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :
C:\Users\John\Desktop\cmd.bat deleted successfully.
C:\Users\John\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.55.0 log created on 08102012_203905

I'll start on the rest in just a moment. :)
  • 0

#15
zprez2

zprez2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
We need to talk about your instructions!!! :) I followed em exactly as you wrote them but since I read line by line doing as I read them - no logfile :( So.....


  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Try this instead:

[*]Now click on: Posted Image
[*]The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
[*]When completed the Online Scan will begin automatically. The scan may take several hours.
[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
[*]When completed use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
[*]Copy and paste that log as a reply to this topic.

[*]After copying and pasting the logfile: select Uninstall application on close
[*]Now click on: Posted Image
[/list]
Because I followed the directions and poof!! no log file since I didn't read ahead BUT I did save something there at the end that shows what was deleted, quarantined etc. I also ran ESET again and got a log file which I will post - but I don't know if you can use it since it looks like it already did what it was supposed to.

I did a few things on the computer - facebook browsed, etc. and it seems to be working - no start up mess, no lags or dropped commands that I could tell.

Here's the logs:

#1 From the end of the scan and aren't they a batch of nasty little buggers!!!

C:\TDSSKiller_Quarantine\09.08.2012_19.33.49\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_19.33.49\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_19.33.49\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_19.33.49\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_19.33.49\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_19.33.49\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_19.33.49\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\09.08.2012_19.33.49\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.08.2012_20.29.55\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.08.2012_20.29.55\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.08.2012_20.29.55\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.08.2012_20.29.55\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.08.2012_20.29.55\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.08.2012_20.29.55\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.08.2012_20.29.55\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\10.08.2012_20.29.55\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\m694glti.default\Cache\D\C2\E95F1d01 HTML/ScrInject.B.Gen virus deleted - quarantined
C:\Users\John\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101103214537368.rsc multiple threats deleted - quarantined
C:\Users\John\Pictures\7zip_installer_1649.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\08072012_214154\C_Program Files\Ixquick Deskbar\deskbar.dll a variant of Win32/Adware.Softomate.AC application cleaned by deleting - quarantined


and from the 2nd run of ESET:

[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e3efc3a981a0a6478d93b67963796583
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-11 04:42:52
# local_time=2012-08-10 11:42:52 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 108543333 108543333 0 0
# compatibility_mode=1032 16777213 100 96 0 87715275 0 0
# compatibility_mode=5892 16776574 100 91 156481 181266659 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=32108
# found=0
# cleaned=0
# scan_time=1041
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e3efc3a981a0a6478d93b67963796583
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 04:45:55
# local_time=2012-08-10 11:45:55 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 108544523 108544523 0 0
# compatibility_mode=1032 16777213 100 96 0 87716465 0 0
# compatibility_mode=5892 16776574 100 91 157671 181267849 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=1313
# found=0
# cleaned=0
# scan_time=33
[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e3efc3a981a0a6478d93b67963796583
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-11 06:18:48
# local_time=2012-08-11 01:18:48 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 108544700 108544700 0 0
# compatibility_mode=1032 16777213 100 96 0 87716642 0 0
# compatibility_mode=5892 16776574 100 91 157848 181268026 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=186133
# found=0
# cleaned=0
# scan_time=5430
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP