Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop can't load antivirus or antimalware programs [Solved]

Started by HSBigDaddy , Aug 27 2012 11:59 PM

  • This topic is locked This topic is locked

#1
HSBigDaddy
Posted 27 August 2012 - 11:59 PM

HSBigDaddy

    Member

  • Member
  • PipPip
  • 14 posts
HP laptop, windows XP. Don't know what happened, both avg free and malwarebytes programs disappeared and now they won't reload. Can anyone help?
  • 0

Advertisements

#2
Essexboy
Posted 28 August 2012 - 07:17 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi can you get to safe mode ? Reboot the computer and press F8 .. Does a menu appear, if so select safe mode with networking and let me know if that works

Meanwhile lets see what you have

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
HSBigDaddy
Posted 30 August 2012 - 04:45 AM

HSBigDaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 8/29/2012 11:11:58 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\laptopfix
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.99% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.43 Gb Total Space | 0.68 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
Drive D: | 11.70 Gb Total Space | 1.34 Gb Free Space | 11.44% Space Free | Partition Type: FAT32

Computer Name: MOMMYNOTEBOOK | User Name: Daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/29 22:44:27 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\laptopfix\OTL.exe
PRC - [2012/07/28 04:57:46 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] () -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/05 10:59:56 | 001,382,912 | ---- | M] (Crystal Rich Ltd) -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] () -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/19 20:44:44 | 000,020,480 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
PRC - [2006/06/08 01:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0250Mon.exe
PRC - [2006/01/08 22:43:42 | 000,053,340 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTSched.exe
PRC - [2005/12/24 00:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/31 09:11:30 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/07/28 04:57:45 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/07/13 03:20:02 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\lf5tj4a5.default\extensions\[email protected]\_components\Shim14.dll
MOD - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] () -- C:\Program Files\AVG\AVG10\avgrsx.exe
MOD - [2011/07/01 12:06:44 | 000,002,560 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.dll
MOD - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] () -- C:\Program Files\AVG\AVG10\avgchsvx.exe
MOD - [2009/06/03 15:24:03 | 001,291,264 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 13:41:10 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/05/22 11:59:22 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/11/07 19:26:40 | 000,376,832 | ---- | M] () -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll
MOD - [2006/10/09 17:12:40 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2006/09/27 18:10:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006/07/19 18:13:42 | 000,172,032 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\CLDataSync.dll
MOD - [2006/03/16 00:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/16 00:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/12/24 00:44:26 | 000,491,606 | ---- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
MOD - [2002/01/08 11:08:22 | 000,051,712 | ---- | M] () -- C:\WINDOWS\system32\ngprtserv.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)
SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\comHost.exe -- (comHost)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - File not found [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2012/08/03 16:11:58 | 000,250,056 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/28 04:57:45 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/04 14:25:20 | 000,257,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/12 09:13:08 | 000,143,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2008/01/11 18:55:38 | 002,138,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/01/11 18:54:58 | 000,245,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/01/11 18:54:42 | 000,061,856 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2007/01/27 17:40:47 | 001,174,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/06/12 16:27:28 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/20 09:40:04 | 000,010,328 | R--- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070124.003\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - File not found [Kernel | System | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS -- (SAVRTPEL)
DRV - File not found [Kernel | On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS -- (SAVRT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070127.007\NavEx15.Sys -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070127.007\NAVENG.Sys -- (NAVENG)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\WINDOWS\3203397148:3809022017.exe -- (1cf6efbe)
DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/06 23:24:30 | 000,019,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009/09/10 14:54:06 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/06/22 07:48:44 | 000,091,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/06/20 05:52:06 | 000,225,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/05/08 08:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/03/20 18:28:04 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2008/03/20 18:23:34 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/08/21 18:02:07 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/09/13 07:56:35 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/27 14:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/06/27 11:25:26 | 000,185,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0250Dev.sys -- (V0250Dev)
DRV - [2006/06/06 16:39:56 | 000,061,952 | ---- | M] (Ricoh) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\5U870CAP.sys -- (5U870CAP_VID_1262&PID_25FD)
DRV - [2006/05/12 14:21:22 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/12 14:19:04 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/12 14:17:18 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/12 14:16:44 | 000,057,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/12 14:13:46 | 000,148,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/04/21 13:06:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/04/20 12:03:20 | 000,995,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/04/20 12:02:40 | 000,208,000 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/04/20 12:02:36 | 000,727,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/03/24 16:24:32 | 000,006,272 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0250Vfx.sys -- (V0250Vfx)
DRV - [2005/12/22 13:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 16:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/01 14:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/19 17:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 17:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 17:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/08/04 02:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0F782CF7-826D-45DF-9E73-5341475F2149}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0F782CF7-826D-45DF-9E73-5341475F2149}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ilion&pf=laptop
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\SearchScopes\{A5CF1ED7-03AE-4F3D-9FD1-25CBBB917481}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1640187
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: avg@igeared:7.008.031.001
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.39.0
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/09/16 06:40:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/14 16:39:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/28 04:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/27 22:57:22 | 000,000,000 | ---D | M]

[2010/02/08 00:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daddy\Application Data\Mozilla\Extensions
[2012/07/30 04:44:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\lf5tj4a5.default\extensions
[2009/11/30 15:32:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\lf5tj4a5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(2)
[2012/07/30 04:45:46 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\Daddy\Application Data\Mozilla\Firefox\Profiles\lf5tj4a5.default\extensions\[email protected]
[2012/03/27 22:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/09 10:10:24 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2010/02/08 00:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/07/28 04:57:46 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2009/11/30 11:32:49 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O3 - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe ()
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [CreativeTaskScheduler] C:\Program Files\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe (Crystal Rich Ltd)
O4 - HKLM..\Run: [V0250Mon.exe] C:\WINDOWS\V0250Mon.exe (Creative Technology Ltd.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Grandma\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Kids\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Mommy\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O4 - Startup: C:\Documents and Settings\Other User\Start Menu\Programs\StartUp\Vongo Tray.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....031/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h50203.www5.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187751437951 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187751414450 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{411550D1-3C4B-4947-A03D-440A5019AD98}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006 Winlogon: Shell - (C:\Documents and Settings\Daddy\Local Settings\Application Data\1cf6efbe\X) - C:\Documents and Settings\Daddy\Local Settings\Application Data\1cf6efbe\X ()
O24 - Desktop WallPaper: C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{6083fe8a-fe2a-11db-aa29-001636dadcd2}\Shell - "" = AutoRun
O33 - MountPoints2\{6083fe8a-fe2a-11db-aa29-001636dadcd2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6083fe8a-fe2a-11db-aa29-001636dadcd2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL CAAV/CAInstallationMenu.html
O33 - MountPoints2\{72885e45-b516-11e0-ace2-001a6b00a6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{72885e45-b516-11e0-ace2-001a6b00a6bb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72885e45-b516-11e0-ace2-001a6b00a6bb}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{a3a36548-7346-11e1-ad38-001a6b00a6bb}\Shell - "" = AutoRun
O33 - MountPoints2\{a3a36548-7346-11e1-ad38-001a6b00a6bb}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3a36548-7346-11e1-ad38-001a6b00a6bb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{cf0e482f-ddcd-11e0-acf9-001a6b00a6bb}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{f4685927-a23a-11db-aa08-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{f4685927-a23a-11db-aa08-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f4685927-a23a-11db-aa08-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 22:45:20 | 000,000,000 | ---D | C] -- C:\laptopfix
[2011/01/17 14:22:09 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Daddy\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2012/08/29 23:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/29 22:58:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/29 22:37:03 | 000,002,639 | ---- | M] () -- C:\hpqp.ini
[2012/08/29 22:36:58 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2012/08/29 22:36:56 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/08/29 22:36:54 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/29 22:36:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3203397148
[2012/08/29 22:36:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/29 22:35:58 | 2145,439,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/29 00:22:48 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/29 00:18:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/28 01:13:04 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\WINDOWS\System32\
[2012/08/28 01:13:04 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/03/05 08:59:24 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Daddy\Local Settings\Application Data\housecall.guid.cache
[2011/10/21 22:12:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/16 21:17:05 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Daddy\Local Settings\Application Data\1cf6efbe\@
[2011/10/14 19:27:23 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Daddy\Local Settings\Application Data\1cf6efbe\U\800000cb.@
[2011/10/03 16:37:08 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Daddy\Local Settings\Application Data\1cf6efbe\U\80000000.@
[2011/03/23 21:07:02 | 000,203,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/22 09:50:01 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\hppfaxprinter5.ini
[2011/03/22 09:50:00 | 000,000,608 | -HS- | C] () -- C:\WINDOWS\System32\winzvprt5.sys
[2011/02/03 11:40:42 | 000,000,255 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/17 14:22:09 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Daddy\Application Data\inst.exe
[2011/01/17 14:22:09 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Daddy\Application Data\pcouffin.cat
[2011/01/17 14:22:09 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Daddy\Application Data\pcouffin.inf
[2008/03/12 23:05:55 | 000,000,065 | ---- | C] () -- C:\Documents and Settings\Daddy\default.pls
[2008/03/10 21:06:07 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Daddy\Local Settings\Application Data\37562-11537-09847-00QV1-78241
[2008/02/12 13:50:24 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/01/22 21:07:28 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Daddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/16 13:32:04 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Daddy\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2009/11/30 12:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CallingID
[2011/04/09 12:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/07/08 04:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/09/13 17:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2010/02/08 00:18:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2011/01/09 05:12:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/09/13 08:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/04/12 09:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/10/02 12:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medisoft
[2012/03/01 10:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/19 16:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\USBSRService
[2007/08/21 18:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/17 14:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2006/09/13 08:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/01/09 05:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy\Application Data\AVG10
[2010/02/08 00:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy\Application Data\CallingID
[2008/11/19 12:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy\Application Data\LimeWire
[2011/07/19 14:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy\Application Data\mjusbsp
[2011/09/22 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy\Application Data\MSNInstaller
[2010/02/07 23:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy\Application Data\Netscape
[2011/09/19 16:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy\Application Data\USBSafelyRemove
[2012/05/22 21:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Daddy\Application Data\Vso
[2011/02/22 16:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\AVG10
[2011/10/20 19:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kids\Application Data\USBSafelyRemove
[2011/04/08 11:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommy\Application Data\AVG10
[2011/06/13 19:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommy\Application Data\mjusbsp
[2007/01/22 21:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommy\Application Data\Netscape
[2011/09/26 16:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mommy\Application Data\USBSafelyRemove
[2010/02/08 00:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\CallingID
[2010/01/10 15:33:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Other User\Application Data\CallingID
[2008/07/11 09:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Other User\Application Data\MSNInstaller
[2012/05/23 10:15:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/06/13 20:45:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/05/23 09:50:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/05/23 14:30:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2006/03/16 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: QMGR.DLL >
[2006/03/16 00:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\system32\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\qmgr.dll

< MD5 for: SERVICES >
[2006/03/16 00:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2006/03/15 16:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2006/03/15 16:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\system32\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2006/03/16 00:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe

< MD5 for: SERVICES.LNK >
[2006/06/29 14:13:40 | 000,001,506 | ---- | M] () MD5=C04CC9BB985AAEE3E214BFF9CBDED405 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2011/10/29 17:24:50 | 000,000,792 | ---- | M] () MD5=072B82C3203B321D7C0F8D042637113D -- C:\Documents and Settings\Daddy\Application Data\Macromedia\Flash Player\#SharedObjects\NC9YND9M\mochiads.com\services.mochiads.com.sol
[2011/10/30 12:57:47 | 000,000,351 | ---- | M] () MD5=D782421EAB56E96B72BFAB6B6EA3356D -- C:\Documents and Settings\Kids\Application Data\Macromedia\Flash Player\#SharedObjects\T6K4FUL8\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MS_ >
[2006/03/15 16:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2006/03/16 00:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2006/03/16 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/03/16 00:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/03/16 00:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2006/03/16 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = RpcSs [binary data] -- [2009/02/09 06:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2006/03/16 00:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB3255$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3203397148:3809022017.exe

< End of report >


OTL Extras logfile created on: 8/29/2012 11:11:58 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\laptopfix
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 61.99% Memory free
3.84 Gb Paging File | 3.26 Gb Available in Paging File | 84.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 80.43 Gb Total Space | 0.68 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
Drive D: | 11.70 Gb Total Space | 1.34 Gb Free Space | 11.44% Space Free | Partition Type: FAT32

Computer Name: MOMMYNOTEBOOK | User Name: Daddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3586734764-2751361201-2460440014-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client -- (Valve Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"E:\Installer\hpbcsiInstaller.exe" = E:\Installer\hpbcsiInstaller.exe:*:Enabled:HP Networked Printer Installer
"C:\Documents and Settings\Mommy\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Mommy\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Daddy\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AD473D7-7A47-5AEC-B45D-9B87414ED975}" = Zune VideoConstructor v2.4.0.43 FREE
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F62B6DF-D8C5-4495-BFB3-D0DC5BA9785F}" = SymNet
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 19
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 A2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 H1
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.3
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7583239A-D4BE-48CA-A253-396122B3D3E9}" = Zune
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{76D82D55-FF58-462D-8A63-E03A0DCD2333}" = Zune
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7D543DFE-6459-462A-9A62-B5B012B1DCF1}" = AVG 2011
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9E0EC833-C05C-4385-9AE2-AA26A89B098B}" = AVG 2011
"{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8}" = LightScribe 1.4.105.1
"{9FA7A537-E6F6-4A6E-95B9-E4152756132D}" = hppCM1410LaserJetService
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A449FB94-CD98-4dae-916F-B7F712889080}" = Revenue Management for Medisoft Advanced 16 Demo
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AABE44D1-0B72-4C6B-9778-20B2317F8064}" = hpzTLBXFX
"{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}" = Norton Internet Security
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BE247E71-C143-40BB-ADF2-A465DF062BAB}" = HP User Guides 0035
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C36209-5D90-46ad-8174-9D83497FD55A}" = Medisoft Advanced 16 Demo
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{C93369CB-B4E9-E095-9289-E6B5AE941033}" = Nero 7 Demo
"{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D608C59B-424B-45D4-971C-5978F8564CEE}" = hppLaserJetService
"{DA5576B5-EF2A-4E3A-8763-FCA8BA84DA00}" = hppTLBXFXCM1410
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FB09F05F-85C6-4205-B28D-5BF071D276C3}" = muvee autoProducer 5.0
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Video FX Engine" = Advanced Video FX Engine
"Advanced Video FX Utility" = Advanced Video FX Utility
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AVG" = AVG 2011
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitLord" = BitLord 1.1
"CaptureCAM-PLAYER" = CaptureCAM-PLAYER
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m" = Soft Data Fax Modem with SmartCP
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Doodling" = Creative Live! Cam Doodling
"Creative Live! Cam FX Creator" = Creative Live! Cam FX Creator
"Creative Live! Cam Notebook Pro User's Guide English" = Creative Live! Cam Notebook Pro User's Guide (English)
"Creative Photo Manager" = Creative Photo Manager
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0250" = Creative Live! Cam Notebook Pro Driver (1.02.06.0627)
"Creative WebCam Center" = Creative WebCam Center
"DVD Shrink_is1" = DVD Shrink 3.2
"ESPNMotion" = ESPNMotion
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"My Video Converter_is1" = My Video Converter 1.2.4
"NETGEAR Print Server Software" = NETGEAR Print Server Software
"Netscape Browser" = Netscape Browser (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"TorrentMan Toolbar" = TorrentMan Toolbar
"USB Safely Remove_is1" = USB Safely Remove 4.7
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"WildTangent hplaptop Master Uninstall" = My HP Games
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"YDKJ" = YOU DON'T KNOW JACK V1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3586734764-2751361201-2460440014-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Steam App 10" = Counter-Strike

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/23/2012 9:22:00 PM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/24/2012 5:03:19 AM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/24/2012 10:09:45 PM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/25/2012 11:10:41 AM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/26/2012 12:58:08 AM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/26/2012 9:42:36 PM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/27/2012 7:33:10 AM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/28/2012 12:07:01 AM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/29/2012 12:18:56 AM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

Error - 8/29/2012 10:36:27 PM | Computer Name = MOMMYNOTEBOOK | Source = MSMQ | ID = 2059
Description = The RPC service cannot be used with the TCP/IP protocol. Consequently,
the Message Queuing service cannot communicate with other computers.

[ System Events ]
Error - 8/29/2012 10:41:10 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The HP LaserJet Service service failed to start due to the following
error: %%5

Error - 8/29/2012 10:41:20 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The HP LaserJet Service service failed to start due to the following
error: %%5

Error - 8/29/2012 10:41:30 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The HP LaserJet Service service failed to start due to the following
error: %%5

Error - 8/29/2012 10:41:40 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The HP LaserJet Service service failed to start due to the following
error: %%5

Error - 8/29/2012 10:41:50 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The HP LaserJet Service service failed to start due to the following
error: %%5

Error - 8/29/2012 10:42:00 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7000
Description = The HP LaserJet Service service failed to start due to the following
error: %%5

Error - 8/29/2012 10:47:05 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/29/2012 10:57:21 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/29/2012 11:00:27 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 8/29/2012 11:10:29 PM | Computer Name = MOMMYNOTEBOOK | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-30 06:17:30
-----------------------------
06:17:30.151 OS Version: Windows 5.1.2600 Service Pack 2
06:17:30.151 Number of processors: 2 586 0xF06
06:17:30.151 ComputerName: MOMMYNOTEBOOK UserName: Daddy
06:17:30.776 Initialize success
06:18:18.463 AVAST engine download error: 0
06:18:24.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
06:18:24.526 Disk 0 Vendor: Size: 0MB BusType: 0
06:18:24.557 Disk 0 MBR read successfully
06:18:24.557 Disk 0 MBR scan
06:18:24.557 Disk 0 unknown MBR code
06:18:24.573 Disk 0 MBR hidden
06:18:24.588 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 82356 MB offset 63
06:18:24.619 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 12001 MB offset 168682500
06:18:24.651 Disk 0 Partition 3 00 D7 NTFS 1027 MB offset 193261950
06:18:24.698 Disk 0 scanning C:\WINDOWS\system32\drivers
06:18:29.635 File: C:\WINDOWS\system32\drivers\avgtdix.sys **SUSPICIOUS**
06:18:37.588 Disk 0 trace - called modules:
06:18:37.619 ntkrnlpa.exe >>UNKNOWN [0x8a6eb5d0]<<
06:18:37.635 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a631030]
06:18:37.651 \Driver\Disk[0x8a639928] -> IRP_MJ_CREATE -> 0x8a6eb5d0
06:18:37.682 Scan finished successfully
06:23:26.401 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daddy\Desktop\MBR.dat"
06:23:26.416 The log file has been saved successfully to "C:\Documents and Settings\Daddy\Desktop\aswMBR.txt"


I will try the safe mode thing and post another reply in a second. Thanks.
  • 0

#4
HSBigDaddy
Posted 30 August 2012 - 05:02 AM

HSBigDaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Yes, I am, able to log in to safe mode with networking.
  • 0

#5
Essexboy
Posted 30 August 2012 - 07:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this looks like a variation on a theme of the zero access malware..

I will clear the way with OTL to enable me to use some stronger tools

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8074
O20 - HKU\S-1-5-21-3586734764-2751361201-2460440014-1006 Winlogon: Shell - (C:\Documents and Settings\Daddy\Local Settings\Application Data\1cf6efbe\X) - C:\Documents and Settings\Daddy\Local Settings\Application Data\1cf6efbe\X ()

:Files
C:\Documents and Settings\Daddy\Local Settings\Application Data\1cf6efbe
C:\WINDOWS\Tasks\At*.job

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
HSBigDaddy
Posted 30 August 2012 - 10:19 PM

HSBigDaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 12-08-30.05 - Daddy 08/30/2012 23:53:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1296 [GMT -4:00]
Running from: c:\documents and settings\Daddy\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Daddy\WINDOWS
c:\windows\3203397148
c:\windows\system32\
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_1cf6efbe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 02:51 . 2012-08-31 02:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-31 02:31 . 2012-08-31 02:31 -------- d-----w- C:\_OTL
2012-08-30 02:45 . 2012-08-30 03:18 -------- d-----w- C:\laptopfix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 02:52 . 2010-11-12 18:19 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-03 20:11 . 2012-07-13 20:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 20:11 . 2011-10-03 19:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 20:11 . 2012-07-31 13:11 9231560 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-28 08:57 . 2012-03-28 02:57 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 27648 --sh--w- c:\windows\system32\Smab0.dll
2008-02-04 19:26 151040 --sh--w- c:\windows\system32\VistaUltm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-21 1526296]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-21 05:43 1526296 ----a-w- c:\program files\TorrentMan\tbTorr.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-09-01 13:16 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-21 1526296]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-21 1526296]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-08-12 380928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-27 7585792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-27 86016]
"nwiz"="nwiz.exe" [2006-09-27 1617920]
"MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-09-20 61440]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-10-20 20480]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ToolboxFX"="c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-04-16 58936]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2011-08-05 1382912]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Other User\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Grandma\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Kids\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
c:\documents and settings\Mommy\Start Menu\Programs\Startup\
Vongo Tray.lnk - c:\program files\Vongo\Tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Daddy^Start Menu^Programs^StartUp^Vongo Tray.lnk]
path=c:\documents and settings\Daddy\Start Menu\Programs\StartUp\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-28 21:28 50776 ----a-w- c:\program files\America Online 9.0\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-18 21:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-10-20 13:40 34904 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2005-12-16 17:57 94208 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2011-05-16 12:50 50592 ----a-w- c:\documents and settings\Daddy\Application Data\mjusbsp\cdloader2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
2005-10-27 10:00 299008 ------w- c:\program files\Creative\Shared Files\CamTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2005-12-10 14:57 133016 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2006-07-27 18:44 61952 ----a-w- c:\windows\system32\CHDAudPropShortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2004-11-03 21:03 125528 ----a-w- c:\program files\Common Files\AOL\1187733662\EE\AOLHostManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-03-20 22:34 213936 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-09-10 18:54 420176 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-08-21 22:02 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-08-21 22:02 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
2005-10-11 17:23 1187840 ------w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-02-09 16:52 643072 ------w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 14:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2008-11-06 15:01 1410296 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-06-17 05:22 794713 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-17 16:46 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-01-11 22:54 166304 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Documents and Settings\\Mommy\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Daddy\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/20/2008 6:23 PM 642560]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 297168]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/26/2011 4:38 PM 136176]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [4/12/2010 9:13 AM 143872]
S2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\USB Safely Remove\USBSRService.exe [9/19/2011 4:11 PM 257880]
S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [6/6/2006 4:39 PM 61952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [7/13/2012 4:17 PM 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/28/2011 5:16 AM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/26/2011 4:38 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/7/2009 1:50 PM 38224]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/20/2012 10:17 PM 113120]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [1/9/2011 10:04 AM 19056]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/17/2011 2:22 PM 47360]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [10/28/2009 6:21 PM 185504]
S3 V0250Vfx;V0250Vfx;c:\windows\system32\drivers\V0250Vfx.sys [10/28/2009 6:21 PM 6272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 20:11]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 20:37]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 20:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Daddy\Application Data\Mozilla\Firefox\Profiles\lf5tj4a5.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4de0bd5b&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-90290717.sys
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Monitor - c:\program files\Wireless-G Internet Home Monitoring Camera\Monitor.exe
MSConfigStartUp-Recorder - c:\program files\Wireless-G Internet Home Monitoring Camera\Recorder.exe
MSConfigStartUp-wbxcufay - c:\docume~1\Daddy\LOCALS~1\Temp\sjafetxjf\uwqdokalajb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-31 00:05
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????H??????????????|?M?|?????M?|??@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2072)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\msdtc.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2012-08-31 00:10:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 04:10
.
Pre-Run: 9,704,648,704 bytes free
Post-Run: 10,068,566,016 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F7D20AE1AC48B36DDE37E06B59452FFB


22:53:56.0390 1400 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:53:56.0718 1400 ============================================================
22:53:56.0718 1400 Current date / time: 2012/08/30 22:53:56.0718
22:53:56.0718 1400 SystemInfo:
22:53:56.0718 1400
22:53:56.0718 1400 OS Version: 5.1.2600 ServicePack: 2.0
22:53:56.0718 1400 Product type: Workstation
22:53:56.0718 1400 ComputerName: MOMMYNOTEBOOK
22:53:56.0718 1400 UserName: Daddy
22:53:56.0718 1400 Windows directory: C:\WINDOWS
22:53:56.0718 1400 System windows directory: C:\WINDOWS
22:53:56.0718 1400 Processor architecture: Intel x86
22:53:56.0718 1400 Number of processors: 2
22:53:56.0718 1400 Page size: 0x1000
22:53:56.0718 1400 Boot type: Normal boot
22:53:56.0718 1400 ============================================================
22:54:00.0343 1400 BG loaded
22:54:01.0093 1400 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:54:01.0140 1400 ============================================================
22:54:01.0140 1400 \Device\Harddisk0\DR0:
22:54:01.0140 1400 MBR partitions:
22:54:01.0140 1400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA0DA504
22:54:01.0140 1400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xA0DE404, BlocksNum 0x1770D7A
22:54:01.0140 1400 ============================================================
22:54:01.0593 1400 C: <-> \Device\Harddisk0\DR0\Partition1
22:54:01.0671 1400 D: <-> \Device\Harddisk0\DR0\Partition2
22:54:02.0171 1400 ============================================================
22:54:02.0171 1400 Initialize success
22:54:02.0171 1400 ============================================================
23:01:56.0375 1132 Deinitialize success


I had a lot of trouble getting combofix to run. It kept telling me there were antivirus programs still running. I had to download Norton removal tool for Norton Internet security 2006, and I had to manually delete CA antivirus folder from my C: drive. I haven't used either of these programs in years. I did finally get combofix to run though.
  • 0

#7
Essexboy
Posted 31 August 2012 - 06:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you re-run TDSSKiller please and post the log, also what are the current problems
  • 0

#8
HSBigDaddy
Posted 31 August 2012 - 08:36 PM

HSBigDaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
22:31:25.0234 2072 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
22:31:25.0515 2072 ============================================================
22:31:25.0515 2072 Current date / time: 2012/08/31 22:31:25.0515
22:31:25.0515 2072 SystemInfo:
22:31:25.0515 2072
22:31:25.0515 2072 OS Version: 5.1.2600 ServicePack: 2.0
22:31:25.0515 2072 Product type: Workstation
22:31:25.0515 2072 ComputerName: MOMMYNOTEBOOK
22:31:25.0515 2072 UserName: Daddy
22:31:25.0515 2072 Windows directory: C:\WINDOWS
22:31:25.0515 2072 System windows directory: C:\WINDOWS
22:31:25.0515 2072 Processor architecture: Intel x86
22:31:25.0515 2072 Number of processors: 2
22:31:25.0515 2072 Page size: 0x1000
22:31:25.0515 2072 Boot type: Normal boot
22:31:25.0515 2072 ============================================================
22:31:26.0171 2072 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:31:26.0187 2072 ============================================================
22:31:26.0187 2072 \Device\Harddisk0\DR0:
22:31:26.0203 2072 MBR partitions:
22:31:26.0203 2072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA0DA504
22:31:26.0203 2072 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0xA0DE404, BlocksNum 0x1770D7A
22:31:26.0203 2072 ============================================================
22:31:26.0234 2072 C: <-> \Device\Harddisk0\DR0\Partition1
22:31:26.0250 2072 D: <-> \Device\Harddisk0\DR0\Partition2
22:31:26.0281 2072 ============================================================
22:31:26.0281 2072 Initialize success
22:31:26.0281 2072 ============================================================
22:31:49.0750 2328 ============================================================
22:31:49.0750 2328 Scan started
22:31:49.0750 2328 Mode: Manual; SigCheck; TDLFS;
22:31:49.0750 2328 ============================================================
22:31:49.0984 2328 ================ Scan system memory ========================
22:31:49.0984 2328 System memory - ok
22:31:49.0984 2328 ================ Scan services =============================
22:31:50.0234 2328 [ D2142FEE659D97B2B05820F21594BFE2 ] 5U870CAP_VID_1262&PID_25FD C:\WINDOWS\system32\Drivers\5U870CAP.sys
22:31:51.0515 2328 5U870CAP_VID_1262&PID_25FD - ok
22:31:51.0593 2328 [ 97D0CECEF133BBE59ABF3CB6D05226C3 ] 6to4 C:\WINDOWS\System32\6to4svc.dll
22:31:53.0765 2328 6to4 - ok
22:31:53.0781 2328 Abiosdsk - ok
22:31:53.0812 2328 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
22:31:54.0015 2328 abp480n5 - ok
22:31:54.0046 2328 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:31:54.0234 2328 ACPI - ok
22:31:54.0250 2328 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:31:54.0375 2328 ACPIEC - ok
22:31:54.0500 2328 [ 746742588C07DB53731143229E2EE450 ] AddFiltr C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
22:31:54.0515 2328 AddFiltr ( UnsignedFile.Multi.Generic ) - warning
22:31:54.0515 2328 AddFiltr - detected UnsignedFile.Multi.Generic (1)
22:31:54.0625 2328 [ 8C091C92C65A9E70871326D8CBF51D3A ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:31:54.0687 2328 Suspicious file (NoAccess): C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe. md5: 8C091C92C65A9E70871326D8CBF51D3A
22:31:54.0687 2328 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - warning
22:31:54.0687 2328 AdobeFlashPlayerUpdateSvc - detected LockedFile.Multi.Generic (1)
22:31:54.0734 2328 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
22:31:54.0937 2328 adpu160m - ok
22:31:54.0984 2328 [ 1EE7B434BA961EF845DE136224C30FEC ] aec C:\WINDOWS\system32\drivers\aec.sys
22:31:55.0296 2328 aec - ok
22:31:55.0328 2328 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:31:55.0375 2328 AFD - ok
22:31:55.0375 2328 [ 2C428FA0C3E3A01ED93C9B2A27D8D4BB ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
22:31:55.0500 2328 agp440 - ok
22:31:55.0546 2328 [ 67288B07D6ABA6C1267B626E67BC56FD ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
22:31:55.0671 2328 agpCPQ - ok
22:31:55.0671 2328 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
22:31:55.0734 2328 Aha154x - ok
22:31:55.0734 2328 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
22:31:55.0859 2328 aic78u2 - ok
22:31:55.0859 2328 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
22:31:55.0984 2328 aic78xx - ok
22:31:56.0015 2328 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:31:56.0125 2328 Alerter - ok
22:31:56.0156 2328 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
22:31:56.0234 2328 ALG - ok
22:31:56.0250 2328 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
22:31:56.0343 2328 AliIde - ok
22:31:56.0359 2328 [ F312B7CEF21EFF52FA23056B9D815FAD ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
22:31:56.0453 2328 alim1541 - ok
22:31:56.0468 2328 [ 675C16A3C1F8482F85EE4A97FC0DDE3D ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
22:31:56.0593 2328 amdagp - ok
22:31:56.0609 2328 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
22:31:56.0687 2328 amsint - ok
22:31:56.0796 2328 [ ED9AE70E948BB8100D661723D5B26BAE ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
22:31:56.0812 2328 Suspicious file (NoAccess): C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe. md5: ED9AE70E948BB8100D661723D5B26BAE
22:31:56.0812 2328 AOL ACS ( LockedFile.Multi.Generic ) - warning
22:31:56.0812 2328 AOL ACS - detected LockedFile.Multi.Generic (1)
22:31:56.0843 2328 [ 842F707CC06D2C1775A65E661C704C91 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
22:31:56.0859 2328 Suspicious file (NoAccess): C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe. md5: 842F707CC06D2C1775A65E661C704C91
22:31:56.0859 2328 AOL TopSpeedMonitor ( LockedFile.Multi.Generic ) - warning
22:31:56.0859 2328 AOL TopSpeedMonitor - detected LockedFile.Multi.Generic (1)
22:31:56.0921 2328 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:31:57.0000 2328 AppMgmt - ok
22:31:57.0015 2328 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:31:57.0140 2328 Arp1394 - ok
22:31:57.0156 2328 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
22:31:57.0343 2328 asc - ok
22:31:57.0390 2328 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22:31:57.0468 2328 asc3350p - ok
22:31:57.0468 2328 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
22:31:57.0562 2328 asc3550 - ok
22:31:57.0609 2328 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
22:31:57.0625 2328 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
22:31:57.0625 2328 ASCTRM - detected UnsignedFile.Multi.Generic (1)
22:31:57.0781 2328 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:31:57.0812 2328 aspnet_state - ok
22:31:57.0812 2328 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:31:57.0937 2328 AsyncMac - ok
22:31:57.0953 2328 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:31:58.0062 2328 atapi - ok
22:31:58.0062 2328 Atdisk - ok
22:31:58.0078 2328 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:31:58.0171 2328 Atmarpc - ok
22:31:58.0218 2328 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:31:58.0328 2328 AudioSrv - ok
22:31:58.0359 2328 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:31:58.0468 2328 audstub - ok
22:31:58.0671 2328 [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
22:31:58.0796 2328 AVG Security Toolbar Service - ok
22:31:59.0203 2328 [ 77F14171F38A7FB6C3A8E2B56B688A5D ] AVGIDSAgent C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
22:31:59.0296 2328 Suspicious file (NoAccess): C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe. md5: 77F14171F38A7FB6C3A8E2B56B688A5D
22:31:59.0328 2328 AVGIDSAgent ( LockedFile.Multi.Generic ) - warning
22:31:59.0328 2328 AVGIDSAgent - detected LockedFile.Multi.Generic (1)
22:31:59.0375 2328 [ 2D18221AAB3DB2D408D6C55C0F23090A ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
22:31:59.0546 2328 AVGIDSDriver - ok
22:31:59.0593 2328 [ 1AF676DB3F3D4CC709CFAB2571CF5FC3 ] AVGIDSEH C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
22:31:59.0593 2328 AVGIDSEH - ok
22:31:59.0609 2328 [ 4C51E233C87F9EC7598551DE554BC99D ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
22:31:59.0625 2328 AVGIDSFilter - ok
22:31:59.0625 2328 [ C3FC426E54F55C1CC3219E415B88E10C ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
22:31:59.0640 2328 AVGIDSShim - ok
22:31:59.0687 2328 [ 4E796D3D2C3182B13B3E3B5A2AD4EF0A ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
22:31:59.0687 2328 Avgldx86 - ok
22:31:59.0734 2328 [ 5639DE66B37D02BD22DF4CF3155FBA60 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
22:31:59.0734 2328 Avgmfx86 - ok
22:31:59.0734 2328 [ D1BAF652EDA0AE70896276A1FB32C2D4 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
22:31:59.0750 2328 Avgrkx86 - ok
22:31:59.0796 2328 [ AAF0EBCAD95F2164CFFB544E00392498 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
22:31:59.0812 2328 Avgtdix - ok
22:31:59.0875 2328 [ 0A0FEBF33C27D215F26745B78B2B9CC6 ] avgwd C:\Program Files\AVG\AVG10\avgwdsvc.exe
22:31:59.0906 2328 Suspicious file (NoAccess): C:\Program Files\AVG\AVG10\avgwdsvc.exe. md5: 0A0FEBF33C27D215F26745B78B2B9CC6
22:31:59.0906 2328 avgwd ( LockedFile.Multi.Generic ) - warning
22:31:59.0906 2328 avgwd - detected LockedFile.Multi.Generic (1)
22:31:59.0937 2328 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:32:00.0140 2328 Beep - ok
22:32:00.0203 2328 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
22:32:00.0390 2328 BITS - ok
22:32:00.0484 2328 [ 5F559F32F840855E12701AE99DE959A2 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:32:00.0500 2328 Suspicious file (NoAccess): C:\Program Files\Bonjour\mDNSResponder.exe. md5: 5F559F32F840855E12701AE99DE959A2
22:32:00.0500 2328 Bonjour Service ( LockedFile.Multi.Generic ) - warning
22:32:00.0500 2328 Bonjour Service - detected LockedFile.Multi.Generic (1)
22:32:00.0546 2328 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
22:32:00.0656 2328 Browser - ok
22:32:00.0718 2328 [ 3BC0AFBD546162FE6ED6CCB15BEFAD73 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
22:32:00.0750 2328 btaudio ( UnsignedFile.Multi.Generic ) - warning
22:32:00.0750 2328 btaudio - detected UnsignedFile.Multi.Generic (1)
22:32:00.0812 2328 [ 1D25FB8B6B073E6F4FB51034F734EA2C ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
22:32:00.0828 2328 BTDriver ( UnsignedFile.Multi.Generic ) - warning
22:32:00.0828 2328 BTDriver - detected UnsignedFile.Multi.Generic (1)
22:32:00.0921 2328 [ 9515D10CEAF284AB1A21934E1958D4FD ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
22:32:01.0031 2328 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
22:32:01.0031 2328 BTKRNL - detected UnsignedFile.Multi.Generic (1)
22:32:01.0140 2328 [ CAFA022F317F2B8A24D97A42B47C527E ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
22:32:01.0156 2328 Suspicious file (NoAccess): C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe. md5: CAFA022F317F2B8A24D97A42B47C527E
22:32:01.0156 2328 btwdins ( LockedFile.Multi.Generic ) - warning
22:32:01.0156 2328 btwdins - detected LockedFile.Multi.Generic (1)
22:32:01.0171 2328 [ 66BFF2643E5F6A0F80208DDE1C4B653A ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
22:32:01.0203 2328 BTWDNDIS ( UnsignedFile.Multi.Generic ) - warning
22:32:01.0203 2328 BTWDNDIS - detected UnsignedFile.Multi.Generic (1)
22:32:01.0218 2328 [ 4272BAB9291D26DA5AC913BC79C3CE85 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
22:32:01.0250 2328 BTWUSB ( UnsignedFile.Multi.Generic ) - warning
22:32:01.0250 2328 BTWUSB - detected UnsignedFile.Multi.Generic (1)
22:32:01.0250 2328 catchme - ok
22:32:01.0312 2328 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
22:32:01.0515 2328 cbidf - ok
22:32:01.0515 2328 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:32:01.0609 2328 cbidf2k - ok
22:32:01.0656 2328 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:32:01.0765 2328 CCDECODE - ok
22:32:01.0781 2328 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
22:32:01.0859 2328 cd20xrnt - ok
22:32:01.0890 2328 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:32:01.0984 2328 Cdaudio - ok
22:32:02.0046 2328 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:32:02.0187 2328 Cdfs - ok
22:32:02.0218 2328 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:32:02.0343 2328 Cdrom - ok
22:32:02.0343 2328 Changer - ok
22:32:02.0390 2328 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:32:02.0531 2328 CiSvc - ok
22:32:02.0546 2328 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:32:02.0671 2328 ClipSrv - ok
22:32:02.0718 2328 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:32:02.0781 2328 clr_optimization_v2.0.50727_32 - ok
22:32:02.0796 2328 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:32:02.0921 2328 CmBatt - ok
22:32:02.0984 2328 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
22:32:03.0109 2328 CmdIde - ok
22:32:03.0140 2328 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:32:03.0250 2328 Compbatt - ok
22:32:03.0250 2328 COMSysApp - ok
22:32:03.0281 2328 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
22:32:03.0390 2328 Cpqarray - ok
22:32:03.0437 2328 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:32:03.0562 2328 CryptSvc - ok
22:32:03.0593 2328 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
22:32:03.0703 2328 dac2w2k - ok
22:32:03.0718 2328 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
22:32:03.0828 2328 dac960nt - ok
22:32:03.0921 2328 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:32:04.0000 2328 DcomLaunch - ok
22:32:04.0062 2328 [ EF545E1A4B043DA4C84E230DD471C55F ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:32:04.0343 2328 Dhcp - ok
22:32:04.0406 2328 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:32:04.0515 2328 Disk - ok
22:32:04.0515 2328 dmadmin - ok
22:32:04.0593 2328 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:32:04.0781 2328 dmboot - ok
22:32:04.0781 2328 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:32:04.0906 2328 dmio - ok
22:32:04.0921 2328 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:32:05.0109 2328 dmload - ok
22:32:05.0140 2328 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
22:32:05.0250 2328 dmserver - ok
22:32:05.0296 2328 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:32:05.0421 2328 DMusic - ok
22:32:05.0468 2328 [ AAC8FFBFD61E784FA3BAC851D4A0BD5F ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:32:05.0515 2328 Dnscache - ok
22:32:05.0531 2328 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
22:32:05.0625 2328 dpti2o - ok
22:32:05.0671 2328 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:32:05.0781 2328 drmkaud - ok
22:32:05.0828 2328 [ 12ACA694B50EA53563C1E7C99E7BB27D ] dtscsi C:\WINDOWS\System32\Drivers\dtscsi.sys
22:32:05.0828 2328 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12ACA694B50EA53563C1E7C99E7BB27D
22:32:05.0828 2328 dtscsi ( LockedFile.Multi.Generic ) - warning
22:32:05.0828 2328 dtscsi - detected LockedFile.Multi.Generic (1)
22:32:05.0890 2328 [ F239EC59B4A30266A4A7B081A5DEE0FC ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:32:05.0953 2328 e1express - ok
22:32:06.0015 2328 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
22:32:06.0046 2328 eabfiltr - ok
22:32:06.0078 2328 [ 231F4547AE1E4B3E60ECA66C3A96D218 ] eabusb C:\WINDOWS\system32\DRIVERS\eabusb.sys
22:32:06.0109 2328 eabusb - ok
22:32:06.0218 2328 [ 5D1347AA5AE6E2F77D7F4F8372D95AC9 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
22:32:06.0296 2328 ehRecvr - ok
22:32:06.0343 2328 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
22:32:06.0468 2328 ehSched - ok
22:32:06.0515 2328 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:32:06.0687 2328 ERSvc - ok
22:32:06.0734 2328 [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog C:\WINDOWS\system32\services.exe
22:32:06.0781 2328 Eventlog - ok
22:32:06.0828 2328 [ 60D1A6342238378BFB7545C81EE3606C ] EventSystem C:\WINDOWS\system32\es.dll
22:32:06.0890 2328 EventSystem - ok
22:32:06.0937 2328 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:32:07.0046 2328 Fastfat - ok
22:32:07.0125 2328 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:32:07.0468 2328 FastUserSwitchingCompatibility - ok
22:32:07.0500 2328 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
22:32:07.0609 2328 Fdc - ok
22:32:07.0640 2328 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:32:07.0734 2328 Fips - ok
22:32:07.0750 2328 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
22:32:07.0843 2328 Flpydisk - ok
22:32:07.0890 2328 [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:32:08.0203 2328 FltMgr - ok
22:32:08.0328 2328 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:32:08.0343 2328 FontCache3.0.0.0 - ok
22:32:08.0390 2328 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:32:08.0484 2328 Fs_Rec - ok
22:32:08.0515 2328 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:32:08.0625 2328 Ftdisk - ok
22:32:08.0640 2328 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:32:08.0750 2328 Gpc - ok
22:32:08.0796 2328 gupdate - ok
22:32:08.0796 2328 gupdatem - ok
22:32:08.0812 2328 [ 4D4D97671C63C3AF869B3518E6054204 ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
22:32:08.0828 2328 HBtnKey - ok
22:32:08.0906 2328 [ 4905D28AA09F63E6A2F4E93ED6DD7D19 ] HdAudAddService C:\WINDOWS\system32\drivers\CHDAud.sys
22:32:09.0031 2328 HdAudAddService - ok
22:32:09.0046 2328 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:32:09.0078 2328 HDAudBus - ok
22:32:09.0171 2328 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:32:09.0312 2328 helpsvc - ok
22:32:09.0312 2328 HidServ - ok
22:32:09.0375 2328 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:32:09.0562 2328 HidUsb - ok
22:32:09.0656 2328 [ C4EC07CB8953433BED793942FEB8B19F ] HP LaserJet Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
22:32:09.0671 2328 Suspicious file (NoAccess): C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe. md5: C4EC07CB8953433BED793942FEB8B19F
22:32:09.0687 2328 HP LaserJet Service ( LockedFile.Multi.Generic ) - warning
22:32:09.0687 2328 HP LaserJet Service - detected LockedFile.Multi.Generic (1)
22:32:09.0734 2328 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
22:32:09.0843 2328 hpn - ok
22:32:09.0921 2328 [ 29D55C5E6009E014F3D68F99DCAA1F2B ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:32:09.0937 2328 Suspicious file (NoAccess): C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe. md5: 29D55C5E6009E014F3D68F99DCAA1F2B
22:32:09.0937 2328 hpqwmiex ( LockedFile.Multi.Generic ) - warning
22:32:09.0937 2328 hpqwmiex - detected LockedFile.Multi.Generic (1)
22:32:10.0000 2328 [ 448C0FD272FE1B80046F4767DB21EB8D ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:32:10.0031 2328 HSFHWAZL - ok
22:32:10.0109 2328 [ 2715A27DE9C17BDBAF6D6C79989A7B12 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:32:10.0203 2328 HSF_DPV - ok
22:32:10.0265 2328 [ CB77BB47E67E84DEB17BA29632501730 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:32:10.0703 2328 HTTP - ok
22:32:10.0734 2328 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:32:10.0843 2328 HTTPFilter - ok
22:32:10.0875 2328 [ 8F09F91B5C91363B77BCD15599570F2C ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
22:32:10.0984 2328 i2omgmt - ok
22:32:11.0031 2328 [ ED6BF9E441FDEA13292A6D30A64A24C3 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
22:32:11.0125 2328 i2omp - ok
22:32:11.0140 2328 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:32:11.0250 2328 i8042prt - ok
22:32:11.0328 2328 [ 309C4D86D989FB1FCF64BD30DC81C51B ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:32:11.0406 2328 iaStor - ok
22:32:11.0578 2328 [ 79C41F5E24D249BEF2E55302C3F7916B ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:32:11.0609 2328 Suspicious file (NoAccess): C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe. md5: 79C41F5E24D249BEF2E55302C3F7916B
22:32:11.0609 2328 IDriverT ( LockedFile.Multi.Generic ) - warning
22:32:11.0609 2328 IDriverT - detected LockedFile.Multi.Generic (1)
22:32:11.0796 2328 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:32:11.0859 2328 idsvc - ok
22:32:11.0890 2328 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:32:12.0078 2328 Imapi - ok
22:32:12.0125 2328 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:32:12.0234 2328 ImapiService - ok
22:32:12.0234 2328 InCDFs - ok
22:32:12.0250 2328 InCDPass - ok
22:32:12.0250 2328 InCDRm - ok
22:32:12.0281 2328 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
22:32:12.0375 2328 ini910u - ok
22:32:12.0406 2328 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
22:32:12.0546 2328 IntelIde - ok
22:32:12.0578 2328 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:32:12.0671 2328 intelppm - ok
22:32:12.0703 2328 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:32:12.0812 2328 Ip6Fw - ok
22:32:12.0828 2328 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:32:12.0921 2328 IpFilterDriver - ok
22:32:12.0921 2328 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:32:13.0015 2328 IpInIp - ok
22:32:13.0062 2328 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:32:13.0359 2328 IpNat - ok
22:32:13.0375 2328 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:32:13.0500 2328 IPSec - ok
22:32:13.0515 2328 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:32:13.0593 2328 IRENUM - ok
22:32:13.0609 2328 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:32:13.0718 2328 isapnp - ok
22:32:13.0843 2328 [ A3D08486BF37E1C4BA85D3E9D889AB09 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:32:13.0875 2328 Suspicious file (NoAccess): C:\Program Files\Java\jre6\bin\jqs.exe. md5: A3D08486BF37E1C4BA85D3E9D889AB09
22:32:13.0875 2328 JavaQuickStarterService ( LockedFile.Multi.Generic ) - warning
22:32:13.0875 2328 JavaQuickStarterService - detected LockedFile.Multi.Generic (1)
22:32:13.0890 2328 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:32:14.0031 2328 Kbdclass - ok
22:32:14.0062 2328 [ E182FA8E49E8EE41B4ADC53093F3C7E6 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:32:14.0171 2328 kbdhid - ok
22:32:14.0250 2328 [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:32:14.0578 2328 kmixer - ok
22:32:14.0625 2328 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:32:14.0703 2328 KSecDD - ok
22:32:14.0750 2328 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:32:15.0078 2328 lanmanserver - ok
22:32:15.0140 2328 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:32:15.0250 2328 lanmanworkstation - ok
22:32:15.0250 2328 lbrtfdc - ok
22:32:15.0312 2328 [ 96836AC9B700BF2F8CC588F955157C5B ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:32:15.0328 2328 Suspicious file (NoAccess): C:\Program Files\Common Files\LightScribe\LSSrvc.exe. md5: 96836AC9B700BF2F8CC588F955157C5B
22:32:15.0328 2328 LightScribeService ( LockedFile.Multi.Generic ) - warning
22:32:15.0328 2328 LightScribeService - detected LockedFile.Multi.Generic (1)
22:32:15.0406 2328 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:32:15.0531 2328 LmHosts - ok
22:32:15.0562 2328 [ 00C4A0992D4EA5520AC12DB4FD11C3E3 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:32:15.0578 2328 MBAMSwissArmy - ok
22:32:15.0609 2328 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
22:32:15.0640 2328 McrdSvc - ok
22:32:15.0656 2328 [ 74F4372AF97A587ECEC527EC34955712 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:32:15.0687 2328 mdmxsdk - ok
22:32:15.0734 2328 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:32:15.0937 2328 Messenger - ok
22:32:15.0953 2328 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
22:32:15.0984 2328 MHN - ok
22:32:16.0031 2328 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:32:16.0078 2328 MHNDRV - ok
22:32:16.0093 2328 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:32:16.0187 2328 mnmdd - ok
22:32:16.0234 2328 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:32:16.0343 2328 mnmsrvc - ok
22:32:16.0375 2328 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:32:16.0468 2328 Modem - ok
22:32:16.0468 2328 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:32:16.0609 2328 Mouclass - ok
22:32:16.0640 2328 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:32:16.0781 2328 mouhid - ok
22:32:16.0796 2328 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:32:16.0953 2328 MountMgr - ok
22:32:17.0031 2328 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:32:17.0046 2328 MozillaMaintenance - ok
22:32:17.0140 2328 [ EEE50BF24CAEEDB515A8F3B22756D3BB ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
22:32:17.0187 2328 MQAC - ok
22:32:17.0203 2328 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
22:32:17.0343 2328 mraid35x - ok
22:32:17.0390 2328 [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:32:17.0828 2328 MRxDAV - ok
22:32:17.0875 2328 [ 6F2D483B97B395544E59749C47963C6A ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:32:17.0953 2328 MRxSmb - ok
22:32:18.0000 2328 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:32:18.0125 2328 MSDTC - ok
22:32:18.0140 2328 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:32:18.0250 2328 Msfs - ok
22:32:18.0250 2328 MSIServer - ok
22:32:18.0281 2328 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:32:18.0421 2328 MSKSSRV - ok
22:32:18.0453 2328 [ E9B5F354AE80325283FD5C1C05217B01 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
22:32:18.0500 2328 MSMQ - ok
22:32:18.0531 2328 [ 10E6B9022B0A5C9C41E2DA6AEAE5D404 ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
22:32:18.0546 2328 MSMQTriggers - ok
22:32:18.0593 2328 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:32:18.0750 2328 MSPCLOCK - ok
22:32:18.0765 2328 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:32:18.0906 2328 MSPQM - ok
22:32:18.0937 2328 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:32:19.0109 2328 mssmbios - ok
22:32:19.0140 2328 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:32:19.0265 2328 MSTEE - ok
22:32:19.0328 2328 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:32:19.0437 2328 Mup - ok
22:32:19.0500 2328 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:32:19.0609 2328 NABTSFEC - ok
22:32:19.0640 2328 [ AA898F84D2B59129FB92E143A2C73434 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:32:20.0046 2328 NDIS - ok
22:32:20.0078 2328 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:32:20.0203 2328 NdisIP - ok
22:32:20.0218 2328 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:32:20.0296 2328 NdisTapi - ok
22:32:20.0328 2328 [ EEFA1CE63805D2145978621BE5C6D955 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:32:20.0390 2328 Ndisuio - ok
22:32:20.0437 2328 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:32:20.0546 2328 NdisWan - ok
22:32:20.0578 2328 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:32:20.0703 2328 NDProxy - ok
22:32:20.0750 2328 [ 80B7A96F908DA13617E7E6832C5C6A64 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
22:32:20.0750 2328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:32:20.0750 2328 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:32:20.0765 2328 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:32:20.0859 2328 NetBIOS - ok
22:32:20.0875 2328 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:32:21.0000 2328 NetBT - ok
22:32:21.0046 2328 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:32:21.0171 2328 NetDDE - ok
22:32:21.0187 2328 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:32:21.0281 2328 NetDDEdsdm - ok
22:32:21.0312 2328 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:32:21.0421 2328 Netlogon - ok
22:32:21.0468 2328 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
22:32:21.0796 2328 Netman - ok
22:32:21.0875 2328 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:32:21.0875 2328 NetTcpPortSharing - ok
22:32:21.0968 2328 [ E2F396F71A793A04839DBB6AF304A026 ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
22:32:22.0187 2328 NETw3x32 - ok
22:32:22.0234 2328 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:32:22.0359 2328 NIC1394 - ok
22:32:22.0406 2328 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
22:32:22.0453 2328 Nla - ok
22:32:22.0468 2328 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:32:22.0578 2328 Npfs - ok
22:32:22.0640 2328 [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:32:22.0968 2328 Ntfs - ok
22:32:23.0000 2328 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:32:23.0093 2328 NtLmSsp - ok
22:32:23.0140 2328 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:32:23.0265 2328 NtmsSvc - ok
22:32:23.0312 2328 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:32:23.0406 2328 Null - ok
22:32:23.0593 2328 [ C493BEC0B489551BFE60DE6C76E6F4EC ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:32:24.0046 2328 nv - ok
22:32:24.0125 2328 [ 9318EE56A709FB6EE38D0F97ECAAC4DF ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
22:32:24.0156 2328 Suspicious file (NoAccess): C:\WINDOWS\system32\nvsvc32.exe. md5: 9318EE56A709FB6EE38D0F97ECAAC4DF
22:32:24.0156 2328 NVSvc ( LockedFile.Multi.Generic ) - warning
22:32:24.0156 2328 NVSvc - detected LockedFile.Multi.Generic (1)
22:32:24.0171 2328 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:32:24.0359 2328 NwlnkFlt - ok
22:32:24.0390 2328 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:32:24.0500 2328 NwlnkFwd - ok
22:32:24.0546 2328 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:32:24.0656 2328 ohci1394 - ok
22:32:24.0750 2328 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:32:24.0750 2328 ose - ok
22:32:24.0781 2328 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
22:32:24.0906 2328 Parport - ok
22:32:24.0906 2328 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:32:25.0062 2328 PartMgr - ok
22:32:25.0078 2328 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:32:25.0218 2328 ParVdm - ok
22:32:25.0296 2328 [ 61A5701E3F543861B21BBE0932C4CC03 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
22:32:25.0312 2328 pbfilter - ok
22:32:25.0328 2328 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:32:25.0468 2328 PCI - ok
22:32:25.0484 2328 PCIDump - ok
22:32:25.0531 2328 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:32:25.0671 2328 PCIIde - ok
22:32:25.0687 2328 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:32:25.0828 2328 Pcmcia - ok
22:32:25.0859 2328 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
22:32:25.0875 2328 pcouffin ( UnsignedFile.Multi.Generic ) - warning
22:32:25.0875 2328 pcouffin - detected UnsignedFile.Multi.Generic (1)
22:32:25.0875 2328 PDCOMP - ok
22:32:25.0890 2328 PDFRAME - ok
22:32:25.0890 2328 PDRELI - ok
22:32:25.0921 2328 PDRFRAME - ok
22:32:25.0953 2328 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
22:32:26.0109 2328 perc2 - ok
22:32:26.0125 2328 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
22:32:26.0250 2328 perc2hib - ok
22:32:26.0281 2328 [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay C:\WINDOWS\system32\services.exe
22:32:26.0328 2328 PlugPlay - ok
22:32:26.0359 2328 [ 0C155C5D8942B3CBCF9506A9D376B9AD ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
22:32:26.0375 2328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:32:26.0375 2328 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:32:26.0390 2328 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:32:26.0484 2328 PolicyAgent - ok
22:32:26.0515 2328 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:32:26.0625 2328 PptpMiniport - ok
22:32:26.0625 2328 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:32:26.0718 2328 ProtectedStorage - ok
22:32:26.0750 2328 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:32:26.0843 2328 PSched - ok
22:32:26.0859 2328 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:32:26.0968 2328 Ptilink - ok
22:32:27.0015 2328 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:32:27.0015 2328 PxHelp20 - ok
22:32:27.0046 2328 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
22:32:27.0171 2328 ql1080 - ok
22:32:27.0171 2328 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
22:32:27.0265 2328 Ql10wnt - ok
22:32:27.0281 2328 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
22:32:27.0390 2328 ql12160 - ok
22:32:27.0406 2328 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
22:32:27.0500 2328 ql1240 - ok
22:32:27.0500 2328 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
22:32:27.0671 2328 ql1280 - ok
22:32:27.0671 2328 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:32:27.0796 2328 RasAcd - ok
22:32:27.0843 2328 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:32:27.0968 2328 RasAuto - ok
22:32:28.0000 2328 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:32:28.0109 2328 Rasl2tp - ok
22:32:28.0171 2328 [ 49B5EED5FB89D39456A2F616CCD8BA5D ] RasMan C:\WINDOWS\System32\rasmans.dll
22:32:28.0531 2328 RasMan - ok
22:32:28.0531 2328 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:32:28.0640 2328 RasPppoe - ok
22:32:28.0671 2328 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:32:28.0765 2328 Raspti - ok
22:32:28.0812 2328 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:32:29.0156 2328 Rdbss - ok
22:32:29.0171 2328 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:32:29.0296 2328 RDPCDD - ok
22:32:29.0312 2328 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:32:29.0421 2328 rdpdr - ok
22:32:29.0468 2328 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:32:29.0843 2328 RDPWD - ok
22:32:29.0906 2328 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:32:30.0015 2328 RDSessMgr - ok
22:32:30.0031 2328 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:32:30.0140 2328 redbook - ok
22:32:30.0187 2328 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:32:30.0281 2328 RemoteAccess - ok
22:32:30.0312 2328 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:32:30.0421 2328 RemoteRegistry - ok
22:32:30.0468 2328 [ 7A6648B61661B1421FFAB762E391E33F ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
22:32:30.0546 2328 rimmptsk - ok
22:32:30.0578 2328 [ D0A35B7670AA3558EAAB483F64446496 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
22:32:30.0593 2328 rimsptsk - ok
22:32:30.0640 2328 [ 3AC17802740C3A4764DC9750E92E6233 ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
22:32:30.0687 2328 rismxdp - ok
22:32:30.0750 2328 [ D18208ED6C768663B08C972EAA7A8B60 ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
22:32:30.0812 2328 RMCAST - ok
22:32:30.0859 2328 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
22:32:30.0968 2328 RpcLocator - ok
22:32:31.0046 2328 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs C:\WINDOWS\System32\rpcss.dll
22:32:31.0156 2328 RpcSs - ok
22:32:31.0203 2328 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
22:32:31.0312 2328 RSVP - ok
22:32:31.0343 2328 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
22:32:31.0468 2328 rtl8139 - ok
22:32:31.0500 2328 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
22:32:31.0593 2328 SamSs - ok
22:32:31.0625 2328 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:32:31.0734 2328 SCardSvr - ok
22:32:31.0765 2328 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:32:31.0859 2328 Schedule - ok
22:32:31.0875 2328 [ 02FC71B020EC8700EE8A46C58BC6F276 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:32:31.0968 2328 sdbus - ok
22:32:31.0984 2328 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:32:32.0328 2328 Secdrv - ok
22:32:32.0390 2328 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
22:32:32.0484 2328 seclogon - ok
22:32:32.0515 2328 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
22:32:32.0609 2328 SENS - ok
22:32:32.0625 2328 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
22:32:32.0734 2328 Serial - ok
22:32:32.0796 2328 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:32:32.0906 2328 Sfloppy - ok
22:32:32.0968 2328 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:32:33.0078 2328 SharedAccess - ok
22:32:33.0109 2328 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:32:33.0421 2328 ShellHWDetection - ok
22:32:33.0437 2328 Simbad - ok
22:32:33.0468 2328 [ 732D859B286DA692119F286B21A2A114 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
22:32:33.0593 2328 sisagp - ok
22:32:33.0625 2328 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:32:33.0734 2328 SLIP - ok
22:32:33.0765 2328 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
22:32:33.0843 2328 Sparrow - ok
22:32:33.0875 2328 [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:32:34.0218 2328 splitter - ok
22:32:34.0265 2328 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:32:34.0359 2328 Spooler - ok
22:32:34.0437 2328 [ DAE8B2FA5790C6203B513675E38E3F0E ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
22:32:34.0437 2328 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: DAE8B2FA5790C6203B513675E38E3F0E
22:32:34.0437 2328 sptd ( LockedFile.Multi.Generic ) - warning
22:32:34.0437 2328 sptd - detected LockedFile.Multi.Generic (1)
22:32:34.0437 2328 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:32:34.0515 2328 sr - ok
22:32:34.0593 2328 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
22:32:34.0671 2328 srservice - ok
22:32:34.0703 2328 [ AB9C79ED12D65E800AAAD3D72A04792F ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:32:34.0750 2328 Srv - ok
22:32:34.0796 2328 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:32:34.0921 2328 SSDPSRV - ok
22:32:34.0984 2328 [ B6763F8534AC547CF1AF98AFDFF2EDC8 ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:32:35.0421 2328 stisvc - ok
22:32:35.0468 2328 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:32:35.0578 2328 streamip - ok
22:32:35.0625 2328 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:32:35.0765 2328 swenum - ok
22:32:35.0796 2328 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:32:35.0906 2328 swmidi - ok
22:32:35.0906 2328 SwPrv - ok
22:32:35.0953 2328 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
22:32:36.0093 2328 symc810 - ok
22:32:36.0093 2328 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
22:32:36.0203 2328 symc8xx - ok
22:32:36.0218 2328 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
22:32:36.0343 2328 sym_hi - ok
22:32:36.0343 2328 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
22:32:36.0453 2328 sym_u3 - ok
22:32:36.0500 2328 [ 369D0626687A968182A9DB40FE8A0905 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:32:36.0578 2328 SynTP - ok
22:32:36.0609 2328 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:32:36.0750 2328 sysaudio - ok
22:32:36.0796 2328 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:32:36.0906 2328 SysmonLog - ok
22:32:36.0953 2328 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:32:37.0281 2328 TapiSrv - ok
22:32:37.0359 2328 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:32:37.0453 2328 Tcpip - ok
22:32:37.0515 2328 [ 00586ED87AB564B03870A2A3DCC84B55 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
22:32:37.0562 2328 Tcpip6 - ok
22:32:37.0625 2328 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:32:37.0734 2328 TDPIPE - ok
22:32:37.0750 2328 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:32:37.0843 2328 TDTCP - ok
22:32:37.0875 2328 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:32:37.0984 2328 TermDD - ok
22:32:38.0046 2328 [ C29A5286E64D97385178452D5F307B98 ] TermService C:\WINDOWS\System32\termsrv.dll
22:32:38.0390 2328 TermService - ok
22:32:38.0421 2328 [ 6815DEF9B810AEFAC107EEAF72DA6F82 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:32:38.0750 2328 Themes - ok
22:32:38.0796 2328 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:32:38.0890 2328 TlntSvr - ok
22:32:38.0921 2328 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
22:32:39.0031 2328 TosIde - ok
22:32:39.0062 2328 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:32:39.0156 2328 TrkWks - ok
22:32:39.0187 2328 [ 87A0E9E18C10A9E454238E3330E2A26D ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
22:32:39.0281 2328 tunmp - ok
22:32:39.0296 2328 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:32:39.0421 2328 Udfs - ok
22:32:39.0421 2328 UIUSys - ok
22:32:39.0437 2328 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
22:32:39.0515 2328 ultra - ok
22:32:39.0625 2328 [ CED744117E91BDC0BEB810F7D8608183 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:32:40.0046 2328 Update - ok
22:32:40.0078 2328 [ ACA5D98663D879C6BAAFCEA7E2F1B710 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:32:40.0437 2328 upnphost - ok
22:32:40.0484 2328 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
22:32:40.0609 2328 UPS - ok
22:32:40.0671 2328 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:32:40.0781 2328 usbaudio - ok
22:32:40.0812 2328 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:32:40.0921 2328 usbccgp - ok
22:32:40.0984 2328 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:32:41.0109 2328 usbehci - ok
22:32:41.0125 2328 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:32:41.0250 2328 usbhub - ok
22:32:41.0328 2328 [ CAD0B6B8B0E24BA3098335E1050B4E31 ] USBSafelyRemoveService C:\Program Files\USB Safely Remove\USBSRService.exe
22:32:41.0343 2328 Suspicious file (NoAccess): C:\Program Files\USB Safely Remove\USBSRService.exe. md5: CAD0B6B8B0E24BA3098335E1050B4E31
22:32:41.0343 2328 USBSafelyRemoveService ( LockedFile.Multi.Generic ) - warning
22:32:41.0343 2328 USBSafelyRemoveService - detected LockedFile.Multi.Generic (1)
22:32:41.0406 2328 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:32:41.0562 2328 usbscan - ok
22:32:41.0593 2328 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:32:41.0718 2328 USBSTOR - ok
22:32:41.0750 2328 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:32:41.0890 2328 usbuhci - ok
22:32:41.0937 2328 [ B93ADDD7BB9BF7A625C54922099A4FBB ] V0250Dev C:\WINDOWS\system32\DRIVERS\V0250Dev.sys
22:32:42.0000 2328 V0250Dev - ok
22:32:42.0046 2328 [ A0C643D5F8C60F12FAA6E3454DFE9C32 ] V0250Vfx C:\WINDOWS\system32\DRIVERS\V0250Vfx.sys
22:32:42.0125 2328 V0250Vfx - ok
22:32:42.0156 2328 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:32:42.0296 2328 VgaSave - ok
22:32:42.0343 2328 [ D92E7C8A30CFD14D8E15B5F7F032151B ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
22:32:42.0531 2328 viaagp - ok
22:32:42.0546 2328 [ 59CB1338AD3654417BEA49636457F65D ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
22:32:42.0671 2328 ViaIde - ok
22:32:42.0687 2328 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:32:42.0796 2328 VolSnap - ok
22:32:42.0828 2328 Vongo Service - ok
22:32:42.0890 2328 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
22:32:42.0953 2328 VSS - ok
22:32:42.0984 2328 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
22:32:43.0093 2328 W32Time - ok
22:32:43.0171 2328 [ C79918A5BD269035F3A34D157401B9DF ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
22:32:43.0375 2328 w39n51 - ok
22:32:43.0421 2328 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:32:43.0609 2328 Wanarp - ok
22:32:43.0640 2328 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
22:32:43.0671 2328 wanatw - ok
22:32:43.0734 2328 [ FD47474BD21794508AF449D9D91AF6E6 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
22:32:43.0750 2328 Wdf01000 - ok
22:32:43.0765 2328 WDICA - ok
22:32:43.0796 2328 [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:32:44.0125 2328 wdmaud - ok
22:32:44.0171 2328 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
22:32:44.0515 2328 WebClient - ok
22:32:44.0578 2328 [ 7FE372B1AB60736CC67E8EB6F1FB1F5B ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:32:44.0687 2328 winachsf - ok
22:32:44.0796 2328 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:32:44.0906 2328 winmgmt - ok
22:32:44.0968 2328 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:32:45.0031 2328 WmdmPmSN - ok
22:32:45.0140 2328 [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi C:\WINDOWS\System32\advapi32.dll
22:32:45.0312 2328 Wmi - ok
22:32:45.0328 2328 [ AE2C8544E747C20062DB27456EA2D67A ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:32:45.0531 2328 WmiAcpi - ok
22:32:45.0562 2328 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:32:45.0703 2328 WmiApSrv - ok
22:32:45.0796 2328 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:32:45.0937 2328 WMPNetworkSvc - ok
22:32:46.0000 2328 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:32:46.0000 2328 WpdUsb - ok
22:32:46.0062 2328 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:32:46.0265 2328 WS2IFSL - ok
22:32:46.0312 2328 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:32:46.0421 2328 wscsvc - ok
22:32:46.0453 2328 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:32:46.0562 2328 WSTCODEC - ok
22:32:46.0609 2328 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:32:46.0750 2328 wuauserv - ok
22:32:46.0812 2328 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:32:46.0843 2328 WudfPf - ok
22:32:46.0875 2328 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:32:46.0890 2328 WudfSvc - ok
22:32:46.0921 2328 [ 247520EDED53A08AE89EA4FAE04F54D8 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:32:47.0000 2328 WZCSVC - ok
22:32:47.0015 2328 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:32:47.0140 2328 xmlprov - ok
22:32:47.0171 2328 [ 763AC56E714907E9D420B9AB694F7B18 ] zumbus C:\WINDOWS\system32\DRIVERS\zumbus.sys
22:32:47.0203 2328 zumbus - ok
22:32:47.0250 2328 [ D4435FFC821F579A21DED5E99EAB1C78 ] ZuneBusEnum c:\WINDOWS\system32\ZuneBusEnum.exe
22:32:47.0265 2328 Suspicious file (NoAccess): c:\WINDOWS\system32\ZuneBusEnum.exe. md5: D4435FFC821F579A21DED5E99EAB1C78
22:32:47.0265 2328 ZuneBusEnum ( LockedFile.Multi.Generic ) - warning
22:32:47.0265 2328 ZuneBusEnum - detected LockedFile.Multi.Generic (1)
22:32:47.0421 2328 [ 04EE3181FA5B8C808E9DFEFEDE78DD6E ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe
22:32:47.0609 2328 ZuneNetworkSvc - ok
22:32:47.0687 2328 [ 9DE7FAD6BB49931488CE8F5F48590E7E ] ZuneWlanCfgSvc c:\WINDOWS\system32\ZuneWlanCfgSvc.exe
22:32:47.0703 2328 ZuneWlanCfgSvc - ok
22:32:47.0718 2328 ================ Scan global ===============================
22:32:47.0765 2328 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
22:32:47.0828 2328 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
22:32:47.0937 2328 [ 3D21B3BE0C5768E76FD9780E9CF9E07C ] C:\WINDOWS\system32\winsrv.dll
22:32:47.0968 2328 [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
22:32:47.0968 2328 [Global] - ok
22:32:47.0968 2328 ================ Scan MBR ==================================
22:32:48.0000 2328 [ 665277635DC8BA83DEAE12EADEDB75A0 ] \Device\Harddisk0\DR0
22:32:48.0484 2328 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:32:48.0484 2328 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:32:48.0484 2328 ================ Scan VBR ==================================
22:32:48.0484 2328 [ C38D4385B75B855C6B839993CA9E3A40 ] \Device\Harddisk0\DR0\Partition1
22:32:48.0484 2328 \Device\Harddisk0\DR0\Partition1 - ok
22:32:48.0484 2328 [ B9C2814E33F9E50C13E8BCA4514DD88B ] \Device\Harddisk0\DR0\Partition2
22:32:48.0484 2328 \Device\Harddisk0\DR0\Partition2 - ok
22:32:48.0484 2328 ============================================================
22:32:48.0484 2328 Scan finished
22:32:48.0484 2328 ============================================================
22:32:48.0593 2292 Detected object count: 28
22:32:48.0593 2292 Actual detected object count: 28
22:33:32.0531 2292 AddFiltr ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0531 2292 AddFiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0531 2292 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0531 2292 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0531 2292 AOL ACS ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0531 2292 AOL ACS ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0531 2292 AOL TopSpeedMonitor ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0531 2292 AOL TopSpeedMonitor ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0531 2292 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0531 2292 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0531 2292 AVGIDSAgent ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0531 2292 AVGIDSAgent ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0531 2292 avgwd ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0531 2292 avgwd ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0531 2292 Bonjour Service ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0531 2292 Bonjour Service ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 btaudio ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 btaudio ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 BTDriver ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 BTDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 btwdins ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 btwdins ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 BTWDNDIS ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 BTWDNDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 dtscsi ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 dtscsi ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 HP LaserJet Service ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 HP LaserJet Service ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0546 2292 hpqwmiex ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0546 2292 hpqwmiex ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 IDriverT ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 IDriverT ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 JavaQuickStarterService ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 JavaQuickStarterService ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 LightScribeService ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 LightScribeService ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 NVSvc ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 NVSvc ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0562 2292 USBSafelyRemoveService ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0562 2292 USBSafelyRemoveService ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0578 2292 ZuneBusEnum ( LockedFile.Multi.Generic ) - skipped by user
22:33:32.0578 2292 ZuneBusEnum ( LockedFile.Multi.Generic ) - User select action: Skip
22:33:32.0578 2292 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
22:33:32.0578 2292 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


Well, my laptop seems to be much faster now. I am going to attempt to load Norton 360 and see how it goes. I will post the results when I finish.
  • 0

#9
Essexboy
Posted 01 September 2012 - 03:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove the final piece

Re-run TDSSKiller with the same parameters.
When the following appears select delete :

\Device\Harddisk0\DR0 ( TDSS File System ) -

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#10
HSBigDaddy
Posted 01 September 2012 - 06:42 AM

HSBigDaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Laptop is working great now. No slowdowns, I am very happy. Thank You!


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Daddy :: MOMMYNOTEBOOK [limited]

9/1/2012 7:58:03 AM
mbam-log-2012-09-01 (07-58-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 296294
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#11
Essexboy
Posted 01 September 2012 - 09:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#12
HSBigDaddy
Posted 02 September 2012 - 10:09 AM

HSBigDaddy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I can't run OTL with the script you provided. It locks up my computer so bad I have to hold down the power button and reboot. Also, my desktop icons all moved. I didn't attempt any of the other removals yet. Waiting for your advice.....
  • 0

#13
Essexboy
Posted 02 September 2012 - 10:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is MBAM blocking it Grr

OK skip the script and move on to the combofix uninstall please
  • 0

#14
Essexboy
Posted 05 September 2012 - 07:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP