Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IRP hook,\Driver\atapi HELP ! [Solved]

Started by everythingsm , Apr 06 2012 04:21 PM

  • This topic is locked This topic is locked

#1
everythingsm
Posted 06 April 2012 - 04:21 PM

everythingsm

    Member

  • Member
  • PipPipPip
  • 171 posts
HI

AVG stopped Exploit Blackhole Exploit Kit and quarantied. My computer was running slow so I ran Rootkit Serch in AVG and found IRP hook,\Driver\atapi. AVG Rootkit would not remove the IRP hook so I ran AVG Rescue disk and cleaned 4-6 Infected files. I ran AVG Root again and still same IRP hook. Below is my OTL. Hope this will be easy fix for the PROS here at Geeks cause Im stuck ? Help would be much apprecisted.

OTL logfile created on: 4/6/2012 3:10:45 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 73.33% Memory free
4.83 Gb Paging File | 4.14 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 1.39 Gb Free Space | 0.30% Space Free | Partition Type: NTFS
Drive J: | 3.77 Gb Total Space | 3.77 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Computer Name: SCOTT-213F49CC3 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/06 15:08:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2012/03/31 08:03:53 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/31 08:03:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Scott\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/23 04:36:44 | 001,269,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/02/18 05:05:02 | 004,347,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:52:44 | 000,976,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/15 16:56:16 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/15 16:56:16 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/27 01:43:30 | 000,356,352 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VBTUCopy\VBTUCopy.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/31 08:03:53 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/31 08:03:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/06/15 16:56:22 | 000,271,856 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/07/12 22:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/31 08:03:53 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/06/15 16:56:16 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/04/01 10:17:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\4131E3.sys -- (4131E3)
DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\2111DB.sys -- (2111DB)
DRV - [2012/02/22 05:25:52 | 000,299,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:04 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidsehx.sys -- (AVGIDSEH)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/11/22 14:48:07 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/06/05 14:11:21 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/09/02 18:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09533787-AE1B-4686-AD2C-648367BFEF2B}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{454575F2-C92B-4CBB-B1F6-3D04AC434B77}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-03-31 08:03:57&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/03/31 08:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/03/31 08:01:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/31 08:04:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/01/04 13:02:48 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [VBTUCopy] C:\Program Files\VBTUCopy\VBTUCopy.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Scott\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1306968218859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238625505953 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...570/mcfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/01 10:05:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/11/22 12:49:30 | 000,000,016 | -H-- | M] () - J:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/06 15:09:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2012/04/06 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/03 09:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVG
[2012/04/03 09:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/03 09:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012/03/31 08:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVG2012
[2012/03/31 08:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/03/31 08:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVG Secure Search
[2012/03/31 08:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/03/31 08:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/03/31 08:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/03/31 08:02:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/31 08:01:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/03/31 08:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/03/31 08:01:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/03/31 07:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/06 15:08:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2012/04/06 14:47:42 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/06 14:45:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/06 13:23:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/06 10:26:42 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/06 10:24:28 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office Word 2007.lnk
[2012/04/06 10:13:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/06 08:49:33 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/06 06:29:04 | 093,978,413 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/06 06:26:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{07C0E146-67A0-4598-811F-D68B8AF0D168}.job
[2012/04/05 09:49:30 | 000,071,726 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\default.pdf
[2012/04/03 18:38:35 | 000,094,033 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/03 06:05:51 | 000,000,392 | -HS- | M] () -- C:\boot.ini
[2012/03/31 08:13:07 | 000,017,446 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\dt.dat
[2012/03/18 13:36:48 | 001,477,608 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Origins_of_KBLH.pdf
[2012/03/15 05:34:46 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 11:44:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 07:38:33 | 000,617,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 07:38:32 | 000,122,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/06 10:13:04 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/06 06:29:04 | 093,978,413 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/05 09:49:24 | 000,071,726 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\default.pdf
[2012/04/03 18:38:35 | 000,094,033 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/31 08:13:07 | 000,017,446 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\dt.dat
[2012/03/18 13:36:48 | 001,477,608 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Origins_of_KBLH.pdf
[2012/02/17 08:12:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/21 19:01:27 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/10/19 13:47:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

========== LOP Check ==========

[2012/03/31 08:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/04/06 14:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/03 11:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/04/01 10:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2012/03/31 08:02:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/04/06 06:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/06/16 11:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2012/04/03 10:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/02 10:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/04/02 10:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/04/03 11:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2009/05/05 11:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2009/04/02 12:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/20 10:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2011/12/27 10:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/04/03 09:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\AVG
[2012/03/31 08:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\AVG Secure Search
[2012/03/31 08:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\AVG2012
[2009/04/06 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/18 02:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Cuni
[2009/04/07 11:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Explorer for Outlook Express
[2010/10/07 19:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Ifahi
[2009/05/20 18:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\ImgBurn
[2010/07/10 20:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Lakowe
[2010/02/21 12:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Research In Motion
[2009/07/28 12:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Scan2PDF
[2012/03/03 14:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Vso
[2011/06/03 10:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Windows Desktop Search
[2011/06/03 16:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Scott\Application Data\Windows Search
[2012/04/06 10:13:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/04/06 06:26:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{07C0E146-67A0-4598-811F-D68B8AF0D168}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Scott\.plugin141_07.trace:SummaryInformation
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 4/6/2012 3:10:45 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 73.33% Memory free
4.83 Gb Paging File | 4.14 Gb Available in Paging File | 85.73% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 1.39 Gb Free Space | 0.30% Space Free | Partition Type: NTFS
Drive J: | 3.77 Gb Total Space | 3.77 Gb Free Space | 99.95% Space Free | Partition Type: FAT32

Computer Name: SCOTT-213F49CC3 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B8D15D-5A3B-4D18-98B4-DCD014E4A318}" = BlackBerry Desktop Software 4.1
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EF7AD39-D8B5-4FAF-9177-42A00DDD2732}_is1" = Free File Recovery 1.1
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.0
"{7E30D45E-EEC5-41A6-A613-F3BFB2694ACB}" = EZ-DUB
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{930240B3-F09F-4725-8820-7C7480104351}" = AVG 2012
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258h
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EB62E6D5-E217-45DD-9C42-A3BBEBA89955}" = AVG 2012
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F33C4D28-899A-4C3C-868B-9169A121528B}" = EZ-DUB Finder
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"BlackBerry_{04B8D15D-5A3B-4D18-98B4-DCD014E4A318}" = BlackBerry Desktop Software 4.1
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ffdshow_is1" = ffdshow
"FileHippo.com" = FileHippo.com Update Checker
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{F33C4D28-899A-4C3C-868B-9169A121528B}" = EZ-DUB Finder
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Standard)
"LiveUpdate" = LiveUpdate
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"SyncBack_is1" = SyncBack
"VLC media player" = VLC media player 1.0.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ACT! 2000" = ACT! 2000
"Akamai" = Akamai NetSession Interface

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2012 5:05:26 PM | Computer Name = SCOTT-213F49CC3 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19190, fault address 0x00067978.

Error - 4/6/2012 11:34:13 AM | Computer Name = SCOTT-213F49CC3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2012 11:34:14 AM | Computer Name = SCOTT-213F49CC3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2012 11:45:52 AM | Computer Name = SCOTT-213F49CC3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2012 11:45:52 AM | Computer Name = SCOTT-213F49CC3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2012 11:53:02 AM | Computer Name = SCOTT-213F49CC3 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2012 1:10:14 PM | Computer Name = SCOTT-213F49CC3 | Source = Application Hang | ID = 1002
Description = Hanging application MSASCui.exe, version 1.1.1593.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/6/2012 1:23:39 PM | Computer Name = SCOTT-213F49CC3 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 4/6/2012 3:17:52 PM | Computer Name = SCOTT-213F49CC3 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 updatechecker.exe, P2 1.38.0.0, P3 4c5ff8fb,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4889f422, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.

Error - 4/6/2012 4:05:23 PM | Computer Name = SCOTT-213F49CC3 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 4/6/2012 1:23:55 PM | Computer Name = SCOTT-213F49CC3 | Source = Service Control Manager | ID = 7000
Description = The SASENUM service failed to start due to the following error: %%2

Error - 4/6/2012 1:48:49 PM | Computer Name = SCOTT-213F49CC3 | Source = Service Control Manager | ID = 7000
Description = The SASKUTIL service failed to start due to the following error: %%2

Error - 4/6/2012 1:48:49 PM | Computer Name = SCOTT-213F49CC3 | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%2

Error - 4/6/2012 4:04:20 PM | Computer Name = SCOTT-213F49CC3 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/6/2012 4:04:20 PM | Computer Name = SCOTT-213F49CC3 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/6/2012 4:04:28 PM | Computer Name = SCOTT-213F49CC3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 4/6/2012 4:32:17 PM | Computer Name = SCOTT-213F49CC3 | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 4/6/2012 5:47:21 PM | Computer Name = SCOTT-213F49CC3 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/6/2012 5:47:22 PM | Computer Name = SCOTT-213F49CC3 | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0xc00d2711'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 4/6/2012 5:47:38 PM | Computer Name = SCOTT-213F49CC3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >



Thanks your Help

Edited by everythingsm, 06 April 2012 - 05:17 PM.

  • 0

Advertisements

#2
Essexboy
Posted 07 April 2012 - 08:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi two programmes to run

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
everythingsm
Posted 07 April 2012 - 09:04 AM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Thanks Allot,

aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 07:48:10
-----------------------------
07:48:10.156 OS Version: Windows 5.1.2600 Service Pack 3
07:48:10.156 Number of processors: 2 586 0x170A
07:48:10.156 ComputerName: SCOTT-213F49CC3 UserName: Scott
07:53:31.734 Initialze error C000010E - driver not loaded
07:53:32.781 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
07:54:00.359 The log file has been saved successfully to "C:\Documents and Settings\Scott\Desktop\aswMBR2.txt"

ComboFix log

ComboFix 12-04-07.02 - Scott 04/07/2012 8:11.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2463 [GMT -7:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\SET10C.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET11A.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-06 19:40 . 2012-04-06 19:40 -------- d-----w- c:\program files\Common Files\Java
2012-04-06 19:35 . 2012-04-06 19:36 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-06 17:53 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B9EE4CF1-A327-4B77-B0DF-C646B0312B9F}\mpengine.dll
2012-04-03 16:38 . 2012-04-03 16:41 -------- d-----w- c:\documents and settings\Scott\Application Data\AVG
2012-03-31 15:03 . 2012-03-31 15:03 -------- d-----w- c:\documents and settings\Scott\Application Data\AVG Secure Search
2012-03-31 15:03 . 2012-03-31 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-03-31 15:03 . 2012-03-31 15:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-03-31 15:03 . 2012-03-31 15:04 -------- d-----w- c:\program files\AVG Secure Search
2012-03-31 15:02 . 2012-03-31 15:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-03-31 15:01 . 2012-04-06 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-03-31 15:01 . 2012-04-06 13:29 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-31 15:01 . 2012-03-31 15:01 -------- d-----w- C:\$AVG
2012-03-31 14:59 . 2012-04-03 16:37 -------- d-----w- c:\program files\AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 19:36 . 2012-01-04 21:35 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-06 19:36 . 2011-06-02 14:59 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-14 02:15 . 2009-05-09 21:20 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-11 15:36 . 2011-06-03 19:30 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 17:18 . 2009-10-03 11:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 12:25 . 2012-02-22 12:25 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 12:25 . 2012-02-22 12:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 11:46 . 2012-01-31 11:46 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-11 19:06 . 2012-02-17 15:12 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-04-01 17:01 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-31 15:03 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-31 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-01-31 204288]
"Akamai NetSession Interface"="c:\documents and settings\Scott\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-03-13 3331872]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-02 16851456]
"VBTUCopy"="c:\program files\VBTUCopy\VBTUCopy.exe" [2005-04-27 356352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-31 982880]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-15 864664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-04-01 17:17 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0sprestrt\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [12/23/2011 1:32 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/26/2009 12:07 PM 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/22/2012 5:25 AM 299472]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 8:52 AM 1355968]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/31/2012 8:03 AM 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [4/2/2009 1:17 PM 47360]
S0 cerc6;cerc6; [x]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [2/14/2012 4:52 AM 5104992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 12:58 PM 11336]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 2:10 AM 267568]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [11/21/2011 7:01 PM 111872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 5:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [6/25/2011 7:27 AM 229376]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2012-04-07 c:\windows\Tasks\User_Feed_Synchronization-{07C0E146-67A0-4598-811F-D68B8AF0D168}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: download.microsoft.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: update.microsoft.com
Trusted Zone: windowsupdate.microsoft.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-07 08:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3500620AS rev.DE13 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A9422C6
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
.
- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\WININET.dll
.
Completion time: 2012-04-07 08:29:33
ComboFix-quarantined-files.txt 2012-04-07 15:29
.
Pre-Run: 6,045,577,216 bytes free
Post-Run: 6,043,561,984 bytes free
.
- - End Of File - - 5035A8211DAF5876D445898C3A3A0B42


The computer has stopped from slowing but I haven't connected to the net yet.

I ran AVG Rookit and the file is still there per AVG Rootkit.

Object Name: Unknown
Detection Name: IRP hook, \Driver\atapi DriverStartIo - > 0x8A9422C6
Object Type: file
SDK Type: Rootkit
Result: Object is hidden

Edited by everythingsm, 07 April 2012 - 10:03 AM.

  • 0

#4
Essexboy
Posted 07 April 2012 - 10:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm the failure of aswMBR is a bit of a clue

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
  • 0

#5
everythingsm
Posted 07 April 2012 - 10:33 AM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
TDSSKiller Log



09:18:30.0359 4040 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
09:18:30.0359 4040 ============================================================
09:18:30.0359 4040 Current date / time: 2012/04/07 09:18:30.0359
09:18:30.0359 4040 SystemInfo:
09:18:30.0359 4040
09:18:30.0359 4040 OS Version: 5.1.2600 ServicePack: 3.0
09:18:30.0359 4040 Product type: Workstation
09:18:30.0359 4040 ComputerName: SCOTT-213F49CC3
09:18:30.0359 4040 UserName: Scott
09:18:30.0359 4040 Windows directory: C:\WINDOWS
09:18:30.0359 4040 System windows directory: C:\WINDOWS
09:18:30.0359 4040 Processor architecture: Intel x86
09:18:30.0359 4040 Number of processors: 2
09:18:30.0359 4040 Page size: 0x1000
09:18:30.0359 4040 Boot type: Normal boot
09:18:30.0359 4040 ============================================================
09:18:32.0562 4040 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:18:32.0625 4040 Drive \Device\Harddisk5\DR10 - Size: 0xF1E00000 (3.78 Gb), SectorSize: 0x200, Cylinders: 0x1ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:18:32.0625 4040 \Device\Harddisk0\DR0:
09:18:32.0625 4040 MBR used
09:18:32.0625 4040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
09:18:32.0625 4040 \Device\Harddisk5\DR10:
09:18:32.0625 4040 MBR used
09:18:32.0625 4040 \Device\Harddisk5\DR10\Partition0: MBR, Type 0xC, StartLBA 0x38, BlocksNum 0x78EFC8
09:18:32.0718 4040 Initialize success
09:18:32.0718 4040 ============================================================
09:19:22.0093 2720 ============================================================
09:19:22.0093 2720 Scan started
09:19:22.0093 2720 Mode: Manual; SigCheck; TDLFS;
09:19:22.0093 2720 ============================================================
09:19:23.0046 2720 2111DB - ok
09:19:23.0250 2720 4131E3 - ok
09:19:23.0453 2720 Abiosdsk - ok
09:19:23.0640 2720 abp480n5 - ok
09:19:23.0906 2720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:19:24.0562 2720 ACPI - ok
09:19:24.0828 2720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:19:24.0921 2720 ACPIEC - ok
09:19:25.0125 2720 adpu160m - ok
09:19:25.0609 2720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:19:25.0734 2720 aec - ok
09:19:26.0000 2720 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:19:26.0046 2720 AFD - ok
09:19:26.0250 2720 Aha154x - ok
09:19:26.0453 2720 aic78u2 - ok
09:19:26.0640 2720 aic78xx - ok
09:19:26.0875 2720 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:19:26.0953 2720 Alerter - ok
09:19:27.0156 2720 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:19:27.0218 2720 ALG - ok
09:19:27.0406 2720 AliIde - ok
09:19:27.0593 2720 amsint - ok
09:19:27.0750 2720 Apple Mobile Device (367592efca7ff8b4ce11ab6b0744e1e2) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
09:19:27.0750 2720 Apple Mobile Device - ok
09:19:28.0031 2720 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:19:28.0109 2720 AppMgmt - ok
09:19:28.0296 2720 asc - ok
09:19:28.0531 2720 asc3350p - ok
09:19:28.0718 2720 asc3550 - ok
09:19:28.0875 2720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:19:28.0937 2720 aspnet_state - ok
09:19:29.0203 2720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:19:29.0281 2720 AsyncMac - ok
09:19:29.0546 2720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:19:29.0625 2720 atapi - ok
09:19:29.0812 2720 Atdisk - ok
09:19:30.0062 2720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:19:30.0171 2720 Atmarpc - ok
09:19:30.0406 2720 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:19:30.0484 2720 AudioSrv - ok
09:19:30.0703 2720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:19:30.0765 2720 audstub - ok
09:19:32.0265 2720 AVGIDSAgent (f5689fba4360be50839999882e0a9d99) C:\Program Files\AVG\AVG2012\avgidsagent.exe
09:19:33.0640 2720 AVGIDSAgent - ok
09:19:33.0937 2720 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:19:33.0984 2720 AVGIDSDriver - ok
09:19:34.0203 2720 AVGIDSEH (f4050c31e6a83cf1e4cdc80d165f7f08) C:\WINDOWS\system32\DRIVERS\avgidsehx.sys
09:19:34.0234 2720 AVGIDSEH - ok
09:19:34.0453 2720 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
09:19:34.0453 2720 AVGIDSFilter - ok
09:19:34.0671 2720 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:19:34.0671 2720 AVGIDSShim - ok
09:19:34.0937 2720 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:19:34.0984 2720 Avgldx86 - ok
09:19:35.0187 2720 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:19:35.0203 2720 Avgmfx86 - ok
09:19:35.0406 2720 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:19:35.0421 2720 Avgrkx86 - ok
09:19:35.0703 2720 Avgtdix (b2fc9d4de6a2e57a4dfb5a11440c5b85) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:19:35.0718 2720 Avgtdix - ok
09:19:35.0875 2720 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:19:35.0875 2720 avgwd - ok
09:19:36.0093 2720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:19:36.0171 2720 Beep - ok
09:19:36.0531 2720 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:19:36.0906 2720 BITS - ok
09:19:37.0187 2720 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:19:37.0250 2720 Browser - ok
09:19:37.0312 2720 catchme - ok
09:19:37.0531 2720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:19:37.0625 2720 cbidf2k - ok
09:19:37.0843 2720 cd20xrnt - ok
09:19:38.0046 2720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:19:38.0125 2720 Cdaudio - ok
09:19:38.0343 2720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:19:38.0453 2720 Cdfs - ok
09:19:38.0703 2720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:19:38.0781 2720 Cdrom - ok
09:19:38.0984 2720 cerc6 - ok
09:19:39.0187 2720 Changer - ok
09:19:39.0375 2720 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:19:39.0468 2720 CiSvc - ok
09:19:39.0718 2720 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:19:39.0796 2720 ClipSrv - ok
09:19:40.0015 2720 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:19:40.0078 2720 clr_optimization_v2.0.50727_32 - ok
09:19:40.0265 2720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:19:40.0390 2720 clr_optimization_v4.0.30319_32 - ok
09:19:40.0640 2720 CmdIde - ok
09:19:40.0843 2720 COMSysApp - ok
09:19:41.0062 2720 Cpqarray - ok
09:19:41.0156 2720 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
09:19:41.0203 2720 cpudrv - ok
09:19:41.0437 2720 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:19:41.0546 2720 CryptSvc - ok
09:19:41.0781 2720 dac2w2k - ok
09:19:42.0031 2720 dac960nt - ok
09:19:42.0390 2720 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:19:42.0500 2720 DcomLaunch - ok
09:19:42.0781 2720 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:19:42.0875 2720 Dhcp - ok
09:19:43.0171 2720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:19:43.0234 2720 Disk - ok
09:19:43.0421 2720 dmadmin - ok
09:19:43.0890 2720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:19:44.0343 2720 dmboot - ok
09:19:44.0609 2720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
09:19:44.0718 2720 dmio - ok
09:19:44.0921 2720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:19:45.0015 2720 dmload - ok
09:19:45.0234 2720 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:19:45.0296 2720 dmserver - ok
09:19:45.0531 2720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:19:45.0656 2720 DMusic - ok
09:19:45.0921 2720 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:19:45.0984 2720 Dnscache - ok
09:19:46.0234 2720 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:19:46.0328 2720 Dot3svc - ok
09:19:46.0531 2720 dpti2o - ok
09:19:46.0765 2720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:19:46.0828 2720 drmkaud - ok
09:19:47.0109 2720 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:19:47.0125 2720 e1express - ok
09:19:47.0359 2720 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:19:47.0453 2720 EapHost - ok
09:19:47.0687 2720 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:19:47.0781 2720 ERSvc - ok
09:19:48.0031 2720 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:19:48.0078 2720 Eventlog - ok
09:19:48.0375 2720 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\Es.dll
09:19:48.0421 2720 EventSystem - ok
09:19:48.0734 2720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:19:48.0859 2720 Fastfat - ok
09:19:49.0156 2720 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:19:49.0250 2720 FastUserSwitchingCompatibility - ok
09:19:49.0500 2720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:19:49.0578 2720 Fdc - ok
09:19:49.0828 2720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:19:49.0890 2720 Fips - ok
09:19:50.0125 2720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:19:50.0218 2720 Flpydisk - ok
09:19:50.0500 2720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
09:19:50.0562 2720 FltMgr - ok
09:19:50.0718 2720 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:19:50.0734 2720 FontCache3.0.0.0 - ok
09:19:51.0000 2720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:19:51.0078 2720 Fs_Rec - ok
09:19:51.0343 2720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:19:51.0468 2720 Ftdisk - ok
09:19:51.0687 2720 GEARAspiWDM (df6e37b27a9a1a498c6d9f29995b7a03) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:19:51.0687 2720 GEARAspiWDM - ok
09:19:51.0750 2720 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
09:19:51.0765 2720 GoToAssist - ok
09:19:51.0984 2720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:19:52.0062 2720 Gpc - ok
09:19:52.0312 2720 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:19:52.0390 2720 HDAudBus - ok
09:19:52.0531 2720 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:19:52.0609 2720 helpsvc - ok
09:19:52.0781 2720 HidServ - ok
09:19:53.0093 2720 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:19:53.0156 2720 hidusb - ok
09:19:53.0375 2720 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:19:53.0453 2720 hkmsvc - ok
09:19:53.0656 2720 hpn - ok
09:19:53.0906 2720 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:19:54.0250 2720 HPZid412 - ok
09:19:54.0484 2720 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:19:54.0515 2720 HPZipr12 - ok
09:19:54.0734 2720 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:19:54.0781 2720 HPZius12 - ok
09:19:55.0109 2720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:19:55.0203 2720 HTTP - ok
09:19:55.0421 2720 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:19:55.0500 2720 HTTPFilter - ok
09:19:55.0687 2720 i2omgmt - ok
09:19:55.0890 2720 i2omp - ok
09:19:56.0125 2720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
09:19:56.0234 2720 i8042prt - ok
09:19:56.0921 2720 ialm (c5db546f9028cd00e64335091860d8f3) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:19:58.0031 2720 ialm - ok
09:19:58.0468 2720 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:19:58.0968 2720 idsvc - ok
09:19:59.0218 2720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:19:59.0312 2720 Imapi - ok
09:19:59.0593 2720 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:19:59.0687 2720 ImapiService - ok
09:19:59.0890 2720 ini910u - ok
09:20:01.0562 2720 IntcAzAudAddService (d9be52660d8f0bbf28a8ffd1d1bbd6fb) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:20:02.0890 2720 IntcAzAudAddService - ok
09:20:03.0109 2720 IntelIde - ok
09:20:03.0359 2720 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:20:03.0468 2720 intelppm - ok
09:20:03.0734 2720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
09:20:03.0828 2720 Ip6Fw - ok
09:20:04.0109 2720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:20:04.0171 2720 IpFilterDriver - ok
09:20:04.0406 2720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:20:04.0468 2720 IpInIp - ok
09:20:04.0718 2720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:20:04.0828 2720 IpNat - ok
09:20:05.0093 2720 iPod Service (5c7538b244e439df39388da28e0a18d1) C:\Program Files\iPod\bin\iPodService.exe
09:20:05.0265 2720 iPod Service - ok
09:20:05.0546 2720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:20:05.0640 2720 IPSec - ok
09:20:05.0890 2720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:20:05.0937 2720 IRENUM - ok
09:20:06.0203 2720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:20:07.0171 2720 isapnp - ok
09:20:07.0343 2720 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
09:20:07.0343 2720 JavaQuickStarterService - ok
09:20:07.0609 2720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:20:07.0687 2720 Kbdclass - ok
09:20:07.0921 2720 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:20:07.0984 2720 kbdhid - ok
09:20:08.0281 2720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:20:08.0406 2720 kmixer - ok
09:20:08.0656 2720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:20:08.0718 2720 KSecDD - ok
09:20:08.0953 2720 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:20:09.0031 2720 LanmanServer - ok
09:20:09.0328 2720 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:20:09.0437 2720 lanmanworkstation - ok
09:20:09.0875 2720 Lavasoft Ad-Aware Service (6df2be94d712753fb8d87495469b5262) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
09:20:10.0203 2720 Lavasoft Ad-Aware Service - ok
09:20:10.0453 2720 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
09:20:10.0468 2720 Lbd - ok
09:20:10.0687 2720 lbrtfdc - ok
09:20:10.0890 2720 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:20:10.0984 2720 LmHosts - ok
09:20:11.0140 2720 MatSvc (9f04b1edc2dca29bbea94f37dacb55b7) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
09:20:11.0234 2720 MatSvc - ok
09:20:11.0453 2720 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:20:11.0546 2720 Messenger - ok
09:20:11.0781 2720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:20:11.0843 2720 mnmdd - ok
09:20:12.0093 2720 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:20:12.0171 2720 mnmsrvc - ok
09:20:12.0437 2720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:20:12.0515 2720 Modem - ok
09:20:12.0734 2720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:20:12.0796 2720 Mouclass - ok
09:20:13.0062 2720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:20:13.0125 2720 mouhid - ok
09:20:13.0359 2720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:20:13.0453 2720 MountMgr - ok
09:20:13.0640 2720 mraid35x - ok
09:20:13.0937 2720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:20:14.0062 2720 MRxDAV - ok
09:20:14.0421 2720 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:20:14.0593 2720 MRxSmb - ok
09:20:14.0828 2720 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:20:14.0906 2720 MSDTC - ok
09:20:15.0125 2720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:20:15.0187 2720 Msfs - ok
09:20:15.0390 2720 MSIServer - ok
09:20:15.0656 2720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:20:15.0734 2720 MSKSSRV - ok
09:20:15.0968 2720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:20:16.0031 2720 MSPCLOCK - ok
09:20:16.0250 2720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:20:16.0328 2720 MSPQM - ok
09:20:16.0562 2720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:20:16.0625 2720 mssmbios - ok
09:20:16.0906 2720 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:20:16.0984 2720 Mup - ok
09:20:17.0281 2720 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:20:17.0484 2720 napagent - ok
09:20:17.0781 2720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:20:17.0921 2720 NDIS - ok
09:20:18.0203 2720 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:20:18.0265 2720 NdisTapi - ok
09:20:18.0515 2720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:20:18.0593 2720 Ndisuio - ok
09:20:18.0906 2720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:20:19.0187 2720 NdisWan - ok
09:20:19.0453 2720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:20:19.0515 2720 NDProxy - ok
09:20:19.0734 2720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:20:19.0796 2720 NetBIOS - ok
09:20:20.0078 2720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:20:20.0203 2720 NetBT - ok
09:20:20.0484 2720 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:20:20.0593 2720 NetDDE - ok
09:20:20.0640 2720 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:20:20.0703 2720 NetDDEdsdm - ok
09:20:20.0921 2720 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:20:21.0000 2720 Netlogon - ok
09:20:21.0281 2720 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:20:21.0390 2720 Netman - ok
09:20:21.0593 2720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:20:21.0640 2720 NetTcpPortSharing - ok
09:20:21.0921 2720 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:20:21.0937 2720 Nla - ok
09:20:22.0296 2720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:20:22.0390 2720 Npfs - ok
09:20:22.0765 2720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:20:22.0953 2720 Ntfs - ok
09:20:23.0203 2720 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:20:23.0265 2720 NtLmSsp - ok
09:20:23.0578 2720 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:20:23.0828 2720 NtmsSvc - ok
09:20:24.0062 2720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:20:24.0125 2720 Null - ok
09:20:24.0359 2720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:20:24.0437 2720 NwlnkFlt - ok
09:20:24.0703 2720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:20:24.0781 2720 NwlnkFwd - ok
09:20:25.0000 2720 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:20:25.0203 2720 odserv - ok
09:20:25.0281 2720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:20:25.0328 2720 ose - ok
09:20:25.0625 2720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
09:20:25.0781 2720 Parport - ok
09:20:26.0000 2720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:20:26.0078 2720 PartMgr - ok
09:20:26.0281 2720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:20:26.0375 2720 ParVdm - ok
09:20:26.0625 2720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:20:26.0687 2720 PCI - ok
09:20:26.0875 2720 PCIDump - ok
09:20:27.0093 2720 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:20:27.0156 2720 PCIIde - ok
09:20:27.0390 2720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:20:27.0484 2720 Pcmcia - ok
09:20:27.0718 2720 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
09:20:27.0750 2720 pcouffin ( UnsignedFile.Multi.Generic ) - warning
09:20:27.0750 2720 pcouffin - detected UnsignedFile.Multi.Generic (1)
09:20:27.0937 2720 PDCOMP - ok
09:20:28.0156 2720 PDFRAME - ok
09:20:28.0343 2720 PDRELI - ok
09:20:28.0546 2720 PDRFRAME - ok
09:20:28.0750 2720 perc2 - ok
09:20:28.0937 2720 perc2hib - ok
09:20:29.0203 2720 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:20:29.0203 2720 PlugPlay - ok
09:20:29.0453 2720 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
09:20:29.0468 2720 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:20:29.0468 2720 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:20:29.0703 2720 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:20:29.0765 2720 PolicyAgent - ok
09:20:30.0015 2720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:20:30.0093 2720 PptpMiniport - ok
09:20:30.0281 2720 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:20:30.0343 2720 ProtectedStorage - ok
09:20:30.0562 2720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:20:30.0640 2720 PSched - ok
09:20:30.0906 2720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:20:30.0984 2720 Ptilink - ok
09:20:31.0250 2720 PuranDefrag (d9495810ec4efd4ca906c1ccd494b895) C:\WINDOWS\system32\PuranDefragS.exe
09:20:31.0328 2720 PuranDefrag ( UnsignedFile.Multi.Generic ) - warning
09:20:31.0328 2720 PuranDefrag - detected UnsignedFile.Multi.Generic (1)
09:20:31.0562 2720 PxHelp20 (0457e25bb122b854e267cf552dcdc370) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:20:31.0625 2720 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:20:31.0625 2720 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:20:31.0843 2720 ql1080 - ok
09:20:32.0046 2720 Ql10wnt - ok
09:20:32.0234 2720 ql12160 - ok
09:20:32.0421 2720 ql1240 - ok
09:20:32.0625 2720 ql1280 - ok
09:20:32.0828 2720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:20:32.0890 2720 RasAcd - ok
09:20:33.0140 2720 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:20:33.0218 2720 RasAuto - ok
09:20:33.0468 2720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:20:33.0546 2720 Rasl2tp - ok
09:20:33.0812 2720 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:20:33.0953 2720 RasMan - ok
09:20:34.0187 2720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:20:34.0265 2720 RasPppoe - ok
09:20:34.0468 2720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:20:34.0531 2720 Raspti - ok
09:20:34.0796 2720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:20:34.0937 2720 Rdbss - ok
09:20:35.0171 2720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:20:35.0234 2720 RDPCDD - ok
09:20:35.0562 2720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:20:35.0671 2720 rdpdr - ok
09:20:35.0937 2720 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
09:20:36.0000 2720 RDPWD - ok
09:20:36.0234 2720 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:20:36.0328 2720 RDSessMgr - ok
09:20:36.0578 2720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:20:36.0671 2720 redbook - ok
09:20:36.0921 2720 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:20:37.0015 2720 RemoteAccess - ok
09:20:37.0250 2720 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:20:37.0312 2720 RemoteRegistry - ok
09:20:37.0531 2720 RimSerPort (b177927edfb8fb8da62ee1dfbcefde54) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:20:37.0578 2720 RimSerPort - ok
09:20:37.0828 2720 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
09:20:37.0906 2720 RimUsb - ok
09:20:38.0125 2720 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:20:38.0218 2720 ROOTMODEM - ok
09:20:38.0484 2720 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:20:38.0562 2720 RpcLocator - ok
09:20:38.0890 2720 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
09:20:39.0015 2720 RpcSs - ok
09:20:39.0250 2720 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:20:39.0375 2720 RSVP - ok
09:20:39.0609 2720 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:20:39.0671 2720 SamSs - ok
09:20:39.0750 2720 SASDIFSV - ok
09:20:39.0765 2720 SASENUM - ok
09:20:39.0765 2720 SASKUTIL - ok
09:20:40.0046 2720 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:20:40.0187 2720 SCardSvr - ok
09:20:40.0468 2720 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:20:40.0578 2720 Schedule - ok
09:20:40.0843 2720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:20:40.0906 2720 Secdrv - ok
09:20:41.0125 2720 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:20:41.0187 2720 seclogon - ok
09:20:41.0406 2720 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:20:41.0468 2720 SENS - ok
09:20:41.0703 2720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:20:41.0796 2720 Serial - ok
09:20:42.0046 2720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:20:42.0109 2720 Sfloppy - ok
09:20:42.0437 2720 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:20:42.0562 2720 SharedAccess - ok
09:20:42.0828 2720 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:20:42.0843 2720 ShellHWDetection - ok
09:20:43.0062 2720 Simbad - ok
09:20:43.0265 2720 Sparrow - ok
09:20:43.0500 2720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:20:43.0593 2720 splitter - ok
09:20:43.0828 2720 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:20:43.0828 2720 Spooler - ok
09:20:44.0093 2720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:20:44.0156 2720 sr - ok
09:20:44.0390 2720 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:20:44.0421 2720 srservice - ok
09:20:44.0765 2720 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:20:45.0000 2720 Srv - ok
09:20:45.0234 2720 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:20:45.0265 2720 SSDPSRV - ok
09:20:45.0546 2720 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:20:45.0718 2720 stisvc - ok
09:20:45.0984 2720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:20:46.0046 2720 swenum - ok
09:20:46.0296 2720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:20:46.0375 2720 swmidi - ok
09:20:46.0546 2720 SwPrv - ok
09:20:46.0750 2720 symc810 - ok
09:20:46.0968 2720 symc8xx - ok
09:20:47.0171 2720 sym_hi - ok
09:20:47.0359 2720 sym_u3 - ok
09:20:47.0609 2720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:20:47.0687 2720 sysaudio - ok
09:20:47.0921 2720 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:20:48.0015 2720 SysmonLog - ok
09:20:48.0296 2720 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:20:48.0406 2720 TapiSrv - ok
09:20:48.0734 2720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:20:48.0828 2720 Tcpip - ok
09:20:49.0093 2720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:20:49.0156 2720 TDPIPE - ok
09:20:49.0375 2720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:20:49.0453 2720 TDTCP - ok
09:20:49.0687 2720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:20:49.0750 2720 TermDD - ok
09:20:50.0078 2720 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:20:50.0203 2720 TermService - ok
09:20:50.0453 2720 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:20:50.0453 2720 Themes - ok
09:20:50.0703 2720 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:20:50.0750 2720 TlntSvr - ok
09:20:50.0968 2720 TosIde - ok
09:20:51.0203 2720 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:20:51.0296 2720 TrkWks - ok
09:20:51.0578 2720 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
09:20:51.0687 2720 TrueSight ( UnsignedFile.Multi.Generic ) - warning
09:20:51.0687 2720 TrueSight - detected UnsignedFile.Multi.Generic (1)
09:20:51.0953 2720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:20:52.0062 2720 Udfs - ok
09:20:52.0156 2720 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
09:20:52.0187 2720 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
09:20:52.0187 2720 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
09:20:52.0406 2720 ultra - ok
09:20:52.0718 2720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:20:52.0953 2720 Update - ok
09:20:53.0281 2720 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:20:53.0328 2720 upnphost - ok
09:20:53.0546 2720 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:20:53.0625 2720 UPS - ok
09:20:53.0843 2720 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:20:53.0937 2720 usbccgp - ok
09:20:54.0156 2720 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:20:54.0250 2720 usbehci - ok
09:20:54.0484 2720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:20:54.0562 2720 usbhub - ok
09:20:54.0796 2720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:20:54.0890 2720 usbprint - ok
09:20:55.0140 2720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:20:55.0218 2720 usbscan - ok
09:20:55.0437 2720 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:20:55.0531 2720 usbstor - ok
09:20:55.0734 2720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:20:55.0812 2720 usbuhci - ok
09:20:56.0046 2720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:20:56.0109 2720 VgaSave - ok
09:20:56.0312 2720 ViaIde - ok
09:20:56.0546 2720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:20:56.0625 2720 VolSnap - ok
09:20:56.0921 2720 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:20:57.0031 2720 VSS - ok
09:20:57.0421 2720 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
09:20:57.0671 2720 vToolbarUpdater10.2.0 - ok
09:20:57.0953 2720 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:20:58.0046 2720 W32Time - ok
09:20:58.0296 2720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:20:58.0390 2720 Wanarp - ok
09:20:58.0593 2720 WDICA - ok
09:20:58.0859 2720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:20:58.0937 2720 wdmaud - ok
09:20:59.0171 2720 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:20:59.0281 2720 WebClient - ok
09:20:59.0359 2720 WinDefend (f45dd1e1365d857dd08bc23563370d0e) C:\Program Files\Windows Defender\MsMpEng.exe
09:20:59.0375 2720 WinDefend - ok
09:20:59.0656 2720 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:20:59.0718 2720 winmgmt - ok
09:21:00.0234 2720 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:21:00.0906 2720 WinRM - ok
09:21:01.0187 2720 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:21:01.0265 2720 WmdmPmSN - ok
09:21:01.0671 2720 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:21:01.0859 2720 Wmi - ok
09:21:02.0125 2720 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:21:02.0218 2720 WmiApSrv - ok
09:21:02.0609 2720 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:21:02.0859 2720 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - warning
09:21:02.0859 2720 WMPNetworkSvc - detected UnsignedFile.Multi.Generic (1)
09:21:03.0312 2720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:21:03.0687 2720 WPFFontCache_v0400 - ok
09:21:03.0937 2720 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:21:04.0031 2720 WS2IFSL - ok
09:21:04.0281 2720 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:21:04.0359 2720 wscsvc - ok
09:21:04.0546 2720 WSearch - ok
09:21:04.0765 2720 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:21:04.0843 2720 wuauserv - ok
09:21:05.0078 2720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:21:05.0171 2720 WudfPf - ok
09:21:05.0421 2720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:21:05.0453 2720 WudfRd - ok
09:21:05.0671 2720 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:21:05.0703 2720 WudfSvc - ok
09:21:06.0062 2720 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:21:06.0343 2720 WZCSVC - ok
09:21:06.0593 2720 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:21:06.0687 2720 xmlprov - ok
09:21:06.0703 2720 MBR (0x1B8) (faee7e40dfb0440ad2cfc39befa1f4c2) \Device\Harddisk0\DR0
09:21:06.0718 2720 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:21:06.0718 2720 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:21:06.0859 2720 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:21:06.0859 2720 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:21:06.0859 2720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR10
09:21:06.0953 2720 \Device\Harddisk5\DR10 - ok
09:21:06.0953 2720 Boot (0x1200) (d97823d8655f111c5eaf8f278839b9af) \Device\Harddisk0\DR0\Partition0
09:21:06.0953 2720 \Device\Harddisk0\DR0\Partition0 - ok
09:21:06.0953 2720 Boot (0x1200) (dadd45e1d710845cff66075007e7d8a4) \Device\Harddisk5\DR10\Partition0
09:21:06.0953 2720 \Device\Harddisk5\DR10\Partition0 - ok
09:21:06.0953 2720 ============================================================
09:21:06.0953 2720 Scan finished
09:21:06.0953 2720 ============================================================
09:21:07.0062 4072 Detected object count: 9
09:21:07.0062 4072 Actual detected object count: 9
09:22:33.0953 4072 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:33.0953 4072 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:33.0953 4072 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:33.0953 4072 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:33.0953 4072 PuranDefrag ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:33.0953 4072 PuranDefrag ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:33.0953 4072 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:33.0953 4072 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:33.0953 4072 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:33.0953 4072 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:33.0953 4072 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:33.0953 4072 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:33.0953 4072 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:33.0953 4072 WMPNetworkSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:34.0765 4072 \Device\Harddisk0\DR0\# - copied to quarantine
09:22:34.0765 4072 \Device\Harddisk0\DR0 - copied to quarantine
09:22:34.0859 4072 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
09:22:34.0875 4072 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
09:22:34.0890 4072 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
09:22:34.0890 4072 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
09:22:34.0906 4072 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
09:22:34.0968 4072 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
09:22:35.0250 4072 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
09:22:35.0250 4072 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
09:22:35.0250 4072 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
09:22:35.0250 4072 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
09:22:35.0250 4072 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
09:22:35.0265 4072 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
09:22:35.0312 4072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
09:22:35.0312 4072 \Device\Harddisk0\DR0 - ok
09:22:35.0343 4072 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
09:22:35.0343 4072 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:22:35.0343 4072 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:23:11.0406 2872 Deinitialize success
  • 0

#6
Essexboy
Posted 07 April 2012 - 10:36 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There we go :cool:

OK re-run TDSSKiller please and when you reach this part select delete :

\Device\Harddisk0\DR0 ( TDSS File System )

If you could then run a fresh OTL scan for me please selecting all users, and let me know what the current problems are
  • 0

#7
everythingsm
Posted 07 April 2012 - 10:40 AM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
Ran AVG Rootkit and no Rootkits .... :thumbsup:

Going to hook up to the net and run all virus software to be safe.

Thanks so much for responding to me. Have a GREAT DAY
and i'll be following up with my appreciation.

FORGOT the cleaning... i'll watch for your cleaning directions.


OTL Log

OTL logfile created on: 4/7/2012 9:45:47 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Scott\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 75.98% Memory free
4.83 Gb Paging File | 4.24 Gb Available in Paging File | 87.79% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 5.64 Gb Free Space | 1.21% Space Free | Partition Type: NTFS

Computer Name: SCOTT-213F49CC3 | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/06 15:08:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
PRC - [2012/03/31 08:03:53 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/31 08:03:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Scott\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/02/23 04:36:44 | 001,269,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/02/14 04:52:44 | 000,976,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/06/15 16:56:16 | 001,355,968 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/06/15 16:56:16 | 000,864,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/04/27 01:43:30 | 000,356,352 | R--- | M] (VIA Technologies, Inc.) -- C:\Program Files\VBTUCopy\VBTUCopy.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/31 08:03:53 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/31 08:03:47 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/06/15 16:56:22 | 000,271,856 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2009/02/27 12:56:34 | 000,016,768 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2007/07/12 22:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/31 08:03:53 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/06/15 16:56:16 | 001,355,968 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/16 02:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/04/01 10:17:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Scott\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\4131E3.sys -- (4131E3)
DRV - File not found [Kernel | Unavailable | Unknown] -- globalroot\C:\WINDOWS\system32\drivers\2111DB.sys -- (2111DB)
DRV - [2012/02/22 05:25:52 | 000,299,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:04 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidsehx.sys -- (AVGIDSEH)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/11/22 14:48:07 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2010/06/05 14:11:21 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/09/02 18:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\..\SearchScopes\{0169E633-8781-F882-9BC7-7B014AE4DE4E}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\..\SearchScopes\{09533787-AE1B-4686-AD2C-648367BFEF2B}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\..\SearchScopes\{454575F2-C92B-4CBB-B1F6-3D04AC434B77}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2012-03-31 08:03:57&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-602609370-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/03/31 08:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/03/31 08:01:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/31 08:04:12 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/04/07 08:24:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Do-Not-Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [VBTUCopy] C:\Program Files\VBTUCopy\VBTUCopy.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-746137067-602609370-682003330-1003..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Scott\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-746137067-602609370-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-746137067-602609370-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O9 - Extra Button: AVG Do-Not-Track - {DA58ACA7-18A6-403A-93DA-6E4172D43709} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-746137067-602609370-682003330-1003\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-602609370-682003330-1003\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-746137067-602609370-682003330-1003\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-602609370-682003330-1003\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-746137067-602609370-682003330-1003\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-746137067-602609370-682003330-1003\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-746137067-602609370-682003330-1003\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1306968218859 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238625505953 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.micr...44/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...570/mcfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/01 10:05:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (sprestrt)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 09:22:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/04/07 09:17:02 | 002,073,136 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scott\Desktop\tdsskiller.exe
[2012/04/07 08:45:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/07 08:31:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/07 08:05:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/07 08:05:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/07 08:05:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/07 08:05:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/04/07 08:00:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/07 07:45:31 | 004,452,287 | R--- | C] (Swearware) -- C:\Documents and Settings\Scott\Desktop\ComboFix.exe
[2012/04/07 07:45:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Scott\Desktop\aswMBR.exe
[2012/04/06 15:09:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2012/04/06 12:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/06 12:39:04 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/04/06 12:38:59 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/04/06 12:38:56 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/04/06 12:35:37 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/06 12:25:45 | 020,320,648 | ---- | C] (Oracle Corporation) -- C:\Documents and Settings\Scott\Desktop\jre-7u3-windows-i586.exe
[2012/04/03 09:38:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVG
[2012/04/03 09:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012/03/31 08:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVG2012
[2012/03/31 08:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/03/31 08:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Scott\Application Data\AVG Secure Search
[2012/03/31 08:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/03/31 08:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/03/31 08:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/03/31 08:02:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/03/31 08:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/03/31 08:01:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/03/31 08:01:12 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/03/31 07:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

========== Files - Modified Within 30 Days ==========

[2012/04/07 09:45:35 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{07C0E146-67A0-4598-811F-D68B8AF0D168}.job
[2012/04/07 09:28:18 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/07 09:25:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/07 09:16:36 | 002,073,136 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Scott\Desktop\tdsskiller.exe
[2012/04/07 08:24:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/07 07:52:58 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\MBR.dat
[2012/04/07 07:39:20 | 004,452,287 | R--- | M] (Swearware) -- C:\Documents and Settings\Scott\Desktop\ComboFix.exe
[2012/04/07 07:37:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Scott\Desktop\aswMBR.exe
[2012/04/06 15:31:23 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/06 15:08:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Scott\Desktop\OTL.exe
[2012/04/06 13:23:52 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/06 12:36:59 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/04/06 12:36:59 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/04/06 12:36:59 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/04/06 12:36:59 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/04/06 12:36:59 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/04/06 12:36:58 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/04/06 12:25:22 | 020,320,648 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Scott\Desktop\jre-7u3-windows-i586.exe
[2012/04/06 10:26:42 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/06 10:24:28 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Microsoft Office Word 2007.lnk
[2012/04/06 08:49:33 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/06 06:29:04 | 093,978,413 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/05 09:49:30 | 000,071,726 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\default.pdf
[2012/04/03 18:38:35 | 000,094,033 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/04/03 06:05:51 | 000,000,392 | -HS- | M] () -- C:\boot.ini
[2012/03/31 08:13:07 | 000,017,446 | ---- | M] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\dt.dat
[2012/03/18 13:36:48 | 001,477,608 | ---- | M] () -- C:\Documents and Settings\Scott\Desktop\Origins_of_KBLH.pdf
[2012/03/15 05:34:46 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 11:44:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/11 08:36:29 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/11 07:38:33 | 000,617,346 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 07:38:32 | 000,122,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/04/07 08:05:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/07 08:05:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/07 08:05:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/07 08:05:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/07 08:05:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/07 07:52:58 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\MBR.dat
[2012/04/06 10:13:04 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/06 06:29:04 | 093,978,413 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/05 09:49:24 | 000,071,726 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\default.pdf
[2012/04/03 18:38:35 | 000,094,033 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/31 08:13:07 | 000,017,446 | ---- | C] () -- C:\Documents and Settings\Scott\Local Settings\Application Data\dt.dat
[2012/03/18 13:36:48 | 001,477,608 | ---- | C] () -- C:\Documents and Settings\Scott\Desktop\Origins_of_KBLH.pdf
[2012/02/17 08:12:02 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/21 19:01:27 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2010/10/19 13:47:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Scott\.plugin141_07.trace:SummaryInformation

< End of report >

Edited by everythingsm, 07 April 2012 - 11:06 AM.

  • 0

#8
Essexboy
Posted 07 April 2012 - 10:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Spot on that was the backup file for the nasty
  • 0

#9
everythingsm
Posted 07 April 2012 - 11:14 AM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
When ya get a chance just let me know your CLEANING Procedure. I feel better with your tools/direction than if I do it manually and miss or mess up something you've just fixed.

Now I can travel for work next week and not have this over my head to repair once i return home. thanks ;)
  • 0

#10
Essexboy
Posted 07 April 2012 - 11:24 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ask and your wish shall be granted :lol:

Have a nice trip

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#11
everythingsm
Posted 07 April 2012 - 12:41 PM

everythingsm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 171 posts
I completed all. Still have below from view of Explorer.

C:\TDSSKiller_Quarantine, 2 files inside 1)434KB 2)118KB

Should i delete ?
  • 0

#12
Essexboy
Posted 07 April 2012 - 01:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep please - OTL should have killed that
  • 0

#13
Essexboy
Posted 10 April 2012 - 02:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP