MCNAUGHTONW2 - COMBOFIX

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

MCNAUGHTONW2 - COMBOFIX27th May 2012, 8:51 pm

This the 2nd run, the first was too long so I ran it again. I'll try to find it and send.
ComboFix 12-05-27.02 - Owner 05/27/2012 16:45:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1289 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\COMMY.EXE
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-26 18:05 . 2012-05-26 18:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Secure Search
2012-05-26 18:04 . 2012-05-26 18:04 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG Secure Search
2012-05-26 18:04 . 2012-05-26 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-05-26 17:07 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 05:12 . 2012-03-06 23:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-05-04 12:55 . 2012-03-06 23:20 6426672 ----a-w- C:\Progra
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 18:08 . 2012-04-02 12:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 18:08 . 2011-05-14 20:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:14 . 2007-07-27 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2007-07-27 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 23:15 . 2012-04-10 19:54 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-04-10 19:54 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2012-04-10 19:54 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2012-04-10 19:54 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-04-10 19:54 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2012-04-10 19:54 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-04-10 19:54 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2012-04-10 19:54 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2012-04-10 19:54 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2012-04-10 19:54 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-03-01 11:01 . 2007-07-27 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2007-07-27 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2007-07-27 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2007-07-27 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2007-07-27 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2007-07-27 12:00 385024 ------w- c:\windows\system32\html.iec
2011-04-14 16:26 . 2011-06-02 23:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-27_20.20.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-27 12:00 . 2012-05-27 20:22 40196 c:\windows\system32\perfc009.dat
+ 2007-07-27 12:00 . 2012-05-27 20:24 40196 c:\windows\system32\perfc009.dat
+ 2007-07-27 12:00 . 2012-05-27 20:24 311934 c:\windows\system32\perfh009.dat
- 2007-07-27 12:00 . 2012-05-27 20:22 311934 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-26 18:04 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.1.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.1.7\AVG Secure Search_toolbar.dll" [2012-05-26 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare]
@="{72bcb80d-7778-eb4a-ec51-22340ad33e07}"
[HKEY_CLASSES_ROOT\CLSID\{72bcb80d-7778-eb4a-ec51-22340ad33e07}]
2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare2]
@="{b723586e-9ca0-5b27-341a-4990a8c342cf}"
[HKEY_CLASSES_ROOT\CLSID\{b723586e-9ca0-5b27-341a-4990a8c342cf}]
2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ComcastSecureBackupShare3]
@="{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}"
[HKEY_CLASSES_ROOT\CLSID\{f614e4c4-b3fa-5249-b9ea-4fe7d38b8cd0}]
2010-02-09 13:02 2848584 ----a-w- c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-11-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-11-08 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-11-08 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-03 188416]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-26 1104440]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Secure Backup and Share Status.lnk - c:\program files\SecureBackupShare\ComcastSecureBackupSharestat.exe [2010-2-9 2861896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [5/5/2012 1:12 AM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/10/2012 3:54 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2012 3:54 PM 337880]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;c:\windows\system32\drivers\ComcastSecureBackupShare.sys [3/17/2010 11:15 AM 54776]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [6/17/2009 1:49 PM 616408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2012 3:54 PM 20696]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;c:\program files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2/9/2010 9:02 AM 45896]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [5/26/2012 2:04 PM 935480]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2010 6:52 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/2/2012 8:11 AM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2010 6:52 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oracleoradb10g_home1isql*plus
MSIRCOMM
CrystalSysInfo
lxrjd31d
AVerBDA
SaiU040B
JL2005C
rassstp
us30sys
l8042pr2
CVirtA
ipodservice
processor
w810mgmt
mwlsvc
NWADI
rtm
a016obex
rkhdrv31
DivisCTS
DSI_SiUSBXp_3_1
mgabg
CX88AUD
TdmService
Tablet2k
Ncrc710
SMCB000
RalinkRegistryWriter
AdfuUd
epson_pm_rpcv2_02
SaiH040B
p17xfilt
vds
imagesrv
downloadmanagerlite
w300mdfl
brmfbags
SaiMini
avg7alrt
retrolauncher
comhost
VIAPFD
CVPND
rrrspy
dmprimer
mvwebserver
nsvcip
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:08]
.
2012-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 22:51]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 22:51]
.
2012-05-27 c:\windows\Tasks\User_Feed_Synchronization-{AFAE532D-F2ED-42FA-B1F9-4EE5781B0B46}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\2hpqhlf4.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-27 16:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
.
- - - - - - - > 'explorer.exe'(1968)
c:\windows\system32\WININET.dll
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\program files\SecureBackupShare\ComcastSecureBackupShareshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-27 16:49:58
ComboFix-quarantined-files.txt 2012-05-27 20:49
ComboFix2.txt 2012-05-27 20:23
ComboFix3.txt 2011-05-25 22:08
.
Pre-Run: 292,760,678,400 bytes free
Post-Run: 292,762,718,208 bytes free
.
- - End Of File - - BC5E2E5B4E690CD8D86B28328049B37E

Re: MCNAUGHTONW2 - COMBOFIX28th May 2012, 8:52 pm

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Comcast antivirus or Avast.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

............................................................................................
If we have helped you, Please consider helping us, make a donation.

Helping fight malware. MCNAUGHTONW2 - COMBOFIX Sac

Re: MCNAUGHTONW2 - COMBOFIX2nd June 2012, 2:16 am

AVG must have snuck in wi th TDSSKiller. Ran ESET and somehow screwed it up and lost it but the report said 20 threats. Ran it again:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=abf6a0401199494d8076e19f72cf6765
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-02 01:19:58
# local_time=2012-06-01 09:19:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 14273449 14273449 0 0
# compatibility_mode=5889 16768382 80 100 95890960 178421115 0 96769569
# compatibility_mode=8192 67108863 100 0 271008 271008 0 0
# scanned=69134
# found=1
# cleaned=1
# scan_time=3229
C:\System Volume Information\_restore{8C0CA175-CB0A-4694-B7C4-6C76677C3FAD}\RP1219\A0188976.exe Win32/Soft32Downloader application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: MCNAUGHTONW2 - COMBOFIX2nd June 2012, 1:16 pm

How is the machine running?
Anymore problems?

Just post reply to this topic. Please do not start another topic, we need to keep your posts together. It is easier to see what has been done.

Re: MCNAUGHTONW2 - COMBOFIX2nd June 2012, 4:20 pm

Still having problems with program "not responding" and "this tab has been recovered". Example: trying GeekPolice might take 6 or 8 attempts to finally get to the posts. When I click on the "virus, malware" line it may do nothing and I can try again, or it may lock up and I have to restart, or it will show the "tab recovered" and "send" or "don't send" report box but I can get in to the site.
Thank you for your patience.

Re: MCNAUGHTONW2 - COMBOFIX4th June 2012, 11:27 pm

Sorry for the delay, had a really busy weekend.
ok I want to look at something;

Update and Rerun Malwarebytes
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Then Please run:
Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.

Re: MCNAUGHTONW2 - COMBOFIX5th June 2012, 2:01 am

The malwarebytes scan was clean. I ran the tdsskiller scanbut couldn't copy. When highlighted, the cursor remained an arrow and nothing happened when double clicked. Without highlight, the cursor remained a vertical I. The report said OK throughout and ended with:
Deteceted object count: 0
Actual det. obj. count: 0
I hope ths is some help.

Re: MCNAUGHTONW2 - COMBOFIX5th June 2012, 12:57 pm

ok
Could you look in the following location to see if the text file is there?

the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt"
and please post it so I can look at it. Smile...

Re: MCNAUGHTONW2 - COMBOFIX5th June 2012, 2:17 pm

Thank you. Searched & found and moved to documents and it copied just fine: 21:51:11.0500 2388 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:51:11.0828 2388 ============================================================
21:51:11.0828 2388 Current date / time: 2012/06/04 21:51:11.0828
21:51:11.0828 2388 SystemInfo:
21:51:11.0828 2388
21:51:11.0828 2388 OS Version: 5.1.2600 ServicePack: 3.0
21:51:11.0828 2388 Product type: Workstation
21:51:11.0828 2388 ComputerName: OWNER-953AA3A1F
21:51:11.0828 2388 UserName: Owner
21:51:11.0828 2388 Windows directory: C:\WINDOWS
21:51:11.0828 2388 System windows directory: C:\WINDOWS
21:51:11.0828 2388 Processor architecture: Intel x86
21:51:11.0828 2388 Number of processors: 2
21:51:11.0828 2388 Page size: 0x1000
21:51:11.0828 2388 Boot type: Normal boot
21:51:11.0828 2388 ============================================================
21:51:13.0375 2388 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:51:13.0375 2388 ============================================================
21:51:13.0375 2388 \Device\Harddisk0\DR0:
21:51:13.0375 2388 MBR partitions:
21:51:13.0375 2388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
21:51:13.0375 2388 ============================================================
21:51:13.0406 2388 C: <-> \Device\Harddisk0\DR0\Partition0
21:51:13.0406 2388 ============================================================
21:51:13.0406 2388 Initialize success
21:51:13.0406 2388 ============================================================
21:51:56.0531 2128 ============================================================
21:51:56.0531 2128 Scan started
21:51:56.0531 2128 Mode: Manual;
21:51:56.0531 2128 ============================================================
21:51:56.0781 2128 a016obex - ok
21:51:56.0843 2128 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
21:51:56.0843 2128 Aavmker4 - ok
21:51:56.0843 2128 Abiosdsk - ok
21:51:56.0859 2128 abp480n5 - ok
21:51:56.0921 2128 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:51:56.0921 2128 ACPI - ok
21:51:56.0984 2128 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:51:56.0984 2128 ACPIEC - ok
21:51:56.0984 2128 AdfuUd - ok
21:51:57.0078 2128 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:51:57.0078 2128 AdobeFlashPlayerUpdateSvc - ok
21:51:57.0093 2128 adpu160m - ok
21:51:57.0140 2128 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:51:57.0140 2128 aec - ok
21:51:57.0187 2128 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
21:51:57.0187 2128 Afc - ok
21:51:57.0250 2128 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:51:57.0250 2128 AFD - ok
21:51:57.0250 2128 Aha154x - ok
21:51:57.0250 2128 aic78u2 - ok
21:51:57.0265 2128 aic78xx - ok
21:51:57.0312 2128 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:51:57.0312 2128 Alerter - ok
21:51:57.0328 2128 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:51:57.0328 2128 ALG - ok
21:51:57.0343 2128 AliIde - ok
21:51:57.0343 2128 amsint - ok
21:51:57.0468 2128 AntiSpywareService (f9dac844b1d370da4c984d4c22f5e696) C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
21:51:57.0468 2128 AntiSpywareService - ok
21:51:57.0531 2128 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:51:57.0531 2128 Apple Mobile Device - ok
21:51:57.0578 2128 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:51:57.0578 2128 AppMgmt - ok
21:51:57.0578 2128 asc - ok
21:51:57.0593 2128 asc3350p - ok
21:51:57.0593 2128 asc3550 - ok
21:51:57.0640 2128 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
21:51:57.0640 2128 aswFsBlk - ok
21:51:57.0687 2128 aswKbd (81e695913fefd4e23360a69c0f151797) C:\WINDOWS\system32\drivers\aswKbd.sys
21:51:57.0687 2128 aswKbd - ok
21:51:57.0718 2128 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
21:51:57.0718 2128 aswMon2 - ok
21:51:57.0734 2128 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
21:51:57.0734 2128 AswRdr - ok
21:51:57.0781 2128 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
21:51:57.0781 2128 aswSnx - ok
21:51:57.0812 2128 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
21:51:57.0812 2128 aswSP - ok
21:51:57.0812 2128 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
21:51:57.0828 2128 aswTdi - ok
21:51:57.0875 2128 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:51:57.0875 2128 AsyncMac - ok
21:51:57.0875 2128 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:51:57.0890 2128 atapi - ok
21:51:57.0937 2128 AtcL002 (f6475d507ab08f15121bebf84209fe72) C:\WINDOWS\system32\DRIVERS\l251x86.sys
21:51:57.0937 2128 AtcL002 - ok
21:51:57.0953 2128 Atdisk - ok
21:51:57.0984 2128 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:51:57.0984 2128 Atmarpc - ok
21:51:58.0015 2128 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:51:58.0031 2128 AudioSrv - ok
21:51:58.0046 2128 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:51:58.0046 2128 audstub - ok
21:51:58.0187 2128 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:51:58.0187 2128 avast! Antivirus - ok
21:51:58.0203 2128 avast! Firewall - ok
21:51:58.0203 2128 AVerBDA - ok
21:51:58.0218 2128 avg7alrt - ok
21:51:58.0265 2128 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:51:58.0265 2128 Beep - ok
21:51:58.0343 2128 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:51:58.0343 2128 BITS - ok
21:51:58.0343 2128 brmfbags - ok
21:51:58.0375 2128 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:51:58.0375 2128 Browser - ok
21:51:58.0406 2128 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:51:58.0406 2128 BVRPMPR5 - ok
21:51:58.0406 2128 catchme - ok
21:51:58.0437 2128 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:51:58.0437 2128 cbidf2k - ok
21:51:58.0453 2128 cd20xrnt - ok
21:51:58.0484 2128 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:51:58.0484 2128 Cdaudio - ok
21:51:58.0531 2128 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:51:58.0531 2128 Cdfs - ok
21:51:58.0531 2128 Changer - ok
21:51:58.0546 2128 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:51:58.0546 2128 CiSvc - ok
21:51:58.0562 2128 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:51:58.0562 2128 ClipSrv - ok
21:51:58.0562 2128 CmdIde - ok
21:51:58.0656 2128 ComcastSecureBackupSharebackup (0eaa460b1c0e90b3d1bf75462bc0fe95) C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
21:51:58.0656 2128 ComcastSecureBackupSharebackup - ok
21:51:58.0703 2128 ComcastSecureBackupShareFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\ComcastSecureBackupShare.sys
21:51:58.0703 2128 ComcastSecureBackupShareFilter - ok
21:51:58.0718 2128 comhost - ok
21:51:58.0718 2128 COMSysApp - ok
21:51:58.0734 2128 Cpqarray - ok
21:51:58.0750 2128 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:51:58.0750 2128 CryptSvc - ok
21:51:58.0750 2128 CrystalSysInfo - ok
21:51:58.0765 2128 CVirtA - ok
21:51:58.0765 2128 CVPND - ok
21:51:58.0765 2128 CX88AUD - ok
21:51:58.0781 2128 dac2w2k - ok
21:51:58.0781 2128 dac960nt - ok
21:51:58.0859 2128 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:51:58.0859 2128 DcomLaunch - ok
21:51:58.0875 2128 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:51:58.0875 2128 Dhcp - ok
21:51:58.0906 2128 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:51:58.0906 2128 Disk - ok
21:51:58.0906 2128 DivisCTS - ok
21:51:58.0921 2128 dmadmin - ok
21:51:58.0984 2128 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:51:58.0984 2128 dmboot - ok
21:51:59.0015 2128 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:51:59.0015 2128 dmio - ok
21:51:59.0031 2128 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:51:59.0031 2128 dmload - ok
21:51:59.0031 2128 dmprimer - ok
21:51:59.0062 2128 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:51:59.0062 2128 dmserver - ok
21:51:59.0078 2128 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:51:59.0093 2128 DMusic - ok
21:51:59.0125 2128 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:51:59.0125 2128 Dnscache - ok
21:51:59.0187 2128 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:51:59.0187 2128 Dot3svc - ok
21:51:59.0187 2128 downloadmanagerlite - ok
21:51:59.0187 2128 dpti2o - ok
21:51:59.0203 2128 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:51:59.0203 2128 drmkaud - ok
21:51:59.0203 2128 DSI_SiUSBXp_3_1 - ok
21:51:59.0234 2128 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:51:59.0234 2128 EapHost - ok
21:51:59.0234 2128 epson_pm_rpcv2_02 - ok
21:51:59.0250 2128 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:51:59.0250 2128 ERSvc - ok
21:51:59.0296 2128 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:51:59.0296 2128 Eventlog - ok
21:51:59.0359 2128 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:51:59.0359 2128 EventSystem - ok
21:51:59.0421 2128 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:51:59.0421 2128 Fastfat - ok
21:51:59.0468 2128 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:51:59.0468 2128 FastUserSwitchingCompatibility - ok
21:51:59.0484 2128 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:51:59.0484 2128 Fdc - ok
21:51:59.0500 2128 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:51:59.0500 2128 Fips - ok
21:51:59.0546 2128 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:51:59.0546 2128 Flpydisk - ok
21:51:59.0593 2128 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:51:59.0593 2128 FltMgr - ok
21:51:59.0625 2128 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:51:59.0625 2128 Fs_Rec - ok
21:51:59.0656 2128 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:51:59.0671 2128 Ftdisk - ok
21:51:59.0718 2128 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:51:59.0718 2128 GEARAspiWDM - ok
21:51:59.0750 2128 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:51:59.0750 2128 Gpc - ok
21:51:59.0890 2128 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:51:59.0890 2128 gupdate - ok
21:51:59.0890 2128 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:51:59.0890 2128 gupdatem - ok
21:51:59.0953 2128 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:51:59.0968 2128 HDAudBus - ok
21:52:00.0015 2128 helpsvc - ok
21:52:00.0031 2128 HidServ - ok
21:52:00.0078 2128 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:52:00.0078 2128 hkmsvc - ok
21:52:00.0078 2128 hpn - ok
21:52:00.0234 2128 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:52:00.0234 2128 hpqcxs08 - ok
21:52:00.0281 2128 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:52:00.0281 2128 hpqddsvc - ok
21:52:00.0343 2128 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:52:00.0343 2128 HPZid412 - ok
21:52:00.0343 2128 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:52:00.0343 2128 HPZipr12 - ok
21:52:00.0359 2128 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:52:00.0359 2128 HPZius12 - ok
21:52:00.0421 2128 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:52:00.0421 2128 HTTP - ok
21:52:00.0468 2128 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:52:00.0468 2128 HTTPFilter - ok
21:52:00.0468 2128 i2omgmt - ok
21:52:00.0484 2128 i2omp - ok
21:52:00.0515 2128 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:52:00.0515 2128 i8042prt - ok
21:52:00.0828 2128 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:52:00.0875 2128 ialm - ok
21:52:01.0000 2128 imagesrv - ok
21:52:01.0062 2128 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:52:01.0062 2128 Imapi - ok
21:52:01.0125 2128 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:52:01.0125 2128 ImapiService - ok
21:52:01.0125 2128 ini910u - ok
21:52:01.0390 2128 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:52:01.0421 2128 IntcAzAudAddService - ok
21:52:01.0546 2128 IntelIde - ok
21:52:01.0609 2128 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:52:01.0609 2128 intelppm - ok
21:52:01.0640 2128 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:52:01.0640 2128 Ip6Fw - ok
21:52:01.0671 2128 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:52:01.0671 2128 IpFilterDriver - ok
21:52:01.0687 2128 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:52:01.0687 2128 IpInIp - ok
21:52:01.0718 2128 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:52:01.0734 2128 IpNat - ok
21:52:01.0859 2128 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe
21:52:01.0875 2128 iPod Service - ok
21:52:01.0875 2128 ipodservice - ok
21:52:01.0937 2128 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:52:01.0937 2128 IPSec - ok
21:52:01.0953 2128 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:52:01.0953 2128 IRENUM - ok
21:52:01.0984 2128 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:52:01.0984 2128 isapnp - ok
21:52:02.0046 2128 ITMRTSVC (54f694c6cd3a1149ba3a8bdacc83badc) C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
21:52:02.0046 2128 ITMRTSVC - ok
21:52:02.0171 2128 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
21:52:02.0171 2128 JavaQuickStarterService - ok
21:52:02.0187 2128 JL2005C - ok
21:52:02.0234 2128 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:52:02.0234 2128 Kbdclass - ok
21:52:02.0250 2128 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:52:02.0250 2128 kmixer - ok
21:52:02.0281 2128 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:52:02.0281 2128 KSecDD - ok
21:52:02.0281 2128 l8042pr2 - ok
21:52:02.0343 2128 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:52:02.0343 2128 lanmanserver - ok
21:52:02.0406 2128 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:52:02.0421 2128 lanmanworkstation - ok
21:52:02.0421 2128 lbrtfdc - ok
21:52:02.0484 2128 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:52:02.0484 2128 LmHosts - ok
21:52:02.0484 2128 lxrjd31d - ok
21:52:02.0500 2128 MCSTRM - ok
21:52:02.0531 2128 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:52:02.0531 2128 Messenger - ok
21:52:02.0531 2128 mgabg - ok
21:52:02.0562 2128 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:52:02.0578 2128 mnmdd - ok
21:52:02.0609 2128 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:52:02.0625 2128 mnmsrvc - ok
21:52:02.0656 2128 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:52:02.0656 2128 Modem - ok
21:52:02.0687 2128 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:52:02.0687 2128 Mouclass - ok
21:52:02.0687 2128 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:52:02.0703 2128 MountMgr - ok
21:52:02.0703 2128 mraid35x - ok
21:52:02.0734 2128 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:52:02.0734 2128 MRxDAV - ok
21:52:02.0781 2128 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:52:02.0796 2128 MRxSmb - ok
21:52:02.0828 2128 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:52:02.0843 2128 MSDTC - ok
21:52:02.0843 2128 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:52:02.0843 2128 Msfs - ok
21:52:02.0843 2128 MSIRCOMM - ok
21:52:02.0859 2128 MSIServer - ok
21:52:02.0875 2128 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:52:02.0875 2128 MSKSSRV - ok
21:52:02.0890 2128 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:52:02.0890 2128 MSPCLOCK - ok
21:52:02.0906 2128 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:52:02.0906 2128 MSPQM - ok
21:52:02.0953 2128 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:52:02.0953 2128 mssmbios - ok
21:52:03.0000 2128 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:52:03.0000 2128 MTsensor - ok
21:52:03.0031 2128 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:52:03.0031 2128 Mup - ok
21:52:03.0046 2128 mvwebserver - ok
21:52:03.0046 2128 mwlsvc - ok
21:52:03.0093 2128 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:52:03.0093 2128 napagent - ok
21:52:03.0093 2128 Ncrc710 - ok
21:52:03.0140 2128 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:52:03.0156 2128 NDIS - ok
21:52:03.0218 2128 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:52:03.0218 2128 NdisTapi - ok
21:52:03.0234 2128 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:52:03.0234 2128 Ndisuio - ok
21:52:03.0234 2128 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:52:03.0234 2128 NdisWan - ok
21:52:03.0281 2128 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:52:03.0281 2128 NDProxy - ok
21:52:03.0312 2128 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\system32\HPZinw12.dll
21:52:03.0312 2128 Net Driver HPZ12 - ok
21:52:03.0328 2128 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:52:03.0328 2128 NetBIOS - ok
21:52:03.0343 2128 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:52:03.0343 2128 NetBT - ok
21:52:03.0406 2128 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:52:03.0406 2128 NetDDE - ok
21:52:03.0406 2128 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:52:03.0421 2128 NetDDEdsdm - ok
21:52:03.0453 2128 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:52:03.0468 2128 Netlogon - ok
21:52:03.0531 2128 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:52:03.0531 2128 Netman - ok
21:52:03.0593 2128 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:52:03.0593 2128 Nla - ok
21:52:03.0609 2128 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:52:03.0609 2128 Npfs - ok
21:52:03.0609 2128 nsvcip - ok
21:52:03.0640 2128 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:52:03.0640 2128 Ntfs - ok
21:52:03.0656 2128 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:52:03.0656 2128 NtLmSsp - ok
21:52:03.0718 2128 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:52:03.0734 2128 NtmsSvc - ok
21:52:03.0781 2128 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:52:03.0781 2128 Null - ok
21:52:03.0781 2128 NWADI - ok
21:52:03.0828 2128 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:52:03.0828 2128 NwlnkFlt - ok
21:52:03.0843 2128 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:52:03.0843 2128 NwlnkFwd - ok
21:52:03.0843 2128 oracleoradb10g_home1isql*plus - ok
21:52:03.0843 2128 p17xfilt - ok
21:52:03.0875 2128 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:52:03.0890 2128 Parport - ok
21:52:03.0890 2128 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:52:03.0890 2128 PartMgr - ok
21:52:03.0937 2128 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:52:03.0937 2128 ParVdm - ok
21:52:03.0953 2128 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:52:03.0953 2128 PCI - ok
21:52:03.0953 2128 PCIDump - ok
21:52:03.0984 2128 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:52:03.0984 2128 PCIIde - ok
21:52:04.0000 2128 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:52:04.0000 2128 Pcmcia - ok
21:52:04.0000 2128 PDCOMP - ok
21:52:04.0015 2128 PDFRAME - ok
21:52:04.0015 2128 PDRELI - ok
21:52:04.0015 2128 PDRFRAME - ok
21:52:04.0031 2128 perc2 - ok
21:52:04.0031 2128 perc2hib - ok
21:52:04.0093 2128 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:52:04.0093 2128 PlugPlay - ok
21:52:04.0140 2128 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\system32\HPZipm12.dll
21:52:04.0140 2128 Pml Driver HPZ12 - ok
21:52:04.0140 2128 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:52:04.0156 2128 PolicyAgent - ok
21:52:04.0156 2128 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:52:04.0156 2128 PptpMiniport - ok
21:52:04.0171 2128 processor - ok
21:52:04.0171 2128 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:52:04.0171 2128 ProtectedStorage - ok
21:52:04.0187 2128 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:52:04.0187 2128 PSched - ok
21:52:04.0234 2128 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:52:04.0234 2128 Ptilink - ok
21:52:04.0234 2128 ql1080 - ok
21:52:04.0250 2128 Ql10wnt - ok
21:52:04.0250 2128 ql12160 - ok
21:52:04.0265 2128 ql1240 - ok
21:52:04.0265 2128 ql1280 - ok
21:52:04.0265 2128 RalinkRegistryWriter - ok
21:52:04.0312 2128 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:52:04.0328 2128 RasAcd - ok
21:52:04.0359 2128 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:52:04.0375 2128 RasAuto - ok
21:52:04.0375 2128 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:52:04.0375 2128 Rasl2tp - ok
21:52:04.0421 2128 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:52:04.0437 2128 RasMan - ok
21:52:04.0437 2128 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:52:04.0437 2128 RasPppoe - ok
21:52:04.0437 2128 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:52:04.0437 2128 Raspti - ok
21:52:04.0453 2128 rassstp - ok
21:52:04.0468 2128 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:52:04.0468 2128 Rdbss - ok
21:52:04.0484 2128 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:52:04.0484 2128 RDPCDD - ok
21:52:04.0500 2128 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:52:04.0500 2128 rdpdr - ok
21:52:04.0546 2128 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:52:04.0546 2128 RDPWD - ok
21:52:04.0593 2128 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:52:04.0593 2128 RDSessMgr - ok
21:52:04.0625 2128 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:52:04.0625 2128 redbook - ok
21:52:04.0656 2128 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:52:04.0671 2128 RemoteAccess - ok
21:52:04.0718 2128 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:52:04.0718 2128 RemoteRegistry - ok
21:52:04.0718 2128 retrolauncher - ok
21:52:04.0734 2128 rkhdrv31 - ok
21:52:04.0750 2128 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:52:04.0765 2128 RpcLocator - ok
21:52:04.0812 2128 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:52:04.0812 2128 RpcSs - ok
21:52:04.0828 2128 rrrspy - ok
21:52:04.0890 2128 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:52:04.0890 2128 RSVP - ok
21:52:04.0890 2128 rtm - ok
21:52:04.0906 2128 SaiH040B - ok
21:52:04.0906 2128 SaiMini - ok
21:52:04.0906 2128 SaiU040B - ok
21:52:04.0953 2128 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:52:04.0968 2128 SamSs - ok
21:52:04.0984 2128 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:52:05.0000 2128 SCardSvr - ok
21:52:05.0031 2128 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:52:05.0046 2128 Schedule - ok
21:52:05.0062 2128 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:52:05.0062 2128 Secdrv - ok
21:52:05.0078 2128 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:52:05.0078 2128 seclogon - ok
21:52:05.0078 2128 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
21:52:05.0093 2128 SENS - ok
21:52:05.0109 2128 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:52:05.0109 2128 serenum - ok
21:52:05.0125 2128 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:52:05.0125 2128 Serial - ok
21:52:05.0140 2128 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:52:05.0140 2128 Sfloppy - ok
21:52:05.0203 2128 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:52:05.0203 2128 SharedAccess - ok
21:52:05.0250 2128 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:52:05.0265 2128 ShellHWDetection - ok
21:52:05.0265 2128 Simbad - ok
21:52:05.0281 2128 SMCB000 - ok
21:52:05.0281 2128 Sparrow - ok
21:52:05.0296 2128 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:52:05.0296 2128 splitter - ok
21:52:05.0343 2128 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:52:05.0343 2128 Spooler - ok
21:52:05.0359 2128 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:52:05.0359 2128 sr - ok
21:52:05.0375 2128 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:52:05.0375 2128 srservice - ok
21:52:05.0421 2128 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:52:05.0421 2128 Srv - ok
21:52:05.0453 2128 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:52:05.0468 2128 SSDPSRV - ok
21:52:05.0500 2128 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:52:05.0500 2128 stisvc - ok
21:52:05.0546 2128 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:52:05.0546 2128 swenum - ok
21:52:05.0562 2128 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:52:05.0562 2128 swmidi - ok
21:52:05.0562 2128 SwPrv - ok
21:52:05.0562 2128 symc810 - ok
21:52:05.0578 2128 symc8xx - ok
21:52:05.0578 2128 sym_hi - ok
21:52:05.0593 2128 sym_u3 - ok
21:52:05.0609 2128 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:52:05.0609 2128 sysaudio - ok
21:52:05.0640 2128 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:52:05.0640 2128 SysmonLog - ok
21:52:05.0656 2128 Tablet2k - ok
21:52:05.0671 2128 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:52:05.0687 2128 TapiSrv - ok
21:52:05.0734 2128 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:52:05.0734 2128 Tcpip - ok
21:52:05.0750 2128 TdmService - ok
21:52:05.0781 2128 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:52:05.0781 2128 TDPIPE - ok
21:52:05.0796 2128 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:52:05.0796 2128 TDTCP - ok
21:52:05.0812 2128 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:52:05.0812 2128 TermDD - ok
21:52:05.0859 2128 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:52:05.0859 2128 TermService - ok
21:52:05.0906 2128 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:52:05.0921 2128 Themes - ok
21:52:05.0953 2128 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:52:05.0968 2128 TlntSvr - ok
21:52:05.0968 2128 TosIde - ok
21:52:06.0015 2128 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:52:06.0031 2128 TrkWks - ok
21:52:06.0078 2128 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:52:06.0078 2128 Udfs - ok
21:52:06.0078 2128 ultra - ok
21:52:06.0156 2128 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:52:06.0156 2128 Update - ok
21:52:06.0187 2128 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:52:06.0187 2128 upnphost - ok
21:52:06.0218 2128 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:52:06.0218 2128 UPS - ok
21:52:06.0234 2128 us30sys - ok
21:52:06.0250 2128 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:52:06.0250 2128 usbaudio - ok
21:52:06.0281 2128 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:52:06.0281 2128 usbccgp - ok
21:52:06.0328 2128 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:52:06.0343 2128 usbehci - ok
21:52:06.0390 2128 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:52:06.0390 2128 usbhub - ok
21:52:06.0437 2128 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:52:06.0453 2128 usbprint - ok
21:52:06.0484 2128 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:52:06.0484 2128 usbscan - ok
21:52:06.0484 2128 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:52:06.0484 2128 USBSTOR - ok
21:52:06.0515 2128 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:52:06.0515 2128 usbuhci - ok
21:52:06.0515 2128 vds - ok
21:52:06.0531 2128 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:52:06.0531 2128 VgaSave - ok
21:52:06.0531 2128 ViaIde - ok
21:52:06.0546 2128 VIAPFD - ok
21:52:06.0578 2128 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:52:06.0578 2128 VolSnap - ok
21:52:06.0609 2128 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:52:06.0609 2128 VSS - ok
21:52:06.0609 2128 w300mdfl - ok
21:52:06.0640 2128 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:52:06.0640 2128 W32Time - ok
21:52:06.0656 2128 w810mgmt - ok
21:52:06.0671 2128 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:52:06.0671 2128 Wanarp - ok
21:52:06.0671 2128 WDICA - ok
21:52:06.0687 2128 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:52:06.0687 2128 wdmaud - ok
21:52:06.0703 2128 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:52:06.0718 2128 WebClient - ok
21:52:06.0812 2128 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:52:06.0812 2128 winmgmt - ok
21:52:06.0984 2128 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:52:07.0000 2128 wlidsvc - ok
21:52:07.0171 2128 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
21:52:07.0171 2128 WmdmPmSN - ok
21:52:07.0234 2128 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:52:07.0250 2128 Wmi - ok
21:52:07.0296 2128 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:52:07.0296 2128 WmiApSrv - ok
21:52:07.0468 2128 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:52:07.0484 2128 WMPNetworkSvc - ok
21:52:07.0531 2128 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:52:07.0531 2128 WS2IFSL - ok
21:52:07.0578 2128 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:52:07.0593 2128 wscsvc - ok
21:52:07.0625 2128 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:52:07.0640 2128 wuauserv - ok
21:52:07.0671 2128 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:52:07.0671 2128 WudfPf - ok
21:52:07.0687 2128 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:52:07.0687 2128 WudfRd - ok
21:52:07.0718 2128 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:52:07.0734 2128 WudfSvc - ok
21:52:07.0781 2128 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:52:07.0796 2128 WZCSVC - ok
21:52:07.0843 2128 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:52:07.0843 2128 xmlprov - ok
21:52:07.0859 2128 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:52:08.0218 2128 \Device\Harddisk0\DR0 - ok
21:52:08.0218 2128 Boot (0x1200) (4f5b9c055fa567a049c4ced5490300ed) \Device\Harddisk0\DR0\Partition0
21:52:08.0218 2128 \Device\Harddisk0\DR0\Partition0 - ok
21:52:08.0218 2128 ============================================================
21:52:08.0218 2128 Scan finished
21:52:08.0218 2128 ============================================================
21:52:08.0234 0644 Detected object count: 0
21:52:08.0234 0644 Actual detected object count: 0
21:53:00.0750 0164 Deinitialize success

Re: MCNAUGHTONW2 - COMBOFIX7th June 2012, 12:59 am

ok I would like to look at another OTL scan.

Open the program by double clicking on OTL icon. (you should still have it on your desktop)
Copy the following quote box and Paste it in the Custom Scans/Fixes box as shown below..

%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Do not change any settings. Click the Run Scan button. OTL will now perform a scan, it won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These files are saved at the same location as OTL.
Please copy and paste these results into your next post.

Re: MCNAUGHTONW2 - COMBOFIX9th June 2012, 8:12 pm

Sorry for the delay but I just found out the copy of the scan wasn't sent because it's too long. I didn't notice it when I clicked send. What would you like me to do?

Re: MCNAUGHTONW2 - COMBOFIX10th June 2012, 12:10 am

OTL.txt part 1
OTL logfile created on: 6/6/2012 10:15:57 PM - Run 6
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.42% Memory free
3.84 Gb Paging File | 3.32 Gb Available in Paging File | 86.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 270.85 Gb Free Space | 90.86% Space Free | Partition Type: NTFS

Computer Name: OWNER-953AA3A1F | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/25 12:54:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/03/30 17:06:08 | 000,869,816 | ---- | M] (CallingID Ltd.) -- C:\Program Files\xfin_portal\CIDGlobalLight.exe
PRC - [2011/03/30 17:06:02 | 000,074,712 | ---- | M] (Visicom Media Inc.) -- C:\Program Files\xfin_portal\dtuser.exe
PRC - [2010/02/09 09:02:34 | 002,861,896 | ---- | M] (Secure Backup and Share) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
PRC - [2010/02/09 09:02:32 | 000,045,896 | ---- | M] (Secure Backup and Share) -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
PRC - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
PRC - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
PRC - [2009/01/09 20:00:52 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/09 19:57:32 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2002/11/03 18:56:41 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/06 13:40:03 | 001,765,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12060602\algo.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/30 17:06:02 | 000,087,512 | ---- | M] () -- C:\Program Files\xfin_portal\comcastdx.dll
MOD - [2010/02/09 09:02:32 | 000,072,520 | ---- | M] () -- C:\Program Files\SecureBackupShare\librs2.dll
MOD - [2009/08/19 13:25:52 | 001,589,208 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
MOD - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
MOD - [2008/07/29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\streamloadservice.dll -- (w810mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\backupclientsvc.dll -- (w300mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iolodmv.dll -- (VIAPFD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z800mdfl.dll -- (vds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmisrv.dll -- (us30sys)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CE3.dll -- (TdmService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HWIONT.dll -- (Tablet2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VAIOMediaPlatform-VideoServer-HTTP.dll -- (SMCB000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\LoopBeMidi1.dll -- (SaiU040B)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Cmdm.dll -- (SaiMini)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mssql$soshome22.dll -- (SaiH040B)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\citrixwmiservice.dll -- (rtm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxcf_device.dll -- (rrrspy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GameConsoleService.dll -- (rkhdrv31)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vss.dll -- (retrolauncher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trlokom_rmhsvc.dll -- (rassstp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\U81xmdfl.dll -- (RalinkRegistryWriter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tbhsd.dll -- (processor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\digictrl.dll -- (p17xfilt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59bus.dll -- (oracleoradb10g_home1isql*plus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intcazaudaddservice.dll -- (NWADI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (nsvcip)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msi_wlan_service.dll -- (Ncrc710)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\clr_optimization_v2.0.50727_32.dll -- (mwlsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trufos.dll -- (mvwebserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\incdsrv.dll -- (MSIRCOMM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmnetadapter.dll -- (mgabg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zpjava.dll -- (lxrjd31d)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\psadd.dll -- (l8042pr2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcEPECioctl.dll -- (JL2005C)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dwusbdnt.dll -- (ipodservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vstor2.dll -- (imagesrv)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\irenum.dll -- (epson_pm_rpcv2_02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Alpham1.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lemsgt.dll -- (downloadmanagerlite)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmauthdservice.dll -- (dmprimer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mctaskmanager.dll -- (DivisCTS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wpshelper.dll -- (CX88AUD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\roxupnprenderer.dll -- (CVPND)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfc.dll -- (CVirtA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vusbbus.dll -- (CrystalSysInfo)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ndiswan.dll -- (comhost)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wpshelper.dll -- (brmfbags)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\G400DH.dll -- (avg7alrt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\changer.dll -- (AVerBDA)
SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PD0620VID.dll -- (AdfuUd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\personalsecuredriveservice.dll -- (a016obex)
SRV - [2012/05/05 14:08:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/02/09 09:02:32 | 000,045,896 | ---- | M] (Secure Backup and Share) [Auto | Running] -- C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe -- (ComcastSecureBackupSharebackup)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Auto | Running] -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2007/09/26 13:55:04 | 000,283,912 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/09 09:02:26 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ComcastSecureBackupShare.sys -- (ComcastSecureBackupShareFilter)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/11/01 02:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/17 08:12:00 | 000,030,720 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/12 04:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKLM\..\SearchScopes\{ceee4603-c0e3-4b47-8ce4-7ca79f2bf3aa}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60403&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=BO2TDF&PC=B8MS&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={4939599C-59A8-4EA9-87DA-398FC7FDF298}&mid=11ebcd921506b0ac513b690efc804b72-ef490969723f1ff5852d8a524486633b6b8eb98b&lang=en&ds=ft011&pr=sa&d=2012-05-26 14:04:50&v=11.1.1.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1712531
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4de9a4c2&v=7.5.30.4&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{ceee4603-c0e3-4b47-8ce4-7ca79f2bf3aa}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60403&p={searchTerms}
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.foxnews.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/24 15:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/10 15:54:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/05 20:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Owner\Application Data\Move Networks [2010/08/13 12:03:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/24 15:33:45 | 000,000,000 | ---D | M]

[2011/06/02 19:14:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/05/28 17:17:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2hpqhlf4.default\extensions
[2012/04/09 16:19:46 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\2hpqhlf4.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2011/11/02 08:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/11 08:07:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/02 08:59:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/08/13 12:03:07 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
[2012/04/10 15:54:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/04/14 11:48:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/26 14:04:43 | 000,003,751 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://search.avg.com/?d=4de9a503&v=7.5.30.4&i=23&tp=ggl-chrome&q={searchTerms}
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/05/27 16:20:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files\xfin_portal\auxi\comcastAu.dll (Visicom Media)
O3 - HKLM\..\Toolbar: (XFINITY Toolbar) - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files\xfin_portal\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [ComcastAntispyClient] C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secure Backup and Share Status.lnk = C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe (Secure Backup and Share)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246884519031 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4D127A4-391C-40A6-B1BE-626210FBA7F9}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/24 14:11:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: oracleoradb10g_home1isql*plus - %systemroot%\system32\se59bus.dll File not found
NetSvcs: MSIRCOMM - %systemroot%\system32\incdsrv.dll File not found
NetSvcs: CrystalSysInfo - %systemroot%\system32\vusbbus.dll File not found
NetSvcs: lxrjd31d - %systemroot%\system32\zpjava.dll File not found
NetSvcs: AVerBDA - %systemroot%\system32\changer.dll File not found
NetSvcs: SaiU040B - %systemroot%\system32\LoopBeMidi1.dll File not found
NetSvcs: JL2005C - %systemroot%\system32\SrvcEPECioctl.dll File not found
NetSvcs: rassstp - %systemroot%\system32\trlokom_rmhsvc.dll File not found
NetSvcs: us30sys - %systemroot%\system32\dmisrv.dll File not found
NetSvcs: l8042pr2 - %systemroot%\system32\psadd.dll File not found
NetSvcs: CVirtA - %systemroot%\system32\pfc.dll File not found
NetSvcs: ipodservice - %systemroot%\system32\dwusbdnt.dll File not found
NetSvcs: processor - %systemroot%\system32\tbhsd.dll File not found
NetSvcs: w810mgmt - %systemroot%\system32\streamloadservice.dll File not found
NetSvcs: mwlsvc - %systemroot%\system32\clr_optimization_v2.0.50727_32.dll File not found
NetSvcs: NWADI - %systemroot%\system32\intcazaudaddservice.dll File not found
NetSvcs: rtm - %systemroot%\system32\citrixwmiservice.dll File not found
NetSvcs: a016obex - %systemroot%\system32\personalsecuredriveservice.dll File not found
NetSvcs: rkhdrv31 - %systemroot%\system32\GameConsoleService.dll File not found
NetSvcs: DivisCTS - %systemroot%\system32\mctaskmanager.dll File not found
NetSvcs: DSI_SiUSBXp_3_1 - %systemroot%\system32\Alpham1.dll File not found
NetSvcs: mgabg - %systemroot%\system32\vmnetadapter.dll File not found
NetSvcs: CX88AUD - %systemroot%\system32\wpshelper.dll File not found
NetSvcs: TdmService - %systemroot%\system32\CE3.dll File not found
NetSvcs: Tablet2k - %systemroot%\system32\HWIONT.dll File not found
NetSvcs: Ncrc710 - %systemroot%\system32\msi_wlan_service.dll File not found
NetSvcs: SMCB000 - %systemroot%\system32\VAIOMediaPlatform-VideoServer-HTTP.dll File not found
NetSvcs: RalinkRegistryWriter - %systemroot%\system32\U81xmdfl.dll File not found
NetSvcs: AdfuUd - %systemroot%\system32\PD0620VID.dll File not found
NetSvcs: epson_pm_rpcv2_02 - %systemroot%\system32\irenum.dll File not found
NetSvcs: SaiH040B - %systemroot%\system32\mssql$soshome22.dll File not found
NetSvcs: p17xfilt - %systemroot%\system32\digictrl.dll File not found
NetSvcs: vds - %systemroot%\system32\z800mdfl.dll File not found
NetSvcs: imagesrv - %systemroot%\system32\vstor2.dll File not found
NetSvcs: downloadmanagerlite - %systemroot%\system32\lemsgt.dll File not found
NetSvcs: w300mdfl - %systemroot%\system32\backupclientsvc.dll File not found
NetSvcs: brmfbags - %systemroot%\system32\wpshelper.dll File not found
NetSvcs: SaiMini - %systemroot%\system32\SE2Cmdm.dll File not found
NetSvcs: avg7alrt - %systemroot%\system32\G400DH.dll File not found
NetSvcs: retrolauncher - %systemroot%\system32\vss.dll File not found
NetSvcs: comhost - %systemroot%\system32\ndiswan.dll File not found
NetSvcs: VIAPFD - %systemroot%\system32\iolodmv.dll File not found
NetSvcs: CVPND - %systemroot%\system32\roxupnprenderer.dll File not found
NetSvcs: rrrspy - %systemroot%\system32\lxcf_device.dll File not found
NetSvcs: dmprimer - %systemroot%\system32\vmauthdservice.dll File not found
NetSvcs: mvwebserver - %systemroot%\system32\trufos.dll File not found
NetSvcs: nsvcip - %systemroot%\system32\PCDCODEC.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - %systemroot%\system32\z800mdfl.dll File not found
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT

Re: MCNAUGHTONW2 - COMBOFIX10th June 2012, 12:13 am

OTL.txt part 2
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056

========== Files/Folders - Created Within 30 Days ==========

[2012/06/04 21:03:39 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\My Documents\tdsskiller.exe
[2012/05/28 21:19:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/28 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/27 15:45:53 | 004,528,653 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\COMMY.EXE
[2012/05/26 13:07:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/26 13:07:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/05/26 13:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/26 13:05:10 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/25 13:03:20 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/05/25 12:54:56 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/05/24 09:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/05/23 09:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\VA CLAIM RESPONSE INFO_files
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/06 22:08:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/06 21:48:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/06 18:48:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/06 14:42:57 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{AFAE532D-F2ED-42FA-B1F9-4EE5781B0B46}.job
[2012/06/06 13:57:54 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/06 13:57:54 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/06 13:54:03 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/06 13:53:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/04 21:19:56 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2012/06/04 21:17:49 | 002,108,959 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/06/01 19:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/27 16:20:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/27 15:45:57 | 004,528,653 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\COMMY.EXE
[2012/05/26 14:11:49 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\My Documents\tdsskiller.exe
[2012/05/26 13:07:26 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/26 13:05:28 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/26 06:57:01 | 000,852,401 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2012/05/25 23:30:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/05/25 13:03:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/05/25 12:54:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.com
[2012/05/24 09:51:35 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/05/24 09:21:01 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/05/24 09:19:56 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/23 09:40:43 | 000,380,831 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\VA CLAIM RESPONSE INFO.htm
[2012/05/17 22:30:29 | 002,925,273 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\XFINITY Connect FW vietnam helicopter pilot.mht
[2012/05/14 14:34:31 | 000,000,522 | ---- | M] () -- C:\hpfr3320.xml
[2012/05/09 17:12:07 | 000,110,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 16:55:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/09 09:28:29 | 000,006,990 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\dennis prager 1.htm
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/04 21:17:43 | 002,108,959 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2012/05/26 13:07:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/26 06:57:00 | 000,852,401 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2012/05/25 14:40:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2012/05/24 09:19:56 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/05/23 09:40:43 | 000,380,831 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\VA CLAIM RESPONSE INFO.htm
[2012/05/17 22:30:28 | 002,925,273 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\XFINITY Connect FW vietnam helicopter pilot.mht
[2012/05/09 09:28:29 | 000,006,990 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\dennis prager 1.htm
[2012/04/09 19:10:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/24 15:28:38 | 000,179,929 | ---- | C] () -- C:\WINDOWS\hpwins16.dat
[2012/02/24 15:28:37 | 000,000,602 | ---- | C] () -- C:\WINDOWS\hpwmdl16.dat
[2012/02/15 21:36:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/02 19:13:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/05/25 17:58:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/25 17:58:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/25 17:58:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/25 17:58:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/25 17:58:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/23 13:56:15 | 000,000,435 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/04/20 11:28:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/02/24 14:10:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/12/29 10:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/10/29 18:13:28 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4xl.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/06 06:59:07 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/02/24 14:15:27 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/02/24 14:15:27 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/05/25 13:03:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/05/27 15:45:57 | 004,528,653 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\COMMY.EXE
[2012/05/26 13:05:28 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.61.0.1400.exe
[2012/02/24 13:51:17 | 253,742,856 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OJJ3600_Full_14.exe
[2012/05/26 06:57:01 | 000,852,401 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2012/06/04 21:19:56 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2012/05/26 14:11:49 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\My Documents\tdsskiller.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/14 12:25:40 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 12:25:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/14 12:25:59 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/24 14:15:27 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/02/24 08:59:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/02/24 08:59:16 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/02/24 08:59:16 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.sys >
[2007/07/27 08:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2007/07/27 08:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2007/07/27 08:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2007/07/27 08:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2007/07/27 08:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2007/07/27 08:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2007/07/27 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2007/07/27 08:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2007/07/27 08:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2007/07/27 08:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2007/07/27 08:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2007/07/27 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2007/07/27 08:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2007/07/27 08:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2007/07/27 08:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 14:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2012/04/11 09:12:06 | 001,862,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/12/29 10:57:18 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/10/29 18:13:28 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpzpp4xl.dll

< %SYSTEMDRIVE%\*.* >
[2012/04/10 17:16:02 | 000,000,058 | ---- | M] () -- C:\aswBoot.log
[2009/02/24 14:11:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/24 14:06:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/05/25 18:02:31 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/05/27 16:49:59 | 000,014,432 | ---- | M] () -- C:\ComboFix.txt
[2009/02/24 14:11:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/05/14 14:34:31 | 000,035,272 | ---- | M] () -- C:\hpfr3320.log
[2012/05/14 14:34:31 | 000,000,522 | ---- | M] () -- C:\hpfr3320.xml
[2009/02/24 14:11:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/02/24 14:11:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/28 13:55:53 | 000,000,951 | ---- | M] () -- C:\net_save.dna
[2007/07/27 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/06 06:54:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/06/06 13:53:28 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/03/06 19:20:47 | 006,426,672 | ---- | M] (AVAST Software) -- C:\Progra
[2009/03/26 16:37:22 | 000,000,086 | ---- | M] () -- C:\setup.log
[2012/06/04 21:53:00 | 000,076,730 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_04.06.2012_21.51.11_log.txt
[2012/06/04 21:01:40 | 000,076,730 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_04.06.2012_20.57.38_log.txt
[2012/06/04 21:13:49 | 000,076,730 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_04.06.2012_21.05.01_log.txt
[2012/05/26 14:09:49 | 000,076,602 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_26.05.2012_14.08.15_log.txt
[2012/05/26 14:16:13 | 000,076,602 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_26.05.2012_14.13.33_log.txt
[2012/05/26 14:21:10 | 000,076,602 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_26.05.2012_14.18.24_log.txt

< %PROGRAMFILES%\*. >
[2011/02/16 15:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/02/24 14:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/07/25 15:57:15 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/03/26 16:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2012/04/10 15:53:57 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2011/12/09 00:35:20 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/09/30 22:31:09 | 000,000,000 | ---D | M] -- C:\Program Files\CA
[2012/05/15 13:02:20 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2012/03/09 19:34:21 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast Rhapsody
[2011/06/07 08:32:41 | 000,000,000 | ---D | M] -- C:\Program Files\comcasttb
[2012/05/28 16:58:29 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/02/24 14:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/08/13 08:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/02/24 14:34:45 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2012/05/28 17:09:21 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/05/13 17:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\FOX News Live
[2012/04/10 15:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/03/22 10:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2012/02/24 15:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/03/22 10:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\hp deskjet 3320 series
[2009/03/26 16:36:17 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/02/24 14:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/04/10 19:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/07/25 15:59:57 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/07/25 16:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2011/11/02 08:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/03/25 16:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\JRE
[2012/05/26 13:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/06 07:01:10 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/04/10 19:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2009/02/24 14:11:38 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/12/22 19:19:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/08/13 00:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/04/10 16:44:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/24 14:07:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2009/02/24 14:08:22 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2011/01/11 02:32:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/03/06 06:56:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/02/25 09:04:26 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/02/24 14:08:29 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/03/25 16:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/12/16 01:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/08/05 20:11:51 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/02/24 14:20:17 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2012/02/10 09:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\RegWork
[2009/03/26 16:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sanyo
[2010/03/17 11:15:34 | 000,000,000 | ---D | M] -- C:\Program Files\SecureBackupShare
[2009/09/28 13:55:48 | 000,000,000 | ---D | M] -- C:\Program Files\support.com
[2009/02/24 14:15:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/05/08 07:03:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/03/08 14:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/03/08 14:18:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/03/06 06:56:22 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/02/24 14:10:17 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/02/24 14:11:38 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2011/06/07 08:32:51 | 000,000,000 | ---D | M] -- C:\Program Files\xfin_portal
[2009/03/17 08:21:11 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!

< %appdata%\*.* >
[2009/02/24 09:02:23 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2012/04/09 22:56:20 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\mcs.rma

< MD5 for: AGP440.SYS >
[2007/07/27 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/06 06:52:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/06 06:52:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/07/27 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/06 06:52:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/06 06:52:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/07/27 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2007/07/27 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/03/06 06:52:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/03/06 06:52:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2007/07/27 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2007/07/27 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2007/07/27 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007/07/27 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2007/07/27 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/03/06 06:52:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/03/06 06:52:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/13 13:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-05 05:22:43

< >

< >

< End of report >

Re: MCNAUGHTONW2 - COMBOFIX11th June 2012, 4:52 pm

Hello
One of the main problems I see is that you are running multiple Antivirus programs:

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast, AVG, Comcast, or CA.

OTL Fix
Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{ceee4603-c0e3-4b47-8ce4-7ca79f2bf3aa}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=60403&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

:commands
[createrestorepoint]
[emptyflash]
[emptytemp]
Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

Please tell me if you are still experiencing problems.

Re: MCNAUGHTONW2 - COMBOFIX11th June 2012, 8:27 pm

Didn't know I had CA. Uninstalled it leaving Avast, thanks.

========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ceee4603-c0e3-4b47-8ce4-7ca79f2bf3aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ceee4603-c0e3-4b47-8ce4-7ca79f2bf3aa}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1056

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 13901 bytes

User: Owner
->Flash cache emptied: 26087 bytes

Total Flash Files Cleaned = 0.00 mb

Error: Unable to interpret <[emptytemp> in the current context!

OTL by OldTimer - Version 3.2.42.1 log created on 06112012_162353

Re: MCNAUGHTONW2 - COMBOFIX12th June 2012, 5:15 pm

Are you still having the problems?

Re: MCNAUGHTONW2 - COMBOFIX12th June 2012, 5:40 pm

AHA You people are amazing! Thanks for your help and patience. I wish I could donate more but all I can send is $30.

Re: MCNAUGHTONW2 - COMBOFIX12th June 2012, 5:43 pm

Oops, I see donations not applicable. I'll make the purchases. Thanks again.

Re: MCNAUGHTONW2 - COMBOFIX12th June 2012, 5:57 pm

Thanks! hold on a sec we need to remove tools and ensure you have things up to date for security reasons.
1. To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

MCNAUGHTONW2 - COMBOFIX Combofix_uninstall_image

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

2. OTL Cleanup
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

3. Update JAVA
Please Uninstall old versions of Java in Add/Remove Programs.

The download for the current version Java 7 Update 4 can be found here
Choose your computer operating system, accept the agreement to allow download and install. Be sure to untick the Ask toolbar download box.

4. Update Adobe .

Please Uninstall the old version via Start >> Control Panel >> Add Remove Programs
You can download Adobe Reader X here
If I can help anymore please let me know!!

MCNAUGHTONW2 - COMBOFIX

descriptionMCNAUGHTONW2 - COMBOFIX27th May 2012, 8:51 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX28th May 2012, 8:52 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX2nd June 2012, 2:16 am

descriptionRe: MCNAUGHTONW2 - COMBOFIX2nd June 2012, 1:16 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX2nd June 2012, 4:20 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX4th June 2012, 11:27 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX5th June 2012, 2:01 am

descriptionRe: MCNAUGHTONW2 - COMBOFIX5th June 2012, 12:57 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX5th June 2012, 2:17 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX7th June 2012, 12:59 am

descriptionRe: MCNAUGHTONW2 - COMBOFIX9th June 2012, 8:12 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX10th June 2012, 12:10 am

descriptionRe: MCNAUGHTONW2 - COMBOFIX10th June 2012, 12:13 am

descriptionRe: MCNAUGHTONW2 - COMBOFIX11th June 2012, 4:52 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX11th June 2012, 8:27 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX12th June 2012, 5:15 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX12th June 2012, 5:40 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX12th June 2012, 5:43 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX12th June 2012, 5:57 pm

descriptionRe: MCNAUGHTONW2 - COMBOFIX