OTL and Extra - pasted and attached

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Roguekiller/avg questions2nd September 2012, 3:29 pm

After running roguekiller, i have 6 SSDT's:
111 Nt notify change key
112 Nt notify change multiple keys
122 Nt open process
257 Nt terminate process
257 Nt terminate thread
258 Nt write virtual memory

I also have 4 S_SSDT's listed as unknown:
383, 414, 416, and 549

Is this a normal finding? What about the MBR finding?

RK 1 report is pasted below, followed by RK 9 report.
I have AVG, Spybot, and Malwarebytes:
RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Scan -- Date : 09/01/2012 12:09:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ SMENU] HKLM\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543216L9A300 +++++
--- User ---
[MBR] 7cb3943294ecd87e39cd94dc8f24b530
[BSP] 0639599f9f10526a8845373803eb7b9b : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 147628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : David [Admin rights]
Mode : Scan -- Date : 09/02/2012 08:02:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543216L9A300 +++++
--- User ---
[MBR] 7cb3943294ecd87e39cd94dc8f24b530
[BSP] 0639599f9f10526a8845373803eb7b9b : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 147628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk U3 Cruzer Micro USB Device +++++
--- User ---
[MBR] 36f0ad908b28843bd8a944b854b09a62
[BSP] 096ca65415799301792a33c93b5e78da : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 971 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[9].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt ; RKreport[9].txt

Had/Have ZeroAccess - Internet not available2nd September 2012, 7:45 pm

Hi, New User Here.
I posted earlier about the Acer netbook I'm using with AVG. Have posted results
of earlier RK scans and will follow up with OTL in a bit. So far, 44 views but no comments. I have wifi access with the Acer, but my pc cannot connect.

Anyhow, I am unable to connect to the internet with the pc. I have run AVG dated up to 8/28, Spybot, and RK. RK Quarantine has 6 virus icons in it on the pc.

AVG or Malwarebytes finds them as quarantined in the RK Quarantine File.
I'd like to follow the GeekPolice protocol on the pc.

Please let me know how to download the OTL file to my stick so that I can
run it on the pc to provide you all with a report...and, btw, do I cut and paste
it or attach it to the post.
Thanks
Dave

OTR and Extra Log below2nd September 2012, 8:41 pm

OTL logfile created on: 9/2/2012 1:05:46 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.88 Mb Total Physical Memory | 524.58 Mb Available Physical Memory | 51.84% Memory free
2.37 Gb Paging File | 1.87 Gb Available in Paging File | 78.91% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 77.80 Gb Free Space | 53.96% Space Free | Partition Type: NTFS

Computer Name: DUCKEL | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/02 12:59:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.com
PRC - [2012/09/02 09:08:51 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/10 21:06:55 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/10 21:06:52 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/04 14:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 00:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 00:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 02:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 02:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 01:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 01:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/11/19 07:17:50 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\David\Local Settings\Temp\RtkBtMnt.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/06/04 18:10:02 | 000,114,688 | ---- | M] (InterVideo Inc.) -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
PRC - [2008/05/22 16:30:16 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008/05/13 20:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/10 21:06:57 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/10 21:06:55 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012/07/10 21:06:52 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2007/04/06 02:56:30 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006/01/12 10:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/02 09:08:51 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/10 21:06:55 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/07 08:34:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/04 14:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 01:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/10 06:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/19 01:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 02:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 02:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 01:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 10:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 10:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 10:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 10:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009/05/18 08:08:26 | 001,566,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/08/07 03:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/07 18:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 02:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/10/01 15:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2005/01/13 15:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{43AA4BBD-A638-4B07-B37A-0B94308628A4}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F342245D-54B2-4AB4-9EC9-7E30FD49D881}&mid=294c986611c759ff870b1dbce5875f10-469a98821dae0c393713550809dd0b4aea27c1f8&lang=en&ds=AVG&pr=fr&d=2012-01-01 22:19:21&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B4e63f7b1-6c73-4e9c-863c-9de87f266393%7D&mid=294c986611c759ff870b1dbce5875f10-469a98821dae0c393713550809dd0b4aea27c1f8&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-01-01%2022%3A19%3A21&sap=ku&q="
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/08/13 20:23:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\11.1.0.12\ [2012/07/10 21:07:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/13 20:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/07 08:34:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/02 09:51:26 | 000,000,000 | ---D | M]

[2008/12/25 11:33:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2012/06/08 19:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1t377n6l.default\extensions
[2010/05/11 16:13:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1t377n6l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/27 09:27:02 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1t377n6l.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/21 19:45:08 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1t377n6l.default\extensions\support@ancestry.com
[2012/06/08 18:51:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/28 21:17:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/10 21:07:16 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\11.1.0.12
[2012/08/13 20:21:18 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/02/10 20:12:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/07/07 08:34:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/10 20:12:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/10 21:06:50 | 000,003,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/08 18:51:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/08 18:51:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/01 15:01:38 | 000,000,899 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe File not found
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341624473953 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{311F8851-5C99-4A30-B22D-0488438F12B9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 10:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - Reg Error: Value error.
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/02 12:59:50 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.com
[2012/09/02 12:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\My Documents\Peter's Stuff
[2012/09/02 09:43:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/02 09:09:54 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/09/02 09:09:54 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/02 09:09:28 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/02 09:09:26 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/02 09:09:25 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/01 15:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/01 12:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\RK_Quarantine
[2012/08/13 20:23:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/02 12:59:53 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.com
[2012/09/02 12:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/02 09:51:30 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2012/09/02 09:08:52 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/09/02 09:08:50 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012/09/02 09:08:50 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/09/02 09:08:50 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/09/02 09:08:50 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/09/02 09:08:50 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/09/02 09:08:50 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/09/02 08:45:32 | 093,535,809 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/09/01 22:11:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/01 22:06:14 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/01 22:04:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/01 22:03:58 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 21:32:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/01 12:04:36 | 001,376,768 | ---- | M] () -- C:\Documents and Settings\David\Desktop\RogueKiller.exe
[2012/08/18 11:07:59 | 000,249,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 10:59:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/18 01:02:04 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/08/18 01:02:04 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/08/13 20:32:17 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\dt.dat
[2012/08/13 20:23:28 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/08/12 16:28:20 | 000,165,376 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/06 17:33:01 | 000,228,190 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/01 22:03:58 | 1061,105,664 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/01 12:04:28 | 001,376,768 | ---- | C] () -- C:\Documents and Settings\David\Desktop\RogueKiller.exe
[2012/08/13 20:32:17 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\dt.dat
[2012/02/16 13:41:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/25 21:35:54 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/31 17:40:06 | 000,165,376 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/07 08:34:19 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/07 08:34:19 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/07 08:34:19 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/07 08:34:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/07 08:34:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/07 08:34:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 05:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 05:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 05:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/07 08:34:19 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/07 08:34:19 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/07 08:34:19 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/07/07 08:34:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/07/07 08:34:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/07 08:34:26 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/07/02 05:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/07/02 05:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/07/02 05:05:57 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2012/07/04 07:05:18 | 000,139,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys

< %systemroot%\System32\config\*.sav >
[2008/08/15 03:29:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/08/15 03:29:32 | 001,064,960 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/08/15 03:29:32 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2008/12/26 01:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\Acer Incorporated
[2010/04/29 19:44:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/01/01 23:12:44 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2012/07/18 13:51:00 | 000,000,000 | ---D | M] -- C:\Program Files\AVG Secure Search
[2010/07/03 19:19:58 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2012/09/02 09:43:54 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/08/15 10:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2012/09/01 15:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2008/12/25 13:54:12 | 000,000,000 | ---D | M] -- C:\Program Files\EsetOnlineScanner
[2010/12/31 11:29:43 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/12/26 01:13:47 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/11/13 02:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2012/08/18 11:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/11/13 02:21:31 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2012/09/02 09:08:42 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/12/26 01:08:48 | 000,000,000 | ---D | M] -- C:\Program Files\Launch Manager
[2012/07/25 23:34:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/22 20:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2008/12/27 01:10:40 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/11/21 19:41:21 | 000,000,000 | ---D | M] -- C:\Program Files\MFInstall
[2008/11/13 02:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/11/13 02:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/11/13 02:22:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2008/11/13 02:22:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/11/13 02:22:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/22 09:23:25 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/08/31 19:56:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/07/07 08:34:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2009/08/07 05:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/01/02 18:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/11/13 02:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/12/27 01:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/11/13 02:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/07/27 09:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2008/11/13 02:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/15 21:21:16 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/11/13 02:22:24 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/07 05:56:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/31 19:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\SiteAdvisor
[2012/05/31 20:17:56 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/05/02 12:26:06 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/08/15 10:58:40 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2008/08/15 10:43:32 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/11/13 02:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/11/13 02:22:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/08/15 10:36:12 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/11/13 02:22:27 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2008/08/15 03:30:24 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\David\Application Data\desktop.ini

< MD5 for: AFD.SYS >
[2011/08/17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 06:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/14 20:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011/02/16 06:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 08:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 03:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/10/16 07:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 03:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 06:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 04:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2011/08/17 06:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 20:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 20:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 20:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 20:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/14 20:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008/04/14 20:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll
[2008/04/14 20:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/14 20:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2009/04/20 10:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 10:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2009/04/20 10:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/14 20:00:00 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\$NtUninstallKB950974$\es.dll
[2008/07/07 13:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 13:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 13:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2008/04/14 20:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\dllcache\ipnathlp.dll
[2008/04/14 20:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/14 20:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys
[2008/04/14 20:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys

< MD5 for: NETBT.SYS >
[2008/04/14 20:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\dllcache\netbt.sys
[2008/04/14 20:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/14 20:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\dllcache\netman.dll
[2008/04/14 20:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll

< MD5 for: QMGR.DLL >
[2008/04/14 20:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 20:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/04/14 20:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\$NtUninstallKB956572$\rpcss.dll
[2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 05:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 03:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 04:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 20:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 04:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SR.SYS >
[2008/04/14 20:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\dllcache\sr.sys
[2008/04/14 20:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/14 20:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\dllcache\srsvc.dll
[2008/04/14 20:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/14 20:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 04:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008/06/20 04:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 04:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008/04/14 20:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 20:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 20:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\dllcache\volsnap.sys
[2008/04/14 20:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/14 20:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\dllcache\wmisvc.dll
[2008/04/14 20:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2008/04/14 20:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\dllcache\wscsvc.dll
[2008/04/14 20:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2008/04/14 20:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\dllcache\wuauserv.dll
[2008/04/14 20:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

awg log with avg on and ignored2nd September 2012, 9:17 pm

# AdwCleaner v2.000 - Logfile created 09/02/2012 at 13:49:34
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David - DUCKEL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\David\My Documents\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\DOCUME~1\David\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\David\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\David\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-1331097016-2097409049-3228307963-1007\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={F342245D-54B2-4AB4-9EC9-7E30FD49D881}&mid=294c986611c759ff870b1dbce5875f10-469a98821dae0c393713550809dd0b4aea27c1f8&lang=en&ds=AVG&pr=fr&d=2012-01-01 22:19:21&v=11.1.0.12&sap=nt

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\1t377n6l.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B4e63f7b1-6c73-4e9c-863c-9de87f266393%[...]

Profile name : default
File : C:\Documents and Settings\Norika\Application Data\Mozilla\Firefox\Profiles\6dkc1jvw.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5509 octets] - [02/09/2012 13:49:34]

########## EOF - C:\AdwCleaner[R1].txt - [5569 octets] ##########

Re: OTL and Extra - pasted and attached2nd September 2012, 10:34 pm

Download OTLPENet.exe to your desktop
Download Farbar Recovery Scan Tool and save it to a flash drive.
Ensure that you have a blank CD in the drive
Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

Insert the flash drive with FRST on it
Locate the flash drive and run FSRT
The tool will start to run.

OTL and Extra - pasted and attached FRST2

When the tool opens click Yes to disclaimer.
Press Scan button. It will do its scan and save a log on your flash drive.
Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
Type exit in the Command Prompt window and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

No cd/dvd burner on board this netbook2nd September 2012, 11:33 pm

Questions:

Does this netbook show a virus, based on the logs above?
If yes, what did you see that points that out?

Please advise if I can boot from my usb drive or from a flash media card,
as I have no dvd burner on board.

Thanks
Dave

Re: OTL and Extra - pasted and attached3rd September 2012, 8:23 am

Okie dokie. Back to Normal Mode...

ComboFix

Please download ComboFix OTL and Extra - pasted and attached Combofix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
It is important to rename ComboFix before the download.
Please do not rename ComboFix to other names, but only the one indicated.

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on svchost.exe & follow the prompts.
It will attempt to install the Recovery Console:

When ComboFix finishes, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Re: OTL and Extra - pasted and attached3rd September 2012, 6:54 pm

I didn't see an answer:
Does this netbook I'm using show as infected on the logs I posted?

And, am I now skipping the second OTL program and Farbar, and using
combofix instead?

Re: OTL and Extra - pasted and attached3rd September 2012, 8:25 pm

Yes, we're using ComboFix instead.

Yes, the computer is very infected, as far as I can tell. Smile...

Re: OTL and Extra - pasted and attached3rd September 2012, 10:30 pm

ok, so i need to disable malewarebytes, avg, and spybot before I download, right?

BTW, I only posted about my netbook because i wanted to double check it
before i got started on my pc.
I've been trying, but cannot even get my pc logs to copy and paste or attach.
The pc has multiple viruses in rk quarantine.
Ok, so i'll download combofix as directed.

Here's combofix log...advise on reactivating AVG / firewall4th September 2012, 12:30 am

ComboFix 12-09-03.07 - David 09/03/2012 16:17:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.555 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Norika\Application Data\Skype
c:\documents and settings\Norika\Application Data\Skype\shared.lck
c:\documents and settings\Norika\Application Data\Skype\shared.xml
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\455f32d448e7c637.fb
c:\windows\system32\Cache\4940df4b9c7d68c6.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c7bebfb15ff6ed71.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fb50e1df1a27418e.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 06:14 . 2012-09-03 06:15 -------- d-----w- c:\documents and settings\Guest\Application Data\U3
2012-09-02 16:43 . 2012-09-02 16:43 -------- d-----w- c:\program files\Common Files\Java
2012-09-02 16:09 . 2012-09-02 16:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-02 16:09 . 2012-09-02 16:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 22:23 . 2012-09-01 22:23 -------- d-----w- c:\program files\ESET
2012-08-13 20:35 . 2012-08-13 20:35 5115584 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 16:08 . 2012-02-11 03:12 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-02 16:08 . 2012-02-11 03:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 13:58 . 2008-04-15 03:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-04-15 03:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 20:46 . 2010-05-02 05:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 13:40 . 2008-04-15 03:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49 . 2007-08-14 01:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2007-08-14 01:45 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 17:49 . 2007-08-14 01:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 12:05 . 2008-04-15 03:00 385024 ----a-w- c:\windows\system32\html.iec
2012-07-07 15:34 . 2012-06-09 01:51 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-11 04:06 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-11 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-26 24064]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-11 1107552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-24 928096]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\David\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-6-4 114688]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 1:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [7/4/2012 2:25 PM 5160568]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 1:53 AM 193288]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [8/13/2012 1:33 PM 3064000]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/10/2012 9:06 PM 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 10:32 AM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 10:32 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 10:32 AM 17232]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2010 10:13 PM 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [5/3/2012 8:31 AM 158856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/6/2011 11:03 PM 167264]
S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/26/2008 1:09 AM 24064]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2010 10:13 PM 135664]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [12/26/2008 1:13 AM 96856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/8/2012 6:51 PM 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 05:13]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-02 05:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 66.51.205.100 156.154.71.16
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\1t377n6l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B4e63f7b1-6c73-4e9c-863c-9de87f266393%7D&mid=294c986611c759ff870b1dbce5875f10-469a98821dae0c393713550809dd0b4aea27c1f8&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-01-01%2022%3A19%3A21&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-PLFSetL - c:\windows\PLFSetL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 16:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1516)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxext.exe
c:\docume~1\David\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2012-09-03 16:35:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 23:35
.
Pre-Run: 83,746,885,632 bytes free
Post-Run: 84,319,363,072 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C08070B22F1420F16695BBB6019C74BC

Re: OTL and Extra - pasted and attached4th September 2012, 8:02 am

Now, let's move on to the following tool, please:

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

OTL and Extra - pasted and attached Tdss_1

OTL and Extra - pasted and attached Tdss_1

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

OTL and Extra - pasted and attached Tdss_2

------------------------

Click the Start Scan button.

OTL and Extra - pasted and attached Tdss_3

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

OTL and Extra - pasted and attached Tdss_4

OTL and Extra - pasted and attached Tdss_4

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

OTL and Extra - pasted and attached Tdss_5

OTL and Extra - pasted and attached Tdss_5

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

2 suspicious unsigned files4th September 2012, 2:56 pm

07:45:48.0156 1760 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
07:45:49.0125 1760 ============================================================
07:45:49.0125 1760 Current date / time: 2012/09/04 07:45:49.0125
07:45:49.0125 1760 SystemInfo:
07:45:49.0125 1760
07:45:49.0125 1760 OS Version: 5.1.2600 ServicePack: 3.0
07:45:49.0125 1760 Product type: Workstation
07:45:49.0125 1760 ComputerName: DUCKEL
07:45:49.0125 1760 UserName: David
07:45:49.0125 1760 Windows directory: C:\WINDOWS
07:45:49.0125 1760 System windows directory: C:\WINDOWS
07:45:49.0125 1760 Processor architecture: Intel x86
07:45:49.0125 1760 Number of processors: 2
07:45:49.0125 1760 Page size: 0x1000
07:45:49.0125 1760 Boot type: Normal boot
07:45:49.0125 1760 ============================================================
07:45:53.0046 1760 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:45:53.0062 1760 ============================================================
07:45:53.0062 1760 \Device\Harddisk0\DR0:
07:45:53.0062 1760 MBR partitions:
07:45:53.0062 1760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0x12056484
07:45:53.0062 1760 ============================================================
07:45:53.0093 1760 C: <-> \Device\Harddisk0\DR0\Partition1
07:45:53.0109 1760 ============================================================
07:45:53.0109 1760 Initialize success
07:45:53.0109 1760 ============================================================
07:47:02.0078 2448 ============================================================
07:47:02.0078 2448 Scan started
07:47:02.0078 2448 Mode: Manual; SigCheck; TDLFS;
07:47:02.0078 2448 ============================================================
07:47:03.0406 2448 ================ Scan system memory ========================
07:47:03.0406 2448 System memory - ok
07:47:03.0421 2448 ================ Scan services =============================
07:47:04.0000 2448 Abiosdsk - ok
07:47:04.0062 2448 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
07:47:05.0671 2448 abp480n5 - ok
07:47:05.0750 2448 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:47:06.0046 2448 ACPI - ok
07:47:06.0062 2448 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
07:47:06.0375 2448 ACPIEC - ok
07:47:06.0390 2448 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
07:47:06.0687 2448 adpu160m - ok
07:47:06.0750 2448 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:47:07.0140 2448 aec - ok
07:47:07.0234 2448 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:47:07.0359 2448 AFD - ok
07:47:07.0390 2448 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
07:47:07.0625 2448 agp440 - ok
07:47:07.0640 2448 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
07:47:07.0859 2448 agpCPQ - ok
07:47:07.0921 2448 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
07:47:08.0062 2448 Aha154x - ok
07:47:08.0109 2448 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
07:47:08.0390 2448 aic78u2 - ok
07:47:08.0406 2448 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
07:47:08.0625 2448 aic78xx - ok
07:47:08.0703 2448 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:47:09.0500 2448 Alerter - ok
07:47:09.0562 2448 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:47:09.0984 2448 ALG - ok
07:47:10.0015 2448 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
07:47:10.0656 2448 AliIde - ok
07:47:10.0671 2448 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
07:47:11.0312 2448 alim1541 - ok
07:47:11.0343 2448 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
07:47:12.0718 2448 amdagp - ok
07:47:12.0781 2448 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
07:47:12.0953 2448 amsint - ok
07:47:12.0968 2448 AppMgmt - ok
07:47:13.0828 2448 [ BA7EC22EB21E195DC74201D3D0BFE03B ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
07:47:15.0843 2448 AR5416 - ok
07:47:15.0875 2448 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
07:47:16.0187 2448 asc - ok
07:47:16.0203 2448 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
07:47:16.0609 2448 asc3350p - ok
07:47:16.0671 2448 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
07:47:17.0015 2448 asc3550 - ok
07:47:17.0171 2448 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:47:18.0312 2448 aspnet_state - ok
07:47:18.0359 2448 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:47:19.0500 2448 AsyncMac - ok
07:47:19.0531 2448 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:47:19.0828 2448 atapi - ok
07:47:19.0859 2448 Atdisk - ok
07:47:19.0890 2448 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:47:20.0421 2448 Atmarpc - ok
07:47:20.0515 2448 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:47:20.0812 2448 AudioSrv - ok
07:47:20.0875 2448 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:47:21.0359 2448 audstub - ok
07:47:21.0531 2448 [ D45B7995761253A92AB071D576114F28 ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
07:47:22.0968 2448 AVG Security Toolbar Service - ok
07:47:23.0609 2448 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
07:47:27.0812 2448 AVGIDSAgent - ok
07:47:27.0890 2448 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
07:47:28.0281 2448 AVGIDSDriver - ok
07:47:28.0390 2448 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
07:47:28.0656 2448 AVGIDSFilter - ok
07:47:28.0703 2448 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:47:28.0750 2448 AVGIDSHX - ok
07:47:28.0781 2448 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:47:28.0968 2448 AVGIDSShim - ok
07:47:29.0031 2448 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:47:29.0296 2448 Avgldx86 - ok
07:47:29.0343 2448 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:47:29.0390 2448 Avgmfx86 - ok
07:47:29.0406 2448 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:47:29.0453 2448 Avgrkx86 - ok
07:47:29.0500 2448 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:47:29.0750 2448 Avgtdix - ok
07:47:29.0765 2448 avgtp - ok
07:47:29.0828 2448 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:47:30.0437 2448 avgwd - ok
07:47:30.0484 2448 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:47:31.0578 2448 Beep - ok
07:47:31.0671 2448 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
07:47:32.0484 2448 BITS - ok
07:47:32.0515 2448 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:47:32.0687 2448 Browser - ok
07:47:32.0687 2448 catchme - ok
07:47:32.0765 2448 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
07:47:33.0093 2448 cbidf - ok
07:47:33.0109 2448 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:47:33.0734 2448 cbidf2k - ok
07:47:33.0890 2448 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:47:36.0046 2448 CCDECODE - ok
07:47:36.0140 2448 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
07:47:36.0281 2448 cd20xrnt - ok
07:47:36.0312 2448 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:47:36.0796 2448 Cdaudio - ok
07:47:36.0843 2448 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:47:37.0453 2448 Cdfs - ok
07:47:37.0484 2448 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:47:38.0453 2448 Cdrom - ok
07:47:38.0468 2448 Changer - ok
07:47:38.0562 2448 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:47:39.0187 2448 CiSvc - ok
07:47:39.0234 2448 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:47:39.0812 2448 ClipSrv - ok
07:47:39.0859 2448 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:47:41.0765 2448 clr_optimization_v2.0.50727_32 - ok
07:47:41.0796 2448 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
07:47:42.0953 2448 CmBatt - ok
07:47:43.0000 2448 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
07:47:43.0406 2448 CmdIde - ok
07:47:43.0437 2448 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
07:47:43.0906 2448 Compbatt - ok
07:47:43.0921 2448 COMSysApp - ok
07:47:43.0968 2448 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
07:47:44.0312 2448 Cpqarray - ok
07:47:44.0375 2448 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:47:45.0000 2448 CryptSvc - ok
07:47:45.0109 2448 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
07:47:45.0421 2448 dac2w2k - ok
07:47:45.0437 2448 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
07:47:45.0687 2448 dac960nt - ok
07:47:45.0796 2448 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:47:45.0875 2448 DcomLaunch - ok
07:47:45.0921 2448 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:47:46.0484 2448 Dhcp - ok
07:47:46.0515 2448 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:47:46.0781 2448 Disk - ok
07:47:46.0828 2448 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
07:47:47.0062 2448 DKbFltr - ok
07:47:47.0078 2448 dmadmin - ok
07:47:47.0140 2448 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:47:47.0625 2448 dmboot - ok
07:47:47.0656 2448 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:47:48.0109 2448 dmio - ok
07:47:48.0140 2448 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:47:48.0640 2448 dmload - ok
07:47:48.0687 2448 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:47:49.0015 2448 dmserver - ok
07:47:49.0062 2448 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:47:49.0343 2448 DMusic - ok
07:47:49.0390 2448 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:47:49.0500 2448 Dnscache - ok
07:47:49.0531 2448 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:47:50.0078 2448 Dot3svc - ok
07:47:50.0109 2448 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
07:47:50.0328 2448 dpti2o - ok
07:47:50.0375 2448 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:47:50.0625 2448 drmkaud - ok
07:47:50.0656 2448 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:47:52.0281 2448 EapHost - ok
07:47:52.0328 2448 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:47:52.0671 2448 ERSvc - ok
07:47:52.0718 2448 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:47:52.0765 2448 Eventlog - ok
07:47:52.0828 2448 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:47:52.0890 2448 EventSystem - ok
07:47:52.0937 2448 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:47:53.0187 2448 Fastfat - ok
07:47:53.0250 2448 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:47:53.0390 2448 FastUserSwitchingCompatibility - ok
07:47:53.0546 2448 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
07:47:54.0156 2448 Fax - ok
07:47:54.0406 2448 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
07:47:56.0093 2448 Fdc - ok
07:47:56.0250 2448 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:47:59.0593 2448 Fips - ok
07:47:59.0640 2448 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
07:48:01.0812 2448 Flpydisk - ok
07:48:02.0109 2448 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:48:03.0953 2448 FltMgr - ok
07:48:04.0062 2448 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:48:04.0671 2448 FontCache3.0.0.0 - ok
07:48:04.0703 2448 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:48:07.0187 2448 Fs_Rec - ok
07:48:07.0250 2448 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:48:07.0984 2448 Ftdisk - ok
07:48:08.0078 2448 [ A6773422A1086201F880F75BF31EC8D1 ] GoogleDesktopManager-080708-050100 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
07:48:08.0406 2448 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - warning
07:48:08.0406 2448 GoogleDesktopManager-080708-050100 - detected UnsignedFile.Multi.Generic (1)
07:48:08.0531 2448 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:48:09.0578 2448 Gpc - ok
07:48:09.0750 2448 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:48:10.0265 2448 gupdate - ok
07:48:10.0281 2448 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:48:10.0328 2448 gupdatem - ok
07:48:10.0390 2448 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:48:11.0046 2448 gusvc - ok
07:48:11.0093 2448 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:48:11.0640 2448 HDAudBus - ok
07:48:11.0703 2448 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:48:11.0984 2448 helpsvc - ok
07:48:12.0031 2448 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
07:48:13.0296 2448 HidServ - ok
07:48:13.0359 2448 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:48:13.0906 2448 HidUsb - ok
07:48:13.0937 2448 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:48:14.0468 2448 hkmsvc - ok
07:48:14.0515 2448 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
07:48:14.0750 2448 hpn - ok
07:48:14.0875 2448 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:48:14.0953 2448 HTTP - ok
07:48:15.0000 2448 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:48:15.0484 2448 HTTPFilter - ok
07:48:15.0515 2448 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
07:48:15.0906 2448 i2omgmt - ok
07:48:15.0953 2448 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
07:48:16.0187 2448 i2omp - ok
07:48:16.0218 2448 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:48:16.0656 2448 i8042prt - ok
07:48:16.0875 2448 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:48:18.0781 2448 ialm - ok
07:48:18.0843 2448 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:48:19.0328 2448 idsvc - ok
07:48:19.0359 2448 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:48:19.0765 2448 Imapi - ok
07:48:19.0828 2448 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:48:20.0312 2448 ImapiService - ok
07:48:20.0359 2448 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
07:48:20.0640 2448 ini910u - ok
07:48:20.0703 2448 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15.sys C:\Acer\Empowering Technology\eRecovery\int15.sys
07:48:20.0921 2448 int15.sys ( UnsignedFile.Multi.Generic ) - warning
07:48:20.0921 2448 int15.sys - detected UnsignedFile.Multi.Generic (1)
07:48:21.0109 2448 [ 19AFBB8427CE65042599555E578170DF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
07:48:22.0125 2448 IntcAzAudAddService - ok
07:48:22.0171 2448 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
07:48:22.0390 2448 IntelIde - ok
07:48:22.0421 2448 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:48:22.0828 2448 intelppm - ok
07:48:22.0859 2448 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:48:23.0218 2448 Ip6Fw - ok
07:48:23.0265 2448 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:48:23.0921 2448 IpFilterDriver - ok
07:48:23.0953 2448 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:48:24.0375 2448 IpInIp - ok
07:48:24.0421 2448 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:48:24.0953 2448 IpNat - ok
07:48:25.0015 2448 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:48:25.0781 2448 IPSec - ok
07:48:25.0828 2448 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:48:26.0359 2448 IRENUM - ok
07:48:26.0406 2448 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:48:26.0687 2448 isapnp - ok
07:48:26.0890 2448 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
07:48:27.0625 2448 IviRegMgr - ok
07:48:27.0781 2448 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:48:28.0375 2448 JavaQuickStarterService - ok
07:48:28.0437 2448 [ DA971CFC625D13636E04C405948E9D62 ] JMCR C:\WINDOWS\system32\DRIVERS\jmcr.sys
07:48:28.0921 2448 JMCR - ok
07:48:28.0953 2448 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:48:29.0968 2448 Kbdclass - ok
07:48:30.0031 2448 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
07:48:30.0843 2448 kbdhid - ok
07:48:30.0859 2448 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:48:31.0125 2448 kmixer - ok
07:48:31.0187 2448 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:48:31.0281 2448 KSecDD - ok
07:48:31.0359 2448 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:48:31.0437 2448 LanmanServer - ok
07:48:31.0562 2448 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:48:31.0640 2448 lanmanworkstation - ok
07:48:31.0656 2448 lbrtfdc - ok
07:48:31.0718 2448 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:48:31.0984 2448 LmHosts - ok
07:48:32.0078 2448 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:48:32.0484 2448 Messenger - ok
07:48:32.0593 2448 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:48:32.0953 2448 mnmdd - ok
07:48:33.0000 2448 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:48:33.0531 2448 mnmsrvc - ok
07:48:33.0562 2448 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:48:34.0031 2448 Modem - ok
07:48:34.0046 2448 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:48:34.0468 2448 Mouclass - ok
07:48:34.0515 2448 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:48:35.0000 2448 mouhid - ok
07:48:35.0140 2448 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:48:35.0578 2448 MountMgr - ok
07:48:35.0671 2448 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:48:36.0593 2448 MozillaMaintenance - ok
07:48:36.0609 2448 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
07:48:37.0031 2448 mraid35x - ok
07:48:37.0062 2448 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:48:37.0421 2448 MRxDAV - ok
07:48:37.0468 2448 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:48:37.0546 2448 MRxSmb - ok
07:48:37.0593 2448 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:48:38.0078 2448 MSDTC - ok
07:48:38.0109 2448 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:48:38.0437 2448 Msfs - ok
07:48:38.0453 2448 MSIServer - ok
07:48:38.0500 2448 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:48:39.0046 2448 MSKSSRV - ok
07:48:39.0109 2448 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:48:39.0593 2448 MSPCLOCK - ok
07:48:39.0640 2448 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:48:40.0093 2448 MSPQM - ok
07:48:40.0109 2448 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:48:40.0546 2448 mssmbios - ok
07:48:40.0578 2448 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:48:41.0093 2448 MSTEE - ok
07:48:41.0156 2448 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:48:41.0281 2448 Mup - ok
07:48:41.0343 2448 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:48:42.0734 2448 NABTSFEC - ok
07:48:42.0812 2448 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:48:43.0359 2448 napagent - ok
07:48:43.0453 2448 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:48:43.0765 2448 NDIS - ok
07:48:43.0796 2448 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:48:44.0968 2448 NdisIP - ok
07:48:45.0015 2448 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:48:45.0109 2448 NdisTapi - ok
07:48:45.0140 2448 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:48:45.0484 2448 Ndisuio - ok
07:48:45.0500 2448 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:48:46.0265 2448 NdisWan - ok
07:48:46.0343 2448 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:48:46.0968 2448 NDProxy - ok
07:48:47.0031 2448 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:48:47.0578 2448 NetBIOS - ok
07:48:47.0625 2448 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:48:48.0671 2448 NetBT - ok
07:48:48.0765 2448 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:48:49.0156 2448 NetDDE - ok
07:48:49.0234 2448 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:48:49.0468 2448 NetDDEdsdm - ok
07:48:49.0531 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:48:49.0734 2448 Netlogon - ok
07:48:49.0781 2448 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:48:50.0000 2448 Netman - ok
07:48:50.0046 2448 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:48:50.0250 2448 NetTcpPortSharing - ok
07:48:50.0296 2448 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:48:50.0343 2448 Nla - ok
07:48:50.0406 2448 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:48:50.0609 2448 Npfs - ok
07:48:50.0656 2448 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:48:50.0921 2448 Ntfs - ok
07:48:50.0953 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:48:51.0171 2448 NtLmSsp - ok
07:48:51.0265 2448 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:48:51.0687 2448 NtmsSvc - ok
07:48:51.0734 2448 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:48:52.0234 2448 Null - ok
07:48:52.0281 2448 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:48:52.0640 2448 NwlnkFlt - ok
07:48:52.0671 2448 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:48:53.0515 2448 NwlnkFwd - ok
07:48:53.0609 2448 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:48:54.0156 2448 odserv - ok
07:48:54.0203 2448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:48:54.0718 2448 ose - ok
07:48:54.0750 2448 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
07:48:55.0171 2448 Parport - ok
07:48:55.0203 2448 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:48:55.0437 2448 PartMgr - ok
07:48:55.0468 2448 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:48:55.0718 2448 ParVdm - ok
07:48:55.0734 2448 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:48:55.0953 2448 PCI - ok
07:48:55.0953 2448 PCIDump - ok
07:48:55.0968 2448 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:48:56.0187 2448 PCIIde - ok
07:48:56.0218 2448 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:48:56.0625 2448 Pcmcia - ok
07:48:56.0640 2448 PDCOMP - ok
07:48:56.0656 2448 PDFRAME - ok
07:48:56.0656 2448 PDRELI - ok
07:48:56.0671 2448 PDRFRAME - ok
07:48:56.0703 2448 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
07:48:56.0937 2448 perc2 - ok
07:48:56.0953 2448 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
07:48:57.0171 2448 perc2hib - ok
07:48:57.0218 2448 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:48:57.0265 2448 PlugPlay - ok
07:48:57.0265 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:48:57.0484 2448 PolicyAgent - ok
07:48:57.0562 2448 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:48:57.0968 2448 PptpMiniport - ok
07:48:58.0015 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:48:58.0281 2448 ProtectedStorage - ok
07:48:58.0343 2448 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:48:58.0718 2448 PSched - ok
07:48:58.0734 2448 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:48:59.0203 2448 Ptilink - ok
07:48:59.0265 2448 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
07:48:59.0593 2448 ql1080 - ok
07:48:59.0609 2448 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
07:48:59.0812 2448 Ql10wnt - ok
07:48:59.0828 2448 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
07:49:00.0031 2448 ql12160 - ok
07:49:00.0031 2448 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
07:49:00.0265 2448 ql1240 - ok
07:49:00.0312 2448 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
07:49:00.0515 2448 ql1280 - ok
07:49:00.0546 2448 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:49:00.0906 2448 RasAcd - ok
07:49:00.0953 2448 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:49:01.0406 2448 RasAuto - ok
07:49:01.0437 2448 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:49:01.0765 2448 Rasl2tp - ok
07:49:01.0843 2448 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:49:02.0234 2448 RasMan - ok
07:49:02.0296 2448 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:49:02.0796 2448 RasPppoe - ok
07:49:02.0796 2448 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:49:03.0187 2448 Raspti - ok
07:49:03.0218 2448 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:49:03.0437 2448 Rdbss - ok
07:49:03.0500 2448 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:49:03.0843 2448 RDPCDD - ok
07:49:03.0890 2448 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
07:49:04.0390 2448 rdpdr - ok
07:49:04.0437 2448 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:49:04.0531 2448 RDPWD - ok
07:49:04.0562 2448 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:49:05.0015 2448 RDSessMgr - ok
07:49:05.0062 2448 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:49:05.0781 2448 redbook - ok
07:49:05.0843 2448 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:49:06.0265 2448 RemoteAccess - ok
07:49:06.0296 2448 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:49:06.0718 2448 RpcLocator - ok
07:49:06.0828 2448 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
07:49:06.0875 2448 RpcSs - ok
07:49:06.0906 2448 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:49:07.0312 2448 RSVP - ok
07:49:07.0359 2448 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
07:49:07.0640 2448 RTLE8023xp - ok
07:49:07.0671 2448 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:49:07.0875 2448 SamSs - ok
07:49:07.0921 2448 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:49:08.0296 2448 SCardSvr - ok
07:49:08.0375 2448 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:49:08.0703 2448 Schedule - ok
07:49:08.0734 2448 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:49:08.0843 2448 Secdrv - ok
07:49:08.0859 2448 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:49:09.0062 2448 seclogon - ok
07:49:09.0078 2448 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:49:09.0312 2448 SENS - ok
07:49:09.0359 2448 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
07:49:09.0687 2448 Serial - ok
07:49:09.0765 2448 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:49:10.0125 2448 Sfloppy - ok
07:49:10.0187 2448 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
07:49:10.0468 2448 SharedAccess - ok
07:49:10.0500 2448 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:49:10.0531 2448 ShellHWDetection - ok
07:49:10.0546 2448 Simbad - ok
07:49:10.0609 2448 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
07:49:10.0843 2448 sisagp - ok
07:49:11.0078 2448 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
07:49:12.0218 2448 Skype C2C Service - ok
07:49:12.0296 2448 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:49:14.0015 2448 SkypeUpdate - ok
07:49:14.0062 2448 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:49:14.0515 2448 SLIP - ok
07:49:14.0640 2448 [ 0302BC619D4A723317E7F8EB0C362BD3 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
07:49:14.0953 2448 SNP2UVC - ok
07:49:15.0000 2448 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
07:49:15.0109 2448 Sparrow - ok
07:49:15.0156 2448 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:49:15.0437 2448 splitter - ok
07:49:15.0484 2448 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:49:15.0531 2448 Spooler - ok
07:49:15.0546 2448 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:49:15.0656 2448 sr - ok
07:49:15.0703 2448 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:49:15.0796 2448 srservice - ok
07:49:15.0843 2448 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:49:15.0875 2448 Srv - ok
07:49:15.0921 2448 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:49:16.0281 2448 SSDPSRV - ok
07:49:16.0750 2448 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:49:17.0515 2448 stisvc - ok
07:49:17.0546 2448 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:49:18.0421 2448 streamip - ok
07:49:18.0484 2448 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:49:18.0921 2448 swenum - ok
07:49:18.0984 2448 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:49:19.0234 2448 swmidi - ok
07:49:19.0234 2448 SwPrv - ok
07:49:19.0281 2448 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
07:49:19.0515 2448 symc810 - ok
07:49:19.0531 2448 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
07:49:19.0781 2448 symc8xx - ok
07:49:19.0796 2448 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
07:49:20.0031 2448 sym_hi - ok
07:49:20.0062 2448 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
07:49:20.0281 2448 sym_u3 - ok
07:49:20.0328 2448 [ 409F7EEB079D6154CCB26A02E6E27844 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
07:49:20.0578 2448 SynTP - ok
07:49:20.0609 2448 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:49:20.0906 2448 sysaudio - ok
07:49:20.0953 2448 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:49:21.0421 2448 SysmonLog - ok
07:49:21.0453 2448 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:49:22.0031 2448 TapiSrv - ok
07:49:22.0093 2448 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:49:22.0203 2448 Tcpip - ok
07:49:22.0250 2448 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:49:22.0750 2448 TDPIPE - ok
07:49:22.0765 2448 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:49:23.0140 2448 TDTCP - ok
07:49:23.0156 2448 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:49:23.0968 2448 TermDD - ok
07:49:24.0031 2448 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:49:24.0546 2448 TermService - ok
07:49:24.0578 2448 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:49:24.0609 2448 Themes - ok
07:49:24.0671 2448 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
07:49:24.0875 2448 TosIde - ok
07:49:24.0937 2448 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:49:25.0203 2448 TrkWks - ok
07:49:25.0234 2448 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:49:25.0593 2448 Udfs - ok
07:49:25.0640 2448 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
07:49:25.0781 2448 ultra - ok
07:49:25.0812 2448 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:49:26.0218 2448 Update - ok
07:49:26.0265 2448 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:49:26.0515 2448 upnphost - ok
07:49:26.0546 2448 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:49:26.0921 2448 UPS - ok
07:49:26.0953 2448 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:49:27.0421 2448 usbccgp - ok
07:49:27.0468 2448 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:49:27.0921 2448 usbehci - ok
07:49:27.0953 2448 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:49:28.0406 2448 usbhub - ok
07:49:28.0468 2448 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:49:28.0843 2448 USBSTOR - ok
07:49:28.0859 2448 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:49:29.0265 2448 usbuhci - ok
07:49:29.0312 2448 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:49:29.0687 2448 VgaSave - ok
07:49:29.0703 2448 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
07:49:29.0921 2448 viaagp - ok
07:49:29.0937 2448 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
07:49:30.0140 2448 ViaIde - ok
07:49:30.0187 2448 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:49:30.0421 2448 VolSnap - ok
07:49:30.0468 2448 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:49:30.0656 2448 VSS - ok
07:49:30.0796 2448 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
07:49:30.0859 2448 vToolbarUpdater12.2.6 - ok
07:49:30.0906 2448 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:49:31.0171 2448 W32Time - ok
07:49:31.0187 2448 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:49:31.0578 2448 Wanarp - ok
07:49:31.0578 2448 WDICA - ok
07:49:31.0625 2448 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:49:31.0859 2448 wdmaud - ok
07:49:31.0921 2448 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:49:32.0156 2448 WebClient - ok
07:49:32.0250 2448 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:49:32.0468 2448 winmgmt - ok
07:49:32.0515 2448 [ C7E39EA41233E9F5B86C8DA3A9F1E4A8 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
07:49:32.0906 2448 WmdmPmSN - ok
07:49:32.0953 2448 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
07:49:33.0328 2448 WmiAcpi - ok
07:49:33.0359 2448 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:49:33.0765 2448 WmiApSrv - ok
07:49:33.0796 2448 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
07:49:34.0296 2448 WS2IFSL - ok
07:49:34.0343 2448 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
07:49:34.0625 2448 wscsvc - ok
07:49:34.0656 2448 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:49:35.0078 2448 WSTCODEC - ok
07:49:35.0140 2448 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
07:49:35.0406 2448 wuauserv - ok
07:49:35.0453 2448 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:49:35.0687 2448 WZCSVC - ok
07:49:35.0734 2448 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:49:36.0140 2448 xmlprov - ok
07:49:36.0156 2448 ================ Scan global ===============================
07:49:36.0203 2448 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:49:36.0406 2448 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:49:36.0437 2448 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:49:36.0484 2448 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:49:36.0484 2448 [Global] - ok
07:49:36.0484 2448 ================ Scan MBR ==================================
07:49:36.0531 2448 [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
07:49:44.0687 2448 \Device\Harddisk0\DR0 - ok
07:49:44.0687 2448 ================ Scan VBR ==================================
07:49:44.0687 2448 [ B1A6D7C3FF8D5E26D98E6EAD66878436 ] \Device\Harddisk0\DR0\Partition1
07:49:44.0703 2448 \Device\Harddisk0\DR0\Partition1 - ok
07:49:44.0703 2448 ============================================================
07:49:44.0703 2448 Scan finished
07:49:44.0703 2448 ============================================================
07:49:44.0828 1224 Detected object count: 2
07:49:44.0828 1224 Actual detected object count: 2
07:52:21.0468 1224 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - skipped by user
07:52:21.0468 1224 GoogleDesktopManager-080708-050100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:52:21.0484 1224 int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
07:52:21.0484 1224 int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:52:31.0859 3172 Deinitialize success

Re: OTL and Extra - pasted and attached5th September 2012, 3:29 am

Waiting for next instructions.

Re: OTL and Extra - pasted and attached5th September 2012, 8:29 am

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
Click Start or wait for the scanner to load.
Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, there are a couple of things to keep in mind:
1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
Open the logfile from wherever you saved it
Copy and paste the contents in your next reply.

Re: OTL and Extra - pasted and attached5th September 2012, 3:49 pm

No threats found. Uninstalled ESET.
Next move?

BTW, should I do anything with Java?

Re: OTL and Extra - pasted and attached6th September 2012, 10:21 am

Hi! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

Cleaned System Restore
Ran OTC
Ran CCleaner
Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

All tasks done as advised6th September 2012, 3:37 pm

Seem to be running very well, but a bit slow to load Firefox. Here is the log;

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2012
ESET Online Scanner
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 30
Java 7 Update 7
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.0.1.152
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````

Re: OTL and Extra - pasted and attached6th September 2012, 8:18 pm

Update Firefox

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

Update Adobe Reader

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Adobe Flash Player Update!

Please download the newest version of Adobe Flash Player from Adobe.com

Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Any other questions before I mark this topic solved?

Ran MBAM and found this7th September 2012, 4:48 am

Yes...what is a
Heuristic.Reserved.Word.Exploit that MBAM just found?

I think it may be the program you had me download and rename, because
when I first tried to run it I noticed that it had .exe twice.
I think in the instructions it said to rename combofix SVChost.exe,
but when I did, it listed as svchost.exe.exe
Does that make sense?
I had trouble saving to my desktop, as my downloads all go to a download
folder and I have to drag them or move them to the desktop.
So, there may be the odd file here or there that I missed when trying
to remove them in your earlier instruction.
Spybot and AVG are showing clear, only this is showing up...here's the log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.07.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David :: DUCKEL [administrator]

9/6/2012 8:22:27 PM
mbam-log-2012-09-06 (21-51-41).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 273781
Time elapsed: 1 hour(s), 13 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Guest\My Documents\Downloads\svchost.exe.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

(end)

Last edited by etrdave on 7th September 2012, 4:58 am; edited 1 time in total (Reason for editing : added log from mbam)

Re: OTL and Extra - pasted and attached7th September 2012, 5:01 am

Also, should we save or delete the mbam logs that accumulate?

Re: OTL and Extra - pasted and attached7th September 2012, 6:40 pm

Nothing bad. Just looks like it detected ComboFix that we used. No biggie.

Re: OTL and Extra - pasted and attached8th September 2012, 2:14 am

Thank you, looks good. I deleted the download and reran MBAM
and no issues were found.

Now that the Acer is clear, I will start a new topic for
my desktop pc. It has zeroaccess quarantined by mbam
at the moment, along with several other trojan files.

Thank You!

Dave

Re: OTL and Extra - pasted and attached9th September 2012, 10:15 am

Post the log from this MBAM scan then, please.

MBAM scan log9th September 2012, 6:00 pm

Had a serious error recovery message prior to doing
this scan today.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.09.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David :: DUCKEL [administrator]

9/9/2012 9:47:22 AM
mbam-log-2012-09-09 (09-47-22).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274416
Time elapsed: 1 hour(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

MBAM log was from Netbook10th September 2012, 4:10 am

I just realized that you meant for me to post the desktop machine's infected mbam log.

Before I do that, I wanted to ask if you could check my logs and give me a link for the HOST files I need for this machine, or, just tell me which of the many downloads on that page are the right ones. Thanks!

Infected Desktop Machine MBAM log10th September 2012, 4:15 am

My Desktop pc's MBAM log will be posted next, along with the quarantine list from AVG.
MBAM has zeroaccess quarantined, and AVG has
Agent_r.BMS and Backdoor.Generic15.BIXF quarantined.

Please advise. Thanks.

Desktop MBAM / AVG / RK10th September 2012, 5:16 am

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4051

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/29/2010 8:29:14 AM
mbam-log-2010-04-29 (08-29-14).txt

Scan type: Full scan (A:\|C:\|)
Objects scanned: 207385
Time elapsed: 23 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbcamiyd (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lbcamiyd (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Local Settings\Application Data\xrovqpfof\eeenncntssd.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\RaaH.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\yCVO.exe (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CEZD4KV5\n002102304801r0409J11000601R83a99fdaW046d99ddX9c4de30dYd79ec259Z03009f350[1] (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WK60Y5LU\n002102304801r0409J11000601R83a99fdaW046d99ddX9430cb2fYdfe815a9Z03009f350[1] (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Here are quarantine notes in AVG:
Malware Win32/Adware.Toolbar.Dealio C:\PROGRAMFILES\PDFFORGETOOLBAR\IE\4.5\PDFFORGETOOLBARIE.DLL
Malware Win32/Adware.Toolbar.Dealio C:\PROGRAMFILES\COMMONFILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE
Malware UNKNOWN C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\F4D55F3B0001836367169D4ED151FC84\F4D55F3B0001836367169D4ED151FC84.EXE
Corrupted executable file C:\Documents and Settings\Owner\Local Settings\Temp\SkypeSetup.exe
Infection Trojan horse Agent_r.BMS C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\80000032.@.vir
Infection Trojan horse Backdoor.Generic15.BIXF C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\000000cb.@.vir

And a Quarantine Report:

Time : 01/09/2012 19:43:26
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.

Time : 01/09/2012 19:48:38
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.

Time : 01/09/2012 19:49:12
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.

Time : 01/09/2012 19:57:51
--------------------------
[LaunchPad.exe.vir] -> C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.
ERROR [n..vir] -> C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.

Time : 01/09/2012 21:16:58
--------------------------

Time : 01/09/2012 21:25:50
--------------------------

Time : 05/09/2012 00:22:53
--------------------------

Re: OTL and Extra - pasted and attached10th September 2012, 5:19 am

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/01/2012 19:43:27

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] LaunchPad.exe -- C:\Documents and Settings\Owner\Application Data\U3\000015EBBA6133D1\LaunchPad.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\RECYCLER\S-1-5-21-1614895754-861567501-682003330-1003\$4da03db75501abe897a6efc6a820fe37\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAKS-22VSA0 +++++
--- User ---
[MBR] d1dd1b46542915a868a86177a5d1c98b
[BSP] dc1586e26c5e2a65ee56087b0c6cae52 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Re: OTL and Extra - pasted and attached10th September 2012, 5:21 am

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRKgmailcom
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 09/05/2012 00:22:53

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAKS-22VSA0 +++++
--- User ---
[MBR] d1dd1b46542915a868a86177a5d1c98b
[BSP] dc1586e26c5e2a65ee56087b0c6cae52 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt

System is currently not connected to the internet.

Re: OTL and Extra - pasted and attached10th September 2012, 3:20 pm

Why is this last MBAM log posted, when it's from 4/29/2010 8:29:14 AM ?

Most recent MBAM log10th September 2012, 3:54 pm

I posted the old one because it showed what was shown as infected. I have not updated MBAM in 5 days as I have disconnected pc from the internet. AVG is showing something that appears to be reinstallers.
MBAM is below:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: OWNER-1EFEC9199 [administrator]

9/9/2012 10:11:28 PM
mbam-log-2012-09-09 (22-11-28).txt

Scan type: Full scan (A:\|C:\|E:\|F:\|G:\|H:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376969
Time elapsed: 1 hour(s), 20 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\00000008.@.vir (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\RK_Quarantine\80000000.@.vir (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

Re: OTL and Extra - pasted and attached11th September 2012, 9:48 am

Let's look over a couple more things, then honestly I believe this PC is very clean!

AdwCleaner Scan
Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

OTL and Extra - pasted and attached AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

Shall I reconnect my pc to internet?11th September 2012, 1:12 pm

I am currently disconnected. I ran the first program from the desktop.
Report is below. I put aswMBR on a stick and copied it to desktop.
When I clicked on it, it says "This application can use the Avast Free Antivirus for scanning. It is recommended to download it for better detection results. Would you like to download latest Avast virus definitions?

This will require reconnecting, unless I just click NO.

Please advise if it is safe for me to reconnect pc to internet.

# AdwCleaner v2.000 - Logfile created 09/02/2012 at 14:40:28
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-1EFEC9199
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
File Found : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
Folder Found : C:\Documents and Settings\Owner\Application Data\pdfforge

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\pdfforge
Key Found : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\18uaxcra.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\duw4v4k6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1447 octets] - [02/09/2012 14:40:28]

########## EOF - C:\AdwCleaner[R1].txt - [1507 octets] ##########

Re: OTL and Extra - pasted and attached11th September 2012, 2:10 pm

I ran the aswMBR that I had saved to the desktop from my stick/not as downloaded with updates. Here are the results.
I am still waiting to hear if it is ok to reconnect the LAN cable to my pc.
Let me know if you'd like me to reconnect the LAN cable and then to
download aswMBR directly to the desktop, then to click on the YES button to update definitions and run it again.

Results follow:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-11 07:00:54
-----------------------------
07:00:54.906 OS Version: Windows 5.1.2600 Service Pack 3
07:00:54.906 Number of processors: 2 586 0x170A
07:00:54.906 ComputerName: OWNER-1EFEC9199 UserName: Owner
07:00:55.421 Initialize success
07:01:02.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
07:01:02.656 Disk 0 Vendor: WDC_WD2500AAKS-22VSA0 01.01B01 Size: 238475MB BusType: 3
07:01:02.687 Disk 0 MBR read successfully
07:01:02.687 Disk 0 MBR scan
07:01:02.687 Disk 0 Windows XP default MBR code
07:01:02.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
07:01:02.687 Disk 0 scanning sectors +488376000
07:01:02.734 Disk 0 scanning C:\WINDOWS\system32\drivers
07:01:07.343 Service scanning
07:01:16.593 Modules scanning
07:01:18.906 Disk 0 trace - called modules:
07:01:18.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:01:18.921 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3abab8]
07:01:18.921 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000066[0x8b3b2f18]
07:01:18.921 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b3add98]
07:01:18.921 Scan finished successfully
07:04:19.250 Disk 0 MBR has been saved successfully to "J:\Reports from Desktop Computer September 2012\New Folder\MBR.dat"
07:04:19.250 The log file has been saved successfully to "J:\Reports from Desktop Computer September 2012\New Folder\aswMBR.txt"

Re: OTL and Extra - pasted and attached12th September 2012, 5:27 pm

Okie dokie. All clean! Smile...

Do this, and we'll be done:

AdwCleaner Fix

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log.

Re: OTL and Extra - pasted and attached13th September 2012, 2:29 am

# AdwCleaner v2.000 - Logfile created 09/12/2012 at 18:53:22
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - OWNER-1EFEC9199
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program FilesC:\Program Files\Software
Deleted on reboot : C:\Program FilesC:\Program Files\Software
Folder Deleted : C:\Documents and Settings\Owner\Application Data\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\18uaxcra.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\duw4v4k6.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1576 octets] - [02/09/2012 14:40:28]
AdwCleaner[R2].txt - [1636 octets] - [11/09/2012 05:26:26]
AdwCleaner[S1].txt - [1887 octets] - [12/09/2012 18:53:22]

########## EOF - C:\AdwCleaner[S1].txt - [1947 octets] ##########

Re: OTL and Extra - pasted and attached13th September 2012, 4:10 am

What about the files that MBAM has identified?
C:\RECYCLER, for example???
HKCR\CLSID....?

Can I empty AVG Virus Vault?
Currently holding 2 Malware, 1 corrupted Skype exe file, , an Unknown application/data exe, and 2 trojans.

And what about the things RK has quarantined?
SHALL I DELETE THEM?
Or, is there a reason for keeping launchpad.exe.vir???

Re: OTL and Extra - pasted and attached13th September 2012, 7:33 am

One more question...
when I open Windows Security Center,
Security Essentials will not open and I cannot
view firewall settings when I click on it.

Is that virus related or a registry problem caused
by ccleaner?

And, when connected to the internet, IE wasn't able to check updates...and I know there is a new update.

Re: OTL and Extra - pasted and attached13th September 2012, 10:26 am

What c:\RECYCLER?

Yes, you can empty the quarantine and virus vault.

Please list all problems and error messages.

Re: OTL and Extra - pasted and attached13th September 2012, 1:50 pm

Recycler is listed as a zero access file.
Everything mbam shows is labelled either zeroaccess trojan or 0access file.

Windows does not allow the security center to start.
When I open it manually, security essentials are not available.

Re: OTL and Extra - pasted and attached13th September 2012, 2:10 pm

Due to an unidentified problem, Windows cannot display firewall settings.

Re: OTL and Extra - pasted and attached13th September 2012, 2:27 pm

I cannot connect to the internet as an administrator.
I have limited connectivity.
I can connect to the internet as a guest.
I cannot update Windows with the new service pack.

AVG Resident Shield shows Trojan horse Backdoor.Generic15.BYSQ in C:\Program Files\Malwarebytes Anti Malware\mbam.exe

Re: OTL and Extra - pasted and attached13th September 2012, 2:28 pm

That was found on 9/9. I don't know how Resident Shield works. The file is C:\system volume information\_restore ().ini

Re: OTL and Extra - pasted and attached14th September 2012, 10:16 am

I wouldn't doubt the possibility that you keep reinfecting the computer.

Please delete the old copy of TDSSKiller, download a new copy, run a scan, and post a new log.

Re: OTL and Extra - pasted and attached14th September 2012, 2:24 pm

Be aware that we still have all of the old system restore points on this pc.

We have not yet reconnected to the internet to run
ESET as we did with the Acer netbook.

Here is the TDSS log:
07:10:01.0703 2544 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
07:10:01.0718 2544 ============================================================
07:10:01.0718 2544 Current date / time: 2012/09/14 07:10:01.0718
07:10:01.0718 2544 SystemInfo:
07:10:01.0718 2544
07:10:01.0718 2544 OS Version: 5.1.2600 ServicePack: 3.0
07:10:01.0718 2544 Product type: Workstation
07:10:01.0718 2544 ComputerName: OWNER-1EFEC9199
07:10:01.0718 2544 UserName: Owner
07:10:01.0718 2544 Windows directory: C:\WINDOWS
07:10:01.0718 2544 System windows directory: C:\WINDOWS
07:10:01.0718 2544 Processor architecture: Intel x86
07:10:01.0718 2544 Number of processors: 2
07:10:01.0718 2544 Page size: 0x1000
07:10:01.0718 2544 Boot type: Normal boot
07:10:01.0718 2544 ============================================================
07:10:02.0984 2544 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
07:10:03.0000 2544 ============================================================
07:10:03.0000 2544 \Device\Harddisk0\DR0:
07:10:03.0000 2544 MBR partitions:
07:10:03.0000 2544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
07:10:03.0000 2544 ============================================================
07:10:03.0031 2544 C: <-> \Device\Harddisk0\DR0\Partition1
07:10:03.0031 2544 ============================================================
07:10:03.0031 2544 Initialize success
07:10:03.0031 2544 ============================================================
07:10:33.0203 4044 ============================================================
07:10:33.0203 4044 Scan started
07:10:33.0203 4044 Mode: Manual; SigCheck; TDLFS;
07:10:33.0203 4044 ============================================================
07:10:33.0328 4044 ================ Scan system memory ========================
07:10:33.0328 4044 System memory - ok
07:10:33.0328 4044 ================ Scan services =============================
07:10:33.0468 4044 Abiosdsk - ok
07:10:33.0468 4044 abp480n5 - ok
07:10:33.0593 4044 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
07:10:33.0671 4044 ACDaemon - ok
07:10:33.0703 4044 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
07:10:33.0859 4044 ACPI - ok
07:10:33.0890 4044 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
07:10:33.0984 4044 ACPIEC - ok
07:10:34.0078 4044 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
07:10:34.0078 4044 AdobeFlashPlayerUpdateSvc - ok
07:10:34.0093 4044 adpu160m - ok
07:10:34.0093 4044 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
07:10:34.0156 4044 aec - ok
07:10:34.0187 4044 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\WINDOWS\system32\drivers\Afc.sys
07:10:34.0187 4044 Afc - ok
07:10:34.0250 4044 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
07:10:34.0359 4044 AFD - ok
07:10:34.0375 4044 Aha154x - ok
07:10:34.0375 4044 aic78u2 - ok
07:10:34.0375 4044 aic78xx - ok
07:10:34.0390 4044 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
07:10:34.0484 4044 Alerter - ok
07:10:34.0500 4044 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
07:10:34.0546 4044 ALG - ok
07:10:34.0546 4044 AliIde - ok
07:10:34.0546 4044 amsint - ok
07:10:34.0546 4044 AppMgmt - ok
07:10:34.0562 4044 [ 35A6A419D7526F5CF824AFB23AFA08D6 ] ArcSoftKsUFilter C:\WINDOWS\system32\DRIVERS\ArcSoftKsUFilter.sys
07:10:34.0562 4044 ArcSoftKsUFilter - ok
07:10:34.0562 4044 asc - ok
07:10:34.0578 4044 asc3350p - ok
07:10:34.0578 4044 asc3550 - ok
07:10:34.0671 4044 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
07:10:34.0687 4044 aspnet_state - ok
07:10:34.0718 4044 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
07:10:34.0781 4044 AsyncMac - ok
07:10:34.0812 4044 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
07:10:34.0875 4044 atapi - ok
07:10:34.0875 4044 Atdisk - ok
07:10:34.0875 4044 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
07:10:34.0937 4044 Atmarpc - ok
07:10:34.0968 4044 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
07:10:35.0046 4044 AudioSrv - ok
07:10:35.0062 4044 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
07:10:35.0125 4044 audstub - ok
07:10:35.0593 4044 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
07:10:35.0750 4044 AVGIDSAgent - ok
07:10:35.0781 4044 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
07:10:35.0796 4044 AVGIDSDriver - ok
07:10:35.0828 4044 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
07:10:35.0828 4044 AVGIDSFilter - ok
07:10:35.0859 4044 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
07:10:35.0859 4044 AVGIDSHX - ok
07:10:35.0890 4044 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
07:10:35.0906 4044 AVGIDSShim - ok
07:10:35.0921 4044 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
07:10:35.0937 4044 Avgldx86 - ok
07:10:35.0953 4044 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
07:10:35.0968 4044 Avgmfx86 - ok
07:10:35.0968 4044 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
07:10:35.0984 4044 Avgrkx86 - ok
07:10:36.0015 4044 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
07:10:36.0031 4044 Avgtdix - ok
07:10:36.0078 4044 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
07:10:36.0093 4044 avgwd - ok
07:10:36.0140 4044 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
07:10:36.0203 4044 Beep - ok
07:10:36.0265 4044 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
07:10:36.0328 4044 Browser - ok
07:10:36.0343 4044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
07:10:36.0437 4044 cbidf2k - ok
07:10:36.0468 4044 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
07:10:36.0562 4044 CCDECODE - ok
07:10:36.0562 4044 cd20xrnt - ok
07:10:36.0609 4044 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
07:10:36.0687 4044 Cdaudio - ok
07:10:36.0703 4044 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
07:10:36.0765 4044 Cdfs - ok
07:10:36.0796 4044 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
07:10:36.0859 4044 Cdrom - ok
07:10:36.0859 4044 Changer - ok
07:10:36.0890 4044 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
07:10:36.0953 4044 CiSvc - ok
07:10:36.0968 4044 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
07:10:37.0031 4044 ClipSrv - ok
07:10:37.0062 4044 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:10:37.0062 4044 clr_optimization_v2.0.50727_32 - ok
07:10:37.0125 4044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:10:37.0140 4044 clr_optimization_v4.0.30319_32 - ok
07:10:37.0140 4044 CmdIde - ok
07:10:37.0140 4044 COMSysApp - ok
07:10:37.0140 4044 Cpqarray - ok
07:10:37.0203 4044 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
07:10:37.0265 4044 CryptSvc - ok
07:10:37.0281 4044 dac2w2k - ok
07:10:37.0281 4044 dac960nt - ok
07:10:37.0343 4044 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
07:10:37.0421 4044 DcomLaunch - ok
07:10:37.0484 4044 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
07:10:37.0562 4044 Dhcp - ok
07:10:37.0562 4044 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
07:10:37.0625 4044 Disk - ok
07:10:37.0625 4044 dmadmin - ok
07:10:37.0671 4044 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
07:10:37.0796 4044 dmboot - ok
07:10:37.0828 4044 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
07:10:37.0921 4044 dmio - ok
07:10:37.0953 4044 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
07:10:38.0015 4044 dmload - ok
07:10:38.0031 4044 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
07:10:38.0093 4044 dmserver - ok
07:10:38.0140 4044 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
07:10:38.0203 4044 DMusic - ok
07:10:38.0250 4044 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
07:10:38.0359 4044 Dnscache - ok
07:10:38.0375 4044 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
07:10:38.0437 4044 Dot3svc - ok
07:10:38.0437 4044 dpti2o - ok
07:10:38.0437 4044 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
07:10:38.0531 4044 drmkaud - ok
07:10:38.0562 4044 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
07:10:38.0625 4044 EapHost - ok
07:10:38.0656 4044 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
07:10:38.0718 4044 ERSvc - ok
07:10:38.0781 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
07:10:38.0796 4044 Eventlog - ok
07:10:38.0859 4044 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
07:10:38.0906 4044 EventSystem - ok
07:10:38.0906 4044 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
07:10:39.0000 4044 Fastfat - ok
07:10:39.0046 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
07:10:39.0093 4044 FastUserSwitchingCompatibility - ok
07:10:39.0125 4044 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
07:10:39.0187 4044 Fdc - ok
07:10:39.0203 4044 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
07:10:39.0265 4044 Fips - ok
07:10:39.0281 4044 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
07:10:39.0328 4044 Flpydisk - ok
07:10:39.0375 4044 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
07:10:39.0437 4044 FltMgr - ok
07:10:39.0468 4044 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
07:10:39.0468 4044 FontCache3.0.0.0 - ok
07:10:39.0484 4044 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:10:39.0562 4044 Fs_Rec - ok
07:10:39.0578 4044 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
07:10:39.0640 4044 Ftdisk - ok
07:10:39.0687 4044 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
07:10:39.0750 4044 Gpc - ok
07:10:39.0875 4044 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
07:10:39.0875 4044 gupdate - ok
07:10:39.0890 4044 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
07:10:39.0890 4044 gupdatem - ok
07:10:39.0937 4044 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
07:10:39.0937 4044 gusvc - ok
07:10:39.0968 4044 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
07:10:40.0031 4044 HDAudBus - ok
07:10:40.0093 4044 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
07:10:40.0156 4044 helpsvc - ok
07:10:40.0156 4044 HidServ - ok
07:10:40.0187 4044 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
07:10:40.0250 4044 HidUsb - ok
07:10:40.0265 4044 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
07:10:40.0328 4044 hkmsvc - ok
07:10:40.0343 4044 hpn - ok
07:10:40.0375 4044 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
07:10:40.0421 4044 HTTP - ok
07:10:40.0453 4044 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
07:10:40.0546 4044 HTTPFilter - ok
07:10:40.0546 4044 i2omgmt - ok
07:10:40.0546 4044 i2omp - ok
07:10:40.0562 4044 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
07:10:40.0640 4044 i8042prt - ok
07:10:40.0812 4044 [ CD32607F1CC8AC67224334AE123F7B98 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
07:10:41.0109 4044 ialm - ok
07:10:41.0156 4044 [ 16E441DC4DAF703FB0B0FE474830FF53 ] IcRecUsb C:\WINDOWS\system32\Drivers\IcRecUsb.sys
07:10:41.0203 4044 IcRecUsb - ok
07:10:41.0281 4044 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
07:10:41.0296 4044 IDriverT ( UnsignedFile.Multi.Generic ) - warning
07:10:41.0296 4044 IDriverT - detected UnsignedFile.Multi.Generic (1)
07:10:41.0359 4044 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
07:10:41.0390 4044 idsvc - ok
07:10:41.0390 4044 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
07:10:41.0453 4044 Imapi - ok
07:10:41.0500 4044 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
07:10:41.0578 4044 ImapiService - ok
07:10:41.0578 4044 ini910u - ok
07:10:41.0578 4044 IntelIde - ok
07:10:41.0593 4044 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
07:10:41.0656 4044 intelppm - ok
07:10:41.0750 4044 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
07:10:41.0750 4044 IntuitUpdateService - ok
07:10:41.0812 4044 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
07:10:41.0828 4044 IntuitUpdateServiceV4 - ok
07:10:41.0859 4044 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
07:10:41.0937 4044 Ip6Fw - ok
07:10:41.0968 4044 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:10:42.0031 4044 IpFilterDriver - ok
07:10:42.0046 4044 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
07:10:42.0140 4044 IpInIp - ok
07:10:42.0156 4044 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
07:10:42.0218 4044 IpNat - ok
07:10:42.0281 4044 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
07:10:42.0343 4044 IPSec - ok
07:10:42.0390 4044 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
07:10:42.0437 4044 IRENUM - ok
07:10:42.0500 4044 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
07:10:42.0562 4044 isapnp - ok
07:10:42.0640 4044 [ 80F08F50D248EEEEB9256F6522891D40 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
07:10:42.0640 4044 JavaQuickStarterService - ok
07:10:42.0671 4044 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
07:10:42.0734 4044 Kbdclass - ok
07:10:42.0765 4044 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
07:10:42.0828 4044 kmixer - ok
07:10:42.0859 4044 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
07:10:42.0953 4044 KSecDD - ok
07:10:42.0984 4044 [ 93E64BAB9DEE162CA0CA5258D132A047 ] L1e C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
07:10:43.0031 4044 L1e - ok
07:10:43.0062 4044 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
07:10:43.0109 4044 LanmanServer - ok
07:10:43.0140 4044 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
07:10:43.0203 4044 lanmanworkstation - ok
07:10:43.0203 4044 lbrtfdc - ok
07:10:43.0281 4044 [ 31D8B705DCD5F2366186E731F87C7A71 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
07:10:43.0296 4044 LightScribeService - ok
07:10:43.0343 4044 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
07:10:43.0421 4044 LmHosts - ok
07:10:43.0453 4044 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
07:10:43.0515 4044 Messenger - ok
07:10:43.0562 4044 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
07:10:43.0625 4044 mnmdd - ok
07:10:43.0640 4044 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
07:10:43.0703 4044 mnmsrvc - ok
07:10:43.0734 4044 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
07:10:43.0796 4044 Modem - ok
07:10:43.0859 4044 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] monfilt C:\WINDOWS\system32\drivers\monfilt.sys
07:10:44.0000 4044 monfilt - ok
07:10:44.0046 4044 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
07:10:44.0125 4044 Mouclass - ok
07:10:44.0125 4044 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
07:10:44.0203 4044 mouhid - ok
07:10:44.0250 4044 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
07:10:44.0328 4044 MountMgr - ok
07:10:44.0375 4044 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
07:10:44.0390 4044 MozillaMaintenance - ok
07:10:44.0390 4044 mraid35x - ok
07:10:44.0390 4044 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
07:10:44.0453 4044 MRxDAV - ok
07:10:44.0500 4044 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:10:44.0546 4044 MRxSmb - ok
07:10:44.0562 4044 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
07:10:44.0625 4044 MSDTC - ok
07:10:44.0640 4044 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
07:10:44.0703 4044 Msfs - ok
07:10:44.0703 4044 MSIServer - ok
07:10:44.0703 4044 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
07:10:44.0765 4044 MSKSSRV - ok
07:10:44.0781 4044 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
07:10:44.0843 4044 MSPCLOCK - ok
07:10:44.0843 4044 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
07:10:44.0906 4044 MSPQM - ok
07:10:44.0937 4044 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
07:10:45.0000 4044 mssmbios - ok
07:10:45.0031 4044 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
07:10:45.0093 4044 MSTEE - ok
07:10:45.0140 4044 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
07:10:45.0171 4044 MTsensor - ok
07:10:45.0203 4044 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
07:10:45.0234 4044 Mup - ok
07:10:45.0265 4044 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
07:10:45.0359 4044 NABTSFEC - ok
07:10:45.0390 4044 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
07:10:45.0468 4044 napagent - ok
07:10:45.0500 4044 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
07:10:45.0562 4044 NDIS - ok
07:10:45.0593 4044 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
07:10:45.0656 4044 NdisIP - ok
07:10:45.0703 4044 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:10:45.0750 4044 NdisTapi - ok
07:10:45.0781 4044 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
07:10:45.0843 4044 Ndisuio - ok
07:10:45.0843 4044 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:10:45.0921 4044 NdisWan - ok
07:10:45.0953 4044 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
07:10:46.0015 4044 NDProxy - ok
07:10:46.0031 4044 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
07:10:46.0078 4044 NetBIOS - ok
07:10:46.0109 4044 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
07:10:46.0171 4044 NetBT - ok
07:10:46.0218 4044 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
07:10:46.0312 4044 NetDDE - ok
07:10:46.0312 4044 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
07:10:46.0375 4044 NetDDEdsdm - ok
07:10:46.0437 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
07:10:46.0500 4044 Netlogon - ok
07:10:46.0515 4044 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
07:10:46.0578 4044 Netman - ok
07:10:46.0625 4044 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:10:46.0625 4044 NetTcpPortSharing - ok
07:10:46.0671 4044 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
07:10:46.0687 4044 Nla - ok
07:10:46.0812 4044 [ DBB5F7B1A4F109CD7A1ABD3AC7A10D39 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
07:10:46.0828 4044 NMIndexingService - ok
07:10:46.0828 4044 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
07:10:46.0890 4044 Npfs - ok
07:10:46.0937 4044 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
07:10:47.0000 4044 Ntfs - ok
07:10:47.0000 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
07:10:47.0062 4044 NtLmSsp - ok
07:10:47.0093 4044 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
07:10:47.0156 4044 NtmsSvc - ok
07:10:47.0187 4044 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
07:10:47.0250 4044 Null - ok
07:10:47.0296 4044 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
07:10:47.0359 4044 NwlnkFlt - ok
07:10:47.0359 4044 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
07:10:47.0421 4044 NwlnkFwd - ok
07:10:47.0500 4044 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:10:47.0515 4044 ose - ok
07:10:47.0531 4044 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
07:10:47.0593 4044 Parport - ok
07:10:47.0609 4044 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
07:10:47.0656 4044 PartMgr - ok
07:10:47.0703 4044 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
07:10:47.0765 4044 ParVdm - ok
07:10:47.0828 4044 [ CC91E0E369DF4A052EBDD1EA86AF999B ] PcaSp50 C:\WINDOWS\system32\DRIVERS\PcaSp50.sys
07:10:47.0859 4044 PcaSp50 ( UnsignedFile.Multi.Generic ) - warning
07:10:47.0859 4044 PcaSp50 - detected UnsignedFile.Multi.Generic (1)
07:10:47.0875 4044 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
07:10:47.0937 4044 PCI - ok
07:10:47.0953 4044 PCIDump - ok
07:10:47.0953 4044 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
07:10:48.0015 4044 PCIIde - ok
07:10:48.0015 4044 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
07:10:48.0078 4044 Pcmcia - ok
07:10:48.0093 4044 PDCOMP - ok
07:10:48.0093 4044 PDFRAME - ok
07:10:48.0093 4044 PDRELI - ok
07:10:48.0093 4044 PDRFRAME - ok
07:10:48.0093 4044 perc2 - ok
07:10:48.0093 4044 perc2hib - ok
07:10:48.0125 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
07:10:48.0140 4044 PlugPlay - ok
07:10:48.0140 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
07:10:48.0203 4044 PolicyAgent - ok
07:10:48.0218 4044 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
07:10:48.0281 4044 PptpMiniport - ok
07:10:48.0281 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
07:10:48.0343 4044 ProtectedStorage - ok
07:10:48.0359 4044 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
07:10:48.0421 4044 PSched - ok
07:10:48.0421 4044 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
07:10:48.0484 4044 Ptilink - ok
07:10:48.0500 4044 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
07:10:48.0515 4044 PxHelp20 - ok
07:10:48.0546 4044 [ FDDD1AEB9F81EF1E6E48AE1EDC2A97D6 ] QCDonner C:\WINDOWS\system32\DRIVERS\OVCD.sys
07:10:48.0593 4044 QCDonner - ok
07:10:48.0609 4044 ql1080 - ok
07:10:48.0609 4044 Ql10wnt - ok
07:10:48.0609 4044 ql12160 - ok
07:10:48.0609 4044 ql1240 - ok
07:10:48.0609 4044 ql1280 - ok
07:10:48.0625 4044 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:10:48.0671 4044 RasAcd - ok
07:10:48.0718 4044 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
07:10:48.0781 4044 RasAuto - ok
07:10:48.0812 4044 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
07:10:48.0859 4044 Rasl2tp - ok
07:10:48.0890 4044 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
07:10:48.0953 4044 RasMan - ok
07:10:48.0953 4044 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:10:49.0015 4044 RasPppoe - ok
07:10:49.0015 4044 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
07:10:49.0078 4044 Raspti - ok
07:10:49.0125 4044 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:10:49.0187 4044 Rdbss - ok
07:10:49.0187 4044 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
07:10:49.0250 4044 RDPCDD - ok
07:10:49.0296 4044 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
07:10:49.0328 4044 RDPWD - ok
07:10:49.0343 4044 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
07:10:49.0406 4044 RDSessMgr - ok
07:10:49.0421 4044 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
07:10:49.0484 4044 redbook - ok
07:10:49.0515 4044 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
07:10:49.0578 4044 RemoteAccess - ok
07:10:49.0578 4044 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
07:10:49.0640 4044 RpcLocator - ok
07:10:49.0703 4044 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
07:10:49.0718 4044 RpcSs - ok
07:10:49.0781 4044 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
07:10:49.0843 4044 RSVP - ok
07:10:49.0843 4044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
07:10:49.0906 4044 SamSs - ok
07:10:49.0921 4044 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
07:10:50.0015 4044 SCardSvr - ok
07:10:50.0078 4044 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
07:10:50.0140 4044 Schedule - ok
07:10:50.0171 4044 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
07:10:50.0234 4044 Secdrv - ok
07:10:50.0281 4044 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
07:10:50.0343 4044 seclogon - ok
07:10:50.0359 4044 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
07:10:50.0437 4044 SENS - ok
07:10:50.0437 4044 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
07:10:50.0500 4044 serenum - ok
07:10:50.0500 4044 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
07:10:50.0562 4044 Serial - ok
07:10:50.0578 4044 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
07:10:50.0640 4044 Sfloppy - ok
07:10:50.0703 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:10:50.0718 4044 ShellHWDetection - ok
07:10:50.0718 4044 Simbad - ok
07:10:50.0968 4044 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
07:10:51.0046 4044 Skype C2C Service - ok
07:10:51.0156 4044 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
07:10:51.0156 4044 SkypeUpdate - ok
07:10:51.0203 4044 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
07:10:51.0265 4044 SLIP - ok
07:10:51.0265 4044 Sparrow - ok
07:10:51.0296 4044 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
07:10:51.0375 4044 splitter - ok
07:10:51.0406 4044 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
07:10:51.0406 4044 Spooler - ok
07:10:51.0437 4044 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
07:10:51.0484 4044 sr - ok
07:10:51.0500 4044 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
07:10:51.0531 4044 srservice - ok
07:10:51.0546 4044 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
07:10:51.0625 4044 Srv - ok
07:10:51.0656 4044 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
07:10:51.0718 4044 SSDPSRV - ok
07:10:51.0750 4044 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
07:10:51.0828 4044 stisvc - ok
07:10:51.0828 4044 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
07:10:51.0906 4044 streamip - ok
07:10:51.0921 4044 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
07:10:52.0000 4044 swenum - ok
07:10:52.0000 4044 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
07:10:52.0062 4044 swmidi - ok
07:10:52.0062 4044 SwPrv - ok
07:10:52.0062 4044 symc810 - ok
07:10:52.0062 4044 symc8xx - ok
07:10:52.0078 4044 sym_hi - ok
07:10:52.0078 4044 sym_u3 - ok
07:10:52.0093 4044 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
07:10:52.0140 4044 sysaudio - ok
07:10:52.0171 4044 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
07:10:52.0265 4044 SysmonLog - ok
07:10:52.0296 4044 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
07:10:52.0359 4044 TapiSrv - ok
07:10:52.0406 4044 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
07:10:52.0437 4044 Tcpip - ok
07:10:52.0484 4044 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
07:10:52.0546 4044 TDPIPE - ok
07:10:52.0562 4044 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
07:10:52.0640 4044 TDTCP - ok
07:10:52.0703 4044 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
07:10:52.0781 4044 TermDD - ok
07:10:52.0828 4044 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
07:10:52.0890 4044 TermService - ok
07:10:52.0921 4044 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
07:10:52.0921 4044 Themes - ok
07:10:52.0937 4044 TosIde - ok
07:10:52.0984 4044 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
07:10:53.0046 4044 TrkWks - ok
07:10:53.0078 4044 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
07:10:53.0140 4044 Udfs - ok
07:10:53.0156 4044 ultra - ok
07:10:53.0171 4044 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
07:10:53.0234 4044 Update - ok
07:10:53.0281 4044 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
07:10:53.0328 4044 upnphost - ok
07:10:53.0359 4044 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
07:10:53.0421 4044 UPS - ok
07:10:53.0453 4044 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
07:10:53.0531 4044 usbaudio - ok
07:10:53.0578 4044 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
07:10:53.0640 4044 usbccgp - ok
07:10:53.0703 4044 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
07:10:53.0765 4044 usbehci - ok
07:10:53.0812 4044 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
07:10:53.0875 4044 usbhub - ok
07:10:53.0906 4044 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
07:10:54.0000 4044 usbscan - ok
07:10:54.0031 4044 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
07:10:54.0125 4044 USBSTOR - ok
07:10:54.0140 4044 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
07:10:54.0187 4044 usbuhci - ok
07:10:54.0218 4044 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
07:10:54.0281 4044 usbvideo - ok
07:10:54.0296 4044 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
07:10:54.0375 4044 VgaSave - ok
07:10:54.0437 4044 [ 51B24990850076F659D1D1DAEFBED6F1 ] VIAHdAudAddService C:\WINDOWS\system32\drivers\viahduaa.sys
07:10:54.0531 4044 VIAHdAudAddService - ok
07:10:54.0531 4044 ViaIde - ok
07:10:54.0546 4044 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
07:10:54.0609 4044 VolSnap - ok
07:10:54.0640 4044 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
07:10:54.0671 4044 VSS - ok
07:10:54.0734 4044 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
07:10:54.0781 4044 W32Time - ok
07:10:54.0828 4044 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:10:54.0890 4044 Wanarp - ok
07:10:54.0890 4044 WDICA - ok
07:10:54.0906 4044 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
07:10:54.0968 4044 wdmaud - ok
07:10:54.0984 4044 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
07:10:55.0046 4044 WebClient - ok
07:10:55.0156 4044 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
07:10:55.0218 4044 winmgmt - ok
07:10:55.0265 4044 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
07:10:55.0296 4044 WmdmPmSN - ok
07:10:55.0359 4044 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
07:10:55.0437 4044 WmiApSrv - ok
07:10:55.0546 4044 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
07:10:55.0578 4044 WMPNetworkSvc - ok
07:10:55.0703 4044 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
07:10:55.0734 4044 WPFFontCache_v0400 - ok
07:10:55.0765 4044 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
07:10:55.0843 4044 WSTCODEC - ok
07:10:55.0890 4044 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
07:10:55.0953 4044 WudfPf - ok
07:10:55.0953 4044 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
07:10:55.0968 4044 WudfRd - ok
07:10:55.0984 4044 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
07:10:56.0000 4044 WudfSvc - ok
07:10:56.0031 4044 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
07:10:56.0109 4044 WZCSVC - ok
07:10:56.0125 4044 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
07:10:56.0203 4044 xmlprov - ok
07:10:56.0203 4044 ================ Scan global ===============================
07:10:56.0265 4044 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
07:10:56.0328 4044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:10:56.0328 4044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
07:10:56.0343 4044 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
07:10:56.0343 4044 [Global] - ok
07:10:56.0343 4044 ================ Scan MBR ==================================
07:10:56.0375 4044 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
07:10:56.0640 4044 \Device\Harddisk0\DR0 - ok
07:10:56.0640 4044 ================ Scan VBR ==================================
07:10:56.0640 4044 [ 0A2DC48A81E4668FF5F279776514A3EC ] \Device\Harddisk0\DR0\Partition1
07:10:56.0640 4044 \Device\Harddisk0\DR0\Partition1 - ok
07:10:56.0640 4044 ============================================================
07:10:56.0640 4044 Scan finished
07:10:56.0640 4044 ============================================================
07:10:56.0734 3140 Detected object count: 2
07:10:56.0734 3140 Actual detected object count: 2
07:11:49.0343 3140 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
07:11:49.0343 3140 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:11:49.0343 3140 PcaSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
07:11:49.0343 3140 PcaSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:13:17.0531 2276 Deinitialize success

Re: OTL and Extra - pasted and attached14th September 2012, 5:27 pm

Okay. Clear a few things up here...

1. The Acer Netbook is fine now?

2. Are the same issues on this other computer you're showing me logs for now?

Re: OTL and Extra - pasted and attached15th September 2012, 1:48 am

The Acer netbook APPEARS to be fine. I am able to update and run AVG, Spybot,
and Malwarebytes. It let me update Windows to the new security pack.
I need to know which HOST files to download from the website you provided...I'm not sure if I need to
download more than one file from there.

I think the pc is still infected. It had more of a problem than the Acer did. I can't get in
to change firewall settings.
The logs I sent yesterday and today are from the pc,
which is still not connected to the internet.

Re: OTL and Extra - pasted and attached15th September 2012, 5:33 am

I had tried to start a new thread for the pc the other day, but it ended up in the trash incinerator.

Re: OTL and Extra - pasted and attached15th September 2012, 6:53 am

This is today's Security Check log for the pc:
Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG 2012
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.3.300.271
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 2%
````````````````````End of Log``````````````````````

OTL and Extra - pasted and attached

descriptionRoguekiller/avg questions2nd September 2012, 3:29 pm

descriptionHad/Have ZeroAccess - Internet not available2nd September 2012, 7:45 pm

descriptionOTR and Extra Log below2nd September 2012, 8:41 pm

descriptionawg log with avg on and ignored2nd September 2012, 9:17 pm

descriptionRe: OTL and Extra - pasted and attached2nd September 2012, 10:34 pm

descriptionNo cd/dvd burner on board this netbook2nd September 2012, 11:33 pm

descriptionRe: OTL and Extra - pasted and attached3rd September 2012, 8:23 am

descriptionRe: OTL and Extra - pasted and attached3rd September 2012, 6:54 pm

descriptionRe: OTL and Extra - pasted and attached3rd September 2012, 8:25 pm

descriptionRe: OTL and Extra - pasted and attached3rd September 2012, 10:30 pm

descriptionHere's combofix log...advise on reactivating AVG / firewall4th September 2012, 12:30 am

descriptionRe: OTL and Extra - pasted and attached4th September 2012, 8:02 am

description2 suspicious unsigned files4th September 2012, 2:56 pm

descriptionRe: OTL and Extra - pasted and attached5th September 2012, 3:29 am

descriptionRe: OTL and Extra - pasted and attached5th September 2012, 8:29 am

descriptionRe: OTL and Extra - pasted and attached5th September 2012, 3:49 pm

descriptionRe: OTL and Extra - pasted and attached6th September 2012, 10:21 am

descriptionAll tasks done as advised6th September 2012, 3:37 pm

descriptionRe: OTL and Extra - pasted and attached6th September 2012, 8:18 pm

descriptionRan MBAM and found this7th September 2012, 4:48 am

descriptionRe: OTL and Extra - pasted and attached7th September 2012, 5:01 am

descriptionRe: OTL and Extra - pasted and attached7th September 2012, 6:40 pm

descriptionRe: OTL and Extra - pasted and attached8th September 2012, 2:14 am

descriptionRe: OTL and Extra - pasted and attached9th September 2012, 10:15 am

descriptionMBAM scan log9th September 2012, 6:00 pm

descriptionMBAM log was from Netbook10th September 2012, 4:10 am

descriptionInfected Desktop Machine MBAM log10th September 2012, 4:15 am

descriptionDesktop MBAM / AVG / RK10th September 2012, 5:16 am

descriptionRe: OTL and Extra - pasted and attached10th September 2012, 5:19 am

descriptionRe: OTL and Extra - pasted and attached10th September 2012, 5:21 am

descriptionRe: OTL and Extra - pasted and attached10th September 2012, 3:20 pm

descriptionMost recent MBAM log10th September 2012, 3:54 pm

descriptionRe: OTL and Extra - pasted and attached11th September 2012, 9:48 am

descriptionShall I reconnect my pc to internet?11th September 2012, 1:12 pm

descriptionRe: OTL and Extra - pasted and attached11th September 2012, 2:10 pm

descriptionRe: OTL and Extra - pasted and attached12th September 2012, 5:27 pm

descriptionRe: OTL and Extra - pasted and attached13th September 2012, 2:29 am

descriptionRe: OTL and Extra - pasted and attached13th September 2012, 4:10 am

descriptionRe: OTL and Extra - pasted and attached13th September 2012, 7:33 am

descriptionRe: OTL and Extra - pasted and attached13th September 2012, 10:26 am

descriptionRe: OTL and Extra - pasted and attached13th September 2012, 1:50 pm

descriptionRe: OTL and Extra - pasted and attached13th September 2012, 2:10 pm

descriptionRe: OTL and Extra - pasted and attached13th September 2012, 2:27 pm

descriptionRe: OTL and Extra - pasted and attached13th September 2012, 2:28 pm

descriptionRe: OTL and Extra - pasted and attached14th September 2012, 10:16 am

descriptionRe: OTL and Extra - pasted and attached14th September 2012, 2:24 pm

descriptionRe: OTL and Extra - pasted and attached14th September 2012, 5:27 pm

descriptionRe: OTL and Extra - pasted and attached15th September 2012, 1:48 am

descriptionRe: OTL and Extra - pasted and attached15th September 2012, 5:33 am

descriptionRe: OTL and Extra - pasted and attached15th September 2012, 6:53 am

descriptionRe: OTL and Extra - pasted and attached

Roguekiller/avg questions2nd September 2012, 3:29 pm

Had/Have ZeroAccess - Internet not available2nd September 2012, 7:45 pm

OTR and Extra Log below2nd September 2012, 8:41 pm

awg log with avg on and ignored2nd September 2012, 9:17 pm

Re: OTL and Extra - pasted and attached2nd September 2012, 10:34 pm

No cd/dvd burner on board this netbook2nd September 2012, 11:33 pm

Re: OTL and Extra - pasted and attached3rd September 2012, 8:23 am

Re: OTL and Extra - pasted and attached3rd September 2012, 6:54 pm

Re: OTL and Extra - pasted and attached3rd September 2012, 8:25 pm

Re: OTL and Extra - pasted and attached3rd September 2012, 10:30 pm

Here's combofix log...advise on reactivating AVG / firewall4th September 2012, 12:30 am

Re: OTL and Extra - pasted and attached4th September 2012, 8:02 am

2 suspicious unsigned files4th September 2012, 2:56 pm

Re: OTL and Extra - pasted and attached5th September 2012, 3:29 am

Re: OTL and Extra - pasted and attached5th September 2012, 8:29 am

Re: OTL and Extra - pasted and attached5th September 2012, 3:49 pm

Re: OTL and Extra - pasted and attached6th September 2012, 10:21 am

All tasks done as advised6th September 2012, 3:37 pm

Re: OTL and Extra - pasted and attached6th September 2012, 8:18 pm

Ran MBAM and found this7th September 2012, 4:48 am

Re: OTL and Extra - pasted and attached7th September 2012, 5:01 am

Re: OTL and Extra - pasted and attached7th September 2012, 6:40 pm

Re: OTL and Extra - pasted and attached8th September 2012, 2:14 am

Re: OTL and Extra - pasted and attached9th September 2012, 10:15 am

MBAM scan log9th September 2012, 6:00 pm

MBAM log was from Netbook10th September 2012, 4:10 am

Infected Desktop Machine MBAM log10th September 2012, 4:15 am

Desktop MBAM / AVG / RK10th September 2012, 5:16 am

Re: OTL and Extra - pasted and attached10th September 2012, 5:19 am

Re: OTL and Extra - pasted and attached10th September 2012, 5:21 am

Re: OTL and Extra - pasted and attached10th September 2012, 3:20 pm

Most recent MBAM log10th September 2012, 3:54 pm

Re: OTL and Extra - pasted and attached11th September 2012, 9:48 am

Shall I reconnect my pc to internet?11th September 2012, 1:12 pm

Re: OTL and Extra - pasted and attached11th September 2012, 2:10 pm

Re: OTL and Extra - pasted and attached12th September 2012, 5:27 pm

Re: OTL and Extra - pasted and attached13th September 2012, 2:29 am

Re: OTL and Extra - pasted and attached13th September 2012, 4:10 am

Re: OTL and Extra - pasted and attached13th September 2012, 7:33 am

Re: OTL and Extra - pasted and attached13th September 2012, 10:26 am

Re: OTL and Extra - pasted and attached13th September 2012, 1:50 pm

Re: OTL and Extra - pasted and attached13th September 2012, 2:10 pm

Re: OTL and Extra - pasted and attached13th September 2012, 2:27 pm

Re: OTL and Extra - pasted and attached13th September 2012, 2:28 pm

Re: OTL and Extra - pasted and attached14th September 2012, 10:16 am

Re: OTL and Extra - pasted and attached14th September 2012, 2:24 pm

Re: OTL and Extra - pasted and attached14th September 2012, 5:27 pm

Re: OTL and Extra - pasted and attached15th September 2012, 1:48 am

Re: OTL and Extra - pasted and attached15th September 2012, 5:33 am

Re: OTL and Extra - pasted and attached15th September 2012, 6:53 am

Re: OTL and Extra - pasted and attached