|
-
May 11th, 2012, 10:01 PM
#1
 [RESOLVED] Trojan Horse Crypt.AQLW
Hello and thanks in advance for your help.
OS: MS XP
Internet: DSL
Browser: IE
AVG is showing "Trojan horse Crypt.AQLW Detected on Open".
Also showing the following error: "FUFAXSTM.exe has encountered a problem and needs to close"
Internet will often be redirected - however it appears that as long as I leave the initial window open on the redirected site I can open other sessions of IE without issue.
Here are the logs:
Malwarebytes:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.06.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
J :: J [administrator]
5/6/2012 2:13:24 PM
mbam-log-2012-05-06 (14-13-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322772
Time elapsed: 16 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Gmer
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-06 20:07:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST9120823AS rev.3.ADB
Running: mkj1kkbo.exe; Driver: C:\DOCUME~1\J\LOCALS~1\Temp\pxtdypob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA7C66F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA7C66FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA7C67080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA7C6711C]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\avgldx86.sys section is writeable [0xA8169000, 0x18651, 0xEA000020]
---- User code sections - GMER 1.0.15 ----
.text C:\program files\real\realplayer\update\realsched.exe[2720] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\WINDOWS\System32\ping.exe[5332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[5332] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[5332] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\ping.exe[5332] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\ping.exe[5332] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\ping.exe[5332] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\ping.exe[5332] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00AE000A
.text C:\WINDOWS\System32\ping.exe[5804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A8000A
.text C:\WINDOWS\System32\ping.exe[5804] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A9000A
.text C:\WINDOWS\System32\ping.exe[5804] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00AF000A
.text C:\WINDOWS\System32\ping.exe[5804] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00B0000A
.text C:\WINDOWS\System32\ping.exe[5804] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\ping.exe[5804] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\ping.exe[5804] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 00AE000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6134636A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134636A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6134787D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346C41] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346C41] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613462A5] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [613461D4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61346212] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134636A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [613477FD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6134783D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6134702A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [613478CB] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6134787D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346405] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346212] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61346C41] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [613462A5] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346C41] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [61346370] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [613461D4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134644A] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[5368] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [613464F0] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[5584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Modules - GMER 1.0.15 ----
Module (noname) (*** hidden *** ) A8328000-A8342000 (106496 bytes)
---- Processes - GMER 1.0.15 ----
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 5332
Process C:\WINDOWS\System32\ping.exe (*** hidden *** ) 5804
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB26629$\2142412392 0 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599 0 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\cfg.ini 323 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\L 0 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\L\sdimkhbw 230608 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\oemid 140 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\U 0 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\U\80000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\U\80000032.@ 115712 bytes
File C:\WINDOWS\$NtUninstallKB26629$\2715994599\version 1268 bytes
---- EOF - GMER 1.0.15 ----
Thanks
-
May 11th, 2012, 10:03 PM
#2
ASWmbr
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2012-05-06 20:08:24
-----------------------------
20:08:24.875 OS Version: Windows 5.1.2600 Service Pack 3
20:08:24.875 Number of processors: 2 586 0xF0A
20:08:24.875 ComputerName: J UserName: J
20:08:28.203 Initialize success
20:08:45.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:08:45.000 Disk 0 Vendor: ST9120823AS 3.ADB Size: 114473MB BusType: 3
20:08:47.109 Disk 0 MBR read successfully
20:08:47.125 Disk 0 MBR scan
20:08:47.125 Disk 0 Windows XP default MBR code
20:08:47.171 Disk 0 scanning sectors +234436545
20:08:47.609 Disk 0 scanning C:\WINDOWS\system32\drivers
20:09:54.343 Service scanning
20:09:56.593 Modules scanning
20:11:30.656 Module: C:\WINDOWS\system32\DRIVERS\avgldx86.sys **SUSPICIOUS**
20:12:09.546 Disk 0 trace - called modules:
20:12:09.609 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88be3fd0]<<
20:12:09.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a69cab8]
20:12:09.609 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a3ed030]
20:12:09.609 \Driver\00002131[0x8a3c3f38] -> IRP_MJ_CREATE -> 0x88be3fd0
20:12:09.609 Scan finished successfully
20:12:41.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\J\Desktop\MBR.dat"
20:12:41.359 The log file has been saved successfully to "C:\Documents and Settings\J\Desktop\aswMBR.txt"
20:13:47.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\J\Desktop\MBR.dat"
20:13:47.437 The log file has been saved successfully to "C:\Documents and Settings\J\Desktop\aswMBR.txt"
20:14:40.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\J\Desktop\MBR.dat"
20:14:40.343 The log file has been saved successfully to "C:\Documents and Settings\J\Desktop\aswMBR.txt"
DDS
DDS (Version 1.1.0) - NTFSx86
Run by J at 20:16:09.89 on Sun 05/06/2012
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.771 [GMT -7:00]
AV: AVG Internet Security 2012 *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\AIM6\aim6.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Documents and Settings\J\Desktop\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users.windows\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users.windows\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\dealbulldog toolbar\tbcore3.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: DealBulldog Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\dealbulldog toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [WorkForce 630(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigba.exe /fu "c:\windows\temp\E_SBB.tmp" /EF "HKCU"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=SU1MS1gtS1hKN0YtMlk0WFAtQUVVTlQtSEtSWlYtSA"&"inst=NzYtOTM1OTYxMTMyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=94"&"ver=2012.0.1809"&"mid=1203937332784de34826ec8987c1dc23-8fdd32cdf26dc121a6623b9df2d598130581f433
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
LSP: mswsock.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R4 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R4 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-10-24 2391832]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R4 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-18 993848]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-18 399416]
R4 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-8-18 1529728]
R4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 253600]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-5-23 30944]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-8-9 59552]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-4 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
=============== Created Last 30 ================
2012-05-04 20:39 <DIR> --d-h--- C:\$AVG
2012-05-04 20:27 0 a--sh--- c:\windows\system32\dds_trash_log.cmd
2012-05-01 10:55 <DIR> --d----- c:\program files\Citrix
2012-05-01 10:55 60,304 a------- c:\documents and settings\j\g2mdlhlpx.exe
2012-04-27 19:08 <DIR> --d----- c:\docume~1\j\applic~1\RealNetworks
2012-04-18 15:17 <DIR> --d----- c:\docume~1\j\applic~1\SupportSoft
2012-04-11 14:26 418,464 a------- c:\windows\system32\FlashPlayerApp.exe
==================== Find3M ====================
2012-05-05 23:36 5,174 a--sh--- c:\docume~1\alluse~1.win\applic~1\KGyGaAvL.sys
2012-05-05 23:36 168 ---shr-- c:\docume~1\alluse~1.win\applic~1\C77A7795A3.sys
2012-04-04 15:56 22,344 a------- c:\windows\system32\drivers\mbam.sys
2012-03-01 04:01 916,992 a------- c:\windows\system32\wininet.dll
2012-03-01 04:01 43,520 a------- c:\windows\system32\licmgr10.dll
2012-02-29 07:10 177,664 a------- c:\windows\system32\wintrust.dll
2012-02-29 07:10 148,480 a------- c:\windows\system32\imagehlp.dll
2011-10-12 00:13 27,216 -c------ c:\docume~1\j\applic~1\GDIPFONTCACHEV1.DAT
============= FINISH: 20:16:50.73 ===============
Last edited by Broni; May 11th, 2012 at 11:25 PM.
-
May 11th, 2012, 11:27 PM
#3
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==============================================================
I still need Attach.txt part of DDS.
Next.....
Download TDSSKiller and save it to your desktop.
- Extract (unzip) its contents to your desktop.
- Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
-
May 11th, 2012, 11:43 PM
#4
Sorry Broni - had it but neglected to attach it:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Version 1.0)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2009 10:37:29 AM
System Uptime: 5/6/2012 2:07:51 PM (6 hours ago)
Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 64.01 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID:
Description: USB Device
Device ID: USB\VID_413C&PID_8140\5&11246E2F&0&2
Manufacturer:
Name: USB Device
PNP Device ID: USB\VID_413C&PID_8140\5&11246E2F&0&2
Service:
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3C0BD581444FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3C0BD581444FC000
Service: NIC1394
==== System Restore Points ===================
RP248: 2/10/2012 9:26:12 PM - System Checkpoint
RP249: 2/11/2012 1:04:40 AM - Software Distribution Service 3.0
RP250: 2/11/2012 2:33:23 PM - Software Distribution Service 3.0
RP251: 2/12/2012 3:00:16 AM - Software Distribution Service 3.0
RP252: 2/12/2012 12:52:36 PM - Software Distribution Service 3.0
RP253: 2/13/2012 12:29:53 AM - Software Distribution Service 3.0
RP254: 2/13/2012 6:10:19 PM - Software Distribution Service 3.0
RP255: 2/13/2012 7:42:25 PM - Software Distribution Service 3.0
RP256: 2/14/2012 7:48:41 PM - System Checkpoint
RP257: 2/15/2012 12:55:48 AM - Software Distribution Service 3.0
RP258: 2/16/2012 8:30:21 AM - Software Distribution Service 3.0
RP259: 2/17/2012 3:00:17 AM - Software Distribution Service 3.0
RP260: 2/18/2012 12:24:47 PM - Software Distribution Service 3.0
RP261: 2/20/2012 10:24:50 AM - Software Distribution Service 3.0
RP262: 2/20/2012 8:00:45 PM - Software Distribution Service 3.0
RP263: 2/21/2012 8:33:41 PM - System Checkpoint
RP264: 2/22/2012 12:56:30 AM - Software Distribution Service 3.0
RP265: 2/22/2012 7:40:45 PM - Software Distribution Service 3.0
RP266: 2/23/2012 3:31:29 PM - Software Distribution Service 3.0
RP267: 2/23/2012 4:30:46 PM - Software Distribution Service 3.0
RP268: 2/24/2012 9:00:33 PM - System Checkpoint
RP269: 2/26/2012 1:29:08 PM - Software Distribution Service 3.0
RP270: 3/2/2012 7:22:46 PM - Software Distribution Service 3.0
RP271: 3/3/2012 1:38:31 PM - Software Distribution Service 3.0
RP272: 3/4/2012 12:14:59 PM - Software Distribution Service 3.0
RP273: 3/4/2012 1:58:17 PM - Software Distribution Service 3.0
RP274: 3/5/2012 12:26:22 AM - Software Distribution Service 3.0
RP275: 3/6/2012 9:05:40 AM - Software Distribution Service 3.0
RP276: 3/7/2012 9:38:03 PM - Software Distribution Service 3.0
RP277: 3/7/2012 10:35:10 PM - Software Distribution Service 3.0
RP278: 3/8/2012 11:02:09 PM - System Checkpoint
RP279: 3/9/2012 1:24:23 AM - Software Distribution Service 3.0
RP280: 3/9/2012 9:17:22 PM - Software Distribution Service 3.0
RP281: 3/10/2012 2:21:11 AM - Software Distribution Service 3.0
RP282: 3/11/2012 3:28:39 AM - System Checkpoint
RP283: 3/11/2012 4:00:16 AM - Software Distribution Service 3.0
RP284: 3/11/2012 3:21:28 PM - Software Distribution Service 3.0
RP285: 3/12/2012 3:00:16 AM - Software Distribution Service 3.0
RP286: 3/13/2012 11:24:42 AM - Software Distribution Service 3.0
RP287: 3/13/2012 8:14:17 PM - Software Distribution Service 3.0
RP288: 3/16/2012 4:05:21 PM - System Checkpoint
RP289: 3/19/2012 2:44:33 PM - Software Distribution Service 3.0
RP290: 3/20/2012 9:42:34 AM - Software Distribution Service 3.0
RP291: 3/21/2012 3:00:16 AM - Software Distribution Service 3.0
RP292: 3/22/2012 12:23:44 AM - Software Distribution Service 3.0
RP293: 3/22/2012 4:09:35 PM - Software Distribution Service 3.0
RP294: 3/23/2012 12:55:05 AM - Software Distribution Service 3.0
RP295: 3/23/2012 7:56:42 PM - Software Distribution Service 3.0
RP296: 3/25/2012 1:45:40 AM - Software Distribution Service 3.0
RP297: 3/25/2012 12:19:03 PM - Software Distribution Service 3.0
RP298: 3/28/2012 4:17:27 PM - Software Distribution Service 3.0
RP299: 3/28/2012 11:25:33 PM - Software Distribution Service 3.0
RP300: 3/30/2012 9:39:53 AM - Software Distribution Service 3.0
RP301: 3/31/2012 2:37:42 AM - Software Distribution Service 3.0
RP302: 3/31/2012 2:55:09 AM - Software Distribution Service 3.0
RP303: 4/1/2012 1:39:03 PM - Software Distribution Service 3.0
RP304: 4/2/2012 8:21:56 AM - Software Distribution Service 3.0
RP305: 4/3/2012 2:33:40 PM - Software Distribution Service 3.0
RP306: 4/4/2012 12:06:04 PM - Software Distribution Service 3.0
RP307: 4/4/2012 6:27:15 PM - Software Distribution Service 3.0
RP308: 4/5/2012 6:41:06 PM - System Checkpoint
RP309: 4/6/2012 3:00:17 AM - Software Distribution Service 3.0
RP310: 4/7/2012 1:38:16 PM - Software Distribution Service 3.0
RP311: 4/7/2012 2:06:00 PM - Software Distribution Service 3.0
RP312: 4/8/2012 1:34:57 AM - Software Distribution Service 3.0
RP313: 4/8/2012 2:59:28 AM - Software Distribution Service 3.0
RP314: 4/9/2012 12:05:59 AM - Software Distribution Service 3.0
RP315: 4/10/2012 8:02:02 AM - Software Distribution Service 3.0
RP316: 4/11/2012 3:00:16 AM - Software Distribution Service 3.0
RP317: 4/12/2012 3:47:56 PM - System Checkpoint
RP318: 4/13/2012 8:40:53 AM - Software Distribution Service 3.0
RP319: 4/14/2012 3:00:21 AM - Software Distribution Service 3.0
RP320: 4/15/2012 11:14:31 AM - Software Distribution Service 3.0
RP321: 4/15/2012 11:42:49 PM - Software Distribution Service 3.0
RP322: 4/17/2012 7:56:31 AM - Software Distribution Service 3.0
RP323: 4/18/2012 8:20:47 AM - Software Distribution Service 3.0
RP324: 4/19/2012 8:27:25 AM - Software Distribution Service 3.0
RP325: 4/20/2012 12:48:43 AM - Software Distribution Service 3.0
RP326: 4/21/2012 12:36:52 AM - Software Distribution Service 3.0
RP327: 4/21/2012 9:19:01 PM - Software Distribution Service 3.0
RP328: 4/22/2012 12:46:34 AM - Software Distribution Service 3.0
RP329: 4/22/2012 12:59:20 PM - Software Distribution Service 3.0
RP330: 4/23/2012 3:00:16 AM - Software Distribution Service 3.0
RP331: 4/25/2012 12:12:27 PM - Software Distribution Service 3.0
RP332: 4/26/2012 3:00:20 AM - Software Distribution Service 3.0
RP333: 4/27/2012 8:05:34 AM - Software Distribution Service 3.0
RP334: 4/28/2012 2:17:26 AM - Software Distribution Service 3.0
RP335: 4/28/2012 1:20:55 PM - Software Distribution Service 3.0
RP336: 4/29/2012 3:00:16 AM - Software Distribution Service 3.0
RP337: 4/29/2012 8:24:06 PM - Software Distribution Service 3.0
RP338: 5/1/2012 8:28:44 AM - Software Distribution Service 3.0
RP339: 5/2/2012 7:28:16 AM - Software Distribution Service 3.0
RP340: 5/3/2012 8:13:25 AM - Software Distribution Service 3.0
RP341: 5/4/2012 7:57:18 AM - Software Distribution Service 3.0
RP342: 5/5/2012 3:00:35 AM - Software Distribution Service 3.0
RP343: 5/5/2012 11:10:55 PM - Software Distribution Service 3.0
RP344: 5/6/2012 2:06:19 PM - Restore Operation
RP345: 5/6/2012 2:12:39 PM - Software Distribution Service 3.0
==== Installed Programs ======================
µTorrent
ABBYY FineReader 9.0 Sprint
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 ActiveX
AIM 6
Amazon MP3 Downloader 1.0.10
ASPCA Tri Reminder by We-Care.com v4.0.13.5
AVG 2012
AVG PC Tuneup
AVS Media Player 4.1.3.68
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
Best Removal Tool
Bluetooth Stack for Windows by Toshiba
Broadcom ASF Management Applications
Broadcom Gigabit Integrated Controller
Broadcom Management Programs
CDBurnerXP
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Corel WinDVD 2010
Corel WinDVD 9
Dell Driver Download Manager
Dell Resource CD
Driver Detective
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Printer Software
EPSON Scan
EPSON WorkForce 630 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
ESET Online Scanner v3
Foxit Reader 5.0
getPlus(R) for Corel
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
ImagXpress
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Java Auto Updater
Java(TM) 6 Update 27
K-Lite Codec Pack 6.4.0 (Basic)
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
neroxml
NVIDIA Drivers
OZ776 SCR Driver V1.1.4.202
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Seagate Manager Installer
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
SigmaTel Audio
Sprite Backup
Sprite Terminator
Symantec Technical Support Web Controls
Temp File Cleaner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
WeatherBug
WebFldrs XP
Windows Imaging Component
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Software Update
==== Event Viewer Messages From Past Week ========
5/5/2012 12:48:51 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/5/2012 12:43:23 PM, error: Service Control Manager [7023] - The W800mdfl service terminated with the following error: Access is denied.
5/5/2012 12:28:23 PM, error: Service Control Manager [7023] - The Mcredirector service terminated with the following error: Access is denied.
5/5/2012 12:13:23 PM, error: Service Control Manager [7023] - The PTDCBus service terminated with the following error: Access is denied.
5/5/2012 11:58:23 AM, error: Service Control Manager [7023] - The Trioservice service terminated with the following error: Access is denied.
5/5/2012 11:43:23 AM, error: Service Control Manager [7023] - The Spupdsvc service terminated with the following error: Access is denied.
5/5/2012 11:28:23 AM, error: Service Control Manager [7023] - The KR10N service terminated with the following error: Access is denied.
5/5/2012 11:13:23 AM, error: Service Control Manager [7023] - The CT20XUT.DLL service terminated with the following error: Access is denied.
5/5/2012 10:58:23 AM, error: Service Control Manager [7023] - The SRTSPL service terminated with the following error: Access is denied.
5/5/2012 10:43:23 AM, error: Service Control Manager [7023] - The Ifxtcs service terminated with the following error: Access is denied.
5/5/2012 10:28:23 AM, error: Service Control Manager [7023] - The W200obex service terminated with the following error: Access is denied.
5/5/2012 10:13:23 AM, error: Service Control Manager [7023] - The Alcxsens service terminated with the following error: Access is denied.
5/5/2012 9:58:23 AM, error: Service Control Manager [7023] - The Msvad_simple service terminated with the following error: Access is denied.
5/5/2012 9:43:23 AM, error: Service Control Manager [7023] - The Szkg service terminated with the following error: Access is denied.
5/5/2012 9:28:23 AM, error: Service Control Manager [7023] - The WNIPROT5 service terminated with the following error: Access is denied.
5/5/2012 9:13:24 AM, error: Service Control Manager [7023] - The WINIO service terminated with the following error: Access is denied.
5/5/2012 8:58:23 AM, error: Service Control Manager [7023] - The Imaservice service terminated with the following error: Access is denied.
5/5/2012 8:43:24 AM, error: Service Control Manager [7023] - The Ikhlayer service terminated with the following error: Access is denied.
5/5/2012 8:39:23 AM, error: Service Control Manager [7023] - The Iam service terminated with the following error: Access is denied.
5/5/2012 8:28:23 AM, error: Service Control Manager [7023] - The Wlancfg service terminated with the following error: Access is denied.
5/5/2012 8:13:23 AM, error: Service Control Manager [7023] - The Cpqfws2e service terminated with the following error: Access is denied.
5/5/2012 7:58:23 AM, error: Service Control Manager [7023] - The Csctl50 service terminated with the following error: Access is denied.
5/5/2012 7:43:23 AM, error: Service Control Manager [7023] - The Vaiomediaplatform-integratedserver-http service terminated with the following error: Access is denied.
5/5/2012 7:28:22 AM, error: Service Control Manager [7023] - The Ccdecode service terminated with the following error: Access is denied.
5/5/2012 7:13:22 AM, error: Service Control Manager [7023] - The Sscdbhk5 service terminated with the following error: Access is denied.
5/5/2012 6:58:23 AM, error: Service Control Manager [7023] - The Nlsvc service terminated with the following error: Access is denied.
5/5/2012 6:43:22 AM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: Access is denied.
5/5/2012 6:28:22 AM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: Access is denied.
5/5/2012 6:13:22 AM, error: Service Control Manager [7023] - The Earthlinksafeconnectagent service terminated with the following error: Access is denied.
5/5/2012 5:58:25 AM, error: Service Control Manager [7023] - The Licenseservice service terminated with the following error: Access is denied.
5/5/2012 5:43:22 AM, error: Service Control Manager [7023] - The S3psddr service terminated with the following error: Access is denied.
5/5/2012 5:28:22 AM, error: Service Control Manager [7023] - The Umwdf service terminated with the following error: Access is denied.
5/5/2012 5:13:22 AM, error: Service Control Manager [7023] - The {d31a0762-0ceb-444e-acff-b049a1f6fe91} service terminated with the following error: Access is denied.
5/5/2012 4:58:22 AM, error: Service Control Manager [7023] - The Dlbt_device service terminated with the following error: Access is denied.
5/5/2012 4:43:23 AM, error: Service Control Manager [7023] - The ET5Drv service terminated with the following error: Access is denied.
5/5/2012 4:28:23 AM, error: Service Control Manager [7023] - The Elnkfwppservice service terminated with the following error: Access is denied.
5/5/2012 4:13:23 AM, error: Service Control Manager [7023] - The Mpservice service terminated with the following error: Access is denied.
5/5/2012 3:58:25 AM, error: Service Control Manager [7023] - The Service1 service terminated with the following error: Access is denied.
5/5/2012 3:43:22 AM, error: Service Control Manager [7023] - The Angel2 service terminated with the following error: Access is denied.
5/5/2012 3:28:23 AM, error: Service Control Manager [7023] - The Fax service terminated with the following error: Access is denied.
5/5/2012 3:13:25 AM, error: Service Control Manager [7023] - The 3c1807pd service terminated with the following error: Access is denied.
5/5/2012 2:58:23 AM, error: Service Control Manager [7023] - The SiRemFil service terminated with the following error: Access is denied.
5/5/2012 2:43:22 AM, error: Service Control Manager [7023] - The Ibmpmsvc service terminated with the following error: Access is denied.
5/5/2012 2:28:23 AM, error: Service Control Manager [7023] - The EPSON_EB_RPCV4_01 service terminated with the following error: Access is denied.
5/5/2012 2:14:29 AM, error: Service Control Manager [7023] - The Snapman service terminated with the following error: Access is denied.
5/5/2012 2:13:36 AM, error: Service Control Manager [7023] - The ALABULK service terminated with the following error: The specified module could not be found.
5/5/2012 2:13:36 AM, error: Service Control Manager [7023] - The FlexBios service terminated with the following error: The specified module could not be found.
5/5/2012 2:13:36 AM, error: Service Control Manager [7023] - The Btwaudio service terminated with the following error: The specified module could not be found.
5/5/2012 2:13:36 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
5/5/2012 2:13:36 AM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
5/5/2012 2:13:36 AM, error: Service Control Manager [7023] - The Pwkntmon service terminated with the following error: The specified module could not be found.
5/5/2012 2:13:36 AM, error: Service Control Manager [7023] - The USB_NDIS_51 service terminated with the following error: The specified module could not be found.
5/5/2012 2:11:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/4/2012 8:47:27 PM, error: Service Control Manager [7023] - The FlexBios service terminated with the following error: Access is denied.
5/4/2012 8:32:27 PM, error: Service Control Manager [7023] - The ALABULK service terminated with the following error: Access is denied.
5/4/2012 8:30:27 PM, error: Service Control Manager [7023] - The Btwaudio service terminated with the following error: Access is denied.
5/4/2012 8:28:26 PM, error: Service Control Manager [7023] - The Pwkntmon service terminated with the following error: Access is denied.
5/4/2012 8:27:27 PM, error: Service Control Manager [7023] - The USB_NDIS_51 service terminated with the following error: Access is denied.
5/4/2012 6:53:33 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
5/6/2012 1:56:05 AM, error: Service Control Manager [7023] - The Se58bus service terminated with the following error: Access is denied.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The WINIO service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The WNIPROT5 service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Iam service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The W800mdfl service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Ikhlayer service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The PTDCBus service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The KR10N service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The W200obex service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The ET5Drv service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Licenseservice service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Earthlinksafeconnectagent service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Wlancfg service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Service1 service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Alcxsens service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Nlsvc service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Szkg service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Fax service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Csctl50 service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Angel2 service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Revudfservice service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Elnkfwppservice service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Spupdsvc service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Imaservice service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Mpservice service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Ibmpmsvc service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Commserver service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Umwdf service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The SRTSPL service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Se58bus service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Msvad_simple service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Sscdbhk5 service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Kraidsvc service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The CT20XUT.DLL service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The Mcredirector service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The {d31a0762-0ceb-444e-acff-b049a1f6fe91} service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:20 AM, error: Service Control Manager [7023] - The SiRemFil service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The Snapman service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The Ifxtcs service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The W810mdfl service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The Vaiomediaplatform-integratedserver-http service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The Dlbt_device service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The EPSON_EB_RPCV4_01 service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The 3c1807pd service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The Ccdecode service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The Pdlncfwk service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The Trioservice service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The S3psddr service terminated with the following error: The specified module could not be found.
5/6/2012 5:17:21 AM, error: Service Control Manager [7023] - The Cpqfws2e service terminated with the following error: The specified module could not be found.
5/6/2012 5:23:54 AM, error: Service Control Manager [7023] - The Iaimtv1 service terminated with the following error: The specified module could not be found.
5/6/2012 11:41:24 AM, error: Service Control Manager [7023] - The Smservaz service terminated with the following error: Access is denied.
5/6/2012 11:41:24 AM, error: Service Control Manager [7023] - The Iksyssec service terminated with the following error: The specified module could not be found.
5/6/2012 1:13:17 PM, error: Service Control Manager [7023] - The Mediaviewer service terminated with the following error: Access is denied.
5/6/2012 1:28:16 PM, error: Service Control Manager [7023] - The WIBUKEY service terminated with the following error: Access is denied.
5/6/2012 1:43:20 PM, error: Service Control Manager [7023] - The Mrpostman service terminated with the following error: Access is denied.
==== End Of File ===========================
Will download and run now.
J
-
May 12th, 2012, 12:13 AM
#5
TSS Log
TSS LOG:
20:59:07.0671 3456 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:59:09.0671 3456 ============================================================
20:59:09.0671 3456 Current date / time: 2012/05/11 20:59:09.0671
20:59:09.0671 3456 SystemInfo:
20:59:09.0671 3456
20:59:09.0671 3456 OS Version: 5.1.2600 ServicePack: 3.0
20:59:09.0671 3456 Product type: Workstation
20:59:09.0671 3456 ComputerName: J
20:59:09.0671 3456 UserName: J
20:59:09.0671 3456 Windows directory: C:\WINDOWS
20:59:09.0671 3456 System windows directory: C:\WINDOWS
20:59:09.0671 3456 Processor architecture: Intel x86
20:59:09.0671 3456 Number of processors: 2
20:59:09.0671 3456 Page size: 0x1000
20:59:09.0671 3456 Boot type: Normal boot
20:59:09.0671 3456 ============================================================
20:59:47.0812 3456 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:59:47.0859 3456 ============================================================
20:59:47.0859 3456 \Device\Harddisk0\DR0:
20:59:48.0468 3456 MBR partitions:
20:59:48.0500 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
20:59:48.0500 3456 ============================================================
20:59:53.0218 3456 C: <-> \Device\Harddisk0\DR0\Partition0
20:59:53.0218 3456 ============================================================
20:59:53.0218 3456 Initialize success
20:59:53.0218 3456 ============================================================
20:59:56.0078 5968 ============================================================
20:59:56.0078 5968 Scan started
20:59:56.0078 5968 Mode: Manual;
20:59:56.0078 5968 ============================================================
21:00:05.0843 5968 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
21:00:06.0328 5968 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
21:00:08.0968 5968 Abiosdsk - ok
21:00:08.0968 5968 abp480n5 - ok
21:00:09.0031 5968 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:00:09.0046 5968 ACPI - ok
21:00:09.0078 5968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:00:09.0078 5968 ACPIEC - ok
21:00:09.0125 5968 AdobeFlashPlayerUpdateSvc - ok
21:00:09.0125 5968 adpu160m - ok
21:00:09.0156 5968 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:00:09.0156 5968 aec - ok
21:00:09.0203 5968 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:00:09.0218 5968 AFD - ok
21:00:09.0218 5968 Aha154x - ok
21:00:09.0218 5968 aic78u2 - ok
21:00:09.0234 5968 aic78xx - ok
21:00:09.0265 5968 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
21:00:09.0265 5968 Alerter - ok
21:00:09.0281 5968 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
21:00:09.0296 5968 ALG - ok
21:00:09.0296 5968 AliIde - ok
21:00:09.0296 5968 amsint - ok
21:00:09.0296 5968 aolservice - ok
21:00:09.0406 5968 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:00:09.0437 5968 APPDRV - ok
21:00:09.0484 5968 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
21:00:09.0500 5968 AppMgmt - ok
21:00:09.0531 5968 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:00:09.0531 5968 Arp1394 - ok
21:00:09.0531 5968 asc - ok
21:00:09.0546 5968 asc3350p - ok
21:00:09.0546 5968 asc3550 - ok
21:00:09.0687 5968 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
21:00:09.0687 5968 ASFIPmon - ok
21:00:09.0687 5968 asmagent - ok
21:00:09.0796 5968 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:00:09.0828 5968 aspnet_state - ok
21:00:09.0843 5968 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:00:09.0843 5968 AsyncMac - ok
21:00:09.0875 5968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:00:09.0875 5968 atapi - ok
21:00:09.0890 5968 Atdisk - ok
21:00:09.0890 5968 ati - ok
21:00:09.0921 5968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:00:09.0921 5968 Atmarpc - ok
21:00:09.0953 5968 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
21:00:09.0953 5968 AudioSrv - ok
21:00:10.0015 5968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:00:10.0015 5968 audstub - ok
21:00:10.0015 5968 AVerTV - ok
21:00:10.0062 5968 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:00:10.0062 5968 Avgfwdx - ok
21:00:10.0062 5968 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
21:00:10.0062 5968 Avgfwfd - ok
21:00:10.0265 5968 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files\AVG\AVG2012\avgfws.exe
21:00:10.0359 5968 avgfws - ok
21:00:12.0328 5968 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
21:00:13.0921 5968 AVGIDSAgent - ok
21:00:16.0843 5968 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
21:00:16.0843 5968 AVGIDSDriver - ok
21:00:16.0859 5968 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
21:00:16.0859 5968 AVGIDSEH - ok
21:00:16.0859 5968 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
21:00:16.0859 5968 AVGIDSFilter - ok
21:00:17.0000 5968 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
21:00:17.0031 5968 AVGIDSShim - ok
21:00:17.0109 5968 Avgldx86 (20f6974b82184ebb838d5d4dae1edfdc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
21:00:17.0828 5968 Avgldx86 - ok
21:00:18.0078 5968 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
21:00:18.0109 5968 Avgmfx86 - ok
21:00:18.0156 5968 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
21:00:18.0171 5968 Avgrkx86 - ok
21:00:18.0796 5968 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
21:00:19.0062 5968 Avgtdix - ok
21:00:21.0765 5968 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:00:21.0796 5968 avgwd - ok
21:00:22.0406 5968 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:00:22.0406 5968 b57w2k - ok
21:00:22.0453 5968 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
21:00:22.0453 5968 BASFND - ok
21:00:22.0531 5968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:00:22.0578 5968 Beep - ok
21:00:22.0578 5968 bgs_sdservice - ok
21:00:22.0625 5968 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
21:00:22.0687 5968 BITS - ok
21:00:22.0750 5968 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
21:00:22.0765 5968 Browser - ok
21:00:22.0765 5968 bthidenum - ok
21:00:22.0765 5968 btwavdt - ok
21:00:22.0796 5968 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
21:00:22.0796 5968 BVRPMPR5 - ok
21:00:22.0812 5968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:00:22.0812 5968 cbidf2k - ok
21:00:22.0828 5968 ccsetmgr - ok
21:00:22.0828 5968 cd20xrnt - ok
21:00:22.0890 5968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:00:22.0890 5968 Cdaudio - ok
21:00:22.0953 5968 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:00:22.0968 5968 Cdfs - ok
21:00:22.0984 5968 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:00:22.0984 5968 Cdrom - ok
21:00:23.0109 5968 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
21:00:23.0140 5968 cercsr6 - ok
21:00:23.0140 5968 Changer - ok
21:00:23.0187 5968 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
21:00:23.0187 5968 CiSvc - ok
21:00:23.0296 5968 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
21:00:23.0328 5968 ClipSrv - ok
21:00:24.0109 5968 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:00:24.0265 5968 clr_optimization_v2.0.50727_32 - ok
21:00:24.0296 5968 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:00:24.0296 5968 CmBatt - ok
21:00:24.0296 5968 CmdIde - ok
21:00:24.0312 5968 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:00:24.0312 5968 Compbatt - ok
21:00:24.0312 5968 COMSysApp - ok
21:00:24.0312 5968 Cpqarray - ok
21:00:24.0375 5968 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
21:00:24.0375 5968 CryptSvc - ok
21:00:24.0421 5968 CTAUDFX.DLL (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\patrolagent.dll
21:00:25.0046 5968 Suspicious file (NoAccess): C:\WINDOWS\system32\patrolagent.dll. md5: 11028c6a84a967070cb1286550f2058f
21:00:25.0046 5968 CTAUDFX.DLL ( Backdoor.Multi.ZAccess.gen ) - infected
21:00:25.0046 5968 CTAUDFX.DLL - detected Backdoor.Multi.ZAccess.gen (0)
21:00:25.0046 5968 CTERFXFX.DLL - ok
21:00:25.0062 5968 curtainssyssvc - ok
21:00:25.0062 5968 dac2w2k - ok
21:00:25.0062 5968 dac960nt - ok
21:00:26.0390 5968 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
21:00:26.0656 5968 DcomLaunch - ok
21:00:27.0687 5968 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
21:00:27.0687 5968 Dhcp - ok
21:00:27.0718 5968 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:00:27.0718 5968 Disk - ok
21:00:27.0718 5968 dladresn - ok
21:00:27.0718 5968 dlaudf_m - ok
21:00:27.0734 5968 dmadmin - ok
21:00:30.0125 5968 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:00:30.0187 5968 dmboot - ok
21:00:30.0187 5968 DMICall - ok
21:00:30.0250 5968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:00:30.0312 5968 dmio - ok
21:00:30.0359 5968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:00:30.0359 5968 dmload - ok
21:00:30.0390 5968 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
21:00:30.0390 5968 dmserver - ok
21:00:31.0203 5968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:00:31.0203 5968 DMusic - ok
21:00:31.0765 5968 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
21:00:31.0765 5968 Dnscache - ok
21:00:32.0046 5968 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
21:00:32.0125 5968 Dot3svc - ok
21:00:32.0125 5968 dpti2o - ok
21:00:32.0187 5968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:00:32.0203 5968 drmkaud - ok
21:00:32.0203 5968 DSI_SiUSBXp_3_1 - ok
21:00:32.0296 5968 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
21:00:32.0312 5968 EapHost - ok
21:00:32.0312 5968 epoxusdm - ok
21:00:33.0312 5968 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
21:00:33.0343 5968 EpsonBidirectionalService - ok
21:00:33.0359 5968 epstnt01 - ok
21:00:33.0953 5968 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
21:00:33.0968 5968 ERSvc - ok
21:00:34.0796 5968 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:00:34.0812 5968 Eventlog - ok
21:00:36.0359 5968 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
21:00:36.0453 5968 EventSystem - ok
21:00:42.0390 5968 EvtEng (c37b83b51cdf10e5bb6f78a7e4fed11a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:00:42.0750 5968 EvtEng - ok
21:00:43.0656 5968 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:00:43.0671 5968 Fastfat - ok
21:00:44.0359 5968 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:00:44.0500 5968 FastUserSwitchingCompatibility - ok
21:00:44.0812 5968 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:00:44.0812 5968 Fdc - ok
21:00:44.0875 5968 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:00:44.0875 5968 Fips - ok
21:00:45.0015 5968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:00:45.0015 5968 Flpydisk - ok
21:00:45.0203 5968 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:00:45.0265 5968 FltMgr - ok
21:00:45.0671 5968 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:00:45.0671 5968 FontCache3.0.0.0 - ok
21:00:46.0093 5968 FreeAgentGoNext Service (9513b437b7adb1e6065b7f0d83d11ecf) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
21:00:46.0296 5968 FreeAgentGoNext Service - ok
21:00:46.0296 5968 Freedom - ok
21:00:46.0531 5968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:00:46.0531 5968 Fs_Rec - ok
21:00:46.0828 5968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:00:46.0828 5968 Ftdisk - ok
21:00:46.0906 5968 getPlus(R) Installer (4be72e2dd8f63eb401bda2a80ed2618f) C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
21:00:46.0906 5968 getPlus(R) Installer - ok
21:00:46.0984 5968 getPlusHelper (360fc9e29ebcd7cb75320e2663eba0f2) C:\Program Files\NOS\bin\getPlus_Helper.dll
21:00:46.0984 5968 getPlusHelper - ok
21:00:47.0046 5968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:00:47.0046 5968 Gpc - ok
21:00:47.0046 5968 GTF32BUS - ok
21:00:47.0140 5968 guardian2 (c0bdab85f3e8b2138c513255e2bcc4d8) C:\WINDOWS\system32\Drivers\oz776.sys
21:00:47.0140 5968 guardian2 - ok
21:00:47.0375 5968 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:47.0375 5968 gupdate - ok
21:00:47.0375 5968 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:00:47.0375 5968 gupdatem - ok
21:00:48.0328 5968 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:00:48.0531 5968 gusvc - ok
21:00:49.0640 5968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:00:49.0718 5968 HDAudBus - ok
21:00:49.0812 5968 helpsvc - ok
21:00:50.0062 5968 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
21:00:50.0078 5968 HidServ - ok
21:00:50.0250 5968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:00:50.0281 5968 HidUsb - ok
21:00:50.0546 5968 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
21:00:50.0578 5968 hkmsvc - ok
21:00:50.0578 5968 hpn - ok
21:00:50.0578 5968 hpzipr12 - ok
21:00:53.0281 5968 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:00:53.0500 5968 HSFHWAZL - ok
21:00:54.0015 5968 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:00:54.0093 5968 HSF_DPV - ok
21:00:54.0140 5968 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:00:54.0156 5968 HTTP - ok
21:00:54.0312 5968 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
21:00:54.0343 5968 HTTPFilter - ok
21:00:54.0343 5968 i2omgmt - ok
21:00:54.0343 5968 i2omp - ok
21:00:54.0390 5968 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:00:54.0406 5968 i8042prt - ok
21:00:54.0406 5968 iaimfp0 - ok
21:00:55.0093 5968 ialm (37eb2dc75d8f6451ae55071610dc24e1) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:00:55.0484 5968 ialm - ok
21:00:55.0656 5968 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:00:55.0734 5968 idsvc - ok
21:00:55.0906 5968 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:00:55.0921 5968 Imapi - ok
21:00:55.0953 5968 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
21:00:56.0015 5968 ImapiService - ok
21:00:56.0015 5968 imountsrv - ok
21:00:56.0015 5968 ini910u - ok
21:00:56.0015 5968 IntelIde - ok
21:00:56.0218 5968 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:00:56.0234 5968 intelppm - ok
21:00:56.0265 5968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:00:56.0265 5968 Ip6Fw - ok
21:00:56.0281 5968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:00:56.0281 5968 IpFilterDriver - ok
21:00:56.0281 5968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:00:56.0281 5968 IpInIp - ok
21:00:56.0343 5968 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:00:56.0343 5968 IpNat - ok
21:00:56.0359 5968 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:00:56.0359 5968 IPSec - ok
21:00:56.0359 5968 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:00:56.0359 5968 IRENUM - ok
21:00:56.0562 5968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:00:56.0562 5968 isapnp - ok
21:00:56.0640 5968 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
21:00:56.0656 5968 Iviaspi - ok
21:00:57.0765 5968 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:00:57.0796 5968 IviRegMgr - ok
21:00:58.0078 5968 JavaQuickStarterService (91061352084424820ac6268808cb8ee3) C:\Program Files\Java\jre6\bin\jqs.exe
21:00:58.0078 5968 JavaQuickStarterService - ok
21:00:58.0593 5968 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:00:58.0625 5968 Kbdclass - ok
21:01:01.0218 5968 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:01:01.0375 5968 kmixer - ok
21:01:02.0578 5968 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:01:02.0593 5968 KSecDD - ok
21:01:03.0234 5968 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
21:01:03.0359 5968 lanmanserver - ok
21:01:04.0078 5968 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
21:01:04.0234 5968 lanmanworkstation - ok
21:01:04.0250 5968 lbrtfdc - ok
21:01:04.0500 5968 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
21:01:04.0515 5968 LmHosts - ok
21:01:04.0515 5968 McciCMService - ok
21:01:04.0515 5968 MCSTRM - ok
21:01:05.0375 5968 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:01:05.0546 5968 MDM - ok
21:01:05.0765 5968 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:01:05.0765 5968 mdmxsdk - ok
21:01:06.0125 5968 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
21:01:06.0156 5968 Messenger - ok
21:01:06.0156 5968 mi-raysat_3dsmax8 - ok
21:01:06.0156 5968 midisyn - ok
21:01:06.0156 5968 mindrepair - ok
21:01:06.0265 5968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:01:06.0281 5968 mnmdd - ok
21:01:06.0500 5968 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
21:01:06.0515 5968 mnmsrvc - ok
21:01:06.0546 5968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:01:06.0562 5968 Modem - ok
21:01:06.0609 5968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:01:06.0609 5968 Mouclass - ok
21:01:06.0640 5968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:01:06.0640 5968 mouhid - ok
21:01:06.0781 5968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:01:06.0796 5968 MountMgr - ok
21:01:06.0796 5968 mraid35x - ok
21:01:06.0843 5968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:01:06.0843 5968 MRxDAV - ok
21:01:09.0109 5968 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:01:09.0250 5968 MRxSmb - ok
21:01:09.0343 5968 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
21:01:09.0343 5968 MSDTC - ok
21:01:09.0437 5968 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:01:09.0453 5968 Msfs - ok
21:01:09.0453 5968 MSIServer - ok
21:01:09.0593 5968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:01:09.0609 5968 MSKSSRV - ok
21:01:09.0625 5968 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:01:09.0625 5968 MSPCLOCK - ok
21:01:09.0640 5968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:01:09.0656 5968 MSPQM - ok
21:01:09.0750 5968 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:01:09.0750 5968 mssmbios - ok
21:01:09.0765 5968 mssqlserver - ok
21:01:10.0078 5968 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:01:10.0125 5968 Mup - ok
21:01:10.0328 5968 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
21:01:10.0343 5968 napagent - ok
21:01:10.0765 5968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:01:10.0843 5968 NDIS - ok
21:01:11.0000 5968 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:01:11.0031 5968 NdisTapi - ok
21:01:11.0062 5968 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:01:11.0062 5968 Ndisuio - ok
21:01:11.0078 5968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:01:11.0125 5968 NdisWan - ok
21:01:11.0390 5968 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:01:11.0390 5968 NDProxy - ok
21:01:11.0406 5968 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:01:11.0421 5968 NetBIOS - ok
21:01:11.0453 5968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:01:11.0484 5968 NetBT - ok
21:01:11.0546 5968 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:01:11.0546 5968 NetDDE - ok
21:01:11.0546 5968 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
21:01:11.0546 5968 NetDDEdsdm - ok
21:01:11.0593 5968 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:01:11.0593 5968 Netlogon - ok
21:01:12.0531 5968 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
21:01:12.0562 5968 Netman - ok
21:01:12.0843 5968 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:01:12.0859 5968 NetTcpPortSharing - ok
21:01:15.0234 5968 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
21:01:15.0546 5968 NETw5x32 - ok
21:01:15.0765 5968 NetwareWorkstation - ok
21:01:15.0796 5968 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:01:15.0796 5968 NIC1394 - ok
21:01:16.0031 5968 NICCONFIGSVC (27d38b7d646283d98d65e3435b1e6197) C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
21:01:16.0046 5968 NICCONFIGSVC - ok
21:01:16.0109 5968 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
21:01:16.0125 5968 Nla - ok
21:01:16.0296 5968 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Program Files\CDBurnerXP\NMSAccessU.exe
21:01:16.0296 5968 NMSAccess - ok
21:01:16.0312 5968 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:01:16.0312 5968 Npfs - ok
21:01:16.0312 5968 npkcrypt - ok
21:01:16.0359 5968 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:01:16.0375 5968 Ntfs - ok
21:01:16.0500 5968 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:01:16.0500 5968 NtLmSsp - ok
21:01:16.0609 5968 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
21:01:16.0625 5968 NtmsSvc - ok
21:01:16.0687 5968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:01:16.0703 5968 Null - ok
21:01:16.0750 5968 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll
21:01:16.0750 5968 NWCWorkstation - ok
21:01:16.0781 5968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:01:16.0781 5968 NwlnkFlt - ok
21:01:16.0796 5968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:01:16.0796 5968 NwlnkFwd - ok
21:01:16.0875 5968 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:01:16.0890 5968 NwlnkIpx - ok
21:01:16.0890 5968 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:01:16.0890 5968 NwlnkNb - ok
21:01:16.0906 5968 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:01:16.0906 5968 NwlnkSpx - ok
21:01:17.0062 5968 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
21:01:17.0062 5968 NWRDR - ok
21:01:17.0078 5968 NWSIPX32 - ok
21:01:17.0078 5968 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:01:17.0078 5968 ohci1394 - ok
21:01:17.0078 5968 opcenum - ok
21:01:17.0093 5968 openvpnservice - ok
21:01:17.0093 5968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
21:01:17.0093 5968 Parport - ok
21:01:17.0109 5968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:01:17.0109 5968 PartMgr - ok
21:01:17.0140 5968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:01:17.0140 5968 ParVdm - ok
21:01:17.0156 5968 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
21:01:17.0156 5968 PCASp50 - ok
21:01:17.0171 5968 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:01:17.0171 5968 PCI - ok
21:01:17.0187 5968 PCIDump - ok
21:01:17.0203 5968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:01:17.0203 5968 PCIIde - ok
21:01:17.0250 5968 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:01:17.0250 5968 Pcmcia - ok
21:01:17.0250 5968 PCTINDIS5 - ok
21:01:17.0265 5968 Pctspk - ok
21:01:17.0265 5968 pcx1unic - ok
21:01:17.0265 5968 PDCOMP - ok
21:01:17.0265 5968 PDFRAME - ok
21:01:17.0281 5968 PDRELI - ok
21:01:17.0281 5968 PDRFRAME - ok
21:01:17.0281 5968 perc2 - ok
21:01:17.0281 5968 perc2hib - ok
21:01:17.0343 5968 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
21:01:17.0343 5968 PlugPlay - ok
21:01:17.0390 5968 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:01:17.0390 5968 PolicyAgent - ok
21:01:17.0421 5968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:01:17.0421 5968 PptpMiniport - ok
21:01:17.0437 5968 procmon10 - ok
21:01:17.0437 5968 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:01:17.0437 5968 ProtectedStorage - ok
21:01:17.0437 5968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:01:17.0453 5968 PSched - ok
21:01:17.0500 5968 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
21:01:17.0500 5968 PSI - ok
21:01:17.0609 5968 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:01:17.0625 5968 PSI_SVC_2 - ok
21:01:17.0656 5968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:01:17.0656 5968 Ptilink - ok
21:01:17.0656 5968 ql1080 - ok
21:01:17.0656 5968 Ql10wnt - ok
21:01:17.0656 5968 ql12160 - ok
21:01:17.0671 5968 ql1240 - ok
21:01:17.0671 5968 ql1280 - ok
21:01:17.0671 5968 quickbooksdb - ok
21:01:17.0765 5968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:01:17.0765 5968 RasAcd - ok
21:01:17.0828 5968 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
21:01:17.0828 5968 RasAuto - ok
21:01:17.0859 5968 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:01:17.0859 5968 Rasl2tp - ok
21:01:17.0906 5968 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
21:01:17.0921 5968 RasMan - ok
21:01:17.0937 5968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:01:17.0937 5968 RasPppoe - ok
21:01:17.0937 5968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:01:17.0937 5968 Raspti - ok
21:01:17.0984 5968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:01:17.0984 5968 Rdbss - ok
21:01:18.0000 5968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:01:18.0015 5968 RDPCDD - ok
21:01:18.0031 5968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:01:18.0062 5968 rdpdr - ok
21:01:18.0109 5968 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
21:01:18.0109 5968 RDPWD - ok
21:01:18.0140 5968 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
21:01:18.0140 5968 RDSessMgr - ok
21:01:18.0171 5968 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:01:18.0171 5968 redbook - ok
21:01:18.0218 5968 regi (001b4278407f4303efc902a2b16f2453) C:\WINDOWS\system32\drivers\regi.sys
21:01:18.0218 5968 regi - ok
21:01:18.0453 5968 RegSrvc (c96980cccf84329824623b0b50383703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:01:18.0468 5968 RegSrvc - ok
21:01:18.0687 5968 RemoteAccess (
-
May 12th, 2012, 12:14 AM
#6
TSS Continued
7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
21:01:18.0687 5968 RemoteAccess - ok
21:01:18.0734 5968 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
21:01:18.0734 5968 RemoteRegistry - ok
21:01:18.0781 5968 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
21:01:18.0781 5968 RimVSerPort - ok
21:01:18.0796 5968 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
21:01:18.0796 5968 ROOTMODEM - ok
21:01:18.0812 5968 roxliveshare9 - ok
21:01:18.0843 5968 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
21:01:18.0843 5968 RpcLocator - ok
21:01:19.0046 5968 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
21:01:19.0046 5968 RpcSs - ok
21:01:19.0093 5968 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
21:01:19.0093 5968 RSVP - ok
21:01:19.0109 5968 RushTopDevice - ok
21:01:19.0109 5968 rxmssync - ok
21:01:19.0125 5968 s125mgmt - ok
21:01:19.0375 5968 S24EventMonitor (0fcb7eeb0e81a777735a5af185f56c2b) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
21:01:19.0421 5968 S24EventMonitor - ok
21:01:19.0578 5968 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:01:19.0593 5968 s24trans - ok
21:01:19.0640 5968 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
21:01:19.0640 5968 SamSs - ok
21:01:19.0671 5968 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
21:01:19.0687 5968 SCardSvr - ok
21:01:19.0750 5968 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
21:01:19.0765 5968 Schedule - ok
21:01:19.0765 5968 se44mdfl - ok
21:01:19.0765 5968 se44nd5 - ok
21:01:19.0781 5968 se58mdfl - ok
21:01:19.0796 5968 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:01:19.0796 5968 Secdrv - ok
21:01:19.0921 5968 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
21:01:19.0921 5968 seclogon - ok
21:01:20.0359 5968 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
21:01:20.0406 5968 Secunia PSI Agent - ok
21:01:20.0468 5968 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
21:01:20.0484 5968 Secunia Update Agent - ok
21:01:20.0703 5968 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
21:01:20.0703 5968 SENS - ok
21:01:20.0750 5968 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:01:20.0750 5968 serenum - ok
21:01:20.0765 5968 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:01:20.0765 5968 Serial - ok
21:01:20.0828 5968 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:01:20.0859 5968 Sfloppy - ok
21:01:20.0906 5968 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
21:01:20.0921 5968 SharedAccess - ok
21:01:20.0968 5968 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:01:20.0968 5968 ShellHWDetection - ok
21:01:20.0968 5968 Simbad - ok
21:01:20.0968 5968 Sparrow - ok
21:01:20.0984 5968 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:01:20.0984 5968 splitter - ok
21:01:21.0031 5968 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
21:01:21.0031 5968 Spooler - ok
21:01:21.0031 5968 sqlagent$sony_mediamgr - ok
21:01:21.0062 5968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:01:21.0062 5968 sr - ok
21:01:21.0187 5968 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
21:01:21.0203 5968 srservice - ok
21:01:21.0250 5968 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:01:21.0265 5968 Srv - ok
21:01:21.0281 5968 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
21:01:21.0281 5968 SSDPSRV - ok
21:01:21.0296 5968 sshrmd - ok
21:01:21.0343 5968 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe
21:01:21.0343 5968 STacSV - ok
21:01:21.0375 5968 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
21:01:21.0375 5968 StarOpen - ok
21:01:21.0546 5968 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
21:01:21.0609 5968 STHDA - ok
21:01:21.0828 5968 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
21:01:21.0843 5968 stisvc - ok
21:01:21.0890 5968 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:01:21.0890 5968 swenum - ok
21:01:21.0906 5968 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:01:21.0906 5968 swmidi - ok
21:01:21.0937 5968 swmsflt (57bbaef27dc790160245b43eb6dcd576) C:\WINDOWS\System32\drivers\swmsflt.sys
21:01:21.0953 5968 swmsflt - ok
21:01:21.0968 5968 SWNC8U80 (7ae593fe3d78195987505da0a7e91542) C:\WINDOWS\system32\DRIVERS\swnc8u80.sys
21:01:21.0984 5968 SWNC8U80 - ok
21:01:21.0984 5968 SwPrv - ok
21:01:22.0078 5968 SWUMX80 (3076a3bb7c340bbf851075dd2ebad03f) C:\WINDOWS\system32\DRIVERS\swumx80.sys
21:01:22.0078 5968 SWUMX80 - ok
21:01:22.0093 5968 symc810 - ok
21:01:22.0093 5968 symc8xx - ok
21:01:22.0093 5968 sym_hi - ok
21:01:22.0109 5968 sym_u3 - ok
21:01:22.0140 5968 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:01:22.0140 5968 sysaudio - ok
21:01:22.0171 5968 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
21:01:22.0187 5968 SysmonLog - ok
21:01:22.0187 5968 szkg - ok
21:01:22.0187 5968 tabletservice - ok
21:01:22.0234 5968 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
21:01:22.0250 5968 TapiSrv - ok
21:01:22.0421 5968 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:01:22.0437 5968 Tcpip - ok
21:01:22.0500 5968 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:01:22.0500 5968 TDPIPE - ok
21:01:22.0515 5968 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:01:22.0515 5968 TDTCP - ok
21:01:22.0546 5968 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:01:22.0546 5968 TermDD - ok
21:01:22.0625 5968 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
21:01:22.0656 5968 TermService - ok
21:01:22.0703 5968 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
21:01:22.0703 5968 Themes - ok
21:01:22.0703 5968 thkeys - ok
21:01:22.0734 5968 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
21:01:22.0750 5968 TlntSvr - ok
21:01:23.0031 5968 TOSHIBA Bluetooth Service (2e7315b147e524e055026e6634b14ea6) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:01:23.0031 5968 TOSHIBA Bluetooth Service - ok
21:01:23.0031 5968 TosIde - ok
21:01:23.0078 5968 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\drivers\Tosrfcom.sys
21:01:23.0078 5968 Tosrfcom - ok
21:01:23.0125 5968 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
21:01:23.0125 5968 TrkWks - ok
21:01:23.0156 5968 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:01:23.0156 5968 Udfs - ok
21:01:23.0171 5968 ultra - ok
21:01:23.0281 5968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:01:23.0296 5968 Update - ok
21:01:23.0328 5968 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
21:01:23.0343 5968 upnphost - ok
21:01:23.0359 5968 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
21:01:23.0375 5968 UPS - ok
21:01:23.0375 5968 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:01:23.0390 5968 usbccgp - ok
21:01:23.0421 5968 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
21:01:23.0421 5968 USBCCID - ok
21:01:23.0468 5968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:01:23.0468 5968 usbehci - ok
21:01:23.0562 5968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:01:23.0562 5968 usbhub - ok
21:01:23.0609 5968 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:01:23.0609 5968 usbprint - ok
21:01:23.0625 5968 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:01:23.0625 5968 usbscan - ok
21:01:23.0625 5968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:01:23.0625 5968 USBSTOR - ok
21:01:23.0671 5968 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:01:23.0671 5968 usbuhci - ok
21:01:23.0718 5968 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
21:01:23.0718 5968 usb_rndisx - ok
21:01:23.0750 5968 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:01:23.0750 5968 VgaSave - ok
21:01:23.0750 5968 ViaIde - ok
21:01:23.0859 5968 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:01:23.0859 5968 VolSnap - ok
21:01:23.0906 5968 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
21:01:23.0921 5968 VSS - ok
21:01:24.0171 5968 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
21:01:24.0187 5968 vToolbarUpdater11.0.2 - ok
21:01:24.0281 5968 VX1000 - ok
21:01:24.0328 5968 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
21:01:24.0343 5968 W32Time - ok
21:01:24.0453 5968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:01:24.0453 5968 Wanarp - ok
21:01:24.0562 5968 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
21:01:24.0562 5968 wceusbsh - ok
21:01:24.0562 5968 WDICA - ok
21:01:24.0828 5968 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:01:24.0843 5968 wdmaud - ok
21:01:24.0875 5968 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
21:01:24.0890 5968 WebClient - ok
21:01:24.0968 5968 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:01:25.0500 5968 winachsf - ok
21:01:26.0046 5968 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
21:01:26.0062 5968 winmgmt - ok
21:01:26.0296 5968 WLANKEEPER (c9b9942eeca0b82e35d60627e365510a) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
21:01:26.0312 5968 WLANKEEPER - ok
21:01:26.0468 5968 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:01:26.0609 5968 wlidsvc - ok
21:01:26.0734 5968 wmconnectcds - ok
21:01:26.0843 5968 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
21:01:26.0843 5968 WmdmPmSN - ok
21:01:26.0906 5968 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
21:01:26.0937 5968 Wmi - ok
21:01:26.0984 5968 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:01:26.0984 5968 WmiAcpi - ok
21:01:27.0031 5968 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:01:27.0078 5968 WmiApSrv - ok
21:01:27.0218 5968 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
21:01:27.0250 5968 WMPNetworkSvc - ok
21:01:27.0281 5968 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:01:27.0281 5968 WS2IFSL - ok
21:01:27.0390 5968 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
21:01:27.0406 5968 wscsvc - ok
21:01:27.0437 5968 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
21:01:27.0437 5968 wuauserv - ok
21:01:27.0484 5968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:01:27.0484 5968 WudfPf - ok
21:01:27.0515 5968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:01:27.0515 5968 WudfRd - ok
21:01:27.0531 5968 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
21:01:27.0546 5968 WudfSvc - ok
21:01:27.0593 5968 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
21:01:27.0718 5968 WZCSVC - ok
21:01:27.0765 5968 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
21:01:27.0765 5968 xmlprov - ok
21:01:27.0921 5968 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:01:28.0125 5968 YahooAUService - ok
21:01:28.0125 5968 ZTEusbnmea - ok
21:01:28.0156 5968 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:01:28.0359 5968 \Device\Harddisk0\DR0 - ok
21:01:28.0359 5968 Boot (0x1200) (dc49b04989c15dd37f45d4e42df261d3) \Device\Harddisk0\DR0\Partition0
21:01:28.0359 5968 \Device\Harddisk0\DR0\Partition0 - ok
21:01:28.0359 5968 ============================================================
21:01:28.0359 5968 Scan finished
21:01:28.0359 5968 ============================================================
21:01:28.0359 6028 Detected object count: 1
21:01:28.0359 6028 Actual detected object count: 1
21:01:39.0234 6028 HKLM\SYSTEM\ControlSet001\services\CTAUDFX.DLL - will be deleted on reboot
21:01:39.0250 6028 HKLM\SYSTEM\ControlSet003\services\CTAUDFX.DLL - will be deleted on reboot
21:01:39.0250 6028 C:\WINDOWS\system32\patrolagent.dll - will be deleted on reboot
21:01:39.0250 6028 CTAUDFX.DLL ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
21:01:50.0531 5780 Deinitialize success
-
May 12th, 2012, 12:15 AM
#7
Good 
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
* Rkill.com
* Rkill.scr
* Rkill.exe- Double-click on the Rkill icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
May 12th, 2012, 05:11 PM
#8
ComboFix 12-05-12.01 - J 05/12/2012 13:33:31.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1624 [GMT -7:00]
Running from: c:\documents and settings\J\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\data\default\us_sres.data
c:\documents and settings\All Users.WINDOWS\Application Data\C77A7795A3.sys
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\affid.dat
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\basis.xml
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\26aaf652b3ae60696a4875f485da2f86
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2c0866eff6bd651d7705083c57c9c861
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2cc60d08b36af576b11419505050cc6e
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\36eaa177f2d8f2bfa896ffe0bad8da4c
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\36edbd9cd1d972f7b815c3c429d9e778
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\44567846e0387d6a62062ab4dbf9ae96
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\52b66d6979ef2abcea9a736d1b4dbc82
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\55530fb29e38adc73be87b89e8e117a8
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\5d25dd004ed9512e16e1d76d6deb2a6c
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\5fd3f5c3fd3db5f74514faae234b8696
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\6a56174a168dc8fca375dc7cd61c18f5
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\7733c9c3ed02aa1e80280cd7a9562a4b
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\85b55f73cd2fdbebf9c62bf41a441f58
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\89c35566d3dfdce78572ff8c2a627ad2
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\8ab3fdb54b7b6f11d0c790c70f095874
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9840cd5f73490a37d4f3e47107ced675
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9c3596c411a589640d5b168191fe798e
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\acfc834035dccfb94e7f9067f5d48a83
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\b30941c4afc9d6fa6a414b7c660204ed
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\bdcf0ed363b85538f740c9b718bf611c
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c0adac2edd5c977d9e6a5f82ada0fdd8
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c0b9e89d52d9e1ff85c2db9f694af77d
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c2a0aae22a7f344f04bdffc005fa544d
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c594d37e13c887da6ddc9975fa9aae82
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\cb6e63c98e12bf07d58131fbb0acdae6
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d57d3f554ba48c6d60c03fb39c9099f9
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\db97ecdde59727f50132d25b008ece4e
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\e7e23f8f3874d20ca9d6ab1142c87fbe
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\fc57bf3aee1b4ac0db547af3a4f4a1b1
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\icons.bmp
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\1f309765609a26e7c44ccc577a8a74e9
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\9bc34cb630e6bb5fdb6df3f56a2d7547
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\a6b657a8823571e74ebda229636a7a39
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\bed451b804917e36436a4f70c8ee5e94
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\include_files\f797bcfc109365e8b4391d3bf56168a0
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\info.txt
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\install.ico
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbback.bmp
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbbigopen.bmp
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbclose.bmp
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbfwd.bmp
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\mbsep.bmp
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\nav1c.bmp
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\tbcore3.inf
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\TbHelper2.exe
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\uninstall.exe
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\UninstallToolbar.exe
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\update.exe
c:\documents and settings\J\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\version.txt
c:\documents and settings\J\g2mdlhlpx.exe
c:\windows\$NtUninstallKB26629$\2142412392
c:\windows\$NtUninstallKB26629$\2715994599\@
c:\windows\$NtUninstallKB26629$\2715994599\cfg.ini
c:\windows\$NtUninstallKB26629$\2715994599\Desktop.ini
c:\windows\$NtUninstallKB26629$\2715994599\L\sdimkhbw
c:\windows\$NtUninstallKB26629$\2715994599\oemid
c:\windows\$NtUninstallKB26629$\2715994599\U\00000001.@
c:\windows\$NtUninstallKB26629$\2715994599\U\00000002.@
c:\windows\$NtUninstallKB26629$\2715994599\U\00000004.@
c:\windows\$NtUninstallKB26629$\2715994599\U\80000000.@
c:\windows\$NtUninstallKB26629$\2715994599\U\80000004.@
c:\windows\$NtUninstallKB26629$\2715994599\U\80000032.@
c:\windows\$NtUninstallKB26629$\2715994599\version
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 20:27 . 2012-05-12 20:27 -------- d-----w- c:\documents and settings\J\Local Settings\Application Data\PCHealth
2012-05-12 04:01 . 2012-05-12 04:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-12 03:52 . 2012-05-12 03:52 -------- d-----w- c:\documents and settings\J\Local Settings\Application Data\AVG Secure Search
2012-05-12 03:52 . 2012-05-12 03:52 -------- d-----w- c:\documents and settings\J\Application Data\AVG Secure Search
2012-05-12 03:52 . 2012-05-12 03:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Secure Search
2012-05-12 03:52 . 2012-05-12 03:52 -------- d-----w- c:\program files\AVG Secure Search
2012-05-12 01:45 . 2012-05-12 20:14 -------- d--h--w- c:\windows\$hf_mig$
2012-05-06 21:07 . 2012-05-06 21:07 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-06 20:26 . 2012-05-12 20:08 -------- d-----w- c:\windows\system32\wbem\Logs
2012-05-05 15:53 . 2012-05-05 15:53 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY.000\Application Data\RealNetworks
2012-05-01 17:55 . 2012-05-01 17:55 -------- d-----w- c:\program files\Citrix
2012-04-28 02:08 . 2012-04-28 02:08 -------- d-----w- c:\documents and settings\J\Application Data\RealNetworks
2012-04-18 22:17 . 2012-04-18 22:17 -------- d-----w- c:\documents and settings\J\Application Data\SupportSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 01:48 . 2012-04-11 21:26 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-12 01:48 . 2011-10-15 18:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 06:36 . 2009-08-09 08:19 5174 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2012-04-11 13:14 . 2005-03-30 01:21 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-04 10:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2005-03-30 01:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 22:56 . 2011-09-30 22:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 11:01 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-04 10:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2004-08-04 10:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-12 03:52 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-12 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-10-20 1693184]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-07-09 49968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2009-11-03 1372160]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-11-03 1202448]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-08-01 65536]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-28 296056]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-12 1116544]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07 49968 ------w- c:\program files\AIM6\aim6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 18:12 976320 ------w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]
2009-12-03 07:00 847872 ------w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2011-03-01 19:52 126976 ------w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 20:39 1289000 ------w- c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-06-23 20:00 173592 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-06-23 20:00 141336 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-26 06:31 185640 ------w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 08:18 6276408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 19:12 288080 ------w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-06-23 20:00 142360 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-10-07 17:43 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-12-28 17:58 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 630(Network)]
2010-01-12 06:01 201216 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIGBA.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Sprite Software\\Sprite Backup\\spriteservice.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool10\\ENEasyApp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:* isabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 6:07 PM 759048]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [5/11/2012 8:52 PM 932736]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 1:13 PM 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe --> c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [?]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [8/9/2009 12:55 AM 59552]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 1:13 PM 135664]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [8/20/2008 1:35 PM 168192]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [8/20/2008 1:36 PM 142976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
CTAUDFX.DLL
epstnt01
roxliveshare9
se44nd5
btwavdt
ccsetmgr
bgs_sdservice
imountsrv
tabletservice
aolservice
quickbooksdb
szkg
mindrepair
sshrmd
VX1000
procmon10
DSI_SiUSBXp_3_1
bthidenum
GTF32BUS
iaimfp0
se58mdfl
CTERFXFX.DLL
hpzipr12
Freedom
npkcrypt
mi-raysat_3dsmax8
grmnusb
siswlsvc
pserve
asmagent
mssqlserver
s125mgmt
McciCMService
RushTopDevice
wmconnectcds
opcenum
midisyn
rxmssync
dlaudf_m
openvpnservice
sqlagent$sony_mediamgr
ati
Pctspk
AVerTV
pcx1unic
NetwareWorkstation
NWSIPX32
dladresn
thkeys
epoxusdm
se44mdfl
DMICall
curtainssyssvc
ZTEusbnmea
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:13]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 20:13]
.
2012-05-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
2012-05-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.65
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-53703510.sys
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-12 13:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-1123561945-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2012-05-12 13:43:47
ComboFix-quarantined-files.txt 2012-05-12 20:43
.
Pre-Run: 69,244,080,128 bytes free
Post-Run: 69,244,178,432 bytes free
.
- - End Of File - - 6E6E5C416B39ECFA6DF6A86C3E21D001
-
May 12th, 2012, 06:42 PM
#9
Looks good.
How is computer doing?
You can reinstall AVG now.
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
-
May 14th, 2012, 01:43 PM
#10
Thanks Broni,
Computer seems to be better. Here is the OTL log:
OTL logfile created on: 5/14/2012 8:10:34 AM - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\J\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.97% Memory free
3.84 Gb Paging File | 3.12 Gb Available in Paging File | 81.40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 63.23 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
Computer Name: J | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/14 00:38:28 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/05/14 00:27:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\OTL.exe
PRC - [2012/05/11 20:52:11 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/12/28 10:58:37 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/04/18 23:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/12/03 00:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009/11/03 15:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/11/03 15:45:52 | 000,348,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2009/11/03 15:45:48 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009/11/03 15:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/11/03 15:35:14 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009/11/03 15:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/10/20 12:08:26 | 001,693,184 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/07/09 13:07:14 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/22 12:43:38 | 001,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/09/28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/07/31 22:10:04 | 000,065,536 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/14 00:38:28 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/05/11 20:52:11 | 000,932,736 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009/11/03 15:35:46 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/02/22 12:45:06 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2007/04/02 05:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2004/07/20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Exportit.dll -- (ZTEusbnmea)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZuneBusEnum.dll -- (wmconnectcds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nsausvc.dll -- (VX1000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PDExchange.dll -- (thkeys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rppkt.dll -- (tabletservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nod32krn.dll -- (szkg)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk23.dll -- (sshrmd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anbmservice.dll -- (sqlagent$sony_mediamgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ctac32k.dll -- (siswlsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symwsc.dll -- (se58mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spbbcdrv.dll -- (se44nd5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SANDRA.dll -- (se44mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MTDVC2.dll -- (s125mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pfc.dll -- (rxmssync)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FVXSCSI.dll -- (RushTopDevice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmx86.dll -- (roxliveshare9)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hddsvc.dll -- (quickbooksdb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\moufiltr.dll -- (pserve)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asc.dll -- (pcx1unic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\caboagp.dll -- (Pctspk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intcazaudaddservice.dll -- (openvpnservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PCDCODEC.dll -- (opcenum)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dobex.dll -- (NWSIPX32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cvslock.dll -- (npkcrypt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rasirda.dll -- (NetwareWorkstation)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthusb.dll -- (mssqlserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rampartsvc.dll -- (mi-raysat_3dsmax8)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\merakcontrol.dll -- (mindrepair)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\diskperf.dll -- (midisyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\parallel.dll -- (McciCMService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ultra66.dll -- (imountsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMCB000.dll -- (iaimfp0)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARPolicy.dll -- (hpzipr12)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\acdpowerservice.dll -- (GTF32BUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asapiw2k.dll -- (grmnusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\forcewarewebinterface.dll -- (Freedom)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59bus.dll -- (epstnt01)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Cnd5.dll -- (epoxusdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tlntsvr.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asuskeyboardservice.dll -- (DMICall)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sysenforce.dll -- (dlaudf_m)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafadmincontroller.dll -- (dladresn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\webdriveservice.dll -- (curtainssyssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tifm.dll -- (CTERFXFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adpu320.dll -- (ccsetmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\matlabserver.dll -- (btwavdt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GoToAssist.dll -- (bthidenum)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59mdm.dll -- (bgs_sdservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ftpqueue.dll -- (AVerTV)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\InCDsrvR.dll -- (ati)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NetMsmqActivator.dll -- (asmagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\agnwifi.dll -- (aolservice)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/11 20:52:11 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/04/18 23:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/04/18 23:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/19 19:30:16 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/11/03 15:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/11/03 15:45:52 | 000,348,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
SRV - [2009/11/03 15:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2009/11/03 15:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/03/16 17:45:14 | 000,059,552 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Installer) getPlus(R)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/22 12:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/09/28 16:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/19 14:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\J\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/09/01 01:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/30 01:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/26 05:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/11/20 21:59:02 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/08/22 10:05:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/08/20 13:36:36 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/08/20 13:35:40 | 000,168,192 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2008/08/13 16:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/04/13 11:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/12/23 17:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/10/02 11:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/12/19 14:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
DRV - [2005/05/13 17:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2004/08/04 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\SearchScopes\{0A14659A-AE77-4193-A55E-86845BB03D2C}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7_____en
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BAD4BD95-15B4-488C-B216-42D5BFC61243}&mid=1203937332784de34826ec8987c1dc23-8fdd32cdf26dc121a6623b9df2d598130581f433&lang=en&ds=AVG&pr=pr&d=2012-05-14 00:38:29&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\SearchScopes\{98954B46-76A8-4375-8D7C-7C6A2AB92B07}: "URL" = http://search.avg.com/route/?d=4bb6354a&v=6.103.18.1&i=26&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111007&iesrc={referrer:source}
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20100835,6686,0,8,0
IE - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/28 10:58:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search\10.0.0.7\ [2012/05/14 00:38:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/14 00:38:40 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\J\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\J\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
O1 HOSTS File: ([2012/05/12 13:09:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\DealBulldog Toolbar\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1547161642-1123561945-725345543-1003..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-1547161642-1123561945-725345543-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1547161642-1123561945-725345543-1003..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1123561945-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://aic.lgservice.com/DjvuViewer/...trol-6.1.4.cab (DjVuCtl Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1300153419109 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BA49C02-D51D-4B40-8632-AF2520C5182B}: DhcpNameServer = 192.168.0.1 205.171.3.65
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/09 20:05:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: CTAUDFX.DLL - File not found
NetSvcs: epstnt01 - %systemroot%\system32\se59bus.dll File not found
NetSvcs: roxliveshare9 - %systemroot%\system32\vmx86.dll File not found
NetSvcs: se44nd5 - %systemroot%\system32\spbbcdrv.dll File not found
NetSvcs: btwavdt - %systemroot%\system32\matlabserver.dll File not found
NetSvcs: ccsetmgr - %systemroot%\system32\adpu320.dll File not found
NetSvcs: bgs_sdservice - %systemroot%\system32\se59mdm.dll File not found
NetSvcs: imountsrv - %systemroot%\system32\ultra66.dll File not found
NetSvcs: tabletservice - %systemroot%\system32\rppkt.dll File not found
NetSvcs: aolservice - %systemroot%\system32\agnwifi.dll File not found
NetSvcs: quickbooksdb - %systemroot%\system32\hddsvc.dll File not found
NetSvcs: szkg - %systemroot%\system32\nod32krn.dll File not found
NetSvcs: mindrepair - %systemroot%\system32\merakcontrol.dll File not found
NetSvcs: sshrmd - %systemroot%\system32\PSSdk23.dll File not found
NetSvcs: VX1000 - %systemroot%\system32\nsausvc.dll File not found
NetSvcs: procmon10 - File not found
NetSvcs: DSI_SiUSBXp_3_1 - %systemroot%\system32\tlntsvr.dll File not found
NetSvcs: bthidenum - %systemroot%\system32\GoToAssist.dll File not found
NetSvcs: GTF32BUS - %systemroot%\system32\acdpowerservice.dll File not found
NetSvcs: iaimfp0 - %systemroot%\system32\SMCB000.dll File not found
NetSvcs: se58mdfl - %systemroot%\system32\symwsc.dll File not found
NetSvcs: CTERFXFX.DLL - %systemroot%\system32\tifm.dll File not found
NetSvcs: hpzipr12 - %systemroot%\system32\ARPolicy.dll File not found
NetSvcs: Freedom - %systemroot%\system32\forcewarewebinterface.dll File not found
NetSvcs: npkcrypt - %systemroot%\system32\cvslock.dll File not found
NetSvcs: mi-raysat_3dsmax8 - %systemroot%\system32\rampartsvc.dll File not found
NetSvcs: grmnusb - %systemroot%\system32\asapiw2k.dll File not found
NetSvcs: siswlsvc - %systemroot%\system32\ctac32k.dll File not found
NetSvcs: pserve - %systemroot%\system32\moufiltr.dll File not found
NetSvcs: asmagent - %systemroot%\system32\NetMsmqActivator.dll File not found
NetSvcs: mssqlserver - %systemroot%\system32\bthusb.dll File not found
NetSvcs: s125mgmt - %systemroot%\system32\MTDVC2.dll File not found
NetSvcs: McciCMService - %systemroot%\system32\parallel.dll File not found
NetSvcs: RushTopDevice - %systemroot%\system32\FVXSCSI.dll File not found
NetSvcs: wmconnectcds - %systemroot%\system32\ZuneBusEnum.dll File not found
NetSvcs: opcenum - %systemroot%\system32\PCDCODEC.dll File not found
NetSvcs: midisyn - %systemroot%\system32\diskperf.dll File not found
NetSvcs: rxmssync - %systemroot%\system32\pfc.dll File not found
NetSvcs: dlaudf_m - %systemroot%\system32\sysenforce.dll File not found
NetSvcs: openvpnservice - %systemroot%\system32\intcazaudaddservice.dll File not found
NetSvcs: sqlagent$sony_mediamgr - %systemroot%\system32\anbmservice.dll File not found
NetSvcs: ati - %systemroot%\system32\InCDsrvR.dll File not found
NetSvcs: Pctspk - %systemroot%\system32\caboagp.dll File not found
NetSvcs: AVerTV - %systemroot%\system32\ftpqueue.dll File not found
NetSvcs: pcx1unic - %systemroot%\system32\asc.dll File not found
NetSvcs: NetwareWorkstation - %systemroot%\system32\rasirda.dll File not found
NetSvcs: NWSIPX32 - %systemroot%\system32\SE2Dobex.dll File not found
NetSvcs: dladresn - %systemroot%\system32\cwafadmincontroller.dll File not found
NetSvcs: thkeys - %systemroot%\system32\PDExchange.dll File not found
NetSvcs: epoxusdm - %systemroot%\system32\se2Cnd5.dll File not found
NetSvcs: se44mdfl - %systemroot%\system32\SANDRA.dll File not found
NetSvcs: DMICall - %systemroot%\system32\asuskeyboardservice.dll File not found
NetSvcs: curtainssyssvc - %systemroot%\system32\webdriveservice.dll File not found
NetSvcs: ZTEusbnmea - %systemroot%\system32\Exportit.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1056
========== Files/Folders - Created Within 30 Days ==========
[2012/05/14 00:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\Application Data\AVG2012
[2012/05/14 00:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\AVG 2012
[2012/05/14 00:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/14 00:27:36 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\OTL.exe
[2012/05/13 23:59:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/12 14:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\scanner
[2012/05/12 14:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\Saved pictures
[2012/05/12 14:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\Messaging
[2012/05/12 14:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\LOST.DIR
[2012/05/12 14:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\gmutils
[2012/05/12 14:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\download
[2012/05/12 14:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\dcim
[2012/05/12 14:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\cache
[2012/05/12 14:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\bcr
[2012/05/12 14:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\Android
[2012/05/12 14:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\My Documents\.android_secure
[2012/05/12 13:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\Local Settings\Application Data\PCHealth
[2012/05/11 21:37:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/11 21:37:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/11 21:37:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/11 21:37:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/11 21:37:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/11 21:34:33 | 004,490,121 | R--- | C] (Swearware) -- C:\Documents and Settings\J\Desktop\ComboFix.exe
[2012/05/11 21:01:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/11 20:58:44 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\J\Desktop\tdsskiller.exe
[2012/05/11 20:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\Local Settings\Application Data\AVG Secure Search
[2012/05/11 20:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\Application Data\AVG Secure Search
[2012/05/11 20:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[2012/05/11 18:45:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/05/01 10:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2012/04/27 19:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\Application Data\RealNetworks
[2012/04/18 15:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\J\Application Data\SupportSoft
========== Files - Modified Within 30 Days ==========
[2012/05/14 08:02:49 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-725345543-1003.job
[2012/05/14 08:02:46 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
-
May 14th, 2012, 10:44 PM
#11
========== Files - Modified Within 30 Days ==========
[2012/05/14 08:02:49 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-725345543-1003.job
[2012/05/14 08:02:46 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/14 08:02:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 08:01:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/14 07:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 02:33:57 | 098,133,237 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/05/14 02:33:11 | 000,025,204 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/05/14 01:02:32 | 000,625,339 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2012/05/14 00:38:40 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2012.lnk
[2012/05/14 00:27:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\OTL.exe
[2012/05/13 03:05:20 | 000,480,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/13 03:05:20 | 000,088,030 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/12 13:22:27 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 13:14:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/12 13:09:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/11 21:34:34 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\J\Desktop\ComboFix.exe
[2012/05/11 21:29:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/11 20:59:17 | 000,000,495 | ---- | M] () -- C:\Documents and Settings\J\Desktop\Resume TDSSKiller download.lnk
[2012/05/11 20:59:03 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\J\Desktop\tdsskiller.exe
[2012/05/11 20:47:53 | 000,895,800 | ---- | M] () -- C:\Documents and Settings\J\Desktop\tdsskiller setup.exe
[2012/05/07 13:05:49 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Chrome.lnk
[2012/05/06 20:14:40 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\J\Desktop\MBR.dat
[2012/05/05 23:36:42 | 000,005,174 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
[2012/05/02 09:58:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-725345543-1003.job
[2012/04/27 19:03:06 | 000,193,014 | ---- | M] () -- C:\Documents and Settings\J\Desktop\Save.bmp
[2012/04/26 00:37:31 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
========== Files Created - No Company Name ==========
[2012/05/14 00:38:40 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG 2012.lnk
[2012/05/12 14:28:44 | 000,118,784 | ---- | C] () -- C:\Documents and Settings\J\My Documents\.scanner_undo
[2012/05/12 14:28:44 | 000,000,236 | ---- | C] () -- C:\Documents and Settings\J\My Documents\.config_c38
[2012/05/12 14:27:03 | 000,649,195 | ---- | C] () -- C:\Documents and Settings\J\My Documents\recording.mp4
[2012/05/11 21:37:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/11 21:37:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/11 21:37:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/11 21:37:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/11 21:37:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/11 20:55:40 | 000,000,495 | ---- | C] () -- C:\Documents and Settings\J\Desktop\Resume TDSSKiller download.lnk
[2012/05/11 20:47:53 | 000,895,800 | ---- | C] () -- C:\Documents and Settings\J\Desktop\tdsskiller setup.exe
[2012/04/27 19:03:06 | 000,193,014 | ---- | C] () -- C:\Documents and Settings\J\Desktop\Save.bmp
[2012/02/14 17:24:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 01:49:22 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/01/30 20:54:53 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/10/08 01:16:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2011/09/28 16:58:19 | 000,000,261 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/12/14 20:04:13 | 000,001,375 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2010/12/14 20:04:10 | 000,001,363 | ---- | C] () -- C:\WINDOWS\dhstatus.dat
[2010/12/13 20:59:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010/12/13 15:36:58 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/12/13 15:36:57 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/12/13 15:36:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010/12/13 15:36:57 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/12/13 15:36:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010/12/13 15:36:57 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/12/13 15:36:57 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/12/13 15:36:57 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/12/13 15:36:57 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/12/13 15:36:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/12/13 15:36:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/12/13 15:36:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/12/13 15:36:57 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/12/13 15:36:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/12/13 15:36:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/12/13 15:36:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/12/13 15:31:19 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF630.ini
[2010/10/10 11:32:01 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/08 20:37:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
[2010/10/07 19:07:23 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\J\Application Data\burnaware.ini
========== LOP Check ==========
[2009/06/09 20:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\acccore
[2008/05/04 22:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Aim
[2009/06/09 20:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Amazon
[2009/06/09 20:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Bytemobile
[2009/06/09 20:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Cingular
[2009/06/09 20:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\EPSON
[2009/06/09 20:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\HotSync
[2009/06/09 20:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\IBM
[2009/06/09 20:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\InterVideo
[2009/06/09 20:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Leadertech
[2009/06/09 20:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Sammsoft
[2009/06/09 20:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\WeatherBug
[2009/06/09 20:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/06/09 20:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cingular
[2009/06/09 20:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/06/09 20:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/06/09 20:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2009/06/09 20:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/06/09 20:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/09 20:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/07/22 00:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
[2011/09/25 14:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AT&T
[2012/05/14 00:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Secure Search
[2012/05/14 00:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG2012
[2010/04/02 11:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg9
[2012/01/30 20:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2009/07/11 22:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
[2012/01/03 18:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driver Manager
[2011/11/04 17:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
[2012/05/14 02:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MFAData
[2011/01/23 04:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2011/07/05 13:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Qwest
[2010/04/10 21:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Seagate
[2011/09/25 19:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UAB
[2010/12/13 15:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\UDL
[2012/01/30 20:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WeCareReminder
[2009/07/22 00:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\acccore
[2010/10/06 11:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Acoustica
[2010/09/28 14:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Amazon
[2009/07/22 22:57:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\AT&T
[2011/09/30 12:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\AVG
[2012/05/11 20:52:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\AVG Secure Search
[2012/05/14 00:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\AVG2012
[2011/03/01 20:27:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\AVG9
[2012/01/30 20:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Canneverbe Limited
[2009/07/22 22:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\DBUpdater
[2011/10/06 11:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\ElevatedDiagnostics
[2011/05/31 19:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\EPSON
[2011/10/19 13:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Foxit Software
[2009/08/09 00:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\InterVideo
[2010/12/13 16:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Leadertech
[2012/01/30 20:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\OpenCandy
[2009/07/22 22:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Sierra Wireless
[2009/09/29 13:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Sprite Software
[2012/04/18 15:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\SupportSoft
[2011/09/25 15:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\Tific
[2012/03/13 19:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\uTorrent
[2009/12/13 11:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J\Application Data\WeatherBug
[2012/01/14 05:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J.J\Application Data\AVG2012
[2012/01/14 05:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\J.J\Application Data\Epson
[2009/07/22 22:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Bytemobile
[2009/06/09 20:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2009/07/22 23:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Bytemobile
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< %SYSTEMDRIVE%\*.* >
[2011/10/18 18:50:40 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2010/06/23 10:12:18 | 000,029,968 | ---- | M] () -- C:\ASLog.txt
[2009/06/09 20:05:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/09/28 15:34:56 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/09/30 12:29:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2007/03/26 23:19:40 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.PRV
[2007/03/26 23:34:48 | 000,000,000 | -HS- | M] () -- C:\BOOTLOG.TXT
[2003/02/20 09:54:04 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2011/10/18 18:50:38 | 000,001,406 | ---- | M] () -- C:\cayas2.ico
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/05/12 13:43:48 | 000,023,673 | ---- | M] () -- C:\ComboFix.txt
[2009/06/09 20:05:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/18 18:50:40 | 000,000,113 | ---- | M] () -- C:\del_1.gif
[2011/10/18 18:50:40 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/10/18 18:50:40 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/10/18 18:50:40 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/10/18 18:50:40 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2009/06/09 20:05:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/22 00:31:56 | 000,002,681 | -H-- | M] () -- C:\IPH.PH
[2011/10/03 18:00:31 | 000,024,288 | ---- | M] () -- C:\JavaRa.log
[2011/10/18 18:50:40 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2009/06/09 20:05:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/10/09 02:15:16 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/05/14 08:01:18 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/10/07 19:13:30 | 000,000,889 | ---- | M] () -- C:\Settings.ini
[2010/05/13 22:39:08 | 000,000,215 | ---- | M] () -- C:\Shortcut to CD Drive.lnk
[2011/10/18 18:50:39 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/10/18 18:50:40 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/10/18 18:50:40 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/10/18 18:50:39 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/10/18 18:50:40 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2011/10/18 18:50:40 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/10/18 18:50:40 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/10/18 18:50:40 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/10/18 18:50:41 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/10/18 18:50:40 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/10/18 18:50:39 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2012/05/11 21:01:50 | 000,094,336 | ---- | M] () -- C:\TDSSKiller.2.7.34.0_11.05.2012_20.59.07_log.txt
[2011/10/18 18:50:41 | 000,000,274 | ---- | M] () -- C:\trav_1.gif
[2010/10/10 12:29:42 | 000,496,084 | ---- | M] () -- C:\vcredist_x86.log
< >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< >
< %systemroot%\Fonts\*.dll >
< >
< %systemroot%\Fonts\*.ini >
[2009/07/05 10:33:24 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
< >
< %systemroot%\Fonts\*.ini2 >
< >
< %systemroot%\Fonts\*.exe >
< >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
< >
< %systemroot%\REPAIR\*.bak1 >
< >
< %systemroot%\REPAIR\*.ini >
< >
< %systemroot%\system32\*.jpg >
< >
< %systemroot%\*.jpg >
< >
< %systemroot%\*.png >
< >
< %systemroot%\*.scr >
< >
< %systemroot%\*._sy >
< >
< %APPDATA%\Adobe\Update\*.* >
< >
< %ALLUSERSPROFILE%\Favorites\*.* >
< >
< %APPDATA%\Microsoft\*.* >
[2011/10/09 18:18:52 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\J\Application Data\Microsoft\LastFlashConfig.WFC
< >
< %PROGRAMFILES%\*.* >
< >
< %APPDATA%\Update\*.* >
< >
< %systemroot%\*. /mp /s >
< >
< >
< %systemroot%\System32\config\*.sav >
[2009/07/05 03:20:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/07/05 03:20:37 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/07/05 03:20:37 | 000,913,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< >
< %PROGRAMFILES%\bak. /s >
< >
< %systemroot%\system32\bak. /s >
< >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/10/09 02:28:10 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\desktop.ini
< >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< >
< %systemroot%\*.config >
< >
< %systemroot%\system32\*.db >
< >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/07/05 10:40:16 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\J\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/07/05 10:40:15 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\J\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
< >
< %USERPROFILE%\Desktop\*.exe >
[2011/09/30 19:59:27 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\J\Desktop\aswMBR.exe
[2010/02/05 19:56:29 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\J\Desktop\ATF-Cleaner.exe
[2011/09/26 19:57:29 | 000,341,808 | ---- | M] () -- C:\Documents and Settings\J\Desktop\avgproci_en.exe
[2011/09/25 15:14:41 | 001,681,792 | ---- | M] (AVG) -- C:\Documents and Settings\J\Desktop\AVG_ClickNFix_178562_en_US.exe
[2011/09/25 15:30:29 | 193,663,032 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\J\Desktop\avg_ipw_x86_all_2011_1410a3887.exe
[2011/10/03 17:35:40 | 003,897,608 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\J\Desktop\avg_isc_stb_all_2012_1809.exe
[2011/08/14 13:14:08 | 008,143,920 | ---- | M] (AVG ) -- C:\Documents and Settings\J\Desktop\avg_pct_stf_all_2011_26_c3.exe
[2011/09/24 19:24:13 | 001,692,968 | ---- | M] () -- C:\Documents and Settings\J\Desktop\avg_remover_stf_x86_2012_1796.exe
[2009/09/29 12:41:02 | 118,942,147 | ---- | M] () -- C:\Documents and Settings\J\Desktop\Backup_2009-09-29.exe
[2012/01/30 20:52:22 | 005,254,256 | ---- | M] (Canneverbe Limited ) -- C:\Documents and Settings\J\Desktop\cdbxp_setup_4.4.0.2905.exe
[2011/10/07 14:08:06 | 000,454,120 | ---- | M] (CBS Interactive) -- C:\Documents and Settings\J\Desktop\cnet_IDTv087_zip.exe
[2012/05/11 21:34:34 | 004,490,121 | R--- | M] (Swearware) -- C:\Documents and Settings\J\Desktop\ComboFix.exe
[2011/09/25 19:08:30 | 001,190,816 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\J\Desktop\DriverDetective.exe
[2011/10/07 14:21:18 | 003,667,824 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Documents and Settings\J\Desktop\DriverUpdate-setup.exe
[2011/10/01 01:11:15 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\J\Desktop\ebyrs37z.exe
[2011/03/28 20:04:35 | 038,808,920 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\J\Desktop\FileFormatConverters.exe
[2011/10/07 10:43:12 | 002,422,504 | ---- | M] (Google Inc.) -- C:\Documents and Settings\J\Desktop\GoogleToolbarInstaller_en32_signed.exe
[2011/10/03 17:44:08 | 000,908,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\J\Desktop\JavaSetup6u27.exe
[2011/09/30 15:00:20 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\J\Desktop\mbam-setup-1.51.2.1300.exe
[2011/09/30 15:08:49 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\J\Desktop\mkj1kkbo.exe
[2012/05/14 00:27:36 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\OTL.exe
[2011/03/28 19:55:39 | 027,024,112 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\J\Desktop\PowerPointViewer.exe
[2011/10/03 18:12:33 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\J\Desktop\SecurityCheck.exe
[2012/05/11 20:47:53 | 000,895,800 | ---- | M] () -- C:\Documents and Settings\J\Desktop\tdsskiller setup.exe
[2012/05/11 20:59:03 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\J\Desktop\tdsskiller.exe
[2011/10/03 18:15:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\TFC.exe
[2011/09/27 21:53:41 | 014,921,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\J\Desktop\windows-kb890830-v4.0.exe
< >
< %PROGRAMFILES%\Common Files\*.* >
< >
< %systemroot%\*.src >
< >
< %systemroot%\install\*.* >
< >
< %systemroot%\system32\DLL\*.* >
< >
< %systemroot%\system32\HelpFiles\*.* >
< >
< %systemroot%\tasks\*.* >
[2004/08/04 03:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2012/05/14 08:02:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/14 07:56:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/14 08:02:49 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1547161642-1123561945-725345543-1003.job
[2012/05/02 09:58:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1547161642-1123561945-725345543-1003.job
[2012/05/14 08:01:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
< >
< %systemroot%\system32\rundll\*.* >
< >
< %systemroot%\winn32\*.* >
< >
< %systemroot%\Java\*.* >
< >
< %systemroot%\system32\test\*.* >
< >
< %systemroot%\system32\Rundll32\*.* >
< >
< %systemroot%\AppPatch\Custom\*.* >
< >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< >
< %USERPROFILE%\My Documents\*.exe >
[2011/10/07 14:31:51 | 001,228,992 | ---- | M] () -- C:\Documents and Settings\J\My Documents\D630_A17.EXE
[2010/10/10 02:05:23 | 014,564,760 | ---- | M] () -- C:\Documents and Settings\J\My Documents\Intel_GM965-Express-Chipset-_A07_R234854.exe
[2011/10/07 14:33:13 | 002,085,188 | ---- | M] () -- C:\Documents and Settings\J\My Documents\R153997.exe
[2011/10/07 14:32:18 | 001,874,280 | ---- | M] () -- C:\Documents and Settings\J\My Documents\R167368.exe
[2011/10/07 15:01:51 | 008,351,465 | ---- | M] () -- C:\Documents and Settings\J\My Documents\R171789.exe
[2011/10/07 14:33:04 | 013,270,368 | ---- | M] () -- C:\Documents and Settings\J\My Documents\R181862.exe
[2011/05/22 22:00:02 | 063,937,680 | ---- | M] () -- C:\Documents and Settings\J\My Documents\R224634.exe
< >
< %USERPROFILE%\*.exe >
< >
< %systemroot%\ADDINS\*.* >
< >
< %systemroot%\assembly\*.bak2 >
< >
< %systemroot%\Config\*.* >
< >
< %systemroot%\REPAIR\*.bak2 >
< >
< %systemroot%\SECURITY\Database\*.sdb /x >
< >
< %systemroot%\SYSTEM\*.bak2 >
< >
< %systemroot%\Web\*.bak2 >
< >
< %systemroot%\Driver Cache\*.* >
< >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< >
< %ProgramFiles%\Microsoft Common\*.* >
< >
< %ProgramFiles%\TinyProxy. >
< >
< %USERPROFILE%\Favorites\*.url /x >
[2009/07/05 10:40:15 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\J\Favorites\Desktop.ini
< >
< %systemroot%\system32\*.bk >
< >
< %systemroot%\*.te >
< >
< %systemroot%\system32\system32\*.* >
< >
< %ALLUSERSPROFILE%\*.dat /x >
[2010/08/30 20:58:09 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\ntuser.pol
< >
< %systemroot%\system32\drivers\*.rmv >
< >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< >
< %PROGRAMFILES%\Microsoft\*.* >
< >
< %systemroot%\System32\Wbem\proquota.exe >
< >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< >
< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/15 16:39:01 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\J\Cookies\desktop.ini
[2012/05/14 08:09:31 | 000,327,680 | -HS- | M] () -- C:\Documents and Settings\J\Cookies\index.dat
< >
< %SystemRoot%\system32\fonts\*.* >
< >
< %systemroot%\system32\winlog\*.* >
< >
< %systemroot%\system32\Language\*.* >
< >
< %systemroot%\system32\Settings\*.* >
< >
< %systemroot%\system32\*.quo >
< >
< %SYSTEMROOT%\AppPatch\*.exe >
< >
< %SYSTEMROOT%\inf\*.exe >
[2009/01/30 17:40:22 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
< >
< %SYSTEMROOT%\Installer\*.exe >
< >
< %systemroot%\system32\config\*.bak2 >
< >
< %systemroot%\system32\Computers\*.* >
< >
< %SystemRoot%\system32\Sound\*.* >
< >
< %SystemRoot%\system32\SpecialImg\*.* >
< >
< %SystemRoot%\system32\code\*.* >
< >
< %SystemRoot%\system32\draft\*.* >
< >
< %SystemRoot%\system32\MSSSys\*.* >
< >
< %ProgramFiles%\Javascript\*.* >
< >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< >
< %systemroot%\Web\*.exe >
< >
< %systemroot%\system32\msn\*.* >
< >
< %systemroot%\system32\*.tro >
< >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< >
< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2003/03/31 05:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2003/03/31 05:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2003/03/31 05:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2003/03/31 05:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
< >
< %systemroot%\system32\systhem32\*.* >
< >
< %systemroot%\system\*.exe >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-14 10:00:37
< >
< >
< End of report >
-
May 14th, 2012, 10:55 PM
#12
I still need Extras.txt and....
....you didn't say how computer is doing.
-
May 15th, 2012, 01:03 PM
#13
Thanks Broni,
Computer seems to be doing better. I'm heading out to catch a flight and won't be back in front of the computer before Saturday, I'll post the extra log when I return. Sorry for the oversight - thought I'd included everything.
J
-
May 15th, 2012, 07:55 PM
#14
Have a nice flight
-
May 19th, 2012, 06:55 PM
#15
Hello Broni,
Thanks for your patience.
I can't seem to get the extras.txt. The extras radio button on the OTL defaults to "none" and cannot be revised.
Thoughts?
J
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
