Computer running extremely slow - am I infected?

Solved
By maxjoyner1
Oct 14, 2012
  1. Hi there,

    I wonder if anyone can help. My computer has started to run extremely slowly. At the moment my computer cannot handle processing more than 1 thing at a time without crashing. My AVG scan showed I had 6 errors with rootkits but there is no way to heal them. Is this connected to the slowness of my PC or do I have a virus?

    When I tried to run the GMER first time my computer froze and I had to reboot.

    Any insight qould be greatly appreciated.

    I have pasted the logs below : -

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org
    Database version: v2012.10.14.05
    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Max :: MAXCOMP [administrator]
    14/10/2012 19:16:15
    mbam-log-2012-10-14 (19-16-15).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 195184
    Time elapsed: 11 minute(s), 50 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit quick scan 2012-10-14 19:40:56
    Windows 5.1.2600 Service Pack 3
    Running: r2gsbwp1.exe; Driver: C:\DOCUME~1\Max\LOCALS~1\Temp\ugddypog.sys

    ---- System - GMER 1.0.15 ----
    SSDT spdp.sys ZwEnumerateKey [0xF82CADA4]
    SSDT spdp.sys ZwEnumerateValueKey [0xF82CB132]
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs 8296F1F8
    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    Device \FileSystem\Fastfat \Fat FFA87500
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_2012-10-14.05) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Max at 19:45:58 on 2012-10-14
    .
    ============== Running Processes ================
    .
    \??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uWindow Title = Internet Explorer Provided By Sky Broadband
    uDefault_Page_URL = hxxp://www.sky.com
    mSearchAssistant = about:blank
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VAA5ADAAQQBQAFAAKwAxAA"&"prod=5"&"ver=9.0.894
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\max\application data\dvdvideosoftiehelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\max\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: %SYSTEMROOT%\system32\nvappfilter.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276365354343
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269} : DHCPNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2012-10-14 18:35:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-10-08 21:49:22 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    ==================== Find3M ====================
    .
    2012-10-08 21:49:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-08 21:49:27 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-07 16:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14:53 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
    2012-08-24 14:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:29:19 2192896 ------w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58:06 2069632 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-07-27 20:51:40 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2012-07-27 20:51:38 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    2012-07-26 02:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    .
    ============= FINISH: 19:46:41.96 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    I still need Attach.txt part of DDS.
  3. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-14.05)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.4)
    µTorrent
    AVG 2012
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 7.1
    BlackBerry Device Software Updater
    Bonjour
    Canon MP Navigator EX 3.0
    Canon MP250 series MP Drivers
    Canon MP250 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    CCleaner
    Compatibility Pack for the 2007 Office system
    Free Studio version 5.6.3.706
    Free YouTube to MP3 Converter version 3.11.32.918
    Freemake Video Converter version 3.0.2
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2756822)
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.65.0.1400
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office File Validation Add-In
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual J# 2.0 Redistributable Package
    Midnight Mysteries - The Edgar Allan Poe Conspiracy
    Midnight Mysteries Salem Witch Trials
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Nero 7 Demo
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    PowerDVD
    QuickTime
    Realtek AC'97 Audio
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB982381)
    Segoe UI
    Sky Broadband
    Sky Broadband Browser Branding
    SmartSound Quicktracks Plugin
    Spybot - Search & Destroy
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Virtual DJ - Atomix Productions
    VLC media player 2.0.2
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Imaging Component
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format Runtime
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==========================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===========================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  5. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    I was half way through the aswMBR scan and my computer froze. After about 5 minutes it rebooted by itself.
  6. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Post other logs first then try aswMBR from safe mode.
  7. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    21:28:20.0656 3080 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

    21:28:20.0859 3080 ============================================================

    21:28:20.0859 3080 Current date / time: 2012/10/14 21:28:20.0859

    21:28:20.0859 3080 SystemInfo:

    21:28:20.0859 3080

    21:28:20.0859 3080 OS Version: 5.1.2600 ServicePack: 3.0

    21:28:20.0859 3080 Product type: Workstation

    21:28:20.0859 3080 ComputerName: MAXCOMP

    21:28:20.0859 3080 UserName: Max

    21:28:20.0859 3080 Windows directory: C:\WINDOWS

    21:28:20.0859 3080 System windows directory: C:\WINDOWS

    21:28:20.0859 3080 Processor architecture: Intel x86

    21:28:20.0859 3080 Number of processors: 1

    21:28:20.0859 3080 Page size: 0x1000

    21:28:20.0859 3080 Boot type: Normal boot

    21:28:20.0859 3080 ============================================================

    21:28:21.0171 3080 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

    21:28:21.0171 3080 Drive \Device\Harddisk1\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    21:28:21.0171 3080 Drive \Device\Harddisk2\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

    21:28:21.0171 3080 ============================================================

    21:28:21.0171 3080 \Device\Harddisk0\DR0:

    21:28:21.0171 3080 MBR partitions:

    21:28:21.0171 3080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x125C2B27

    21:28:21.0171 3080 \Device\Harddisk1\DR3:

    21:28:21.0171 3080 MBR partitions:

    21:28:21.0171 3080 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

    21:28:21.0171 3080 \Device\Harddisk2\DR4:

    21:28:21.0171 3080 MBR partitions:

    21:28:21.0171 3080 \Device\Harddisk2\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982

    21:28:21.0171 3080 ============================================================

    21:28:21.0203 3080 C: <-> \Device\Harddisk0\DR0\Partition1

    21:28:21.0218 3080 I: <-> \Device\Harddisk1\DR3\Partition1

    21:28:21.0234 3080 J: <-> \Device\Harddisk2\DR4\Partition1

    21:28:21.0234 3080 ============================================================

    21:28:21.0234 3080 Initialize success

    21:28:21.0234 3080 ============================================================

    21:28:47.0484 3936 ============================================================

    21:28:47.0484 3936 Scan started

    21:28:47.0484 3936 Mode: Manual;

    21:28:47.0484 3936 ============================================================

    21:28:47.0546 3936 ================ Scan system memory ========================

    21:28:47.0546 3936 System memory - ok

    21:28:47.0562 3936 ================ Scan services =============================

    21:28:47.0687 3936 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll

    21:28:47.0687 3936 6to4 - ok

    21:28:47.0734 3936 Abiosdsk - ok

    21:28:47.0734 3936 abp480n5 - ok

    21:28:47.0796 3936 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys

    21:28:47.0796 3936 ACPI - ok

    21:28:47.0843 3936 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys

    21:28:47.0843 3936 ACPIEC - ok

    21:28:47.0843 3936 adfs - ok

    21:28:47.0921 3936 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    21:28:47.0921 3936 AdobeFlashPlayerUpdateSvc - ok

    21:28:47.0937 3936 adpu160m - ok

    21:28:47.0968 3936 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys

    21:28:47.0968 3936 aec - ok

    21:28:48.0031 3936 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys

    21:28:48.0031 3936 AFD - ok

    21:28:48.0046 3936 Aha154x - ok

    21:28:48.0046 3936 aic78u2 - ok

    21:28:48.0062 3936 aic78xx - ok

    21:28:48.0250 3936 [ D9026163ED32A13923A2C909897A6B87 ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS

    21:28:48.0281 3936 ALCXWDM - ok

    21:28:48.0312 3936 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll

    21:28:48.0312 3936 Alerter - ok

    21:28:48.0343 3936 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe

    21:28:48.0343 3936 ALG - ok

    21:28:48.0359 3936 AliIde - ok

    21:28:48.0359 3936 amsint - ok

    21:28:48.0375 3936 AppMgmt - ok

    21:28:48.0390 3936 asc - ok

    21:28:48.0390 3936 asc3350p - ok

    21:28:48.0406 3936 asc3550 - ok

    21:28:48.0484 3936 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

    21:28:48.0484 3936 aspnet_state - ok

    21:28:48.0515 3936 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys

    21:28:48.0515 3936 AsyncMac - ok

    21:28:48.0546 3936 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys

    21:28:48.0546 3936 atapi - ok

    21:28:48.0562 3936 Atdisk - ok

    21:28:48.0578 3936 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys

    21:28:48.0578 3936 Atmarpc - ok

    21:28:48.0609 3936 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll

    21:28:48.0609 3936 AudioSrv - ok

    21:28:48.0656 3936 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys

    21:28:48.0656 3936 audstub - ok

    21:28:48.0671 3936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

    21:28:48.0671 3936 Avgfwdx - ok

    21:28:48.0687 3936 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys

    21:28:48.0687 3936 Avgfwfd - ok

    21:28:48.0906 3936 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe

    21:28:48.0921 3936 avgfws - ok

    21:28:49.0156 3936 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

    21:28:49.0187 3936 AVGIDSAgent - ok

    21:28:49.0250 3936 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

    21:28:49.0250 3936 AVGIDSDriver - ok

    21:28:49.0265 3936 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

    21:28:49.0265 3936 AVGIDSFilter - ok

    21:28:49.0296 3936 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys

    21:28:49.0296 3936 AVGIDSHX - ok

    21:28:49.0328 3936 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

    21:28:49.0328 3936 AVGIDSShim - ok

    21:28:49.0375 3936 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys

    21:28:49.0375 3936 Avgldx86 - ok

    21:28:49.0390 3936 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

    21:28:49.0390 3936 Avgmfx86 - ok

    21:28:49.0406 3936 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

    21:28:49.0406 3936 Avgrkx86 - ok

    21:28:49.0421 3936 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys

    21:28:49.0437 3936 Avgtdix - ok

    21:28:49.0484 3936 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe

    21:28:49.0484 3936 avgwd - ok

    21:28:49.0546 3936 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys

    21:28:49.0546 3936 Beep - ok

    21:28:49.0609 3936 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll

    21:28:49.0609 3936 BITS - ok

    21:28:49.0703 3936 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

    21:28:49.0718 3936 Bonjour Service - ok

    21:28:49.0750 3936 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll

    21:28:49.0750 3936 Browser - ok

    21:28:49.0781 3936 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys

    21:28:49.0781 3936 cbidf2k - ok

    21:28:49.0781 3936 cd20xrnt - ok

    21:28:49.0812 3936 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys

    21:28:49.0812 3936 Cdaudio - ok

    21:28:49.0843 3936 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys

    21:28:49.0843 3936 Cdfs - ok

    21:28:49.0890 3936 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys

    21:28:49.0890 3936 Cdrom - ok

    21:28:49.0890 3936 Changer - ok

    21:28:49.0937 3936 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe

    21:28:49.0937 3936 CiSvc - ok

    21:28:49.0968 3936 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe

    21:28:49.0968 3936 ClipSrv - ok

    21:28:50.0000 3936 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    21:28:50.0000 3936 clr_optimization_v2.0.50727_32 - ok

    21:28:50.0109 3936 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    21:28:50.0109 3936 clr_optimization_v4.0.30319_32 - ok

    21:28:50.0109 3936 CmdIde - ok

    21:28:50.0125 3936 COMSysApp - ok

    21:28:50.0140 3936 Cpqarray - ok

    21:28:50.0156 3936 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll

    21:28:50.0156 3936 CryptSvc - ok

    21:28:50.0171 3936 dac2w2k - ok

    21:28:50.0171 3936 dac960nt - ok

    21:28:50.0234 3936 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll

    21:28:50.0250 3936 DcomLaunch - ok

    21:28:50.0265 3936 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll

    21:28:50.0265 3936 Dhcp - ok

    21:28:50.0281 3936 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys

    21:28:50.0281 3936 Disk - ok

    21:28:50.0281 3936 dmadmin - ok

    21:28:50.0343 3936 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys

    21:28:50.0343 3936 dmboot - ok

    21:28:50.0375 3936 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys

    21:28:50.0375 3936 dmio - ok

    21:28:50.0390 3936 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys

    21:28:50.0406 3936 dmload - ok

    21:28:50.0421 3936 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll

    21:28:50.0437 3936 dmserver - ok

    21:28:50.0453 3936 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys

    21:28:50.0453 3936 DMusic - ok

    21:28:50.0484 3936 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll

    21:28:50.0484 3936 Dnscache - ok

    21:28:50.0515 3936 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll

    21:28:50.0515 3936 Dot3svc - ok

    21:28:50.0515 3936 dpti2o - ok

    21:28:50.0546 3936 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys

    21:28:50.0546 3936 drmkaud - ok

    21:28:50.0578 3936 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll

    21:28:50.0578 3936 EapHost - ok

    21:28:50.0609 3936 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll

    21:28:50.0609 3936 ERSvc - ok

    21:28:50.0671 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe

    21:28:50.0671 3936 Eventlog - ok

    21:28:50.0734 3936 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll

    21:28:50.0734 3936 EventSystem - ok

    21:28:50.0765 3936 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys

    21:28:50.0765 3936 Fastfat - ok

    21:28:50.0812 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll

    21:28:50.0828 3936 FastUserSwitchingCompatibility - ok

    21:28:50.0843 3936 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys

    21:28:50.0843 3936 Fdc - ok

    21:28:50.0859 3936 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys

    21:28:50.0859 3936 Fips - ok

    21:28:50.0875 3936 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys

    21:28:50.0875 3936 Flpydisk - ok

    21:28:50.0890 3936 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys

    21:28:50.0906 3936 FltMgr - ok

    21:28:50.0984 3936 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

    21:28:50.0984 3936 FontCache3.0.0.0 - ok

    21:28:51.0078 3936 [ 977AD9951D842D9284240226C3907C98 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

    21:28:51.0078 3936 ForceWare Intelligent Application Manager (IAM) - ok

    21:28:51.0109 3936 [ B81F8778F5BB485F3B75114F0C99A49F ] ForcewareWebInterface C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

    21:28:51.0109 3936 ForcewareWebInterface - ok

    21:28:51.0281 3936 [ 8AC0C46BC52F652143582610561D2EA2 ] Freemake Improver C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe

    21:28:51.0281 3936 Freemake Improver - ok

    21:28:51.0343 3936 [ E0087225B137E57239FF40F8AE82059B ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

    21:28:51.0343 3936 fssfltr - ok

    21:28:51.0453 3936 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe

    21:28:51.0468 3936 fsssvc - ok

    21:28:51.0468 3936 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys

    21:28:51.0468 3936 Fs_Rec - ok

    21:28:51.0500 3936 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys

    21:28:51.0515 3936 Ftdisk - ok

    21:28:51.0562 3936 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

    21:28:51.0562 3936 GEARAspiWDM - ok

    21:28:51.0609 3936 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys

    21:28:51.0609 3936 Gpc - ok

    21:28:51.0703 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

    21:28:51.0703 3936 gupdate - ok

    21:28:51.0718 3936 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

    21:28:51.0718 3936 gupdatem - ok

    21:28:51.0781 3936 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    21:28:51.0781 3936 gusvc - ok

    21:28:51.0890 3936 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

    21:28:51.0890 3936 helpsvc - ok

    21:28:51.0937 3936 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll

    21:28:51.0937 3936 HidServ - ok

    21:28:51.0953 3936 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys

    21:28:51.0953 3936 HidUsb - ok

    21:28:51.0984 3936 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll

    21:28:51.0984 3936 hkmsvc - ok

    21:28:51.0984 3936 hpn - ok

    21:28:52.0015 3936 [ 970178E8E003EB1481293830069624B9 ] HSFHWBS2 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys

    21:28:52.0015 3936 HSFHWBS2 - ok

    21:28:52.0078 3936 [ EBB354438A4C5A3327FB97306260714A ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys

    21:28:52.0093 3936 HSF_DP - ok

    21:28:52.0140 3936 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys

    21:28:52.0140 3936 HTTP - ok

    21:28:52.0171 3936 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll

    21:28:52.0171 3936 HTTPFilter - ok

    21:28:52.0171 3936 i2omgmt - ok

    21:28:52.0187 3936 i2omp - ok

    21:28:52.0203 3936 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys

    21:28:52.0203 3936 i8042prt - ok

    21:28:52.0328 3936 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    21:28:52.0328 3936 IDriverT - ok

    21:28:52.0406 3936 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

    21:28:52.0406 3936 idsvc - ok

    21:28:52.0453 3936 [ 25EDD75E23C5EF6B33D0FBCCE125A601 ] imagedrv C:\WINDOWS\system32\Drivers\imagedrv.sys

    21:28:52.0453 3936 imagedrv - ok

    21:28:52.0468 3936 [ 9C4BBACF4E9B9543C3CE23F1FE556941 ] imagesrv C:\WINDOWS\system32\DRIVERS\imagesrv.sys

    21:28:52.0468 3936 imagesrv - ok

    21:28:52.0515 3936 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys

    21:28:52.0515 3936 Imapi - ok

    21:28:52.0578 3936 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe

    21:28:52.0578 3936 ImapiService - ok

    21:28:52.0593 3936 InCDFs - ok

    21:28:52.0593 3936 InCDPass - ok

    21:28:52.0609 3936 InCDRm - ok

    21:28:52.0625 3936 ini910u - ok

    21:28:52.0625 3936 IntelIde - ok

    21:28:52.0687 3936 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys

    21:28:52.0687 3936 Ip6Fw - ok

    21:28:52.0718 3936 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

    21:28:52.0718 3936 IpFilterDriver - ok

    21:28:52.0750 3936 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys

    21:28:52.0750 3936 IpInIp - ok

    21:28:52.0781 3936 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys

    21:28:52.0781 3936 IpNat - ok

    21:28:52.0812 3936 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys

    21:28:52.0812 3936 IPSec - ok

    21:28:52.0828 3936 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys

    21:28:52.0843 3936 IRENUM - ok

    21:28:52.0843 3936 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys

    21:28:52.0843 3936 isapnp - ok

    21:28:52.0968 3936 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe

    21:28:52.0968 3936 JavaQuickStarterService - ok

    21:28:53.0000 3936 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys

    21:28:53.0000 3936 Kbdclass - ok

    21:28:53.0046 3936 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys

    21:28:53.0062 3936 kmixer - ok

    21:28:53.0093 3936 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys

    21:28:53.0093 3936 KSecDD - ok

    21:28:53.0125 3936 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll

    21:28:53.0140 3936 lanmanserver - ok

    21:28:53.0156 3936 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll

    21:28:53.0156 3936 lanmanworkstation - ok

    21:28:53.0171 3936 lbrtfdc - ok

    21:28:53.0203 3936 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll

    21:28:53.0203 3936 LmHosts - ok

    21:28:53.0218 3936 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys

    21:28:53.0218 3936 MBAMProtector - ok

    21:28:53.0281 3936 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    21:28:53.0281 3936 MBAMScheduler - ok

    21:28:53.0328 3936 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    21:28:53.0343 3936 MBAMService - ok

    21:28:53.0390 3936 [ 195741AEE20369980796B557358CD774 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

    21:28:53.0390 3936 mdmxsdk - ok

    21:28:53.0421 3936 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll

    21:28:53.0421 3936 Messenger - ok

    21:28:53.0453 3936 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys

    21:28:53.0453 3936 mnmdd - ok

    21:28:53.0500 3936 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe

    21:28:53.0500 3936 mnmsrvc - ok

    21:28:53.0562 3936 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys

    21:28:53.0562 3936 Modem - ok

    21:28:53.0562 3936 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys

    21:28:53.0578 3936 Mouclass - ok

    21:28:53.0625 3936 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys

    21:28:53.0625 3936 mouhid - ok

    21:28:53.0640 3936 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys

    21:28:53.0640 3936 MountMgr - ok

    21:28:53.0656 3936 mraid35x - ok

    21:28:53.0656 3936 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys

    21:28:53.0671 3936 MRxDAV - ok

    21:28:53.0734 3936 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

    21:28:53.0734 3936 MRxSmb - ok

    21:28:53.0781 3936 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe

    21:28:53.0781 3936 MSDTC - ok

    21:28:53.0796 3936 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys

    21:28:53.0796 3936 Msfs - ok

    21:28:53.0812 3936 MSIServer - ok

    21:28:53.0828 3936 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys

    21:28:53.0828 3936 MSKSSRV - ok

    21:28:53.0859 3936 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys

    21:28:53.0859 3936 MSPCLOCK - ok

    21:28:53.0875 3936 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys

    21:28:53.0890 3936 MSPQM - ok

    21:28:53.0906 3936 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys

    21:28:53.0906 3936 mssmbios - ok

    21:28:53.0968 3936 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys

    21:28:53.0968 3936 Mup - ok

    21:28:54.0015 3936 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll

    21:28:54.0031 3936 napagent - ok

    21:28:54.0031 3936 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys

    21:28:54.0046 3936 NDIS - ok

    21:28:54.0078 3936 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys

    21:28:54.0078 3936 NdisTapi - ok

    21:28:54.0109 3936 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys

    21:28:54.0109 3936 Ndisuio - ok

    21:28:54.0125 3936 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys

    21:28:54.0125 3936 NdisWan - ok

    21:28:54.0171 3936 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys

    21:28:54.0171 3936 NDProxy - ok

    21:28:54.0171 3936 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys

    21:28:54.0171 3936 NetBIOS - ok

    21:28:54.0187 3936 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys

    21:28:54.0203 3936 NetBT - ok

    21:28:54.0234 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe

    21:28:54.0234 3936 NetDDE - ok

    21:28:54.0250 3936 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe

    21:28:54.0250 3936 NetDDEdsdm - ok

    21:28:54.0296 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe

    21:28:54.0296 3936 Netlogon - ok

    21:28:54.0312 3936 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll

    21:28:54.0328 3936 Netman - ok

    21:28:54.0359 3936 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

    21:28:54.0359 3936 NetTcpPortSharing - ok

    21:28:54.0406 3936 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll

    21:28:54.0406 3936 Nla - ok

    21:28:54.0421 3936 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys

    21:28:54.0421 3936 Npfs - ok

    21:28:54.0484 3936 [ C1B237858D0A39A2F0B8675EE3142FD1 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

    21:28:54.0484 3936 nSvcIp - ok

    21:28:54.0515 3936 [ 6B81F3CF33C92DFA3D69B5D355F47570 ] nSvcLog C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

    21:28:54.0515 3936 nSvcLog - ok

    21:28:54.0562 3936 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys

    21:28:54.0562 3936 Ntfs - ok

    21:28:54.0578 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe

    21:28:54.0578 3936 NtLmSsp - ok

    21:28:54.0625 3936 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll

    21:28:54.0625 3936 NtmsSvc - ok

    21:28:54.0640 3936 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys

    21:28:54.0640 3936 Null - ok

    21:28:54.0796 3936 [ 9772E9E8F27E33284C20E3AAD9EAAB9D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

    21:28:54.0812 3936 nv - ok

    21:28:54.0843 3936 [ 83F0275A21D9772B51CEF57E35AFAE61 ] nvatabus C:\WINDOWS\system32\DRIVERS\nvatabus.sys

    21:28:54.0843 3936 nvatabus - ok

    21:28:54.0875 3936 [ FB7213BC5279C1AF5E4E9CA05D944F2C ] nvcchflt C:\WINDOWS\system32\DRIVERS\nvcchflt.sys

    21:28:54.0875 3936 nvcchflt - ok

    21:28:54.0890 3936 [ 468E839F0F7AFF5C9BAA4717B82CDD11 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

    21:28:54.0890 3936 NVENETFD - ok

    21:28:54.0906 3936 [ 7A6444C5F0D53C7E6E7F500BC4C930F7 ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

    21:28:54.0906 3936 nvnetbus - ok

    21:28:54.0921 3936 [ F2A4E40CABEF8D8DF46330086B8E01F4 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe

    21:28:54.0921 3936 NVSvc - ok

    21:28:54.0953 3936 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

    21:28:54.0953 3936 NwlnkFlt - ok

    21:28:54.0968 3936 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

    21:28:54.0968 3936 NwlnkFwd - ok

    21:28:55.0031 3936 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    21:28:55.0031 3936 ose - ok

    21:28:55.0046 3936 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys

    21:28:55.0046 3936 Parport - ok

    21:28:55.0078 3936 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys

    21:28:55.0078 3936 PartMgr - ok

    21:28:55.0109 3936 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys

    21:28:55.0109 3936 ParVdm - ok

    21:28:55.0125 3936 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys

    21:28:55.0125 3936 PCI - ok

    21:28:55.0140 3936 PCIDump - ok

    21:28:55.0140 3936 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys

    21:28:55.0140 3936 PCIIde - ok

    21:28:55.0171 3936 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys

    21:28:55.0171 3936 Pcmcia - ok

    21:28:55.0187 3936 PDCOMP - ok

    21:28:55.0187 3936 PDFRAME - ok

    21:28:55.0203 3936 PDRELI - ok

    21:28:55.0203 3936 PDRFRAME - ok

    21:28:55.0218 3936 perc2 - ok

    21:28:55.0234 3936 perc2hib - ok

    21:28:55.0281 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe

    21:28:55.0281 3936 PlugPlay - ok

    21:28:55.0296 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe

    21:28:55.0296 3936 PolicyAgent - ok

    21:28:55.0312 3936 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys

    21:28:55.0312 3936 PptpMiniport - ok

    21:28:55.0328 3936 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys

    21:28:55.0328 3936 Processor - ok

    21:28:55.0343 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe

    21:28:55.0343 3936 ProtectedStorage - ok

    21:28:55.0359 3936 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys

    21:28:55.0359 3936 PSched - ok

    21:28:55.0359 3936 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys

    21:28:55.0359 3936 Ptilink - ok

    21:28:55.0390 3936 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys

    21:28:55.0390 3936 PxHelp20 - ok

    21:28:55.0406 3936 ql1080 - ok

    21:28:55.0421 3936 Ql10wnt - ok

    21:28:55.0421 3936 ql12160 - ok

    21:28:55.0437 3936 ql1240 - ok

    21:28:55.0437 3936 ql1280 - ok

    21:28:55.0484 3936 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys

    21:28:55.0484 3936 RasAcd - ok

    21:28:55.0515 3936 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll

    21:28:55.0515 3936 RasAuto - ok

    21:28:55.0546 3936 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

    21:28:55.0546 3936 Rasl2tp - ok

    21:28:55.0609 3936 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll

    21:28:55.0609 3936 RasMan - ok

    21:28:55.0609 3936 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys

    21:28:55.0609 3936 RasPppoe - ok

    21:28:55.0625 3936 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys

    21:28:55.0625 3936 Raspti - ok

    21:28:55.0656 3936 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys

    21:28:55.0671 3936 Rdbss - ok

    21:28:55.0671 3936 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

    21:28:55.0671 3936 RDPCDD - ok

    21:28:55.0718 3936 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys

    21:28:55.0718 3936 RDPWD - ok

    21:28:55.0734 3936 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe

    21:28:55.0750 3936 RDSessMgr - ok

    21:28:55.0781 3936 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys

    21:28:55.0781 3936 redbook - ok

    21:28:55.0812 3936 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll

    21:28:55.0812 3936 RemoteAccess - ok

    21:28:55.0859 3936 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys

    21:28:55.0859 3936 RimUsb - ok

    21:28:55.0875 3936 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys

    21:28:55.0875 3936 RimVSerPort - ok

    21:28:55.0890 3936 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys

    21:28:55.0890 3936 ROOTMODEM - ok

    21:28:55.0937 3936 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe

    21:28:55.0937 3936 RpcLocator - ok

    21:28:55.0968 3936 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll

    21:28:55.0968 3936 RpcSs - ok

    21:28:56.0000 3936 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe

    21:28:56.0000 3936 RSVP - ok

    21:28:56.0031 3936 [ E1AB463B36A7EF31D8A73A97A9B57AFA ] s115bus C:\WINDOWS\system32\DRIVERS\s115bus.sys

    21:28:56.0031 3936 s115bus - ok

    21:28:56.0062 3936 [ E24113FC13B8737C94CF4E3415488C76 ] s115mdfl C:\WINDOWS\system32\DRIVERS\s115mdfl.sys

    21:28:56.0062 3936 s115mdfl - ok

    21:28:56.0078 3936 [ 4029E49E7C673AA0670BD206B0AF1B5B ] s115mdm C:\WINDOWS\system32\DRIVERS\s115mdm.sys

    21:28:56.0078 3936 s115mdm - ok

    21:28:56.0093 3936 [ EB02AB4CA8BCCECFDE236CAD8FC6E135 ] s115mgmt C:\WINDOWS\system32\DRIVERS\s115mgmt.sys

    21:28:56.0109 3936 s115mgmt - ok

    21:28:56.0109 3936 [ 089869DB9FFD2AC807FA87FE82AC7761 ] s115obex C:\WINDOWS\system32\DRIVERS\s115obex.sys

    21:28:56.0125 3936 s115obex - ok

    21:28:56.0156 3936 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe

    21:28:56.0156 3936 SamSs - ok

    21:28:56.0187 3936 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe

    21:28:56.0187 3936 SCardSvr - ok

    21:28:56.0234 3936 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll

    21:28:56.0234 3936 Schedule - ok

    21:28:56.0281 3936 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys

    21:28:56.0281 3936 Secdrv - ok

    21:28:56.0296 3936 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll

    21:28:56.0312 3936 seclogon - ok

    21:28:56.0328 3936 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll

    21:28:56.0343 3936 SENS - ok

    21:28:56.0359 3936 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys

    21:28:56.0359 3936 serenum - ok

    21:28:56.0359 3936 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys

    21:28:56.0359 3936 Serial - ok

    21:28:56.0406 3936 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys

    21:28:56.0406 3936 Sfloppy - ok

    21:28:56.0421 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll

    21:28:56.0437 3936 ShellHWDetection - ok

    21:28:56.0437 3936 Simbad - ok

    21:28:56.0453 3936 Sparrow - ok

    21:28:56.0484 3936 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys

    21:28:56.0484 3936 splitter - ok

    21:28:56.0515 3936 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe

    21:28:56.0515 3936 Spooler - ok

    21:28:56.0578 3936 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys

    21:28:56.0578 3936 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505

    21:28:56.0578 3936 sptd ( LockedFile.Multi.Generic ) - warning

    21:28:56.0578 3936 sptd - detected LockedFile.Multi.Generic (1)

    21:28:56.0593 3936 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys

    21:28:56.0593 3936 sr - ok

    21:28:56.0609 3936 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll

    21:28:56.0609 3936 srservice - ok

    21:28:56.0671 3936 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys

    21:28:56.0671 3936 Srv - ok

    21:28:56.0703 3936 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll

    21:28:56.0718 3936 SSDPSRV - ok

    21:28:56.0718 3936 [ 306521935042FC0A6988D528643619B3 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys

    21:28:56.0718 3936 StarOpen - ok

    21:28:56.0812 3936 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

    21:28:56.0812 3936 StarWindServiceAE - ok

    21:28:56.0843 3936 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll

    21:28:56.0843 3936 stisvc - ok

    21:28:56.0859 3936 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys

    21:28:56.0859 3936 swenum - ok

    21:28:56.0890 3936 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys

    21:28:56.0890 3936 swmidi - ok

    21:28:56.0906 3936 SwPrv - ok

    21:28:56.0921 3936 symc810 - ok

    21:28:56.0921 3936 symc8xx - ok

    21:28:56.0937 3936 sym_hi - ok

    21:28:56.0953 3936 sym_u3 - ok

    21:28:56.0968 3936 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys

    21:28:56.0968 3936 sysaudio - ok

    21:28:57.0000 3936 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe

    21:28:57.0000 3936 SysmonLog - ok

    21:28:57.0031 3936 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll

    21:28:57.0046 3936 TapiSrv - ok

    21:28:57.0093 3936 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys

    21:28:57.0093 3936 Tcpip - ok

    21:28:57.0109 3936 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys

    21:28:57.0109 3936 Tcpip6 - ok

    21:28:57.0140 3936 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys

    21:28:57.0140 3936 TDPIPE - ok

    21:28:57.0171 3936 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys

    21:28:57.0171 3936 TDTCP - ok

    21:28:57.0203 3936 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys

    21:28:57.0203 3936 TermDD - ok

    21:28:57.0234 3936 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll

    21:28:57.0250 3936 TermService - ok

    21:28:57.0281 3936 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll

    21:28:57.0281 3936 Themes - ok

    21:28:57.0296 3936 TosIde - ok

    21:28:57.0312 3936 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll

    21:28:57.0312 3936 TrkWks - ok

    21:28:57.0328 3936 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys

    21:28:57.0328 3936 tunmp - ok

    21:28:57.0375 3936 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys

    21:28:57.0375 3936 Udfs - ok

    21:28:57.0375 3936 ultra - ok

    21:28:57.0421 3936 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe

    21:28:57.0421 3936 UMWdf - ok

    21:28:57.0453 3936 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys

    21:28:57.0453 3936 Update - ok

    21:28:57.0484 3936 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll

    21:28:57.0500 3936 upnphost - ok

    21:28:57.0515 3936 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe

    21:28:57.0515 3936 UPS - ok

    21:28:57.0531 3936 USBAAPL - ok

    21:28:57.0578 3936 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys

    21:28:57.0578 3936 usbaudio - ok

    21:28:57.0625 3936 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys

    21:28:57.0625 3936 usbccgp - ok

    21:28:57.0625 3936 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys

    21:28:57.0640 3936 usbehci - ok

    21:28:57.0656 3936 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys

    21:28:57.0656 3936 usbhub - ok

    21:28:57.0656 3936 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys

    21:28:57.0671 3936 usbohci - ok

    21:28:57.0703 3936 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys

    21:28:57.0703 3936 usbprint - ok

    21:28:57.0734 3936 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys

    21:28:57.0734 3936 usbscan - ok

    21:28:57.0765 3936 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    21:28:57.0765 3936 usbstor - ok

    21:28:57.0812 3936 [ 68C0AEABCB33674FB9EF2D52ED57D358 ] UserAccess7 C:\WINDOWS\system32\UAService7.exe

    21:28:57.0828 3936 UserAccess7 - ok

    21:28:57.0859 3936 [ 92CEBC2BC7BE2C8D49391B365569F306 ] vaxscsi C:\WINDOWS\System32\Drivers\vaxscsi.sys

    21:28:57.0875 3936 vaxscsi - ok

    21:28:57.0875 3936 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys

    21:28:57.0875 3936 VgaSave - ok

    21:28:57.0890 3936 ViaIde - ok

    21:28:57.0921 3936 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys

    21:28:57.0921 3936 VolSnap - ok

    21:28:57.0968 3936 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe

    21:28:57.0968 3936 VSS - ok

    21:28:58.0000 3936 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll

    21:28:58.0000 3936 W32Time - ok

    21:28:58.0046 3936 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys

    21:28:58.0046 3936 Wanarp - ok

    21:28:58.0109 3936 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys

    21:28:58.0125 3936 Wdf01000 - ok

    21:28:58.0125 3936 WDICA - ok

    21:28:58.0156 3936 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys

    21:28:58.0156 3936 wdmaud - ok

    21:28:58.0187 3936 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll

    21:28:58.0187 3936 WebClient - ok

    21:28:58.0234 3936 [ 1225EBEA76AAC3C84DF6C54FE5E5D8BE ] winachsf C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys

    21:28:58.0234 3936 winachsf - ok

    21:28:58.0343 3936 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll

    21:28:58.0343 3936 winmgmt - ok

    21:28:58.0390 3936 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll

    21:28:58.0406 3936 WmdmPmSN - ok

    21:28:58.0421 3936 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe

    21:28:58.0421 3936 WmiApSrv - ok

    21:28:58.0531 3936 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

    21:28:58.0531 3936 WPFFontCache_v0400 - ok

    21:28:58.0593 3936 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys

    21:28:58.0593 3936 WS2IFSL - ok

    21:28:58.0625 3936 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll

    21:28:58.0625 3936 wuauserv - ok

    21:28:58.0671 3936 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll

    21:28:58.0671 3936 WZCSVC - ok

    21:28:58.0703 3936 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll

    21:28:58.0718 3936 xmlprov - ok

    21:28:58.0718 3936 ================ Scan global ===============================

    21:28:58.0765 3936 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll

    21:28:58.0812 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

    21:28:58.0828 3936 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll

    21:28:58.0859 3936 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe

    21:28:58.0859 3936 [Global] - ok

    21:28:58.0859 3936 ================ Scan MBR ==================================

    21:28:58.0890 3936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0

    21:28:59.0000 3936 \Device\Harddisk0\DR0 - ok

    21:28:59.0015 3936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR3

    21:28:59.0015 3936 \Device\Harddisk1\DR3 - ok

    21:28:59.0031 3936 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR4

    21:28:59.0031 3936 \Device\Harddisk2\DR4 - ok

    21:28:59.0031 3936 ================ Scan VBR ==================================

    21:28:59.0046 3936 [ C317D6F9EACFB1D8BE79F0A25F7D8300 ] \Device\Harddisk0\DR0\Partition1

    21:28:59.0046 3936 \Device\Harddisk0\DR0\Partition1 - ok

    21:28:59.0046 3936 [ 7AD172896AFCC5A2F75E66A5B636B2FE ] \Device\Harddisk1\DR3\Partition1

    21:28:59.0046 3936 \Device\Harddisk1\DR3\Partition1 - ok

    21:28:59.0062 3936 [ 181EFC0222B36B24131684E8F807451D ] \Device\Harddisk2\DR4\Partition1

    21:28:59.0062 3936 \Device\Harddisk2\DR4\Partition1 - ok

    21:28:59.0062 3936 ============================================================

    21:28:59.0062 3936 Scan finished

    21:28:59.0062 3936 ============================================================

    21:28:59.0078 0852 Detected object count: 1

    21:28:59.0078 0852 Actual detected object count: 1

    21:29:06.0500 0852 sptd ( LockedFile.Multi.Generic ) - skipped by user

    21:29:06.0500 0852 sptd ( LockedFile.Multi.Generic ) - User select action: Skip





    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Max [Admin rights]
    Mode : Remove -- Date : 10/14/2012 21:37:50

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH] FreemakeUtilsService.exe -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{e2abf26a-712c-23ad-0dd6-e715252712b1}\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{e2abf26a-712c-23ad-0dd6-e715252712b1}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{e2abf26a-712c-23ad-0dd6-e715252712b1}\L --> REMOVED
    [ZeroAccess][FILE] @ : C:\Documents and Settings\Max\Local Settings\Application Data\{e2abf26a-712c-23ad-0dd6-e715252712b1}\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Max\Local Settings\Application Data\{e2abf26a-712c-23ad-0dd6-e715252712b1}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Max\Local Settings\Application Data\{e2abf26a-712c-23ad-0dd6-e715252712b1}\L --> REMOVED

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 42a43f7d6381165f522b5beb7cc548dc
    [BSP] bebad6991d2bda8fb059e038170b4e79 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 150405 Mo
    1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 308030310 | Size: 2219 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] 4b33c4bd42c1b64342920085ca661a1d
    [BSP] 2470c8e6fd96c1e4c53c34f4dbaf637b : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive2: +++++
    --- User ---
    [MBR] 7435b395373533bcd39085cd12602a0e
    [BSP] 3a263ec662f61a27d74cd7a536bc3337 : TestDisk MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  8. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-14 22:33:17
    -----------------------------
    22:33:17.781 OS Version: Windows 5.1.2600 Service Pack 3
    22:33:17.781 Number of processors: 1 586 0x2F02
    22:33:17.781 ComputerName: MAXCOMP UserName: Max
    22:33:25.421 Initialize success
    22:34:10.000 AVAST engine defs: 12101401
    22:34:55.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
    22:34:55.734 Disk 0 Vendor: WDC_WD1600JB-00GVC0 08.02D08 Size: 152627MB BusType: 3
    22:34:55.812 Disk 0 MBR read successfully
    22:34:55.812 Disk 0 MBR scan
    22:34:56.562 Disk 0 Windows XP default MBR code
    22:34:56.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150405 MB offset 63
    22:34:57.109 Disk 0 Partition 2 00 12 Compaq diag RECOVERY 2219 MB offset 308030310
    22:34:57.546 Disk 0 scanning sectors +312576705
    22:34:58.109 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:35:20.796 Service scanning
    22:35:38.421 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    22:35:42.593 Modules scanning
    22:35:52.046 Disk 0 trace - called modules:
    22:35:52.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spkq.sys >>UNKNOWN [0x82991938]<<
    22:35:52.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82935ab8]
    22:35:52.562 3 CLASSPNP.SYS[f84e5fd7] -> nt!IofCallDriver -> \Device\00000076[0x82931198]
    22:35:52.562 5 ACPI.sys[f8251620] -> nt!IofCallDriver -> \Device\00000073[0x829cb030]
    22:35:53.062 AVAST engine scan C:\WINDOWS
    22:35:57.312 AVAST engine scan C:\WINDOWS\system32
    22:39:57.687 AVAST engine scan C:\WINDOWS\system32\drivers
    22:40:15.031 AVAST engine scan C:\Documents and Settings\Max
    22:50:43.000 AVAST engine scan C:\Documents and Settings\All Users
    22:52:19.375 Scan finished successfully
    22:52:56.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Max\Desktop\MBR.dat"
    22:52:57.015 The log file has been saved successfully to "C:\Documents and Settings\Max\Desktop\aswMBR.txt"
  9. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  10. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    ComboFix 12-10-15.01 - Max 16/10/2012 1:41.1.1 - x86
    Running from: c:\documents and settings\Max\Desktop\ComboFix.exe
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\0B4227B4.TMP
    c:\documents and settings\Max\Application Data\PriceGong
    c:\documents and settings\Max\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\I.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\Max\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\Max\WINDOWS
    c:\windows\system32\ .txt
    I:\autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Legacy_NVSVC
    -------\Service_NVSvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-14 21:27 . 2012-10-14 21:27 -------- d-----w- c:\documents and settings\Administrator
    2012-10-08 21:49 . 2012-10-08 21:49 10220472 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-08 21:49 . 2012-06-13 16:50 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-08 21:49 . 2011-06-09 08:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-07 16:04 . 2010-06-12 16:00 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-28 15:14 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:14 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:14 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    2012-08-24 13:53 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-21 13:29 . 2004-08-04 12:00 2192896 ------w- c:\windows\system32\ntoskrnl.exe
    2012-08-21 12:58 . 2004-08-03 22:59 2069632 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-07-27 20:51 . 2010-10-25 14:13 47512 ----a-w- c:\windows\system32\AdobePDF.dll
    2012-07-27 20:51 . 2012-07-27 20:51 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-10 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2009-10-19 02:12 1983816 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2005-11-04 17:03 7307264 ------w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2005-11-04 17:03 86016 ------w- c:\windows\system32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2005-05-25 21:02 1519616 ------w- c:\windows\system32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
    2004-08-04 12:00 455168 ------w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
    2004-08-04 12:00 455168 ------w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
    2011-11-02 01:00 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
    2012-03-26 21:35 2066256 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2007-04-17 05:28 577536 ----a-r- c:\windows\soundman.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-04-08 11:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-07-10 15:29 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "UserAccess7"=2 (0x2)
    "StarWindServiceAE"=2 (0x2)
    "StarWindService"=2 (0x2)
    "RoxLiveShare9"=2 (0x2)
    "ose"=3 (0x3)
    "NVSvc"=2 (0x2)
    "nSvcLog"=2 (0x2)
    "nSvcIp"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "idsvc"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "ForcewareWebInterface"=2 (0x2)
    "ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
    "avgfws9"=2 (0x2)
    "avg9wd"=2 (0x2)
    "Apple Mobile Device"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [11/02/2005 18:11 16640]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/06/2010 19:31 691696]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [17/09/2012 10:55 399432]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/06/2010 17:01 676936]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/06/2010 17:00 22856]
    S2 Freemake Improver;Freemake Improver;c:\documents and settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [20/03/2012 22:07 82944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13/06/2012 17:51 250808]
    S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [23/04/2007 13:54 83208]
    S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [23/04/2007 13:54 15112]
    S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [23/04/2007 13:54 108680]
    S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [23/04/2007 13:54 100488]
    S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [23/04/2007 13:54 98568]
    S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [12/06/2010 19:33 223128]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/07/2010 17:03 135664]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/07/2010 17:03 135664]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 21:49]
    .
    2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 16:02]
    .
    2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-10 16:02]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\documents and settings\Max\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Max\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    LSP: %SYSTEMROOT%\system32\nvappfilter.dll
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    AddRemove-Birth of the Federation version 1.0.2 - c:\botf\Uninst.isu
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-16 01:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(980)
    c:\windows\system32\nvappfilter.dll
    .
    - - - - - - - > 'explorer.exe'(2580)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-16 01:59:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-16 00:59
    .
    Pre-Run: 88,160,079,872 bytes free
    Post-Run: 88,094,748,672 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 1946F28344D80B3D45C7AAA07F0D6146
  11. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Looks good :)

    Any current issues?

    You can reinstall AVG now.

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    OTL logfile created on: 16/10/2012 02:50:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    511.48 Mb Total Physical Memory | 306.64 Mb Available Physical Memory | 59.95% Memory free
    1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.21% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.88 Gb Total Space | 81.65 Gb Free Space | 55.59% Space Free | Partition Type: NTFS
    Drive D: | 574.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 3.73 Gb Total Space | 3.43 Gb Free Space | 91.95% Space Free | Partition Type: FAT32
    Drive I: | 931.51 Gb Total Space | 23.58 Gb Free Space | 2.53% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 48.52 Gb Free Space | 5.21% Space Free | Partition Type: NTFS

    Computer Name: MAXCOMP | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/16 02:50:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/07/27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
    PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (StarWindService)
    SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/08 22:49:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/03/21 01:02:36 | 000,082,944 | ---- | M] (Freemake) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
    SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/19 18:53:47 | 000,126,976 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
    SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2005/02/24 17:23:12 | 000,139,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV - [2005/02/24 17:20:02 | 000,131,133 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
    SRV - [2005/02/24 17:19:36 | 000,057,409 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
    SRV - [2004/11/30 10:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ael7hns7)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
    DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
    DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
    DRV - [2010/09/13 13:57:40 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2010/06/12 19:49:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/06/12 19:33:40 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi)
    DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2007/04/26 07:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
    DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt)
    DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
    DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
    DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
    DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus)
    DRV - [2005/08/15 12:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
    DRV - [2005/08/15 12:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
    DRV - [2005/02/24 17:04:58 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/02/24 17:04:56 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/02/11 18:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
    DRV - [2005/02/11 18:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=100&systemid=406&sr=0&q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?q={s...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enGB387
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=100&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072254
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/03/20 22:07:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012/03/28 23:45:03 | 000,102,423 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/22 22:48:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/10/16 02:05:41 | 000,000,000 | ---D | M]

    [2012/03/20 18:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions
    [2012/03/20 18:31:49 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
    [2012/01/12 09:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://start.facemoods.com/?a=make

    O1 HOSTS File: ([2012/10/16 01:52:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Max\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Max\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276365354343 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Max\My Documents\My Pictures\Star Trek Theme Pictures\milky way map.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Max\My Documents\My Pictures\Star Trek Theme Pictures\milky way map.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/12 15:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/10/09 11:18:36 | 000,000,085 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/16 02:50:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2012/10/16 02:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\AVG2012
    [2012/10/16 02:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
    [2012/10/16 02:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/10/16 02:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2012/10/16 02:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/10/16 02:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/10/16 01:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/10/16 01:37:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/10/16 01:35:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/10/16 01:35:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/10/16 01:35:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/10/16 01:35:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/10/16 01:35:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/16 01:35:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/10/16 01:33:20 | 004,980,567 | R--- | C] (Swearware) -- C:\Documents and Settings\Max\Desktop\ComboFix.exe
    [2012/10/14 21:42:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Max\Desktop\aswMBR.exe
    [2012/10/14 21:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Desktop\RK_Quarantine
    [2012/10/14 21:26:38 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Max\Desktop\TDSSKiller.exe
    [2012/10/14 19:45:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2012/10/14 19:45:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Max\Start Menu\Programs\Administrative Tools
    [2012/10/14 19:44:50 | 000,706,431 | R--- | C] (Swearware) -- C:\Documents and Settings\Max\Desktop\dds.com
    [2012/10/02 19:55:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Max\Recent
    [2012/10/02 18:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\Mix
    [2006/06/16 20:31:04 | 006,003,072 | ---- | C] (Alcohol Soft) -- C:\Documents and Settings\Max\Application Data\a120_195_4212_retail.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/10/16 02:50:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2012/10/16 02:49:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/10/16 02:45:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/16 02:19:47 | 062,054,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/10/16 02:19:47 | 000,629,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
    [2012/10/16 02:11:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/16 02:11:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/16 02:05:42 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/10/16 01:52:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/10/16 01:37:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/10/16 01:33:21 | 004,980,567 | R--- | M] (Swearware) -- C:\Documents and Settings\Max\Desktop\ComboFix.exe
    [2012/10/14 22:52:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\MBR.dat
    [2012/10/14 22:11:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/10/14 21:42:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Max\Desktop\aswMBR.exe
    [2012/10/14 21:35:02 | 001,422,336 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\RogueKiller.exe
    [2012/10/14 21:26:07 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\tdsskiller.zip
    [2012/10/14 20:59:46 | 000,245,760 | ---- | M] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/10/14 19:44:50 | 000,706,431 | R--- | M] (Swearware) -- C:\Documents and Settings\Max\Desktop\dds.com
    [2012/10/12 10:49:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/10/11 18:07:16 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/10/05 21:17:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/10/02 22:35:37 | 090,819,604 | ---- | M] () -- C:\Documents and Settings\Max\My Documents\my mix.mp3
    [2012/09/29 12:50:40 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Free YouTube to MP3 Converter.lnk
    [2012/09/24 12:46:40 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Max\Local Settings\Application Data\dt.dat
    [2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Max\Desktop\TDSSKiller.exe
    [2012/09/17 10:55:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

    ========== Files Created - No Company Name ==========

    [2012/10/16 02:19:47 | 062,054,023 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/10/16 02:19:47 | 000,629,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
    [2012/10/16 02:05:42 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/10/16 01:37:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/10/16 01:37:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/10/16 01:35:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/10/16 01:35:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/10/16 01:35:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/10/16 01:35:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/10/16 01:35:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/10/14 22:52:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\MBR.dat
    [2012/10/14 21:34:56 | 001,422,336 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\RogueKiller.exe
    [2012/10/14 21:26:02 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\tdsskiller.zip
    [2012/10/11 18:03:28 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/09/29 12:50:40 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Free YouTube to MP3 Converter.lnk
    [2012/09/24 12:46:40 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\dt.dat
    [2012/07/31 00:36:48 | 000,358,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/06/05 14:56:20 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EFXP.INI
    [2012/02/16 02:41:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/22 04:54:09 | 000,917,795 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-1547161642-839522115-1004-0.dat
    [2012/01/22 04:54:06 | 000,334,206 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/06/19 18:53:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
    [2011/06/19 18:53:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
    [2011/05/10 01:15:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2011/05/10 01:15:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2011/03/06 09:17:20 | 000,000,423 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2011/03/03 05:27:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2010/12/27 02:06:23 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Max\default.pls
    [2010/12/27 01:56:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/12/26 00:53:44 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Max\pool.bin
    [2010/12/23 21:34:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2010/10/04 23:38:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\rx_image32.Cache
    [2010/09/13 13:59:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2010/07/02 18:42:52 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Max\Application Data\Cricket2009.exe.lock
    [2010/06/13 17:43:37 | 000,245,760 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/06/12 20:20:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/10/16 02:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/01/25 22:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/11/29 17:39:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/03/24 11:26:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2010/11/30 19:07:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/03/15 09:09:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/10/11 11:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/09/14 22:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2012/03/20 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
    [2012/10/16 02:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/08/11 21:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2010/07/04 03:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
    [2012/08/22 18:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/12/26 22:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/07/04 03:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/06/14 00:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2012/05/04 00:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2010/07/04 03:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2010/06/12 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/10/16 02:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AVG2012
    [2012/04/08 17:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\BitComet
    [2011/10/29 21:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Blackberry Desktop
    [2010/11/30 19:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Canon
    [2012/09/29 12:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoft
    [2012/07/08 11:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoftIEHelpers
    [2010/09/14 22:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Flood Light Games
    [2010/07/16 21:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\HandBrake
    [2011/06/19 15:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\MysteryStudio
    [2010/12/30 23:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Research In Motion
    [2011/03/06 09:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Samsung
    [2011/11/02 18:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\searchquband
    [2010/07/04 03:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Simple Star
    [2011/05/29 18:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Ubisoft
    [2012/10/14 15:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\uTorrent

    ========== Purity Check ==========


    < End of report >
  13. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    OTL Extras logfile created on: 16/10/2012 02:50:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    511.48 Mb Total Physical Memory | 306.64 Mb Available Physical Memory | 59.95% Memory free
    1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.21% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.88 Gb Total Space | 81.65 Gb Free Space | 55.59% Space Free | Partition Type: NTFS
    Drive D: | 574.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 3.73 Gb Total Space | 3.43 Gb Free Space | 91.95% Space Free | Partition Type: FAT32
    Drive I: | 931.51 Gb Total Space | 23.58 Gb Free Space | 2.53% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 48.52 Gb Free Space | 5.21% Space Free | Partition Type: NTFS

    Computer Name: MAXCOMP | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
    "{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
    "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D066C0E0-A915-11D5-B078-00C0F6A04C3E}" =
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2012
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "Canon MP250 series User Registration" = Canon MP250 series User Registration
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Free Studio_is1" = Free Studio version 5.6.3.706
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
    "Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
    "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries - The Edgar Allan Poe Conspiracy
    "Midnight Mysteries Salem Witch Trials" = Midnight Mysteries Salem Witch Trials
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "NVIDIA Drivers" = NVIDIA Drivers
    "Uninstall_is1" = Uninstall 1.0.0.1
    "uTorrent" = µTorrent
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "VLC media player" = VLC media player 2.0.2
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 14/10/2012 11:01:31 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 14/10/2012 14:39:14 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 14/10/2012 17:12:42 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 14/10/2012 17:28:08 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 14/10/2012 17:32:25 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 15/10/2012 09:12:14 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 15/10/2012 20:07:52 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 15/10/2012 20:14:41 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 15/10/2012 20:22:53 | Computer Name = MAXCOMP | Source = ESENT | ID = 490
    Description = svchost (608) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 15/10/2012 20:30:56 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    [ System Events ]
    Error - 05/08/2012 15:08:05 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdatem with
    arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}

    Error - 05/08/2012 18:15:00 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 05/08/2012 19:05:41 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 05/08/2012 23:15:00 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 06/08/2012 11:42:12 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 06/08/2012 11:42:32 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdatem with
    arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}

    Error - 06/08/2012 12:15:03 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 06/08/2012 17:15:01 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 06/08/2012 19:45:18 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 06/08/2012 22:15:01 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


    < End of report >
  14. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Your computer could use another 512MB of RAM for better performance.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Disabled | Stopped] -- -- (StarWindService)
      SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
      DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ael7hns7)
      O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2010/06/12 20:20:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      [2012/05/04 00:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
      [2011/11/02 18:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\searchquband
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  15. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Still with me?
  16. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    Yes. I have had problems with my computer starting up. Aso when I try and run ESET it doesn't expand properly and there is no way of starting the application so it can scan
  17. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Post all other logs.

    As for Eset try different browser.
  18. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    OTL logfile created on: 16/10/2012 02:50:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    511.48 Mb Total Physical Memory | 306.64 Mb Available Physical Memory | 59.95% Memory free
    1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.21% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.88 Gb Total Space | 81.65 Gb Free Space | 55.59% Space Free | Partition Type: NTFS
    Drive D: | 574.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 3.73 Gb Total Space | 3.43 Gb Free Space | 91.95% Space Free | Partition Type: FAT32
    Drive I: | 931.51 Gb Total Space | 23.58 Gb Free Space | 2.53% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 48.52 Gb Free Space | 5.21% Space Free | Partition Type: NTFS

    Computer Name: MAXCOMP | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/16 02:50:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/07/27 21:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
    PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (StarWindService)
    SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/08 22:49:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/03/21 01:02:36 | 000,082,944 | ---- | M] (Freemake) [Auto | Stopped] -- C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
    SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/19 18:53:47 | 000,126,976 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7)
    SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2005/02/24 17:23:12 | 000,139,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV - [2005/02/24 17:20:02 | 000,131,133 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
    SRV - [2005/02/24 17:19:36 | 000,057,409 | ---- | M] (NVIDIA) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
    SRV - [2004/11/30 10:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
    DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
    DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ael7hns7)
    DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
    DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
    DRV - [2011/05/23 01:03:20 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
    DRV - [2010/09/13 13:57:40 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
    DRV - [2010/06/12 19:49:17 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/06/12 19:33:40 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vaxscsi.sys -- (vaxscsi)
    DRV - [2010/04/28 08:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
    DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
    DRV - [2007/04/26 07:20:48 | 004,030,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
    DRV - [2007/04/23 13:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt)
    DRV - [2007/04/23 13:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
    DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
    DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
    DRV - [2007/04/23 13:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus)
    DRV - [2005/08/15 12:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagesrv.sys -- (imagesrv)
    DRV - [2005/08/15 12:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\imagedrv.sys -- (imagedrv)
    DRV - [2005/02/24 17:04:58 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
    DRV - [2005/02/24 17:04:56 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
    DRV - [2005/02/11 18:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvcchflt.sys -- (nvcchflt)
    DRV - [2005/02/11 18:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=100&systemid=406&sr=0&q={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co.uk/search?q={s...putEncoding}&sourceid=ie7&rlz=1I7ADRA_enGB387
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=100&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072254
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-823518204-1547161642-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Max\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/03/20 22:07:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012/03/28 23:45:03 | 000,102,423 | ---- | M] ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/22 22:48:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/10/16 02:05:41 | 000,000,000 | ---D | M]

    [2012/03/20 18:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions
    [2012/03/20 18:31:49 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Documents and Settings\Max\Application Data\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
    [2012/01/12 09:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/07/12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://start.facemoods.com/?a=make

    O1 HOSTS File: ([2012/10/16 01:52:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Max\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Max\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1276365354343 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B03ACA-D47D-4E37-BA15-FA6D2FEBA269}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Max\My Documents\My Pictures\Star Trek Theme Pictures\milky way map.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Max\My Documents\My Pictures\Star Trek Theme Pictures\milky way map.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/12 15:35:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/10/09 11:18:36 | 000,000,085 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/16 02:50:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2012/10/16 02:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Application Data\AVG2012
    [2012/10/16 02:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
    [2012/10/16 02:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/10/16 02:04:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2012/10/16 02:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2012/10/16 02:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/10/16 01:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/10/16 01:37:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/10/16 01:35:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/10/16 01:35:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/10/16 01:35:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/10/16 01:35:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/10/16 01:35:32 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/16 01:35:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
    [2012/10/16 01:33:20 | 004,980,567 | R--- | C] (Swearware) -- C:\Documents and Settings\Max\Desktop\ComboFix.exe
    [2012/10/14 21:42:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Max\Desktop\aswMBR.exe
    [2012/10/14 21:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\Desktop\RK_Quarantine
    [2012/10/14 21:26:38 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Max\Desktop\TDSSKiller.exe
    [2012/10/14 19:45:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
    [2012/10/14 19:45:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Max\Start Menu\Programs\Administrative Tools
    [2012/10/14 19:44:50 | 000,706,431 | R--- | C] (Swearware) -- C:\Documents and Settings\Max\Desktop\dds.com
    [2012/10/02 19:55:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Max\Recent
    [2012/10/02 18:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Max\My Documents\Mix
    [2006/06/16 20:31:04 | 006,003,072 | ---- | C] (Alcohol Soft) -- C:\Documents and Settings\Max\Application Data\a120_195_4212_retail.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/10/16 02:50:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Max\Desktop\OTL.exe
    [2012/10/16 02:49:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2012/10/16 02:45:08 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/16 02:19:47 | 062,054,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/10/16 02:19:47 | 000,629,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
    [2012/10/16 02:11:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/16 02:11:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/10/16 02:05:42 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/10/16 01:52:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/10/16 01:37:42 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/10/16 01:33:21 | 004,980,567 | R--- | M] (Swearware) -- C:\Documents and Settings\Max\Desktop\ComboFix.exe
    [2012/10/14 22:52:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\MBR.dat
    [2012/10/14 22:11:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/10/14 21:42:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Max\Desktop\aswMBR.exe
    [2012/10/14 21:35:02 | 001,422,336 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\RogueKiller.exe
    [2012/10/14 21:26:07 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\tdsskiller.zip
    [2012/10/14 20:59:46 | 000,245,760 | ---- | M] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/10/14 19:44:50 | 000,706,431 | R--- | M] (Swearware) -- C:\Documents and Settings\Max\Desktop\dds.com
    [2012/10/12 10:49:28 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/10/11 18:07:16 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/10/05 21:17:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2012/10/02 22:35:37 | 090,819,604 | ---- | M] () -- C:\Documents and Settings\Max\My Documents\my mix.mp3
    [2012/09/29 12:50:40 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Max\Desktop\Free YouTube to MP3 Converter.lnk
    [2012/09/24 12:46:40 | 000,027,520 | ---- | M] () -- C:\Documents and Settings\Max\Local Settings\Application Data\dt.dat
    [2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Max\Desktop\TDSSKiller.exe
    [2012/09/17 10:55:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

    ========== Files Created - No Company Name ==========

    [2012/10/16 02:19:47 | 062,054,023 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/10/16 02:19:47 | 000,629,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
    [2012/10/16 02:05:42 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
    [2012/10/16 01:37:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/10/16 01:37:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/10/16 01:35:41 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/10/16 01:35:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/10/16 01:35:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/10/16 01:35:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/10/16 01:35:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/10/14 22:52:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\MBR.dat
    [2012/10/14 21:34:56 | 001,422,336 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\RogueKiller.exe
    [2012/10/14 21:26:02 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\tdsskiller.zip
    [2012/10/11 18:03:28 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2012/09/29 12:50:40 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Max\Desktop\Free YouTube to MP3 Converter.lnk
    [2012/09/24 12:46:40 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\dt.dat
    [2012/07/31 00:36:48 | 000,358,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2012/06/05 14:56:20 | 000,000,640 | ---- | C] () -- C:\WINDOWS\EFXP.INI
    [2012/02/16 02:41:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2012/01/22 04:54:09 | 000,917,795 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-823518204-1547161642-839522115-1004-0.dat
    [2012/01/22 04:54:06 | 000,334,206 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/06/19 18:53:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe
    [2011/06/19 18:53:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
    [2011/05/10 01:15:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
    [2011/05/10 01:15:22 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
    [2011/03/06 09:17:20 | 000,000,423 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2011/03/03 05:27:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2010/12/27 02:06:23 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Max\default.pls
    [2010/12/27 01:56:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2010/12/26 00:53:44 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Max\pool.bin
    [2010/12/23 21:34:56 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
    [2010/10/04 23:38:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\rx_image32.Cache
    [2010/09/13 13:59:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2010/07/02 18:42:52 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Max\Application Data\Cricket2009.exe.lock
    [2010/06/13 17:43:37 | 000,245,760 | ---- | C] () -- C:\Documents and Settings\Max\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/06/12 20:20:27 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/10/16 02:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2012/01/25 22:39:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/11/29 17:39:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/03/24 11:26:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
    [2010/11/30 19:07:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
    [2011/03/15 09:09:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/10/11 11:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
    [2010/09/14 22:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
    [2012/03/20 22:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freemake
    [2012/10/16 02:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/08/11 21:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
    [2010/07/04 03:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets
    [2012/08/22 18:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2010/12/26 22:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/07/04 03:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2010/06/14 00:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2012/05/04 00:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2010/07/04 03:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2010/06/12 21:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2012/10/16 02:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\AVG2012
    [2012/04/08 17:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\BitComet
    [2011/10/29 21:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Blackberry Desktop
    [2010/11/30 19:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Canon
    [2012/09/29 12:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoft
    [2012/07/08 11:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\DVDVideoSoftIEHelpers
    [2010/09/14 22:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Flood Light Games
    [2010/07/16 21:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\HandBrake
    [2011/06/19 15:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\MysteryStudio
    [2010/12/30 23:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Research In Motion
    [2011/03/06 09:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Samsung
    [2011/11/02 18:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\searchquband
    [2010/07/04 03:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Simple Star
    [2011/05/29 18:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\Ubisoft
    [2012/10/14 15:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Max\Application Data\uTorrent

    ========== Purity Check ==========



    < End of report >
  19. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    Results of screen317's Security Check version 0.99.51
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    AVG 2012
    AVG2012 successfully updated!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.65.0.1400
    CCleaner
    Java(TM) 6 Update 29
    Java version out of Date!
    Adobe Flash Player11.4.402.287
    Adobe Reader X (10.1.4)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:: 5%
    ````````````````````End of Log``````````````````````
  20. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    Farbar Service Scanner Version: 07-10-2012
    Ran by Max (administrator) on 16-10-2012 at 04:26:42
    Running from "C:\Documents and Settings\Max\Desktop"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    Extra List:
    =======
    Avgfwfd(15) Avgtdix(16) fssfltr(9) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(11)
    0x100000000500000001000000020000000300000004000000080000000B0000000C0000000A0000000D0000000E0000000F00000010000000060000000700000009000000
    IpSec Tag value is correct.
    **** End of log ****
  21. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    ESET SCAN RESULTS

    C:\Documents and Settings\Max\My Documents\Work\Flat\Chiller_-_Series_1_(1995)__(VHSrip_(Xvid).exemultiple threatscleaned by deleting - quarantined
    C:\_OTL\MovedFiles\10162012_033243\C_Documents and Settings\All Users\Application Data\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dlla variant of Win32/Adware.Yontoo.B applicationcleaned by deleting - quarantined
  22. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    OTL Extras logfile created on: 16/10/2012 02:50:54 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Max\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    511.48 Mb Total Physical Memory | 306.64 Mb Available Physical Memory | 59.95% Memory free
    1.22 Gb Paging File | 0.83 Gb Available in Paging File | 68.21% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 146.88 Gb Total Space | 81.65 Gb Free Space | 55.59% Space Free | Partition Type: NTFS
    Drive D: | 574.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 3.73 Gb Total Space | 3.43 Gb Free Space | 91.95% Space Free | Partition Type: FAT32
    Drive I: | 931.51 Gb Total Space | 23.58 Gb Free Space | 2.53% Space Free | Partition Type: NTFS
    Drive J: | 931.51 Gb Total Space | 48.52 Gb Free Space | 5.21% Space Free | Partition Type: NTFS

    Computer Name: MAXCOMP | User Name: Max | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
    "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
    "{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
    "{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{84B2CF01-194D-2284-B313-F2E0D78D1033}" = Nero 7 Demo
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97B70991-5002-4241-8B0C-D74B8ADEB2B5}" = BlackBerry Desktop Software 7.1
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B0A92733-C870-415C-A494-DF72C2C58402}" = BlackBerry Device Software Updater
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D066C0E0-A915-11D5-B078-00C0F6A04C3E}" =
    "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2012
    "BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
    "Canon MP250 series User Registration" = Canon MP250 series User Registration
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "CCleaner" = CCleaner
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Free Studio_is1" = Free Studio version 5.6.3.706
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
    "Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
    "InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
    "InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Midnight Mysteries - The Edgar Allan Poe Conspiracy" = Midnight Mysteries - The Edgar Allan Poe Conspiracy
    "Midnight Mysteries Salem Witch Trials" = Midnight Mysteries Salem Witch Trials
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "NVIDIA Drivers" = NVIDIA Drivers
    "Uninstall_is1" = Uninstall 1.0.0.1
    "uTorrent" = µTorrent
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "VLC media player" = VLC media player 2.0.2
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-823518204-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 14/10/2012 11:01:31 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 14/10/2012 14:39:14 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 14/10/2012 17:12:42 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 14/10/2012 17:28:08 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 14/10/2012 17:32:25 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 15/10/2012 09:12:14 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 15/10/2012 20:07:52 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 15/10/2012 20:14:41 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    Error - 15/10/2012 20:22:53 | Computer Name = MAXCOMP | Source = ESENT | ID = 490
    Description = svchost (608) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
    for read / write access failed with system error 32 (0x00000020): "The process
    cannot access the file because it is being used by another process. ". The open
    file operation will fail with error -1032 (0xfffffbf8).

    Error - 15/10/2012 20:30:56 | Computer Name = MAXCOMP | Source = WinMgmt | ID = 28
    Description = WinMgmt could not initialize the core parts. This could be due to
    a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
    disk space or insufficient memory.

    [ System Events ]
    Error - 05/08/2012 15:08:05 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdatem with
    arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}

    Error - 05/08/2012 18:15:00 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 05/08/2012 19:05:41 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 05/08/2012 23:15:00 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 06/08/2012 11:42:12 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 06/08/2012 11:42:32 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdatem with
    arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}

    Error - 06/08/2012 12:15:03 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 06/08/2012 17:15:01 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 06/08/2012 19:45:18 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gusvc with
    arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

    Error - 06/08/2012 22:15:01 | Computer Name = MAXCOMP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


    < End of report >
  23. maxjoyner1

    maxjoyner1 Newcomer, in training Topic Starter Posts: 47

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-14 22:33:17
    -----------------------------
    22:33:17.781 OS Version: Windows 5.1.2600 Service Pack 3
    22:33:17.781 Number of processors: 1 586 0x2F02
    22:33:17.781 ComputerName: MAXCOMP UserName: Max
    22:33:25.421 Initialize success
    22:34:10.000 AVAST engine defs: 12101401
    22:34:55.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000073
    22:34:55.734 Disk 0 Vendor: WDC_WD1600JB-00GVC0 08.02D08 Size: 152627MB BusType: 3
    22:34:55.812 Disk 0 MBR read successfully
    22:34:55.812 Disk 0 MBR scan
    22:34:56.562 Disk 0 Windows XP default MBR code
    22:34:56.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 150405 MB offset 63
    22:34:57.109 Disk 0 Partition 2 00 12 Compaq diag RECOVERY 2219 MB offset 308030310
    22:34:57.546 Disk 0 scanning sectors +312576705
    22:34:58.109 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:35:20.796 Service scanning
    22:35:38.421 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    22:35:42.593 Modules scanning
    22:35:52.046 Disk 0 trace - called modules:
    22:35:52.562 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys spkq.sys >>UNKNOWN [0x82991938]<<
    22:35:52.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82935ab8]
    22:35:52.562 3 CLASSPNP.SYS[f84e5fd7] -> nt!IofCallDriver -> \Device\00000076[0x82931198]
    22:35:52.562 5 ACPI.sys[f8251620] -> nt!IofCallDriver -> \Device\00000073[0x829cb030]
    22:35:53.062 AVAST engine scan C:\WINDOWS
    22:35:57.312 AVAST engine scan C:\WINDOWS\system32
    22:39:57.687 AVAST engine scan C:\WINDOWS\system32\drivers
    22:40:15.031 AVAST engine scan C:\Documents and Settings\Max
    22:50:43.000 AVAST engine scan C:\Documents and Settings\All Users
    22:52:19.375 Scan finished successfully
    22:52:56.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Max\Desktop\MBR.dat"
    22:52:57.015 The log file has been saved successfully to "C:\Documents and Settings\Max\Desktop\aswMBR.txt"
  24. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    OTL log is incorrect.
    You clicked on "Scan" button instead of "Fix" button.
    Redo.

    I still need adwCleaner log.
    You posted aswMBR log instead.

    [​IMG]
  25. Broni

    Broni Malware Annihilator Posts: 46,384   +252

    Still with me?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.