TechSpot

Crypt.AQLW Trojan consistently starting Adobe Flash installer

By parkcitytrainer
Mar 27, 2012
  1. This Trojan is a real pain. It keeps trying to send out to:
    95.215.2.7
    95.21.5.2.8
    63.223.106.17
    46.249.58.48
    46.249.59.47
    83.133.124.245
    It also keeps starting Adobe Flash Player Installer.

    I performed;

    Step 1: Antivirus scanning

    Step 2: Malwarebytes Anti-Malware

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.27.08

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Rob :: FRANCIS-SV1 [administrator]

    Protection: Enabled

    3/27/2012 8:02:42 PM
    mbam-log-2012-03-27 (20-02-42).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223740
    Time elapsed: 43 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Step 3: GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-03-27 21:21:22
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BB-55GUC0 rev.08.02D08
    Running: yxu8qi7n.exe; Driver: C:\DOCUME~1\Rob\LOCALS~1\Temp\pxldypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT spoq.sys ZwEnumerateKey [0xF74FCDA4]
    SSDT spoq.sys ZwEnumerateValueKey [0xF74FD132]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\adpu160m \Device\Scsi\adpu160m2Port3Path0Target1Lun0 8A3541F8
    Device \Driver\adpu160m \Device\Scsi\adpu160m1Port2Path0Target1Lun0 8A3541F8
    Device \Driver\adpu160m \Device\Scsi\adpu160m1Port2Path0Target3Lun0 8A3541F8
    Device \Driver\ax3wod37 \Device\Scsi\ax3wod371 8A0D61F8
    Device \Driver\adpu160m \Device\Scsi\adpu160m1 8A3541F8
    Device \Driver\adpu160m \Device\Scsi\adpu160m2 8A3541F8
    Device \Driver\adpu160m \Device\Scsi\adpu160m3 8A3541F8
    Device \Driver\adpu160m \Device\Scsi\adpu160m1Port2Path0Target4Lun0 8A3541F8
    Device \Driver\adpu160m \Device\Scsi\adpu160m1Port2Path0Target2Lun0 8A3541F8
    Device \FileSystem\Ntfs \Ntfs 8A3531F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    ---- EOF - GMER 1.0.15 ----


    Step 4: DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Run by Rob at 21:21:33 on 2012-03-27
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.553 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\WINDOWS\system32\MCTCIDUtil.exe
    C:\WINDOWS\system32\trutil01.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\MFirefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uSearch Bar =
    uInternet Settings,ProxyOverride = <local>;*.local
    mURLSearchHooks: H - No File
    BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [nwiz] nwiz.exe /install
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [MCTCIDUtil] c:\windows\system32\MCTCIDUtil.exe
    mRun: [trutil0] c:\windows\system32\trutil01.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet
    IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    LSP: mswsock.dll
    Trusted Zone: intuit.com\ttlc
    DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263616039703
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263616028390
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\rob\application data\mozilla\firefox\profiles\fc6gsug0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 49495
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\fc6gsug0.default\extensions\{5b79bc2a-25c2-4f2a-bb86-606ea88ab950}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\fc6gsug0.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\rob\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\rob\application data\mozilla\firefox\profiles\fc6gsug0.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\documents and settings\rob\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mfirefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mfirefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-26 207280]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-26 233136]
    R1 pfmfs_27B;pfmfs_27B;c:\windows\system32\drivers\pfmfs_27B.sys [2009-3-18 179896]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-25 47640]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-27 652360]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-14 918880]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-27 20464]
    R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [2012-3-11 247680]
    R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [2012-3-11 253056]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
    S2 mclogmanagerservice;Wpsscannersvc;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
    S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2012-3-9 45288]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-26 70408]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-4-19 98488]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2012-3-26 365280]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2012-3-26 1141712]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [2012-3-11 34944]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2012-03-26 23:28:57 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-03-26 23:28:52 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-03-26 23:28:52 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-03-26 23:28:46 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-03-26 23:28:34 -------- d-----w- c:\program files\Spyware Doctor
    2012-03-26 23:28:34 -------- d-----w- c:\program files\common files\PC Tools
    2012-03-26 23:28:34 -------- d-----w- c:\documents and settings\rob\application data\PC Tools
    2012-03-26 23:28:34 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
    2012-03-26 23:08:22 -------- d-----w- c:\documents and settings\rob\application data\GetRightToGo
    2012-03-26 22:59:58 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-03-26 16:32:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-03-11 19:36:17 -------- d-----w- C:\MCT
    2012-03-11 19:36:16 315392 ----a-w- c:\windows\system32\MCTCIDUtil.exe
    2012-03-11 19:07:27 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2012-03-11 19:07:01 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
    2012-03-11 18:59:55 -------- d-----w- c:\documents and settings\rob\application data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-03-10 05:00:38 -------- d-----w- c:\program files\ATI
    2012-03-10 05:00:01 -------- d-----w- c:\program files\ATI Technologies
    2012-03-10 04:57:57 -------- d-----w- C:\ATI
    2012-03-10 04:57:30 21784 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2012-03-10 04:57:30 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2012-03-10 04:57:28 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2012-03-10 04:57:10 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2012-03-05 22:17:02 -------- d-----w- C:\TRITTON_uv100_8.0.1.0229.1153
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 21:23:03.50 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 3/14/2009 10:50:03 PM
    System Uptime: 3/27/2012 6:42:03 AM (15 hours ago)
    .
    Motherboard: Dell Computer Corp. | |
    Processor: Intel(R) XEON(TM) CPU 2.00GHz | Microprocessor | 1977/100mhz
    Processor: Intel(R) XEON(TM) CPU 2.00GHz | Microprocessor | 1977/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 105.565 GiB free.
    E: is FIXED (NTFS) - 137 GiB total, 67.095 GiB free.
    F: is FIXED (NTFS) - 34 GiB total, 4.457 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP671: 12/31/2011 9:48:56 AM - System Checkpoint
    RP672: 1/1/2012 10:12:55 AM - System Checkpoint
    RP673: 1/2/2012 7:37:19 PM - System Checkpoint
    RP674: 1/3/2012 8:26:29 PM - System Checkpoint
    RP675: 1/6/2012 6:34:38 PM - System Checkpoint
    RP676: 1/8/2012 7:49:45 PM - System Checkpoint
    RP677: 1/10/2012 7:23:21 PM - System Checkpoint
    RP678: 1/11/2012 7:41:39 PM - System Checkpoint
    RP679: 1/12/2012 8:37:31 PM - System Checkpoint
    RP680: 1/13/2012 10:08:14 PM - System Checkpoint
    RP681: 1/14/2012 11:00:10 PM - System Checkpoint
    RP682: 1/19/2012 7:07:42 PM - System Checkpoint
    RP683: 1/20/2012 7:12:50 PM - System Checkpoint
    RP684: 1/21/2012 7:24:45 PM - System Checkpoint
    RP685: 1/23/2012 7:10:34 PM - System Checkpoint
    RP686: 1/26/2012 6:20:50 PM - System Checkpoint
    RP687: 1/28/2012 9:46:02 AM - System Checkpoint
    RP688: 1/29/2012 4:22:49 PM - System Checkpoint
    RP689: 1/31/2012 12:44:46 PM - System Checkpoint
    RP690: 2/1/2012 6:17:29 PM - System Checkpoint
    RP691: 2/4/2012 1:07:01 AM - System Checkpoint
    RP692: 2/5/2012 9:54:04 AM - System Checkpoint
    RP693: 2/6/2012 10:00:32 AM - System Checkpoint
    RP694: 2/7/2012 6:35:45 PM - System Checkpoint
    RP695: 2/10/2012 4:16:20 PM - System Checkpoint
    RP696: 2/11/2012 4:56:15 PM - System Checkpoint
    RP697: 2/12/2012 5:13:12 PM - System Checkpoint
    RP698: 2/14/2012 6:43:09 PM - System Checkpoint
    RP699: 2/15/2012 6:58:54 PM - System Checkpoint
    RP700: 2/17/2012 6:27:02 PM - System Checkpoint
    RP701: 2/17/2012 9:00:43 PM - Installed iTunes
    RP702: 2/18/2012 9:25:19 PM - System Checkpoint
    RP703: 2/20/2012 7:38:53 PM - System Checkpoint
    RP704: 2/26/2012 9:29:47 AM - System Checkpoint
    RP705: 3/5/2012 3:18:38 PM - Installed SEE2 USB 2.0 VGA Adapter (Multiple)
    RP706: 3/5/2012 3:29:33 PM - Unsigned driver install
    RP707: 3/5/2012 7:01:09 PM - Removed Microsoft Silverlight
    RP708: 3/6/2012 6:19:13 AM - Unsigned driver install
    RP709: 3/10/2012 2:46:03 PM - System Checkpoint
    RP710: 3/11/2012 1:07:27 PM - Installed Windows XP Wdf01009.
    RP711: 3/11/2012 1:25:16 PM - Removed SEE2 USB 2.0 VGA Adapter (Multiple)
    RP712: 3/11/2012 1:35:39 PM - Installed SEE2 USB 2.0 VGA Adapter (Multiple)
    RP713: 3/11/2012 1:38:14 PM - Unsigned driver install
    RP714: 3/12/2012 12:24:07 PM - Unsigned driver install
    RP715: 3/12/2012 12:56:04 PM - Unsigned driver install
    RP716: 3/14/2012 8:53:56 PM - System Checkpoint
    RP717: 3/17/2012 2:23:23 PM - System Checkpoint
    RP718: 3/18/2012 2:56:52 PM - System Checkpoint
    RP719: 3/19/2012 6:28:15 PM - System Checkpoint
    RP720: 3/22/2012 7:38:02 PM - System Checkpoint
    RP721: 3/23/2012 7:59:03 PM - System Checkpoint
    RP722: 3/25/2012 10:26:41 AM - System Checkpoint
    RP723: 3/27/2012 3:41:37 AM - System Checkpoint
    RP724: 3/27/2012 7:03:59 AM - Removed Acrobat.com
    RP725: 3/27/2012 7:04:56 AM - Removed Adobe Reader 9.5.0.
    RP726: 3/27/2012 7:10:25 AM - Removed Adobe Photoshop Elements 5.0
    .
    ==== Installed Programs ======================
    .
    .
    3ivx MPEG-4 5.0.3 (remove only)
    7-Zip 4.65
    ADS Tech Master Installer V3.8
    Advanced SystemCare 3
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ashampoo Burning Studio 9.03
    AutoUpdate
    AVG 2012
    BitComet 1.25
    Bonjour
    Business Plan Pro 2007
    CCleaner
    Critical Update for Windows Media Player 11 (KB959772)
    CyberLink PowerDirector
    CyberLink WaveEditor
    CyberView CS - Memor-ease 1.2a (build 20090910)
    dcmsvc 1.0
    Dell Driver Download Manager
    DivX
    DivX Player
    DriverGuide DriverScan
    Facebook Plug-In
    FreeRIP v3.42
    Google Updater
    HGTV Home & Interior Painter
    HGTV Home & Landscape Platinum Suite
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    hp instant support
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 1200 series
    hp psc 1200 series
    ImagXpress
    Indeo® software
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    LightScribe System Software 1.14.17.1
    LizardTech DjVu Control
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft English TTS Engine
    Microsoft Expression Web
    Microsoft Expression Web MUI (English)
    Microsoft Expression Web Service Pack 1 (SP1)
    Microsoft IntelliType Pro 8.2
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Streets & Trips 2009
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Mozilla Firefox 11.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    neroxml
    NVIDIA Drivers
    Oakley THUMP
    OVT Scanner X86
    PhotoImpact X3
    Pismo File Mount Audit Package
    Quicken 2010
    QuickTime
    Remote Control USB Driver
    SAPI Wrapper
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2434737)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB911565)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    SEE2 USB 2.0 VGA Adapter (Multiple) 8.0.1.0229.1153
    SiSoftware Sandra Lite 2009.SP2
    SmartSound Quicktracks 5
    SmartSound Quicktracks Plugin
    Spybot - Search & Destroy
    Spyware Doctor 7.0
    System Requirements Lab
    TTS Wrapper
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wrapper
    TurboTax 2010 wutiper
    Ulead DVD DiskRecorder 2.1.1
    Uninstall OVT Scanner
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VLC media player 1.0.1
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3
    Yahoo! BrowserPlus 2.9.8
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/26/2012 9:58:26 PM, error: Service Control Manager [7023] - The Wdm_au8820 service terminated with the following error: Access is denied.
    3/26/2012 9:43:28 PM, error: Service Control Manager [7023] - The AMDPCI service terminated with the following error: Access is denied.
    3/26/2012 9:28:27 PM, error: Service Control Manager [7023] - The Igniteservice.exe service terminated with the following error: Access is denied.
    3/26/2012 9:13:26 PM, error: Service Control Manager [7023] - The Stirusb service terminated with the following error: Access is denied.
    3/26/2012 8:58:26 PM, error: Service Control Manager [7023] - The Cics.region2 service terminated with the following error: Access is denied.
    3/26/2012 8:43:24 PM, error: Service Control Manager [7023] - The Areschatserver service terminated with the following error: Access is denied.
    3/26/2012 8:28:22 PM, error: Service Control Manager [7023] - The Servicemgr service terminated with the following error: Access is denied.
    3/26/2012 8:13:21 PM, error: Service Control Manager [7023] - The Oracle_load_balancer_60_server-forms6ip14 service terminated with the following error: Access is denied.
    3/26/2012 7:58:23 PM, error: Service Control Manager [7023] - The Dpc_srv_webcast service terminated with the following error: Access is denied.
    3/26/2012 7:43:21 PM, error: Service Control Manager [7023] - The Wpsscannersvc service terminated with the following error: Access is denied.
    3/26/2012 7:28:20 PM, error: Service Control Manager [7023] - The Tablet2k service terminated with the following error: Access is denied.
    3/26/2012 7:13:19 PM, error: Service Control Manager [7023] - The WacomVKHid service terminated with the following error: Access is denied.
    3/26/2012 6:58:21 PM, error: Service Control Manager [7023] - The Enodpl service terminated with the following error: Access is denied.
    3/26/2012 6:43:18 PM, error: Service Control Manager [7023] - The Steamdvr service terminated with the following error: Access is denied.
    3/26/2012 6:28:19 PM, error: Service Control Manager [7023] - The HPFECP20 service terminated with the following error: Access is denied.
    3/26/2012 6:13:17 PM, error: Service Control Manager [7023] - The Nbservice service terminated with the following error: Access is denied.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Z525mdm service terminated with the following error: Access is denied.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Qbreminderflash service terminated with the following error: The specified module could not be found.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Openvpnservice service terminated with the following error: The specified module could not be found.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: Access is denied.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The LXARScan service terminated with the following error: The specified module could not be found.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Lvusbsta service terminated with the following error: The specified module could not be found.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Lp6nds35 service terminated with the following error: The specified module could not be found.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
    3/26/2012 5:58:34 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    3/26/2012 5:53:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/26/2012 5:28:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    3/26/2012 5:24:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
    3/26/2012 5:22:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
    3/26/2012 5:20:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/26/2012 5:00:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm sptd
    3/26/2012 4:59:40 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
    3/26/2012 4:39:52 PM, error: Service Control Manager [7023] - The LXARScan service terminated with the following error: Access is denied.
    3/26/2012 2:25:07 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
    3/26/2012 2:25:02 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    3/26/2012 11:45:19 AM, error: Service Control Manager [7023] - The Qbreminderflash service terminated with the following error: Access is denied.
    3/26/2012 11:37:22 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    3/26/2012 11:10:18 AM, error: Service Control Manager [7023] - The Openvpnservice service terminated with the following error: Access is denied.
    3/26/2012 10:45:15 AM, error: Service Control Manager [7023] - The Lp6nds35 service terminated with the following error: Access is denied.
    3/26/2012 10:43:28 PM, error: Service Control Manager [7023] - The Sk9920nt service terminated with the following error: Access is denied.
    3/26/2012 10:32:16 AM, error: Service Control Manager [7023] - The Lvusbsta service terminated with the following error: Access is denied.
    3/26/2012 10:28:34 PM, error: Service Control Manager [7023] - The SE2Eobex service terminated with the following error: Access is denied.
    3/26/2012 10:13:33 PM, error: Service Control Manager [7023] - The Statusagent4 service terminated with the following error: Access is denied.
    .
    ==== End Of File ===========================


    Any and all help to remove this Trojan is much appreciated. :)
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-29 17:29:57
    -----------------------------
    17:29:57.859 OS Version: Windows 5.1.2600 Service Pack 3
    17:29:57.859 Number of processors: 2 586 0x204
    17:29:57.859 ComputerName: FRANCIS-SV1 UserName: Rob
    17:30:18.859 Initialize success
    17:32:20.250 AVAST engine defs: 12032901
    17:32:46.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    17:32:46.203 Disk 0 Vendor: WDC_WD2500BB-55GUC0 08.02D08 Size: 238475MB BusType: 3
    17:32:46.203 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\adpu160m1Port2Path0Target1Lun0
    17:32:46.218 Disk 1 Vendor: SEAGATE_ 010A Size: 35003MB BusType: 1
    17:32:46.218 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\adpu160m1Port2Path0Target2Lun0
    17:32:46.218 Disk 2 Vendor: SEAGATE_ 010A Size: 35003MB BusType: 1
    17:32:46.234 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\adpu160m1Port2Path0Target3Lun0
    17:32:46.234 Disk 3 Vendor: SEAGATE_ 010A Size: 35003MB BusType: 1
    17:32:46.234 Disk 4 \Device\Harddisk4\DR4 -> \Device\Scsi\adpu160m1Port2Path0Target4Lun0
    17:32:46.250 Disk 4 Vendor: SEAGATE_ 010A Size: 35003MB BusType: 1
    17:32:46.250 Disk 5 \Device\Harddisk5\DR5 -> \Device\Scsi\adpu160m2Port3Path0Target1Lun0
    17:32:46.265 Disk 5 Vendor: SEAGATE_ 8A03 Size: 34732MB BusType: 1
    17:32:46.281 Disk 0 MBR read successfully
    17:32:46.296 Disk 0 MBR scan
    17:32:46.359 Disk 0 Windows XP default MBR code
    17:32:46.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
    17:32:46.375 Disk 0 scanning sectors +488376000
    17:32:46.484 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:33:07.484 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Hosts-BM [Rtk]
    17:33:44.593 Disk 0 trace - called modules:
    17:33:44.625 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88d6bfd0]<<
    17:33:44.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a21c578]
    17:33:44.640 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x88e7f928]
    17:33:44.656 \Driver\00001940[0x88df4f38] -> IRP_MJ_CREATE -> 0x88d6bfd0
    17:33:45.890 AVAST engine scan C:\WINDOWS
    17:33:56.171 AVAST engine scan C:\WINDOWS\system32
    17:40:43.375 AVAST engine scan C:\WINDOWS\system32\drivers
    17:40:56.140 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Hosts-BM [Rtk]
    17:41:26.703 AVAST engine scan C:\Documents and Settings\Rob
    18:02:09.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rob\Desktop\MBR.dat"
    18:02:09.187 The log file has been saved successfully to "C:\Documents and Settings\Rob\Desktop\aswMBR.txt"


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    18:49:25.0593 0256 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
    18:49:26.0640 0256 ============================================================
    18:49:26.0640 0256 Current date / time: 2012/03/30 18:49:26.0640
    18:49:26.0640 0256 SystemInfo:
    18:49:26.0640 0256
    18:49:26.0640 0256 OS Version: 5.1.2600 ServicePack: 3.0
    18:49:26.0640 0256 Product type: Workstation
    18:49:26.0640 0256 ComputerName: FRANCIS-SV1
    18:49:26.0640 0256 UserName: Rob
    18:49:26.0640 0256 Windows directory: C:\WINDOWS
    18:49:26.0640 0256 System windows directory: C:\WINDOWS
    18:49:26.0640 0256 Processor architecture: Intel x86
    18:49:26.0640 0256 Number of processors: 2
    18:49:26.0640 0256 Page size: 0x1000
    18:49:26.0640 0256 Boot type: Normal boot
    18:49:26.0640 0256 ============================================================
    18:49:31.0328 0256 Drive \Device\Harddisk1\DR1 - Size: 0x88BB99400 (34.18 Gb), SectorSize: 0x200, Cylinders: 0x116E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    18:49:31.0328 0256 Drive \Device\Harddisk2\DR2 - Size: 0x88BB99400 (34.18 Gb), SectorSize: 0x200, Cylinders: 0x116E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    18:49:31.0328 0256 Drive \Device\Harddisk3\DR3 - Size: 0x88BB99400 (34.18 Gb), SectorSize: 0x200, Cylinders: 0x116E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    18:49:31.0343 0256 Drive \Device\Harddisk4\DR4 - Size: 0x88BB99400 (34.18 Gb), SectorSize: 0x200, Cylinders: 0x116E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    18:49:31.0343 0256 Drive \Device\Harddisk5\DR5 - Size: 0x87ACE3E00 (33.92 Gb), SectorSize: 0x200, Cylinders: 0x114B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
    18:49:31.0375 0256 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    18:49:31.0375 0256 \Device\Harddisk1\DR1:
    18:49:31.0390 0256 MBR used
    18:49:31.0390 0256 \Device\Harddisk2\DR2:
    18:49:31.0390 0256 MBR used
    18:49:31.0390 0256 \Device\Harddisk3\DR3:
    18:49:31.0390 0256 MBR used
    18:49:31.0390 0256 \Device\Harddisk4\DR4:
    18:49:31.0390 0256 MBR used
    18:49:31.0390 0256 \Device\Harddisk5\DR5:
    18:49:31.0390 0256 MBR used
    18:49:31.0390 0256 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x43CF48B
    18:49:31.0390 0256 \Device\Harddisk0\DR0:
    18:49:31.0390 0256 MBR used
    18:49:31.0390 0256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
    18:49:31.0453 0256 Initialize success
    18:49:31.0453 0256 ============================================================
    18:49:38.0578 3752 ============================================================
    18:49:38.0578 3752 Scan started
    18:49:38.0578 3752 Mode: Manual;
    18:49:38.0578 3752 ============================================================
    18:49:40.0609 3752 .redbook - ok
    18:49:40.0921 3752 3combootp - ok
    18:49:41.0171 3752 Abiosdsk - ok
    18:49:41.0531 3752 abp480n5 - ok
    18:49:41.0921 3752 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    18:49:41.0984 3752 ac97intc - ok
    18:49:42.0578 3752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:49:42.0625 3752 ACPI - ok
    18:49:43.0093 3752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:49:43.0109 3752 ACPIEC - ok
    18:49:43.0562 3752 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    18:49:43.0562 3752 adpu160m - ok
    18:49:43.0984 3752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:49:44.0015 3752 aec - ok
    18:49:44.0593 3752 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    18:49:44.0625 3752 AFD - ok
    18:49:45.0109 3752 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    18:49:45.0140 3752 agp440 - ok
    18:49:45.0468 3752 Aha154x - ok
    18:49:45.0781 3752 aic78u2 - ok
    18:49:46.0062 3752 aic78xx - ok
    18:49:46.0437 3752 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    18:49:46.0453 3752 Alerter - ok
    18:49:46.0765 3752 alertservice - ok
    18:49:47.0062 3752 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    18:49:47.0125 3752 ALG - ok
    18:49:47.0593 3752 AliIde - ok
    18:49:47.0906 3752 amsint - ok
    18:49:48.0578 3752 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
    18:49:48.0843 3752 APL531 - ok
    18:49:49.0109 3752 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:49:49.0140 3752 Apple Mobile Device - ok
    18:49:49.0578 3752 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    18:49:49.0625 3752 AppMgmt - ok
    18:49:50.0109 3752 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:49:50.0125 3752 Arp1394 - ok
    18:49:50.0656 3752 asc - ok
    18:49:51.0000 3752 asc3350p - ok
    18:49:51.0265 3752 asc3550 - ok
    18:49:51.0562 3752 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:49:51.0703 3752 aspnet_state - ok
    18:49:52.0187 3752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:49:52.0218 3752 AsyncMac - ok
    18:49:52.0656 3752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:49:52.0656 3752 atapi - ok
    18:49:53.0000 3752 Atdisk - ok
    18:49:53.0265 3752 atierecord - ok
    18:49:53.0796 3752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:49:53.0812 3752 Atmarpc - ok
    18:49:54.0171 3752 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    18:49:54.0187 3752 AudioSrv - ok
    18:49:54.0718 3752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:49:54.0734 3752 audstub - ok
    18:49:56.0781 3752 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    18:49:59.0593 3752 AVGIDSAgent - ok
    18:50:00.0031 3752 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    18:50:00.0062 3752 AVGIDSDriver - ok
    18:50:00.0562 3752 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    18:50:00.0562 3752 AVGIDSEH - ok
    18:50:01.0015 3752 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    18:50:01.0031 3752 AVGIDSFilter - ok
    18:50:01.0453 3752 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    18:50:01.0484 3752 AVGIDSShim - ok
    18:50:01.0953 3752 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    18:50:01.0984 3752 Avgldx86 - ok
    18:50:02.0578 3752 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    18:50:02.0593 3752 Avgmfx86 - ok
    18:50:03.0000 3752 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    18:50:03.0031 3752 Avgrkx86 - ok
    18:50:03.0515 3752 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    18:50:03.0656 3752 Avgtdix - ok
    18:50:04.0000 3752 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    18:50:04.0031 3752 avgwd - ok
    18:50:04.0328 3752 basfipm - ok
    18:50:04.0718 3752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:50:04.0734 3752 Beep - ok
    18:50:05.0187 3752 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    18:50:05.0359 3752 BITS - ok
    18:50:05.0796 3752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    18:50:05.0984 3752 Bonjour Service - ok
    18:50:06.0375 3752 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    18:50:06.0406 3752 Browser - ok
    18:50:06.0734 3752 CamAv - ok
    18:50:07.0156 3752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:50:07.0171 3752 cbidf2k - ok
    18:50:07.0500 3752 cccredmgr - ok
    18:50:07.0906 3752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    18:50:07.0921 3752 CCDECODE - ok
    18:50:08.0218 3752 cd20xrnt - ok
    18:50:08.0687 3752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:50:08.0703 3752 Cdaudio - ok
    18:50:09.0171 3752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:50:09.0187 3752 Cdfs - ok
    18:50:09.0718 3752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:50:09.0750 3752 Cdrom - ok
    18:50:10.0031 3752 Changer - ok
    18:50:10.0359 3752 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    18:50:10.0375 3752 CiSvc - ok
    18:50:10.0796 3752 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    18:50:10.0812 3752 ClipSrv - ok
    18:50:11.0078 3752 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:50:11.0703 3752 clr_optimization_v2.0.50727_32 - ok
    18:50:12.0031 3752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:50:12.0078 3752 clr_optimization_v4.0.30319_32 - ok
    18:50:12.0593 3752 CmdIde - ok
    18:50:12.0859 3752 COMSysApp - ok
    18:50:13.0250 3752 Cpqarray - ok
    18:50:13.0562 3752 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    18:50:13.0578 3752 CryptSvc - ok
    18:50:13.0875 3752 CTERFXFX.DLL - ok
    18:50:14.0171 3752 cvsnt - ok
    18:50:14.0562 3752 CXAVXBAR - ok
    18:50:14.0921 3752 dac2w2k - ok
    18:50:15.0203 3752 dac960nt - ok
    18:50:15.0453 3752 db2das00 - ok
    18:50:15.0937 3752 dc3d (b7ef38c2c22a7805de919cff5e16a372) C:\WINDOWS\system32\DRIVERS\dc3d.sys
    18:50:15.0984 3752 dc3d - ok
    18:50:16.0484 3752 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    18:50:16.0500 3752 DcomLaunch - ok
    18:50:16.0843 3752 Defrag32 - ok
    18:50:17.0031 3752 defragfs - ok
    18:50:17.0328 3752 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    18:50:17.0328 3752 Dhcp - ok
    18:50:17.0968 3752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:50:18.0000 3752 Disk - ok
    18:50:18.0250 3752 dmadmin - ok
    18:50:18.0765 3752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:50:18.0906 3752 dmboot - ok
    18:50:19.0468 3752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:50:19.0484 3752 dmio - ok
    18:50:20.0109 3752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:50:20.0125 3752 dmload - ok
    18:50:20.0625 3752 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    18:50:20.0640 3752 dmserver - ok
    18:50:21.0187 3752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:50:21.0218 3752 DMusic - ok
    18:50:21.0562 3752 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
    18:50:21.0578 3752 Dnscache - ok
    18:50:22.0062 3752 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    18:50:22.0078 3752 Dot3svc - ok
    18:50:22.0562 3752 dpti2o - ok
    18:50:23.0000 3752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:50:23.0015 3752 drmkaud - ok
    18:50:23.0656 3752 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    18:50:23.0671 3752 EapHost - ok
    18:50:24.0375 3752 ehstart - ok
    18:50:24.0812 3752 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    18:50:24.0843 3752 EL90XBC - ok
    18:50:25.0328 3752 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    18:50:25.0343 3752 ERSvc - ok
    18:50:25.0750 3752 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:50:25.0765 3752 Eventlog - ok
    18:50:26.0375 3752 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    18:50:26.0531 3752 EventSystem - ok
    18:50:27.0187 3752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:50:27.0203 3752 Fastfat - ok
    18:50:27.0828 3752 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
    18:50:27.0906 3752 FastUserSwitchingCompatibility - ok
    18:50:28.0375 3752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:50:28.0406 3752 Fdc - ok
    18:50:28.0906 3752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:50:28.0921 3752 Fips - ok
    18:50:29.0562 3752 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:50:29.0968 3752 FLEXnet Licensing Service - ok
    18:50:30.0500 3752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    18:50:30.0531 3752 Flpydisk - ok
    18:50:30.0937 3752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:50:30.0953 3752 FltMgr - ok
    18:50:31.0890 3752 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    18:50:32.0046 3752 FontCache3.0.0.0 - ok
    18:50:33.0359 3752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:50:33.0453 3752 Fs_Rec - ok
    18:50:33.0906 3752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:50:33.0968 3752 Ftdisk - ok
    18:50:34.0406 3752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    18:50:34.0437 3752 GEARAspiWDM - ok
    18:50:34.0828 3752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:50:34.0843 3752 Gpc - ok
    18:50:35.0265 3752 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:50:35.0281 3752 gusvc - ok
    18:50:35.0500 3752 helpsvc - ok
    18:50:35.0734 3752 HidServ - ok
    18:50:36.0171 3752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:50:36.0203 3752 HidUsb - ok
    18:50:36.0578 3752 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    18:50:36.0593 3752 hkmsvc - ok
    18:50:37.0015 3752 hpn - ok
    18:50:37.0468 3752 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    18:50:37.0484 3752 HPZid412 - ok
    18:50:38.0046 3752 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    18:50:38.0062 3752 HPZipr12 - ok
    18:50:38.0484 3752 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    18:50:38.0500 3752 HPZius12 - ok
    18:50:38.0843 3752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:50:38.0875 3752 HTTP - ok
    18:50:39.0031 3752 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    18:50:39.0046 3752 HTTPFilter - ok
    18:50:39.0109 3752 i2omgmt - ok
    18:50:39.0578 3752 i2omp - ok
    18:50:40.0093 3752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:50:40.0109 3752 i8042prt - ok
    18:50:40.0515 3752 iaimfp3 - ok
    18:50:40.0781 3752 iAimTV6 - ok
    18:50:41.0031 3752 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    18:50:41.0515 3752 IDriverT - ok
    18:50:42.0375 3752 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:50:42.0687 3752 idsvc - ok
    18:50:42.0906 3752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:50:42.0906 3752 Imapi - ok
    18:50:43.0390 3752 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
    18:50:43.0390 3752 ImapiService - ok
    18:50:43.0765 3752 ini910u - ok
    18:50:43.0906 3752 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    18:50:43.0906 3752 IntelIde - ok
    18:50:44.0109 3752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:50:44.0109 3752 intelppm - ok
    18:50:44.0562 3752 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    18:50:44.0562 3752 IntuitUpdateService - ok
    18:50:45.0015 3752 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:50:45.0031 3752 ip6fw - ok
    18:50:45.0265 3752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:50:45.0265 3752 IpFilterDriver - ok
    18:50:45.0843 3752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:50:45.0859 3752 IpInIp - ok
    18:50:46.0125 3752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:50:46.0218 3752 IpNat - ok
    18:50:46.0625 3752 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
    18:50:46.0656 3752 iPod Service - ok
    18:50:46.0859 3752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:50:46.0875 3752 IPSec - ok
    18:50:47.0031 3752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:50:47.0031 3752 IRENUM - ok
    18:50:47.0656 3752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:50:47.0671 3752 isapnp - ok
    18:50:48.0015 3752 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
    18:50:48.0031 3752 JavaQuickStarterService - ok
    18:50:48.0796 3752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:50:48.0828 3752 Kbdclass - ok
    18:50:49.0750 3752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:50:49.0765 3752 kbdhid - ok
    18:50:49.0984 3752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:50:49.0984 3752 kmixer - ok
    18:50:50.0171 3752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:50:50.0171 3752 KSecDD - ok
    18:50:50.0343 3752 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    18:50:50.0359 3752 lanmanserver - ok
    18:50:50.0531 3752 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    18:50:50.0546 3752 lanmanworkstation - ok
    18:50:50.0765 3752 lbrtfdc - ok
    18:50:50.0984 3752 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    18:50:50.0984 3752 LightScribeService - ok
    18:50:51.0125 3752 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    18:50:51.0140 3752 LmHosts - ok
    18:50:51.0187 3752 LMIInfo - ok
    18:50:51.0390 3752 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    18:50:51.0390 3752 lmimirr - ok
    18:50:51.0500 3752 LMIRfsClientNP - ok
    18:50:51.0578 3752 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    18:50:51.0578 3752 LMIRfsDriver - ok
    18:50:51.0734 3752 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
    18:50:51.0750 3752 MBAMProtector - ok
    18:50:51.0937 3752 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    18:50:51.0968 3752 MBAMService - ok
    18:50:52.0109 3752 mclogmanagerservice - ok
    18:50:52.0312 3752 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    18:50:52.0328 3752 MDM - ok
    18:50:52.0531 3752 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    18:50:52.0531 3752 Messenger - ok
    18:50:52.0546 3752 mgactrl - ok
    18:50:52.0562 3752 mhndrv - ok
    18:50:52.0734 3752 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    18:50:52.0781 3752 Microsoft Office Groove Audit Service - ok
    18:50:52.0968 3752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:50:52.0984 3752 mnmdd - ok
    18:50:53.0187 3752 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
    18:50:53.0187 3752 mnmsrvc - ok
    18:50:53.0375 3752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:50:53.0375 3752 Modem - ok
    18:50:53.0546 3752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:50:53.0546 3752 Mouclass - ok
    18:50:53.0718 3752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:50:53.0718 3752 mouhid - ok
    18:50:53.0906 3752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:50:53.0906 3752 MountMgr - ok
    18:50:54.0046 3752 mraid35x - ok
    18:50:54.0093 3752 mrobeservice - ok
    18:50:54.0218 3752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:50:54.0328 3752 MRxDAV - ok
    18:50:54.0890 3752 MRxSmb (95032f6914eae0edac3090801283514c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:50:54.0937 3752 MRxSmb - ok
    18:50:55.0250 3752 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
    18:50:55.0250 3752 MSDTC - ok
    18:50:55.0531 3752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:50:55.0546 3752 Msfs - ok
    18:50:55.0625 3752 MSIServer - ok
    18:50:55.0718 3752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:50:55.0718 3752 MSKSSRV - ok
    18:50:55.0875 3752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:50:55.0890 3752 MSPCLOCK - ok
    18:50:56.0046 3752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:50:56.0062 3752 MSPQM - ok
    18:50:56.0625 3752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:50:56.0734 3752 mssmbios - ok
    18:50:57.0328 3752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    18:50:57.0406 3752 MSTEE - ok
    18:50:58.0265 3752 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    18:50:58.0265 3752 Mup - ok
    18:50:58.0531 3752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    18:50:58.0546 3752 NABTSFEC - ok
    18:50:58.0812 3752 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    18:50:58.0828 3752 napagent - ok
    18:50:59.0062 3752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:50:59.0093 3752 NDIS - ok
    18:50:59.0390 3752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    18:50:59.0390 3752 NdisIP - ok
    18:50:59.0562 3752 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:50:59.0562 3752 NdisTapi - ok
    18:50:59.0734 3752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:50:59.0734 3752 Ndisuio - ok
    18:50:59.0906 3752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:50:59.0906 3752 NdisWan - ok
    18:51:00.0078 3752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:51:00.0078 3752 NDProxy - ok
    18:51:00.0359 3752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:51:00.0359 3752 NetBIOS - ok
    18:51:00.0546 3752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:51:00.0546 3752 NetBT - ok
    18:51:00.0718 3752 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    18:51:00.0718 3752 NetDDE - ok
    18:51:00.0734 3752 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    18:51:00.0750 3752 NetDDEdsdm - ok
    18:51:00.0875 3752 netdetect - ok
    18:51:00.0937 3752 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
    18:51:00.0937 3752 Netlogon - ok
    18:51:01.0046 3752 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    18:51:01.0062 3752 Netman - ok
    18:51:01.0437 3752 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:51:01.0453 3752 NetTcpPortSharing - ok
    18:51:01.0640 3752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:51:01.0640 3752 NIC1394 - ok
    18:51:01.0765 3752 nimcdfxk - ok
    18:51:01.0843 3752 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
    18:51:01.0859 3752 Nla - ok
    18:51:02.0062 3752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:51:02.0078 3752 Npfs - ok
    18:51:02.0421 3752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:51:02.0468 3752 Ntfs - ok
    18:51:02.0640 3752 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
    18:51:02.0640 3752 NtLmSsp - ok
    18:51:02.0921 3752 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    18:51:02.0937 3752 NtmsSvc - ok
    18:51:03.0171 3752 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    18:51:03.0171 3752 NuidFltr - ok
    18:51:03.0593 3752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:51:03.0609 3752 Null - ok
    18:51:03.0859 3752 nv (8e836672c1e476772cd18b7b4a671b4b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    18:51:03.0921 3752 nv - ok
    18:51:04.0062 3752 nvmpu401 - ok
    18:51:04.0140 3752 NVSvc (e0f8f86eecac5d01af9bb4406a347178) C:\WINDOWS\system32\nvsvc32.exe
    18:51:04.0156 3752 NVSvc - ok
    18:51:04.0359 3752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:51:04.0359 3752 NwlnkFlt - ok
    18:51:04.0531 3752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:51:04.0531 3752 NwlnkFwd - ok
    18:51:04.0812 3752 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    18:51:04.0843 3752 odserv - ok
    18:51:05.0046 3752 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:51:05.0046 3752 ohci1394 - ok
    18:51:05.0265 3752 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:51:05.0281 3752 ose - ok
    18:51:05.0531 3752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:51:05.0531 3752 Parport - ok
    18:51:05.0718 3752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:51:05.0718 3752 PartMgr - ok
    18:51:05.0859 3752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:51:05.0875 3752 ParVdm - ok
    18:51:06.0125 3752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:51:06.0125 3752 PCI - ok
    18:51:06.0265 3752 PCIDump - ok
    18:51:06.0437 3752 PCIIde - ok
    18:51:06.0625 3752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:51:06.0640 3752 Pcmcia - ok
    18:51:06.0796 3752 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys
    18:51:06.0812 3752 PCTCore - ok
    18:51:06.0953 3752 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\system32\drivers\pctgntdi.sys
    18:51:06.0968 3752 pctgntdi - ok
    18:51:07.0109 3752 pctplsg (95a8562701e6b4494993847f85b2d60e) C:\WINDOWS\system32\drivers\pctplsg.sys
    18:51:07.0125 3752 pctplsg - ok
    18:51:07.0250 3752 PDCOMP - ok
    18:51:07.0265 3752 PDFRAME - ok
    18:51:07.0281 3752 PDRELI - ok
    18:51:07.0312 3752 PDRFRAME - ok
    18:51:07.0343 3752 perc2 - ok
    18:51:07.0375 3752 perc2hib - ok
    18:51:07.0453 3752 pfmfs_27B (a3e9309e52bf8ac1c8ad1b53f9d3c544) C:\WINDOWS\system32\Drivers\pfmfs_27B.sys
    18:51:07.0468 3752 pfmfs_27B - ok
    18:51:07.0640 3752 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:51:07.0656 3752 PlugPlay - ok
    18:51:07.0781 3752 Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
    18:51:07.0796 3752 Pml Driver HPZ12 - ok
    18:51:07.0921 3752 PNRPSvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\psadd.dll
    18:51:07.0953 3752 Suspicious file (NoAccess): C:\WINDOWS\system32\psadd.dll. md5: 11028c6a84a967070cb1286550f2058f
    18:51:07.0953 3752 PNRPSvc ( Backdoor.Multi.ZAccess.gen ) - infected
    18:51:07.0953 3752 PNRPSvc - detected Backdoor.Multi.ZAccess.gen (0)
    18:51:08.0062 3752 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
    18:51:08.0078 3752 PolicyAgent - ok
    18:51:08.0265 3752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:51:08.0281 3752 PptpMiniport - ok
    18:51:08.0453 3752 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    18:51:08.0468 3752 Processor - ok
    18:51:08.0625 3752 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:51:08.0625 3752 ProtectedStorage - ok
    18:51:08.0828 3752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:51:08.0828 3752 PSched - ok
    18:51:09.0015 3752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:51:09.0015 3752 Ptilink - ok
    18:51:09.0156 3752 ql1080 - ok
    18:51:09.0187 3752 Ql10wnt - ok
    18:51:09.0203 3752 ql12160 - ok
    18:51:09.0234 3752 ql1240 - ok
    18:51:09.0265 3752 ql1280 - ok
    18:51:09.0312 3752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:51:09.0312 3752 RasAcd - ok
    18:51:09.0500 3752 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    18:51:09.0515 3752 RasAuto - ok
    18:51:09.0703 3752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:51:09.0718 3752 Rasl2tp - ok
    18:51:09.0921 3752 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    18:51:09.0937 3752 RasMan - ok
    18:51:10.0312 3752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:51:10.0328 3752 RasPppoe - ok
    18:51:10.0500 3752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:51:10.0500 3752 Raspti - ok
    18:51:10.0687 3752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:51:10.0687 3752 Rdbss - ok
    18:51:10.0812 3752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:51:10.0812 3752 RDPCDD - ok
    18:51:11.0000 3752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:51:11.0015 3752 rdpdr - ok
    18:51:11.0281 3752 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:51:11.0296 3752 RDPWD - ok
    18:51:11.0468 3752 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    18:51:11.0484 3752 RDSessMgr - ok
    18:51:11.0671 3752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:51:11.0687 3752 redbook - ok
    18:51:11.0859 3752 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    18:51:11.0875 3752 RemoteAccess - ok
    18:51:12.0062 3752 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    18:51:12.0062 3752 RemoteRegistry - ok
    18:51:12.0234 3752 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared files\RichVideo.exe
    18:51:12.0250 3752 RichVideo - ok
    18:51:12.0531 3752 RMSvc - ok
    18:51:12.0593 3752 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
    18:51:12.0609 3752 RpcLocator - ok
    18:51:12.0750 3752 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    18:51:12.0765 3752 RpcSs - ok
    18:51:12.0906 3752 RR2Ctrl - ok
    18:51:12.0984 3752 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
    18:51:13.0000 3752 RSVP - ok
    18:51:13.0078 3752 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:51:13.0093 3752 SamSs - ok
    18:51:13.0265 3752 SANDRA (24c68978d48f41084dc00159aa07fab8) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
    18:51:13.0296 3752 SANDRA - ok
    18:51:13.0421 3752 SandraAgentSrv (3a4ab78a64e391ef3d75be0619eb428a) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
    18:51:13.0421 3752 SandraAgentSrv - ok
    18:51:13.0609 3752 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    18:51:13.0625 3752 SCardSvr - ok
    18:51:13.0750 3752 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    18:51:13.0765 3752 Schedule - ok
    18:51:13.0968 3752 sdAuxService (ee088b31f5eb673a62e7e0d09b0007b0) C:\Program Files\Spyware Doctor\pctsAuxs.exe
    18:51:14.0156 3752 sdAuxService - ok
    18:51:14.0750 3752 sdCoreService (747ffe0a5a34c349a363be97c632b7c4) C:\Program Files\Spyware Doctor\pctsSvc.exe
    18:51:14.0812 3752 sdCoreService - ok
    18:51:15.0000 3752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:51:15.0015 3752 Secdrv - ok
    18:51:15.0171 3752 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    18:51:15.0187 3752 seclogon - ok
    18:51:15.0296 3752 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
    18:51:15.0312 3752 SENS - ok
    18:51:15.0453 3752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:51:15.0453 3752 serenum - ok
    18:51:15.0625 3752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    18:51:15.0640 3752 Serial - ok
    18:51:15.0906 3752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:51:15.0921 3752 Sfloppy - ok
    18:51:16.0078 3752 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    18:51:16.0109 3752 SharedAccess - ok
    18:51:16.0343 3752 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
    18:51:16.0343 3752 ShellHWDetection - ok
    18:51:16.0500 3752 Simbad - ok
    18:51:16.0562 3752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    18:51:16.0562 3752 SLIP - ok
    18:51:16.0703 3752 Sparrow - ok
    18:51:16.0781 3752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:51:16.0796 3752 splitter - ok
    18:51:17.0015 3752 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    18:51:17.0015 3752 Spooler - ok
    18:51:17.0250 3752 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    18:51:17.0265 3752 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    18:51:17.0265 3752 sptd ( LockedFile.Multi.Generic ) - warning
    18:51:17.0265 3752 sptd - detected LockedFile.Multi.Generic (1)
    18:51:17.0437 3752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:51:17.0437 3752 sr - ok
    18:51:17.0593 3752 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    18:51:17.0609 3752 srservice - ok
    18:51:17.0734 3752 SRTSPL - ok
    18:51:17.0828 3752 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:51:17.0843 3752 Srv - ok
    18:51:17.0984 3752 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    18:51:18.0000 3752 SSDPSRV - ok
    18:51:18.0125 3752 stacsv - ok
    18:51:18.0234 3752 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    18:51:18.0281 3752 stisvc - ok
    18:51:18.0562 3752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    18:51:18.0562 3752 streamip - ok
    18:51:18.0796 3752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:51:18.0796 3752 swenum - ok
    18:51:18.0984 3752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:51:18.0984 3752 swmidi - ok
    18:51:19.0265 3752 SwPrv - ok
    18:51:19.0500 3752 symc810 - ok
    18:51:19.0609 3752 symc8xx - ok
    18:51:19.0671 3752 sym_hi - ok
    18:51:19.0765 3752 sym_u3 - ok
    18:51:19.0921 3752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:51:19.0937 3752 sysaudio - ok
    18:51:20.0031 3752 syslogd - ok
    18:51:20.0093 3752 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    18:51:20.0109 3752 SysmonLog - ok
    18:51:20.0281 3752 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    18:51:20.0296 3752 TapiSrv - ok
    18:51:20.0453 3752 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:51:20.0484 3752 Tcpip - ok
    18:51:20.0687 3752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:51:20.0687 3752 TDPIPE - ok
    18:51:20.0859 3752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:51:20.0859 3752 TDTCP - ok
    18:51:21.0031 3752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:51:21.0046 3752 TermDD - ok
    18:51:21.0218 3752 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    18:51:21.0234 3752 TermService - ok
    18:51:21.0421 3752 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
    18:51:21.0437 3752 Themes - ok
    18:51:21.0578 3752 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
    18:51:21.0578 3752 TlntSvr - ok
    18:51:21.0796 3752 TosIde - ok
    18:51:21.0859 3752 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    18:51:21.0875 3752 TrkWks - ok
    18:51:22.0015 3752 tunmp - ok
    18:51:22.0031 3752 U3sHlpDr - ok
    18:51:22.0062 3752 UBHelper - ok
    18:51:22.0171 3752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:51:22.0187 3752 Udfs - ok
    18:51:22.0312 3752 ultra - ok
    18:51:22.0718 3752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:51:22.0734 3752 Update - ok
    18:51:22.0906 3752 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    18:51:22.0921 3752 upnphost - ok
    18:51:23.0078 3752 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    18:51:23.0093 3752 UPS - ok
    18:51:23.0234 3752 us30sys - ok
    18:51:23.0359 3752 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    18:51:23.0375 3752 USBAAPL - ok
    18:51:23.0484 3752 usbatapi2000 - ok
    18:51:23.0625 3752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:51:23.0625 3752 usbccgp - ok
    18:51:23.0781 3752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:51:23.0781 3752 usbehci - ok
    18:51:24.0015 3752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:51:24.0015 3752 usbhub - ok
    18:51:24.0203 3752 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    18:51:24.0203 3752 usbohci - ok
    18:51:24.0375 3752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:51:24.0375 3752 usbprint - ok
    18:51:24.0546 3752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:51:24.0546 3752 usbscan - ok
    18:51:24.0734 3752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:51:24.0734 3752 USBSTOR - ok
    18:51:24.0906 3752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:51:24.0906 3752 usbuhci - ok
    18:51:25.0031 3752 useraccess - ok
    18:51:25.0156 3752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:51:25.0156 3752 VgaSave - ok
    18:51:25.0562 3752 ViaIde - ok
    18:51:25.0718 3752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:51:25.0734 3752 VolSnap - ok
    18:51:25.0843 3752 vproeventmonitor - ok
    18:51:25.0921 3752 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    18:51:25.0937 3752 VSS - ok
    18:51:26.0203 3752 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    18:51:26.0250 3752 vToolbarUpdater10.2.0 - ok
    18:51:26.0406 3752 vulfnths - ok
    18:51:26.0500 3752 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    18:51:26.0515 3752 W32Time - ok
    18:51:26.0703 3752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:51:26.0718 3752 Wanarp - ok
    18:51:26.0828 3752 wap3gx - ok
    18:51:26.0906 3752 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    18:51:26.0906 3752 wceusbsh - ok
    18:51:27.0093 3752 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:51:27.0109 3752 Wdf01000 - ok
    18:51:27.0343 3752 WDICA - ok
    18:51:27.0484 3752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:51:27.0500 3752 wdmaud - ok
    18:51:27.0640 3752 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    18:51:27.0640 3752 WebClient - ok
    18:51:27.0796 3752 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    18:51:27.0796 3752 winmgmt - ok
    18:51:28.0015 3752 WISTechVIDCAP (80f9670acd3213f4601a43cbb474b1b6) C:\WINDOWS\system32\drivers\wisgostrm.sys
    18:51:28.0078 3752 WISTechVIDCAP - ok
    18:51:28.0281 3752 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    18:51:28.0281 3752 WmdmPmSN - ok
    18:51:28.0421 3752 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    18:51:28.0421 3752 Wmi - ok
    18:51:28.0687 3752 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
    18:51:28.0812 3752 WmiApSrv - ok
    18:51:28.0984 3752 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    18:51:29.0203 3752 WMPNetworkSvc - ok
    18:51:29.0640 3752 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    18:51:30.0359 3752 WPFFontCache_v0400 - ok
    18:51:30.0796 3752 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    18:51:30.0812 3752 WS2IFSL - ok
    18:51:31.0031 3752 WSearch - ok
    18:51:31.0515 3752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    18:51:31.0531 3752 WSTCODEC - ok
    18:51:31.0968 3752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:51:31.0984 3752 WudfPf - ok
    18:51:32.0687 3752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:51:32.0703 3752 WudfRd - ok
    18:51:33.0093 3752 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    18:51:33.0140 3752 WudfSvc - ok
    18:51:33.0593 3752 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    18:51:33.0656 3752 WZCSVC - ok
    18:51:33.0843 3752 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    18:51:33.0859 3752 xmlprov - ok
    18:51:34.0062 3752 xMrMINI (cbf2cf50e28d968ad811cd512754d151) C:\WINDOWS\system32\DRIVERS\xMrMini.sys
    18:51:34.0093 3752 xMrMINI - ok
    18:51:34.0375 3752 xVGAMINI (07e55eabc0d9d21a013b0b8075fe0a5c) C:\WINDOWS\system32\DRIVERS\xVgaMini.sys
    18:51:34.0406 3752 xVGAMINI - ok
    18:51:34.0578 3752 xVGAUSB (863a8486491208395ae05bc5ecb29592) C:\WINDOWS\system32\drivers\xvgausb.sys
    18:51:34.0578 3752 xVGAUSB - ok
    18:51:34.0640 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    18:51:34.0656 3752 \Device\Harddisk1\DR1 - ok
    18:51:34.0671 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
    18:51:34.0671 3752 \Device\Harddisk2\DR2 - ok
    18:51:34.0687 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
    18:51:34.0687 3752 \Device\Harddisk3\DR3 - ok
    18:51:34.0718 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
    18:51:34.0718 3752 \Device\Harddisk4\DR4 - ok
    18:51:34.0734 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
    18:51:34.0828 3752 \Device\Harddisk5\DR5 - ok
    18:51:34.0859 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    18:51:35.0062 3752 \Device\Harddisk0\DR0 - ok
    18:51:35.0062 3752 Boot (0x1200) (278114c6fef5f37ff75179a97131ec7d) \Device\Harddisk5\DR5\Partition0
    18:51:35.0078 3752 \Device\Harddisk5\DR5\Partition0 - ok
    18:51:35.0093 3752 Boot (0x1200) (39f59585eba8ff75def963a4489bb72e) \Device\Harddisk0\DR0\Partition0
    18:51:35.0093 3752 \Device\Harddisk0\DR0\Partition0 - ok
    18:51:35.0093 3752 ============================================================
    18:51:35.0093 3752 Scan finished
    18:51:35.0093 3752 ============================================================
    18:51:35.0140 3736 Detected object count: 2
    18:51:35.0140 3736 Actual detected object count: 2
    18:51:59.0250 3736 HKLM\SYSTEM\ControlSet001\services\PNRPSvc - will be deleted on reboot
    18:51:59.0250 3736 C:\WINDOWS\system32\psadd.dll - will be deleted on reboot
    18:51:59.0265 3736 PNRPSvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    18:51:59.0265 3736 sptd ( LockedFile.Multi.Generic ) - skipped by user
    18:51:59.0265 3736 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    ComboFix 12-03-30.06 - Rob 03/30/2012 20:10:17.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1102 [GMT -6:00]
    Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
    c:\documents and settings\All Users\Application Data\xml11C.tmp
    c:\documents and settings\All Users\Application Data\xml11D.tmp
    c:\documents and settings\All Users\Application Data\xml11E.tmp
    c:\documents and settings\All Users\Application Data\xml9A.tmp
    c:\documents and settings\All Users\invokesi.exe
    c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    c:\documents and settings\Rob\Application Data\55AE.0A3
    c:\documents and settings\Rob\Application Data\Adobe\plugs
    c:\documents and settings\Rob\Application Data\Adobe\shed
    c:\windows\$NtUninstallKB22432$
    c:\windows\$NtUninstallKB22432$\530276279
    c:\windows\$NtUninstallKB43103$\517846658\@
    c:\windows\$NtUninstallKB43103$\517846658\cfg.ini
    c:\windows\$NtUninstallKB43103$\517846658\Desktop.ini
    c:\windows\$NtUninstallKB43103$\517846658\L\sqgtmnim
    c:\windows\$NtUninstallKB43103$\517846658\oemid
    c:\windows\$NtUninstallKB43103$\517846658\U\00000001.@
    c:\windows\$NtUninstallKB43103$\517846658\U\00000002.@
    c:\windows\$NtUninstallKB43103$\517846658\U\00000004.@
    c:\windows\$NtUninstallKB43103$\517846658\U\80000000.@
    c:\windows\$NtUninstallKB43103$\517846658\U\80000004.@
    c:\windows\$NtUninstallKB43103$\517846658\U\80000032.@
    c:\windows\$NtUninstallKB43103$\517846658\version
    c:\windows\$NtUninstallKB43103$\742387349
    c:\windows\system32\Cache
    c:\windows\system32\Cache\0aa4b0ad4c053e15.fb
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\9b7caa4613118a6f.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\dde491035b3c615a.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\dllcache\dlimport.exe
    c:\windows\system32\dllcache\wmpvis.dll
    c:\windows\system32\wanusb.dll
    c:\windows\$NtUninstallKB43103$ . . . . Failed to delete
    .
    c:\windows\system32\drivers\StMp3Rec.sys . . . is infected!! . . . Failed to find a valid replacement.
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_.redbook
    -------\Legacy_lkclassads
    -------\Service_lkclassads
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-31 00:51 . 2012-03-31 00:51 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-29 22:32 . 2008-04-13 17:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2012-03-26 23:28 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-03-26 23:28 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-03-26 23:28 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-03-26 23:28 . 2010-02-05 15:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-03-26 23:28 . 2012-03-26 23:52 -------- d-----w- c:\program files\Spyware Doctor
    2012-03-26 23:28 . 2012-03-26 23:36 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-03-26 23:28 . 2012-03-26 23:28 -------- d-----w- c:\documents and settings\Rob\Application Data\PC Tools
    2012-03-26 23:28 . 2012-03-26 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-03-26 23:08 . 2012-03-26 23:36 -------- d-----w- c:\documents and settings\Rob\Application Data\GetRightToGo
    2012-03-26 22:59 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-03-26 17:52 . 2012-03-26 17:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2012-03-11 19:36 . 2012-03-11 19:36 -------- d-----w- C:\MCT
    2012-03-11 19:36 . 2007-11-14 13:57 315392 ----a-w- c:\windows\system32\MCTCIDUtil.exe
    2012-03-11 19:07 . 2008-11-08 00:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2012-03-11 19:07 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
    2012-03-11 18:59 . 2012-03-11 18:59 -------- d-----w- c:\documents and settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-03-10 05:00 . 2012-03-10 05:00 -------- d-----w- c:\program files\ATI
    2012-03-10 05:00 . 2012-03-10 05:00 -------- d-----w- c:\program files\ATI Technologies
    2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- C:\ATI
    2012-03-10 04:57 . 2011-08-10 23:39 21784 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2012-03-10 04:57 . 2011-08-10 23:39 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2012-03-10 04:57 . 2011-08-10 23:39 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2012-03-06 13:16 . 2012-03-06 13:16 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-03-05 22:17 . 2012-03-05 22:17 -------- d-----w- C:\TRITTON_uv100_8.0.1.0229.1153
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-03-15 00:43 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-15 1869152]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
    @="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
    [HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
    2009-03-06 03:17 143160 ----a-w- c:\windows\system32\pfmshx_27B.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-15 982880]
    "nwiz"="nwiz.exe" [2004-07-15 843776]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
    "MCTCIDUtil"="c:\windows\system32\MCTCIDUtil.exe" [2007-11-14 315392]
    "trutil0"="c:\windows\system32\trutil01.exe" [2008-02-26 253952]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2009-10-02 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
    backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
    2010-12-16 22:19 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dcmsvc]
    2009-04-07 20:53 30440 ----a-w- c:\program files\dcmsvc\dcmsvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2004-07-15 17:42 4112384 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-04-11 19:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
    2009-05-20 05:16 222504 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\MFirefox\\firefox.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8242:TCP"= 8242:TCP:BitComet 8242 TCP
    "8242:UDP"= 8242:UDP:BitComet 8242 UDP
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/26/2012 5:28 PM 207280]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/24/2011 5:41 PM 691696]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 295248]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/26/2012 5:28 PM 233136]
    R1 pfmfs_27B;pfmfs_27B;c:\windows\system32\drivers\pfmfs_27B.sys [3/18/2009 6:49 PM 179896]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2010 9:38 PM 652360]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/14/2012 6:43 PM 918880]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2010 9:38 PM 20464]
    R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [3/11/2012 1:35 PM 247680]
    R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [3/11/2012 1:35 PM 253056]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 9:44 PM 580992]
    S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [3/9/2012 10:57 PM 45288]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/26/2012 5:28 PM 70408]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [4/19/2009 11:51 AM 98488]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/26/2012 5:28 PM 365280]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [3/11/2012 1:35 PM 34944]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    3combootp
    tunmp
    UBHelper
    tsscoreservice
    NWFILTER
    mrobeservice
    cvsnt
    nvmpu401
    mclogmanagerservice
    us30sys
    RMSvc
    vulfnths
    basfipm
    iaimfp3
    SRTSPL
    CamAv
    vproeventmonitor
    stacsv
    atierecord
    PNRPSvc
    aexnsclient
    digisptiservice
    lkclassads
    cmuda
    alertservice
    usbatapi2000
    CTERFXFX.DLL
    RR2Ctrl
    defragfs
    nimcdfxk
    netdetect
    CXAVXBAR
    mhndrv
    db2das00
    wap3gx
    cccredmgr
    mgactrl
    ehstart
    Defrag32
    iAimTV6
    wmp54gsvc
    procmon10
    useraccess
    U3sHlpDr
    syslogd
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
    .
    2009-07-02 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4238293067.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]
    .
    2012-03-27 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-11 01:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 49495
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    SafeBoot-25031618.sys
    MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-30 20:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(904)
    c:\windows\system32\LMIinit.dll
    .
    - - - - - - - > 'lsass.exe'(984)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    - - - - - - - > 'explorer.exe'(2896)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\CyberLink\Shared files\RichVideo.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\SearchProtocolHost.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\windows\system32\SearchFilterHost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-30 21:11:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-31 03:10
    .
    Pre-Run: 113,021,190,144 bytes free
    Post-Run: 113,665,613,824 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - 3574204847D365964FE23C21F8E78314
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Uninstall Advanced SystemCare 3.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==================================================================

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\system32\drivers\StMp3Rec.sys
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.

    ====================================================================

    For 32-bit systems please download GrantPerms.zip and save it to your desktop.
    For 64-bit systems please download GrantPerms64.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
    Copy and paste the following in the edit box:

    Code:
    c:\windows\$NtUninstallKB43103$
    
    Click Unlock. When it is done click "OK".
    Click List Permissions and post the result of Perms.txt file that pops up.
    A copy of Perms.txt will be saved in the same directory the tool is run.
     
  9. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    I uninstalled Advanced SystemCare 3.
    My hidden files, folders, and operating system was already set to viewable.
    The file "StMp3Rec.sys" is for Oakly Thump sunglasses and was located in two different directories other than "c:\windows\system32\drivers\StMp3Rec.sys"
    I tested both copies at http://www.virustotal.com/ with 0 /42 detected.

    GrantPerms by Farbar
    Ran by Rob (administrator) at 2012-03-31 21:03:44

    ===============================================
    \\?\c:\windows\$NtUninstallKB43103$

    Owner: BUILTIN\Administrators

    DACL(NP)(AI):
    BUILTIN\Administrators FULL ALLOW (CI)(OI)
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
    BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)
    BUILTIN\Users READ/EXECUTE ALLOW (I)
    BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)
    BUILTIN\Power Users change ALLOW (I)
    BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)
    BUILTIN\Administrators FULL ALLOW (I)
    BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)
    NT AUTHORITY\SYSTEM FULL ALLOW (I)
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)
    CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
     
  10. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    and AVG is finding;

    Resident Shield detection
    Infection;"Object";"Result";"Detection time";"Object Type";"Process"
    Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 7:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
    Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 6:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
    Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 5:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
    Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 4:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
    Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 3:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
    Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 2:19:38 PM";"file";"C:\WINDOWS\system32\svchost.exe"
    Trojan horse ZeroAccess.T;"c:\WINDOWS\system32\drivers\mrxsmb.sys";"Object is white-listed (critical/system file that should not be removed)";"3/31/2012, 2:15:34 PM";"file";"C:\WINDOWS\system32\svchost.exe"
    Trojan horse ZeroAccess.T;"c:\WINDOWS\system32\drivers\mrxsmb.sys";"Object is white-listed (critical/system file that should not be removed)";"3/31/2012, 6:44:56 AM";"file";"C:\WINDOWS\system32\svchost.exe"
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  12. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    SHA256: 810ffd54c7d05e512d51c1833dee61f38c601800eb47273cb107cc60905276bd
    File name: mrxsmb.sys
    Detection ratio: 18 / 42
    Analysis date: 2012-04-01 03:57:48 UTC ( 0 minutes ago )
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download OTL to your Desktop.

    Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Use the following settings:

    • Click the NONE button
    • Under Custom Scans/Fixes paste:
    Code:
    /md5start
    mrxsmb.sys
    /md5stop
    • Finally hit Run Scan and wait for the log to open.
    • Please post the content of the log into your next reply.
     
  14. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    OTL logfile created on: 3/31/2012 10:20:16 PM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.50 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 54.04% Memory free
    3.35 Gb Paging File | 2.42 Gb Available in Paging File | 72.32% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 105.70 Gb Free Space | 45.39% Space Free | Partition Type: NTFS
    Drive E: | 136.72 Gb Total Space | 67.09 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
    Drive F: | 33.90 Gb Total Space | 4.46 Gb Free Space | 13.14% Space Free | Partition Type: NTFS

    Computer Name: FRANCIS-SV1 | User Name: Rob | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < Code: >

    < --------- >

    < MD5 for: MRXSMB.SYS >
    [2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
    [2009/03/15 11:10:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
    [2009/03/15 12:13:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
    [2009/03/15 11:10:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
    [2009/03/15 12:13:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
    [2006/05/05 03:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
    [2004/08/04 00:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
    [2008/10/24 05:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
    [2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
    [2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
    [2008/10/24 05:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    [2006/05/05 04:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    [2010/02/24 07:11:07 | 000,455,680 | ---- | M] () MD5=95032F6914EAE0EDAC3090801283514C -- C:\WINDOWS\system32\drivers\mrxsmb.sys
    [2004/10/27 19:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    [2010/02/24 05:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
    [2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
    [2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys

    < --------- >

    < End of report >
     
  15. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    During the running of OTL, AVG also detected C:\WINDOWS\system32\drivers\mrxsmb.sys

    It gave only one option; Ignore the threat. I haven't clicked on the AVG box yet.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys | C:\WINDOWS\system32\drivers\mrxsmb.sys
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt

    ================================================================

    Re-run OTL with the very same settings as before.
     
  17. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    ComboFix 12-03-30.06 - Rob 04/02/2012 14:58:24.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1104 [GMT -6:00]
    Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\windows\ServicePackFiles\i386\mrxsmb.sys --> c:\windows\system32\drivers\mrxsmb.sys
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-31 00:51 . 2012-03-31 00:51 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-29 22:32 . 2008-04-13 17:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
    2012-03-29 22:32 . 2008-04-13 17:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2012-03-26 23:28 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
    2012-03-26 23:28 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2012-03-26 23:28 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2012-03-26 23:28 . 2010-02-05 15:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
    2012-03-26 23:28 . 2012-03-26 23:52 -------- d-----w- c:\program files\Spyware Doctor
    2012-03-26 23:28 . 2012-03-26 23:36 -------- d-----w- c:\program files\Common Files\PC Tools
    2012-03-26 23:28 . 2012-03-26 23:28 -------- d-----w- c:\documents and settings\Rob\Application Data\PC Tools
    2012-03-26 23:28 . 2012-03-26 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2012-03-26 23:08 . 2012-03-26 23:36 -------- d-----w- c:\documents and settings\Rob\Application Data\GetRightToGo
    2012-03-26 22:59 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2012-03-26 17:52 . 2012-03-26 17:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2012-03-11 19:36 . 2012-03-11 19:36 -------- d-----w- C:\MCT
    2012-03-11 19:36 . 2007-11-14 13:57 315392 ----a-w- c:\windows\system32\MCTCIDUtil.exe
    2012-03-11 19:07 . 2008-11-08 00:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2012-03-11 19:07 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
    2012-03-11 18:59 . 2012-03-11 18:59 -------- d-----w- c:\documents and settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-03-10 05:00 . 2012-03-10 05:00 -------- d-----w- c:\program files\ATI
    2012-03-10 05:00 . 2012-03-10 05:00 -------- d-----w- c:\program files\ATI Technologies
    2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- C:\ATI
    2012-03-10 04:57 . 2011-08-10 23:39 21784 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
    2012-03-10 04:57 . 2011-08-10 23:39 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2012-03-10 04:57 . 2011-08-10 23:39 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2012-03-06 13:16 . 2012-03-06 13:16 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-03-05 22:17 . 2012-03-05 22:17 -------- d-----w- C:\TRITTON_uv100_8.0.1.0229.1153
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-31_02.57.24 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-02 20:53 . 2012-04-02 20:53 16384 c:\windows\Temp\Perflib_Perfdata_4a0.dat
    + 2011-06-06 18:55 . 2011-06-06 18:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
    + 2011-06-06 18:55 . 2011-06-06 18:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
    + 2011-06-06 18:55 . 2011-06-06 18:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
    + 2011-06-06 18:55 . 2011-06-06 18:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
    + 2011-06-06 18:55 . 2011-06-06 18:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
    + 2002-08-29 12:00 . 2008-04-13 19:17 456576 c:\windows\system32\dllcache\mrxsmb.sys
    + 2011-06-06 18:55 . 2011-06-06 18:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
    + 2011-06-06 18:55 . 2011-06-06 18:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
    + 2011-06-06 18:55 . 2011-06-06 18:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
    + 2011-06-06 18:55 . 2011-06-06 18:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
    + 2012-04-01 03:18 . 2012-04-01 03:18 2295808 c:\windows\Installer\229178d.msi
    + 2011-06-06 18:55 . 2011-06-06 18:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
    + 2011-06-06 18:55 . 2011-06-06 18:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
    + 2011-06-06 18:55 . 2011-06-06 18:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
    + 2011-06-06 18:55 . 2011-06-06 18:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
    + 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\229178e.msp
    + 2011-06-06 18:55 . 2011-06-06 18:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-03-15 00:43 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-15 1869152]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
    @="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
    [HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
    2009-03-06 03:17 143160 ----a-w- c:\windows\system32\pfmshx_27B.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-15 982880]
    "nwiz"="nwiz.exe" [2004-07-15 843776]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
    "MCTCIDUtil"="c:\windows\system32\MCTCIDUtil.exe" [2007-11-14 315392]
    "trutil0"="c:\windows\system32\trutil01.exe" [2008-02-26 253952]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2009-10-02 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
    backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dcmsvc]
    2009-04-07 20:53 30440 ----a-w- c:\program files\dcmsvc\dcmsvc.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2004-07-15 17:42 4112384 ----a-w- c:\windows\system32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-04-11 19:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
    2009-05-20 05:16 222504 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\MFirefox\\firefox.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8242:TCP"= 8242:TCP:BitComet 8242 TCP
    "8242:UDP"= 8242:UDP:BitComet 8242 UDP
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/26/2012 5:28 PM 207280]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/24/2011 5:41 PM 691696]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 295248]
    R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/26/2012 5:28 PM 233136]
    R1 pfmfs_27B;pfmfs_27B;c:\windows\system32\drivers\pfmfs_27B.sys [3/18/2009 6:49 PM 179896]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2010 9:38 PM 652360]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/14/2012 6:43 PM 918880]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2010 9:38 PM 20464]
    R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [3/11/2012 1:35 PM 247680]
    R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [3/11/2012 1:35 PM 253056]
    R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [3/11/2012 1:35 PM 34944]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
    S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 9:44 PM 580992]
    S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [3/9/2012 10:57 PM 45288]
    S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/26/2012 5:28 PM 70408]
    S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [4/19/2009 11:51 AM 98488]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/26/2012 5:28 PM 365280]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    3combootp
    tunmp
    UBHelper
    tsscoreservice
    NWFILTER
    mrobeservice
    cvsnt
    nvmpu401
    mclogmanagerservice
    us30sys
    RMSvc
    vulfnths
    basfipm
    iaimfp3
    SRTSPL
    CamAv
    vproeventmonitor
    stacsv
    atierecord
    PNRPSvc
    aexnsclient
    digisptiservice
    lkclassads
    cmuda
    alertservice
    usbatapi2000
    CTERFXFX.DLL
    RR2Ctrl
    defragfs
    nimcdfxk
    netdetect
    CXAVXBAR
    mhndrv
    db2das00
    wap3gx
    cccredmgr
    mgactrl
    ehstart
    Defrag32
    iAimTV6
    wmp54gsvc
    procmon10
    useraccess
    U3sHlpDr
    syslogd
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
    .
    2009-07-02 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4238293067.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]
    .
    2012-03-27 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-11 01:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.atcomet.com/b/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 49495
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-02 15:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(900)
    c:\windows\system32\LMIinit.dll
    .
    - - - - - - - > 'lsass.exe'(980)
    c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
    .
    Completion time: 2012-04-02 15:18:28
    ComboFix-quarantined-files.txt 2012-04-02 21:18
    ComboFix2.txt 2012-03-31 03:11
    .
    Pre-Run: 113,376,088,064 bytes free
    Post-Run: 113,385,431,040 bytes free
    .
    - - End Of File - - C9CBA7413E396AB531098415350B168A
     
  18. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    OTL logfile created on: 4/2/2012 3:25:35 PM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.50 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 54.86% Memory free
    3.35 Gb Paging File | 2.78 Gb Available in Paging File | 82.81% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 105.63 Gb Free Space | 45.36% Space Free | Partition Type: NTFS
    Drive E: | 136.72 Gb Total Space | 67.09 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
    Drive F: | 33.90 Gb Total Space | 4.46 Gb Free Space | 13.14% Space Free | Partition Type: NTFS

    Computer Name: FRANCIS-SV1 | User Name: Rob | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < Code: >

    < --------- >

    < MD5 for: MRXSMB.SYS >
    [2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
    [2009/03/15 11:10:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
    [2009/03/15 12:13:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
    [2009/03/15 11:10:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
    [2009/03/15 12:13:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
    [2006/05/05 03:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
    [2004/08/04 00:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
    [2008/10/24 05:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
    [2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
    [2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
    [2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
    [2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
    [2008/10/24 05:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    [2006/05/05 04:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
    [2004/10/27 19:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
    [2010/02/24 05:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
    [2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys

    < --------- >

    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Perfect!

    • Re-run OTL. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  20. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    Only one notepad window opened. Only one text file was created. It was OTL.Txt

    OTL logfile created on: 4/2/2012 7:17:10 PM - Run 3
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.50 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 45.35% Memory free
    3.35 Gb Paging File | 2.56 Gb Available in Paging File | 76.42% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 105.63 Gb Free Space | 45.36% Space Free | Partition Type: NTFS
    Drive E: | 136.72 Gb Total Space | 67.09 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
    Drive F: | 33.90 Gb Total Space | 4.46 Gb Free Space | 13.14% Space Free | Partition Type: NTFS

    Computer Name: FRANCIS-SV1 | User Name: Rob | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/31 22:18:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
    PRC - [2012/03/23 20:11:46 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\MFirefox\firefox.exe
    PRC - [2012/03/14 18:43:48 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/23 20:11:45 | 001,969,080 | ---- | M] () -- C:\Program Files\MFirefox\mozjs.dll
    MOD - [2012/03/14 18:43:48 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    MOD - [2012/03/06 17:46:00 | 000,085,288 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{5b79bc2a-25c2-4f2a-bb86-606ea88ab950}\components\RadioWMPCoreGecko11.dll
    MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/15 18:34:52 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
    MOD - [2011/04/15 18:34:48 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
    MOD - [2011/04/15 18:34:47 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
    MOD - [2011/04/15 18:34:45 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
    MOD - [2011/04/15 18:34:34 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
    MOD - [2011/04/15 18:34:34 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
    MOD - [2011/04/15 18:34:34 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
    MOD - [2011/04/15 18:34:34 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
    MOD - [2011/04/15 18:34:34 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
    MOD - [2011/04/15 18:34:33 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
    MOD - [2011/04/15 18:34:33 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
    MOD - [2011/04/15 18:34:32 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
    MOD - [2011/04/15 18:34:32 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
    MOD - [2011/04/08 07:22:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
    MOD - [2011/04/08 07:10:42 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
    MOD - [2011/04/08 07:10:41 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    MOD - [2011/04/08 07:10:39 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2011/04/08 07:10:38 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
    MOD - [2011/04/08 07:10:32 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    MOD - [2011/04/08 07:10:32 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    MOD - [2011/04/08 07:10:30 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    MOD - [2011/04/08 07:10:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2011/04/08 07:10:26 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    MOD - [2011/04/08 07:10:17 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    MOD - [2011/04/08 07:06:51 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
    MOD - [2011/04/08 07:06:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
    MOD - [2003/03/09 21:31:04 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmnetadapter.dll -- (wap3gx)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthmodem.dll -- (vulfnths)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavprsrv.dll -- (vproeventmonitor)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassP.dll -- (useraccess)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\udfs.dll -- (usbatapi2000)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WINFLASH.dll -- (us30sys)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z525bus.dll -- (UBHelper)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HECI.dll -- (U3sHlpDr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sqlagent$pinnaclesys.dll -- (tunmp)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mxserver.dll -- (syslogd)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvichw32.dll -- (stacsv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USB11LDR.dll -- (SRTSPL)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wampapache.dll -- (RR2Ctrl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RT25USBAP.dll -- (RMSvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dnsexit.dll -- (nvmpu401)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AsusACPI.dll -- (nimcdfxk)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmisrv.dll -- (netdetect)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsproct.dll -- (mrobeservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\messenger.dll -- (mhndrv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmPsd.dll -- (mgactrl)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmgmt.dll -- (mclogmanagerservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AdobeActiveFileMonitor6.0.dll -- (iAimTV6)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2jds.dll -- (iaimfp3)
    SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snapman380.dll -- (ehstart)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vtserver.dll -- (digisptiservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bwcsrv.dll -- (defragfs)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DC21x4.dll -- (Defrag32)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TOSHIBASoftModem.dll -- (db2das00)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvmvdrv.dll -- (CXAVXBAR)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\senfilt.dll -- (cvsnt)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adsexpb.dll -- (CTERFXFX.DLL)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk23.dll -- (cmuda)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atfsd.dll -- (cccredmgr)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se44nd5.dll -- (CamAv)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032C.dll -- (basfipm)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssSrv.dll -- (atierecord)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwlh.dll -- (alertservice)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (aexnsclient)
    SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rasirda.dll -- (3combootp)
    SRV - [2012/03/14 18:43:48 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
    SRV - [2009/12/17 23:45:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
    SRV - [2008/12/11 14:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
    SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZius12.sys -- (HPZius12)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aw8c2276)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/10 17:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/03/24 17:41:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
    DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
    DRV - [2009/10/01 19:34:19 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
    DRV - [2009/03/05 21:17:01 | 000,179,896 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pfmfs_27B.sys -- (pfmfs_27B)
    DRV - [2008/11/25 22:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
    DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/02/14 15:38:46 | 000,253,056 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xVgaMini.sys -- (xVGAMINI)
    DRV - [2008/02/14 15:37:20 | 000,247,680 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xMrMini.sys -- (xMrMINI)
    DRV - [2008/02/14 09:36:00 | 000,034,944 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xvgausb.sys -- (xVGAUSB)
    DRV - [2006/07/31 21:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
    DRV - [2006/06/05 20:08:54 | 000,268,736 | ---- | M] (WIS Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
    DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
    IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={48D41E03-2907-47AA-B2A1-370C75359700}&mid=387167394180b0f22ab90d3b04459851-2c2dacd3e26cf7ffa75ab6ab9e5252e41065988b&lang=en&ds=AVG&pr=fr&d=2011-11-23 04:53:10&v=8.0.0.40&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
    IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
    IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"
    FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {5b79bc2a-25c2-4f2a-bb86-606ea88ab950}:3.3.3.2
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 49495
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Rob\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Rob\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 13:36:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/26 09:42:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\MFirefox\components [2012/03/23 20:11:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\MFirefox\plugins [2012/03/31 21:18:03 | 000,000,000 | ---D | M]

    [2009/03/14 22:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions
    [2012/03/11 12:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions
    [2011/08/26 05:00:00 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2010/07/23 00:15:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/03/11 12:14:12 | 000,000,000 | ---D | M] (foxnewstalk Community Toolbar) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{5b79bc2a-25c2-4f2a-bb86-606ea88ab950}
    [2010/12/09 21:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
    [2010/01/29 21:48:44 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
    [2011/11/23 05:53:25 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\avg@toolbar
    [2009/10/10 13:07:15 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\LogMeInClient@logmein.com
    [2009/10/21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\searchplugins\conduit.xml
    [2010/04/27 22:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/02/21 04:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

    O1 HOSTS File: ([2012/03/30 20:57:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
    O3 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MCTCIDUtil] C:\WINDOWS\system32\MCTCIDUtil.exe (TODO: <Company name>)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
    O4 - HKLM..\Run: [trutil0] C:\WINDOWS\system32\trutil01.exe (Magic Control Technology Corporation)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O8 - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
    O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
    O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O15 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263616039703 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263616028390 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5706A2B-9D9E-4269-8A6A-16790A8480BC}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/03/14 22:47:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2009/01/06 23:22:10 | 000,000,000 | -H-- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: 3combootp - %systemroot%\system32\rasirda.dll File not found
    NetSvcs: tunmp - %systemroot%\system32\sqlagent$pinnaclesys.dll File not found
    NetSvcs: UBHelper - %systemroot%\system32\z525bus.dll File not found
    NetSvcs: tsscoreservice - File not found
    NetSvcs: NWFILTER - File not found
    NetSvcs: mrobeservice - %systemroot%\system32\dsproct.dll File not found
    NetSvcs: cvsnt - %systemroot%\system32\senfilt.dll File not found
    NetSvcs: nvmpu401 - %systemroot%\system32\dnsexit.dll File not found
    NetSvcs: mclogmanagerservice - %systemroot%\system32\SE2Dmgmt.dll File not found
    NetSvcs: us30sys - %systemroot%\system32\WINFLASH.dll File not found
    NetSvcs: RMSvc - %systemroot%\system32\RT25USBAP.dll File not found
    NetSvcs: vulfnths - %systemroot%\system32\bthmodem.dll File not found
    NetSvcs: basfipm - %systemroot%\system32\MA8032C.dll File not found
    NetSvcs: iaimfp3 - %systemroot%\system32\db2jds.dll File not found
    NetSvcs: SRTSPL - %systemroot%\system32\USB11LDR.dll File not found
    NetSvcs: CamAv - %systemroot%\system32\se44nd5.dll File not found
    NetSvcs: vproeventmonitor - %systemroot%\system32\pavprsrv.dll File not found
    NetSvcs: stacsv - %systemroot%\system32\tvichw32.dll File not found
    NetSvcs: atierecord - %systemroot%\system32\HssSrv.dll File not found
    NetSvcs: PNRPSvc - File not found
    NetSvcs: aexnsclient - %systemroot%\system32\egathdrv.dll File not found
    NetSvcs: digisptiservice - %systemroot%\system32\vtserver.dll File not found
    NetSvcs: lkclassads - File not found
    NetSvcs: cmuda - %systemroot%\system32\PSSdk23.dll File not found
    NetSvcs: alertservice - %systemroot%\system32\yukonwlh.dll File not found
    NetSvcs: usbatapi2000 - %systemroot%\system32\udfs.dll File not found
    NetSvcs: CTERFXFX.DLL - %systemroot%\system32\adsexpb.dll File not found
    NetSvcs: RR2Ctrl - %systemroot%\system32\wampapache.dll File not found
    NetSvcs: defragfs - %systemroot%\system32\bwcsrv.dll File not found
    NetSvcs: nimcdfxk - %systemroot%\system32\AsusACPI.dll File not found
    NetSvcs: netdetect - %systemroot%\system32\dmisrv.dll File not found
    NetSvcs: CXAVXBAR - %systemroot%\system32\lvmvdrv.dll File not found
    NetSvcs: mhndrv - %systemroot%\system32\messenger.dll File not found
    NetSvcs: db2das00 - %systemroot%\system32\TOSHIBASoftModem.dll File not found
    NetSvcs: wap3gx - %systemroot%\system32\vmnetadapter.dll File not found
    NetSvcs: cccredmgr - %systemroot%\system32\atfsd.dll File not found
    NetSvcs: mgactrl - %systemroot%\system32\EpmPsd.dll File not found
    NetSvcs: ehstart - %systemroot%\system32\snapman380.dll File not found
    NetSvcs: Defrag32 - %systemroot%\system32\DC21x4.dll File not found
    NetSvcs: iAimTV6 - %systemroot%\system32\AdobeActiveFileMonitor6.0.dll File not found
    NetSvcs: wmp54gsvc - File not found
    NetSvcs: procmon10 - File not found
    NetSvcs: useraccess - %systemroot%\system32\iPassP.dll File not found
    NetSvcs: U3sHlpDr - %systemroot%\system32\HECI.dll File not found
    NetSvcs: syslogd - %systemroot%\system32\mxserver.dll File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mpegacm - mpegacm.acm File not found
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.ulmp3acm - ulmp3acm.acm File not found
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
     
  21. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    The file was too long. Here is the rest of it.

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/31 22:18:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
    [2012/03/31 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\GrantPerms
    [2012/03/30 19:26:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/03/30 19:21:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/03/30 19:21:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/03/30 19:21:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/03/30 19:21:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/03/30 19:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/03/30 19:15:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/30 19:07:33 | 004,450,054 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
    [2012/03/30 18:51:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/30 18:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\tdsskiller
    [2012/03/29 18:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\bootkit_remover
    [2012/03/29 17:28:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
    [2012/03/27 21:18:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rob\Start Menu\Programs\Administrative Tools
    [2012/03/27 20:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\topic58138_files
    [2012/03/26 17:28:57 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
    [2012/03/26 17:28:52 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
    [2012/03/26 17:28:52 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
    [2012/03/26 17:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor
    [2012/03/26 17:28:46 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
    [2012/03/26 17:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2012/03/26 17:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2012/03/26 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\PC Tools
    [2012/03/26 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2012/03/26 17:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\Downloads
    [2012/03/26 17:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\GetRightToGo
    [2012/03/26 16:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2012/03/26 16:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\Download Removal Tool _ Cleanpcguide.com_files
    [2012/03/26 16:31:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rob\Recent
    [2012/03/26 11:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2012/03/12 13:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\My Documents\Canon Pixma MP470
    [2012/03/11 13:36:17 | 000,000,000 | ---D | C] -- C:\MCT
    [2012/03/11 13:36:16 | 000,315,392 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\MCTCIDUtil.exe
    [2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil06.exe
    [2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil05.exe
    [2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil04.exe
    [2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil03.exe
    [2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil02.exe
    [2012/03/11 13:35:58 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil01.exe
    [2012/03/11 13:35:58 | 000,245,760 | ---- | C] (Generic Provider) -- C:\WINDOWS\System32\Patch.exe
    [2012/03/11 13:35:57 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xVGAUSB64.sys
    [2012/03/11 13:35:57 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0764.sys
    [2012/03/11 13:35:57 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xvgausb.sys
    [2012/03/11 13:35:56 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0664.sys
    [2012/03/11 13:35:56 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB07.sys
    [2012/03/11 13:35:55 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0564.sys
    [2012/03/11 13:35:55 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0464.sys
    [2012/03/11 13:35:55 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0364.sys
    [2012/03/11 13:35:55 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB06.sys
    [2012/03/11 13:35:55 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB05.sys
    [2012/03/11 13:35:55 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB04.sys
    [2012/03/11 13:35:55 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB03.sys
    [2012/03/11 13:35:53 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xVGAMINI64.sys
    [2012/03/11 13:35:53 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xVgaMini.sys
    [2012/03/11 13:35:52 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI64.sys
    [2012/03/11 13:35:52 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0764.sys
    [2012/03/11 13:35:52 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xVGADISP64.dll
    [2012/03/11 13:35:52 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xVgaDisp.dll
    [2012/03/11 13:35:51 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI07.sys
    [2012/03/11 13:35:50 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0664.sys
    [2012/03/11 13:35:50 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0564.sys
    [2012/03/11 13:35:50 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI06.sys
    [2012/03/11 13:35:49 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI05.sys
    [2012/03/11 13:35:48 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0464.sys
    [2012/03/11 13:35:48 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0364.sys
    [2012/03/11 13:35:48 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI04.sys
    [2012/03/11 13:35:48 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI03.sys
    [2012/03/11 13:35:47 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMini.sys
    [2012/03/11 13:35:46 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0764.dll
    [2012/03/11 13:35:46 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0664.dll
    [2012/03/11 13:35:46 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0564.dll
    [2012/03/11 13:35:46 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP07.dll
    [2012/03/11 13:35:46 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP06.dll
    [2012/03/11 13:35:46 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP05.dll
    [2012/03/11 13:35:45 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0764.sys
    [2012/03/11 13:35:45 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0464.dll
    [2012/03/11 13:35:45 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0364.dll
    [2012/03/11 13:35:45 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP04.dll
    [2012/03/11 13:35:45 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP03.dll
    [2012/03/11 13:35:45 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDisp.dll
    [2012/03/11 13:35:44 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0664.sys
    [2012/03/11 13:35:44 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI07.sys
    [2012/03/11 13:35:44 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI06.sys
    [2012/03/11 13:35:43 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0564.sys
    [2012/03/11 13:35:43 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0464.sys
    [2012/03/11 13:35:43 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0364.sys
    [2012/03/11 13:35:43 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI05.sys
    [2012/03/11 13:35:43 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI04.sys
    [2012/03/11 13:35:42 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI03.sys
    [2012/03/11 13:35:42 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0764.dll
    [2012/03/11 13:35:42 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0664.dll
    [2012/03/11 13:35:42 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP07.dll
    [2012/03/11 13:35:42 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP06.dll
    [2012/03/11 13:35:41 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0564.dll
    [2012/03/11 13:35:41 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0464.dll
    [2012/03/11 13:35:41 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0364.dll
    [2012/03/11 13:35:41 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP05.dll
    [2012/03/11 13:35:41 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP04.dll
    [2012/03/11 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Tritton
    [2012/03/11 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\InstallShield
    [2012/03/11 12:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/03/09 23:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
    [2012/03/09 23:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
    [2012/03/09 22:57:57 | 000,000,000 | ---D | C] -- C:\ATI
    [2012/03/09 22:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Keyboard
    [2012/03/09 22:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
    [2012/03/09 22:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Start Menu\Programs\Dell Inc
    [2012/03/06 07:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
    [2012/03/06 07:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/03/05 16:17:02 | 000,000,000 | ---D | C] -- C:\TRITTON_uv100_8.0.1.0229.1153
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/02 14:55:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/04/02 14:53:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/04/02 14:53:05 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/02 14:22:15 | 093,337,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2012/04/02 14:16:57 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2012/03/31 22:18:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
    [2012/03/31 21:18:05 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2012/03/31 21:14:42 | 000,026,242 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\avghistory.csv
    [2012/03/31 21:00:58 | 000,450,985 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\GrantPerms.zip
    [2012/03/30 20:57:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/03/30 19:26:54 | 000,000,355 | RHS- | M] () -- C:\boot.ini
    [2012/03/30 19:07:50 | 004,450,054 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
    [2012/03/30 18:47:32 | 002,048,299 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\tdsskiller.zip
    [2012/03/29 18:03:05 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\bootkit_remover.zip
    [2012/03/29 18:02:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\MBR.dat
    [2012/03/29 17:29:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
    [2012/03/29 16:29:20 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/03/27 20:01:52 | 000,095,851 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\topic58138.html
    [2012/03/27 10:35:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/03/26 18:40:59 | 000,002,404 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/26 17:51:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/26 17:28:51 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
    [2012/03/26 16:59:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2012/03/26 16:52:03 | 000,022,608 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Download Removal Tool _ Cleanpcguide.com.htm
    [2012/03/25 18:39:01 | 000,439,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
    [2012/03/25 13:33:36 | 000,000,000 | ---- | M] () -- C:\hpfr3420.xml
    [2012/03/11 20:37:48 | 000,029,863 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\build shelves.jpg
    [2012/03/11 18:02:01 | 000,114,210 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\V1 Valentine One Radar Dector Wire Repair for Cigarette Plug.jpg
    [2012/03/11 17:57:18 | 000,009,402 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\standard phone wiring.jpg
    [2012/03/11 17:57:18 | 000,005,325 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\reversed end for V1 Valentine One radar detector.jpg
    [2012/03/11 13:07:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
    [2012/03/11 13:07:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2012/03/11 09:10:18 | 000,496,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/03/11 09:10:18 | 000,083,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/03/06 07:11:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2012/03/05 16:36:00 | 000,002,396 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/31 21:18:05 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2012/03/31 21:18:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2012/03/31 21:14:42 | 000,026,242 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\avghistory.csv
    [2012/03/31 21:00:54 | 000,450,985 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\GrantPerms.zip
    [2012/03/30 19:26:54 | 000,000,245 | ---- | C] () -- C:\Boot.bak
    [2012/03/30 19:26:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/03/30 19:21:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/03/30 19:21:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/03/30 19:21:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/03/30 19:21:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/03/30 19:21:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/03/30 18:47:25 | 002,048,299 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\tdsskiller.zip
    [2012/03/29 18:03:03 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\bootkit_remover.zip
    [2012/03/29 18:02:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\MBR.dat
    [2012/03/27 20:01:48 | 000,095,851 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\topic58138.html
    [2012/03/26 17:55:49 | 1609,646,080 | -HS- | C] () -- C:\hiberfil.sys
    [2012/03/26 17:51:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/26 17:28:57 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
    [2012/03/26 17:28:52 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
    [2012/03/26 17:28:52 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
    [2012/03/26 17:28:51 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
    [2012/03/26 17:28:46 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
    [2012/03/26 16:59:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2012/03/26 16:52:01 | 000,022,608 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Download Removal Tool _ Cleanpcguide.com.htm
    [2012/03/26 12:05:42 | 000,002,404 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/03/11 20:37:48 | 000,029,863 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\build shelves.jpg
    [2012/03/11 18:00:50 | 000,114,210 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\V1 Valentine One Radar Dector Wire Repair for Cigarette Plug.jpg
    [2012/03/11 17:57:18 | 000,005,325 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\reversed end for V1 Valentine One radar detector.jpg
    [2012/03/11 17:51:53 | 000,009,402 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\standard phone wiring.jpg
    [2012/03/11 13:07:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
    [2012/03/11 13:07:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2011/07/10 20:48:47 | 000,070,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2011/06/24 23:10:59 | 000,302,718 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2052111302-1060284298-682003330-1003-0.dat
    [2011/06/24 05:12:35 | 000,302,718 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2011/05/27 16:00:01 | 000,001,560 | -HS- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
    [2011/05/27 16:00:01 | 000,001,560 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
    [2011/05/14 23:48:55 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
    [2011/05/14 23:48:54 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
    [2011/04/15 23:06:22 | 001,375,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2011/04/04 21:13:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
    [2011/04/04 20:45:55 | 000,409,037 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\census.cache
    [2011/04/04 20:40:12 | 000,208,090 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\ars.cache
    [2011/04/04 19:55:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\housecall.guid.cache
    [2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\4555zz.ini
    [2011/03/14 14:50:33 | 000,114,933 | ---- | C] () -- C:\Program Files\Common Files\Theme_Slate_theme.thmx
    [2011/03/05 09:37:53 | 000,002,256 | ---- | C] () -- C:\WINDOWS\current_settings.bin
    [2010/09/23 21:55:58 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2010/09/23 21:53:58 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
    [2010/08/30 19:18:23 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
    [2010/04/05 00:23:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\prvlcl.dat

    ========== LOP Check ==========

    [2012/03/24 07:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2011/11/23 06:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2010/11/29 09:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2011/09/28 21:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
    [2010/11/29 09:26:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2011/03/24 17:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/12/02 18:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2010/09/01 13:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
    [2010/09/23 21:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
    [2011/01/06 23:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2010/04/19 22:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2009/05/25 22:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2012/04/02 14:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/03/28 20:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
    [2009/03/18 18:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
    [2009/03/18 18:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
    [2011/01/06 23:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
    [2011/01/04 02:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2011/01/02 22:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2009/03/15 20:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/12 13:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/17 22:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/10 19:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2012/01/14 16:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\AVG Secure Search
    [2011/11/23 05:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\AVG2012
    [2011/02/27 12:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\BitComet
    [2010/08/09 21:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Windows Desktop Search
    [2012/02/11 20:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Windows Search
    [2009/11/14 19:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Ashampoo
    [2011/11/23 05:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AVG Secure Search
    [2011/11/23 05:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AVG2012
    [2011/12/04 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\BitComet
    [2012/03/11 12:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/29 21:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
    [2011/11/21 17:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\DAEMON Tools Lite
    [2010/02/02 00:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Facebook
    [2010/07/29 20:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GARMIN
    [2012/03/26 17:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GetRightToGo
    [2009/11/29 14:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\IObit
    [2011/03/04 23:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\OpenCandy
    [2009/03/18 18:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Palo Alto Software
    [2010/01/02 21:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Styler
    [2011/03/28 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\SystemRequirementsLab
    [2010/09/01 13:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Ulead Systems
    [2009/03/15 13:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Windows Desktop Search
    [2009/03/15 15:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Windows Search
    [2009/07/02 04:24:26 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1238293067.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/05/25 22:50:19 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2009/12/02 18:04:53 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2011/09/13 20:57:23 | 000,023,871 | ---- | M] () -- C:\ashampoo-acdw-log.txt
    [2009/03/14 22:47:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/07/06 22:34:22 | 000,000,876 | ---- | M] () -- C:\bar.emf
    [2011/04/04 18:28:36 | 000,000,245 | ---- | M] () -- C:\Boot.bak
    [2012/03/30 19:26:54 | 000,000,355 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2012/04/02 15:18:29 | 000,021,293 | ---- | M] () -- C:\ComboFix.txt
    [2009/03/14 22:47:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/09/23 07:04:55 | 000,001,255 | ---- | M] () -- C:\Cucu_Video_log.txt
    [2012/04/02 14:53:05 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/25 13:33:36 | 000,000,000 | ---- | M] () -- C:\hpfr3420.xml
    [2012/03/25 13:33:39 | 000,082,095 | ---- | M] () -- C:\hpfr3425.log
    [2009/03/14 22:47:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/09/03 06:55:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2009/03/14 22:47:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2002/01/05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
    [2002/01/05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
    [2009/03/15 11:12:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/03/15 12:17:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2012/04/02 14:53:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/30 18:54:55 | 000,095,870 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_30.03.2012_18.49.25_log.txt
    [2008/04/30 16:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/03/14 22:47:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2009/10/01 19:34:19 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/03/14 15:23:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2009/03/14 15:23:09 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2009/03/14 15:23:09 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/03/15 12:22:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/03/15 12:29:58 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2009/03/14 21:59:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/29 17:29:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
    [2012/03/30 19:07:50 | 004,450,054 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
    [2012/03/31 22:18:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2008/04/23 15:48:24 | 000,114,933 | ---- | M] () -- C:\Program Files\Common Files\Theme_Slate_theme.thmx

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2011/10/30 15:18:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2002/08/29 06:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
    [2009/07/02 04:24:26 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1238293067.job
    [2012/03/27 10:35:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2012/04/02 15:18:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/03/15 12:29:58 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rob\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2009/07/17 11:55:36 | 000,300,848 | ---- | M] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
    [2011/04/13 15:58:51 | 000,009,068 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/04/02 15:32:25 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Rob\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2002/08/29 06:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
    [2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
    [2002/08/29 06:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2002/08/29 06:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2002/08/29 06:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/07/17 12:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-08 13:41:46

    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aw8c2276)
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      O3 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
      O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
      [2011/05/27 16:00:01 | 000,001,560 | -HS- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
      [2011/05/27 16:00:01 | 000,001,560 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
      [2011/05/14 23:48:55 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
      [2011/05/14 23:48:54 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
      [2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\4555zz.ini
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    As per your instructions I copy and pasted the exact code into OTL and clicked the Run Fix button at the top. I had shut down Malwarebytes ans all service that I could associated with AVG prior to this. After clicking the Run Fix button the messages displayed in OTL were:

    Killing processes. DO NOT INTERRUPT...

    I let this run for over 90 minutes to no avail. Everything locked up but the ability to move the curser via mouse. After rebooting I attempted a second time with the same results.

    I was able to download and install the most current version of Java and remove all old versions.

    Ran Security Check and will post results.

    Ran Farbar Service Scanner and will post results.

    Ran Temp File Cleaner and again locked up system. Had to reboot.

    Will run ESET online scanner after posting results of Security Check and Farbar.

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2012
    Antivirus up to date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spyware Doctor 7.0
    Spybot - Search & Destroy
    CCleaner
    Java(TM) 6 Update 31
    Out of date Java installed!
    Adobe Reader X (10.1.2)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````


    Farbar Service Scanner Version: 01-03-2012
    Ran by Rob (administrator) on 02-04-2012 at 23:39:19
    Running from "C:\Documents and Settings\Rob\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) pctgntdi(9) PSched(7) Tcpip(4)
    0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
     
  24. parkcitytrainer

    parkcitytrainer TS Rookie Topic Starter Posts: 18

    ESET Scan results

    C:\Documents and Settings\Rob\My Documents\Downloads\The_Complete_Unabridged_Anne_Rice_Collection___1759597_6758.exe Win32/Adware.1ClickDownload application deleted - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\wanusb.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir Win32/Sirefef.DA trojan cleaned by deleting - quarantined
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL fix from safe mode.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...