Solved Crypt.AQLW Trojan consistently starting Adobe Flash installer

[parkcitytrainer]

This Trojan is a real pain. It keeps trying to send out to:
95.215.2.7
95.21.5.2.8
63.223.106.17
46.249.58.48
46.249.59.47
83.133.124.245
It also keeps starting Adobe Flash Player Installer.

I performed;

Step 1: Antivirus scanning

Step 2: Malwarebytes Anti-Malware

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rob :: FRANCIS-SV1 [administrator]

Protection: Enabled

3/27/2012 8:02:42 PM
mbam-log-2012-03-27 (20-02-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223740
Time elapsed: 43 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Step 3: GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-27 21:21:22
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD2500BB-55GUC0 rev.08.02D08
Running: yxu8qi7n.exe; Driver: C:\DOCUME~1\Rob\LOCALS~1\Temp\pxldypog.sys


---- System - GMER 1.0.15 ----

SSDT spoq.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spoq.sys ZwEnumerateValueKey [0xF74FD132]

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\adpu160m \Device\Scsi\adpu160m2Port3Path0Target1Lun0 8A3541F8
Device \Driver\adpu160m \Device\Scsi\adpu160m1Port2Path0Target1Lun0 8A3541F8
Device \Driver\adpu160m \Device\Scsi\adpu160m1Port2Path0Target3Lun0 8A3541F8
Device \Driver\ax3wod37 \Device\Scsi\ax3wod371 8A0D61F8
Device \Driver\adpu160m \Device\Scsi\adpu160m1 8A3541F8
Device \Driver\adpu160m \Device\Scsi\adpu160m2 8A3541F8
Device \Driver\adpu160m \Device\Scsi\adpu160m3 8A3541F8
Device \Driver\adpu160m \Device\Scsi\adpu160m1Port2Path0Target4Lun0 8A3541F8
Device \Driver\adpu160m \Device\Scsi\adpu160m1Port2Path0Target2Lun0 8A3541F8
Device \FileSystem\Ntfs \Ntfs 8A3531F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

---- EOF - GMER 1.0.15 ----


Step 4: DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Rob at 21:21:33 on 2012-03-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.553 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\MCTCIDUtil.exe
C:\WINDOWS\system32\trutil01.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\MFirefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.atcomet.com/b/
uSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [MCTCIDUtil] c:\windows\system32\MCTCIDUtil.exe
mRun: [trutil0] c:\windows\system32\trutil01.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.12.6.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263616039703
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263616028390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rob\application data\mozilla\firefox\profiles\fc6gsug0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49495
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\fc6gsug0.default\extensions\{5b79bc2a-25c2-4f2a-bb86-606ea88ab950}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\rob\application data\mozilla\firefox\profiles\fc6gsug0.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\rob\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\rob\application data\mozilla\firefox\profiles\fc6gsug0.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\rob\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mfirefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mfirefox\plugins\npdjvu.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-26 207280]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 295248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-3-26 233136]
R1 pfmfs_27B;pfmfs_27B;c:\windows\system32\drivers\pfmfs_27B.sys [2009-3-18 179896]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-5-25 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-27 652360]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-14 918880]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-27 20464]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [2012-3-11 247680]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [2012-3-11 253056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 mclogmanagerservice;Wpsscannersvc;c:\windows\system32\svchost.exe -k netsvcs [2002-8-29 14336]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2012-3-9 45288]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-3-26 70408]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp2\RpcAgentSrv.exe [2009-4-19 98488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2012-3-26 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2012-3-26 1141712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [2012-3-11 34944]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2012-03-26 23:28:57 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-26 23:28:52 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-26 23:28:52 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-26 23:28:46 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-26 23:28:34 -------- d-----w- c:\program files\Spyware Doctor
2012-03-26 23:28:34 -------- d-----w- c:\program files\common files\PC Tools
2012-03-26 23:28:34 -------- d-----w- c:\documents and settings\rob\application data\PC Tools
2012-03-26 23:28:34 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2012-03-26 23:08:22 -------- d-----w- c:\documents and settings\rob\application data\GetRightToGo
2012-03-26 22:59:58 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-03-26 16:32:14 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-11 19:36:17 -------- d-----w- C:\MCT
2012-03-11 19:36:16 315392 ----a-w- c:\windows\system32\MCTCIDUtil.exe
2012-03-11 19:07:27 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-03-11 19:07:01 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2012-03-11 18:59:55 -------- d-----w- c:\documents and settings\rob\application data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-10 05:00:38 -------- d-----w- c:\program files\ATI
2012-03-10 05:00:01 -------- d-----w- c:\program files\ATI Technologies
2012-03-10 04:57:57 -------- d-----w- C:\ATI
2012-03-10 04:57:30 21784 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-03-10 04:57:30 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-03-10 04:57:28 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-03-10 04:57:10 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-03-05 22:17:02 -------- d-----w- C:\TRITTON_uv100_8.0.1.0229.1153
.
==================== Find3M ====================
.
.
============= FINISH: 21:23:03.50 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/14/2009 10:50:03 PM
System Uptime: 3/27/2012 6:42:03 AM (15 hours ago)
.
Motherboard: Dell Computer Corp. | |
Processor: Intel(R) XEON(TM) CPU 2.00GHz | Microprocessor | 1977/100mhz
Processor: Intel(R) XEON(TM) CPU 2.00GHz | Microprocessor | 1977/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 105.565 GiB free.
E: is FIXED (NTFS) - 137 GiB total, 67.095 GiB free.
F: is FIXED (NTFS) - 34 GiB total, 4.457 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP671: 12/31/2011 9:48:56 AM - System Checkpoint
RP672: 1/1/2012 10:12:55 AM - System Checkpoint
RP673: 1/2/2012 7:37:19 PM - System Checkpoint
RP674: 1/3/2012 8:26:29 PM - System Checkpoint
RP675: 1/6/2012 6:34:38 PM - System Checkpoint
RP676: 1/8/2012 7:49:45 PM - System Checkpoint
RP677: 1/10/2012 7:23:21 PM - System Checkpoint
RP678: 1/11/2012 7:41:39 PM - System Checkpoint
RP679: 1/12/2012 8:37:31 PM - System Checkpoint
RP680: 1/13/2012 10:08:14 PM - System Checkpoint
RP681: 1/14/2012 11:00:10 PM - System Checkpoint
RP682: 1/19/2012 7:07:42 PM - System Checkpoint
RP683: 1/20/2012 7:12:50 PM - System Checkpoint
RP684: 1/21/2012 7:24:45 PM - System Checkpoint
RP685: 1/23/2012 7:10:34 PM - System Checkpoint
RP686: 1/26/2012 6:20:50 PM - System Checkpoint
RP687: 1/28/2012 9:46:02 AM - System Checkpoint
RP688: 1/29/2012 4:22:49 PM - System Checkpoint
RP689: 1/31/2012 12:44:46 PM - System Checkpoint
RP690: 2/1/2012 6:17:29 PM - System Checkpoint
RP691: 2/4/2012 1:07:01 AM - System Checkpoint
RP692: 2/5/2012 9:54:04 AM - System Checkpoint
RP693: 2/6/2012 10:00:32 AM - System Checkpoint
RP694: 2/7/2012 6:35:45 PM - System Checkpoint
RP695: 2/10/2012 4:16:20 PM - System Checkpoint
RP696: 2/11/2012 4:56:15 PM - System Checkpoint
RP697: 2/12/2012 5:13:12 PM - System Checkpoint
RP698: 2/14/2012 6:43:09 PM - System Checkpoint
RP699: 2/15/2012 6:58:54 PM - System Checkpoint
RP700: 2/17/2012 6:27:02 PM - System Checkpoint
RP701: 2/17/2012 9:00:43 PM - Installed iTunes
RP702: 2/18/2012 9:25:19 PM - System Checkpoint
RP703: 2/20/2012 7:38:53 PM - System Checkpoint
RP704: 2/26/2012 9:29:47 AM - System Checkpoint
RP705: 3/5/2012 3:18:38 PM - Installed SEE2 USB 2.0 VGA Adapter (Multiple)
RP706: 3/5/2012 3:29:33 PM - Unsigned driver install
RP707: 3/5/2012 7:01:09 PM - Removed Microsoft Silverlight
RP708: 3/6/2012 6:19:13 AM - Unsigned driver install
RP709: 3/10/2012 2:46:03 PM - System Checkpoint
RP710: 3/11/2012 1:07:27 PM - Installed Windows XP Wdf01009.
RP711: 3/11/2012 1:25:16 PM - Removed SEE2 USB 2.0 VGA Adapter (Multiple)
RP712: 3/11/2012 1:35:39 PM - Installed SEE2 USB 2.0 VGA Adapter (Multiple)
RP713: 3/11/2012 1:38:14 PM - Unsigned driver install
RP714: 3/12/2012 12:24:07 PM - Unsigned driver install
RP715: 3/12/2012 12:56:04 PM - Unsigned driver install
RP716: 3/14/2012 8:53:56 PM - System Checkpoint
RP717: 3/17/2012 2:23:23 PM - System Checkpoint
RP718: 3/18/2012 2:56:52 PM - System Checkpoint
RP719: 3/19/2012 6:28:15 PM - System Checkpoint
RP720: 3/22/2012 7:38:02 PM - System Checkpoint
RP721: 3/23/2012 7:59:03 PM - System Checkpoint
RP722: 3/25/2012 10:26:41 AM - System Checkpoint
RP723: 3/27/2012 3:41:37 AM - System Checkpoint
RP724: 3/27/2012 7:03:59 AM - Removed Acrobat.com
RP725: 3/27/2012 7:04:56 AM - Removed Adobe Reader 9.5.0.
RP726: 3/27/2012 7:10:25 AM - Removed Adobe Photoshop Elements 5.0
.
==== Installed Programs ======================
.
.
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.65
ADS Tech Master Installer V3.8
Advanced SystemCare 3
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 9.03
AutoUpdate
AVG 2012
BitComet 1.25
Bonjour
Business Plan Pro 2007
CCleaner
Critical Update for Windows Media Player 11 (KB959772)
CyberLink PowerDirector
CyberLink WaveEditor
CyberView CS - Memor-ease 1.2a (build 20090910)
dcmsvc 1.0
Dell Driver Download Manager
DivX
DivX Player
DriverGuide DriverScan
Facebook Plug-In
FreeRIP v3.42
Google Updater
HGTV Home & Interior Painter
HGTV Home & Landscape Platinum Suite
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
hp instant support
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
ImagXpress
Indeo® software
iTunes
Java Auto Updater
Java(TM) 6 Update 22
LightScribe System Software 1.14.17.1
LizardTech DjVu Control
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Expression Web Service Pack 1 (SP1)
Microsoft IntelliType Pro 8.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Streets & Trips 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA Drivers
Oakley THUMP
OVT Scanner X86
PhotoImpact X3
Pismo File Mount Audit Package
Quicken 2010
QuickTime
Remote Control USB Driver
SAPI Wrapper
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
SEE2 USB 2.0 VGA Adapter (Multiple) 8.0.1.0229.1153
SiSoftware Sandra Lite 2009.SP2
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
Spybot - Search & Destroy
Spyware Doctor 7.0
System Requirements Lab
TTS Wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wutiper
Ulead DVD DiskRecorder 2.1.1
Uninstall OVT Scanner
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.0.1
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
3/26/2012 9:58:26 PM, error: Service Control Manager [7023] - The Wdm_au8820 service terminated with the following error: Access is denied.
3/26/2012 9:43:28 PM, error: Service Control Manager [7023] - The AMDPCI service terminated with the following error: Access is denied.
3/26/2012 9:28:27 PM, error: Service Control Manager [7023] - The Igniteservice.exe service terminated with the following error: Access is denied.
3/26/2012 9:13:26 PM, error: Service Control Manager [7023] - The Stirusb service terminated with the following error: Access is denied.
3/26/2012 8:58:26 PM, error: Service Control Manager [7023] - The Cics.region2 service terminated with the following error: Access is denied.
3/26/2012 8:43:24 PM, error: Service Control Manager [7023] - The Areschatserver service terminated with the following error: Access is denied.
3/26/2012 8:28:22 PM, error: Service Control Manager [7023] - The Servicemgr service terminated with the following error: Access is denied.
3/26/2012 8:13:21 PM, error: Service Control Manager [7023] - The Oracle_load_balancer_60_server-forms6ip14 service terminated with the following error: Access is denied.
3/26/2012 7:58:23 PM, error: Service Control Manager [7023] - The Dpc_srv_webcast service terminated with the following error: Access is denied.
3/26/2012 7:43:21 PM, error: Service Control Manager [7023] - The Wpsscannersvc service terminated with the following error: Access is denied.
3/26/2012 7:28:20 PM, error: Service Control Manager [7023] - The Tablet2k service terminated with the following error: Access is denied.
3/26/2012 7:13:19 PM, error: Service Control Manager [7023] - The WacomVKHid service terminated with the following error: Access is denied.
3/26/2012 6:58:21 PM, error: Service Control Manager [7023] - The Enodpl service terminated with the following error: Access is denied.
3/26/2012 6:43:18 PM, error: Service Control Manager [7023] - The Steamdvr service terminated with the following error: Access is denied.
3/26/2012 6:28:19 PM, error: Service Control Manager [7023] - The HPFECP20 service terminated with the following error: Access is denied.
3/26/2012 6:13:17 PM, error: Service Control Manager [7023] - The Nbservice service terminated with the following error: Access is denied.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Z525mdm service terminated with the following error: Access is denied.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Qbreminderflash service terminated with the following error: The specified module could not be found.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Openvpnservice service terminated with the following error: The specified module could not be found.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Ntgrip service terminated with the following error: Access is denied.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The LXARScan service terminated with the following error: The specified module could not be found.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Lvusbsta service terminated with the following error: The specified module could not be found.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Lp6nds35 service terminated with the following error: The specified module could not be found.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
3/26/2012 5:58:34 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
3/26/2012 5:58:34 PM, error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
3/26/2012 5:53:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/26/2012 5:28:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/26/2012 5:24:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
3/26/2012 5:22:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
3/26/2012 5:20:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/26/2012 5:00:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm sptd
3/26/2012 4:59:40 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
3/26/2012 4:39:52 PM, error: Service Control Manager [7023] - The LXARScan service terminated with the following error: Access is denied.
3/26/2012 2:25:07 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2012 2:25:02 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
3/26/2012 11:45:19 AM, error: Service Control Manager [7023] - The Qbreminderflash service terminated with the following error: Access is denied.
3/26/2012 11:37:22 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
3/26/2012 11:10:18 AM, error: Service Control Manager [7023] - The Openvpnservice service terminated with the following error: Access is denied.
3/26/2012 10:45:15 AM, error: Service Control Manager [7023] - The Lp6nds35 service terminated with the following error: Access is denied.
3/26/2012 10:43:28 PM, error: Service Control Manager [7023] - The Sk9920nt service terminated with the following error: Access is denied.
3/26/2012 10:32:16 AM, error: Service Control Manager [7023] - The Lvusbsta service terminated with the following error: Access is denied.
3/26/2012 10:28:34 PM, error: Service Control Manager [7023] - The SE2Eobex service terminated with the following error: Access is denied.
3/26/2012 10:13:33 PM, error: Service Control Manager [7023] - The Statusagent4 service terminated with the following error: Access is denied.
.
==== End Of File ===========================


Any and all help to remove this Trojan is much appreciated.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

====================================================================

Download Bootkit Remover to your desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[parkcitytrainer]

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-29 17:29:57
-----------------------------
17:29:57.859 OS Version: Windows 5.1.2600 Service Pack 3
17:29:57.859 Number of processors: 2 586 0x204
17:29:57.859 ComputerName: FRANCIS-SV1 UserName: Rob
17:30:18.859 Initialize success
17:32:20.250 AVAST engine defs: 12032901
17:32:46.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:32:46.203 Disk 0 Vendor: WDC_WD2500BB-55GUC0 08.02D08 Size: 238475MB BusType: 3
17:32:46.203 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\adpu160m1Port2Path0Target1Lun0
17:32:46.218 Disk 1 Vendor: SEAGATE_ 010A Size: 35003MB BusType: 1
17:32:46.218 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\adpu160m1Port2Path0Target2Lun0
17:32:46.218 Disk 2 Vendor: SEAGATE_ 010A Size: 35003MB BusType: 1
17:32:46.234 Disk 3 \Device\Harddisk3\DR3 -> \Device\Scsi\adpu160m1Port2Path0Target3Lun0
17:32:46.234 Disk 3 Vendor: SEAGATE_ 010A Size: 35003MB BusType: 1
17:32:46.234 Disk 4 \Device\Harddisk4\DR4 -> \Device\Scsi\adpu160m1Port2Path0Target4Lun0
17:32:46.250 Disk 4 Vendor: SEAGATE_ 010A Size: 35003MB BusType: 1
17:32:46.250 Disk 5 \Device\Harddisk5\DR5 -> \Device\Scsi\adpu160m2Port3Path0Target1Lun0
17:32:46.265 Disk 5 Vendor: SEAGATE_ 8A03 Size: 34732MB BusType: 1
17:32:46.281 Disk 0 MBR read successfully
17:32:46.296 Disk 0 MBR scan
17:32:46.359 Disk 0 Windows XP default MBR code
17:32:46.359 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
17:32:46.375 Disk 0 scanning sectors +488376000
17:32:46.484 Disk 0 scanning C:\WINDOWS\system32\drivers
17:33:07.484 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Hosts-BM [Rtk]
17:33:44.593 Disk 0 trace - called modules:
17:33:44.625 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88d6bfd0]<<
17:33:44.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a21c578]
17:33:44.640 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> [0x88e7f928]
17:33:44.656 \Driver\00001940[0x88df4f38] -> IRP_MJ_CREATE -> 0x88d6bfd0
17:33:45.890 AVAST engine scan C:\WINDOWS
17:33:56.171 AVAST engine scan C:\WINDOWS\system32
17:40:43.375 AVAST engine scan C:\WINDOWS\system32\drivers
17:40:56.140 File: C:\WINDOWS\system32\drivers\mrxsmb.sys **INFECTED** Win32:Hosts-BM [Rtk]
17:41:26.703 AVAST engine scan C:\Documents and Settings\Rob
18:02:09.171 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rob\Desktop\MBR.dat"
18:02:09.187 The log file has been saved successfully to "C:\Documents and Settings\Rob\Desktop\aswMBR.txt"


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[parkcitytrainer]

18:49:25.0593 0256 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:49:26.0640 0256 ============================================================
18:49:26.0640 0256 Current date / time: 2012/03/30 18:49:26.0640
18:49:26.0640 0256 SystemInfo:
18:49:26.0640 0256
18:49:26.0640 0256 OS Version: 5.1.2600 ServicePack: 3.0
18:49:26.0640 0256 Product type: Workstation
18:49:26.0640 0256 ComputerName: FRANCIS-SV1
18:49:26.0640 0256 UserName: Rob
18:49:26.0640 0256 Windows directory: C:\WINDOWS
18:49:26.0640 0256 System windows directory: C:\WINDOWS
18:49:26.0640 0256 Processor architecture: Intel x86
18:49:26.0640 0256 Number of processors: 2
18:49:26.0640 0256 Page size: 0x1000
18:49:26.0640 0256 Boot type: Normal boot
18:49:26.0640 0256 ============================================================
18:49:31.0328 0256 Drive \Device\Harddisk1\DR1 - Size: 0x88BB99400 (34.18 Gb), SectorSize: 0x200, Cylinders: 0x116E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:49:31.0328 0256 Drive \Device\Harddisk2\DR2 - Size: 0x88BB99400 (34.18 Gb), SectorSize: 0x200, Cylinders: 0x116E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:49:31.0328 0256 Drive \Device\Harddisk3\DR3 - Size: 0x88BB99400 (34.18 Gb), SectorSize: 0x200, Cylinders: 0x116E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:49:31.0343 0256 Drive \Device\Harddisk4\DR4 - Size: 0x88BB99400 (34.18 Gb), SectorSize: 0x200, Cylinders: 0x116E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:49:31.0343 0256 Drive \Device\Harddisk5\DR5 - Size: 0x87ACE3E00 (33.92 Gb), SectorSize: 0x200, Cylinders: 0x114B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
18:49:31.0375 0256 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:49:31.0375 0256 \Device\Harddisk1\DR1:
18:49:31.0390 0256 MBR used
18:49:31.0390 0256 \Device\Harddisk2\DR2:
18:49:31.0390 0256 MBR used
18:49:31.0390 0256 \Device\Harddisk3\DR3:
18:49:31.0390 0256 MBR used
18:49:31.0390 0256 \Device\Harddisk4\DR4:
18:49:31.0390 0256 MBR used
18:49:31.0390 0256 \Device\Harddisk5\DR5:
18:49:31.0390 0256 MBR used
18:49:31.0390 0256 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x43CF48B
18:49:31.0390 0256 \Device\Harddisk0\DR0:
18:49:31.0390 0256 MBR used
18:49:31.0390 0256 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
18:49:31.0453 0256 Initialize success
18:49:31.0453 0256 ============================================================
18:49:38.0578 3752 ============================================================
18:49:38.0578 3752 Scan started
18:49:38.0578 3752 Mode: Manual;
18:49:38.0578 3752 ============================================================
18:49:40.0609 3752 .redbook - ok
18:49:40.0921 3752 3combootp - ok
18:49:41.0171 3752 Abiosdsk - ok
18:49:41.0531 3752 abp480n5 - ok
18:49:41.0921 3752 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
18:49:41.0984 3752 ac97intc - ok
18:49:42.0578 3752 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:49:42.0625 3752 ACPI - ok
18:49:43.0093 3752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:49:43.0109 3752 ACPIEC - ok
18:49:43.0562 3752 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:49:43.0562 3752 adpu160m - ok
18:49:43.0984 3752 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:49:44.0015 3752 aec - ok
18:49:44.0593 3752 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
18:49:44.0625 3752 AFD - ok
18:49:45.0109 3752 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:49:45.0140 3752 agp440 - ok
18:49:45.0468 3752 Aha154x - ok
18:49:45.0781 3752 aic78u2 - ok
18:49:46.0062 3752 aic78xx - ok
18:49:46.0437 3752 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:49:46.0453 3752 Alerter - ok
18:49:46.0765 3752 alertservice - ok
18:49:47.0062 3752 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:49:47.0125 3752 ALG - ok
18:49:47.0593 3752 AliIde - ok
18:49:47.0906 3752 amsint - ok
18:49:48.0578 3752 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
18:49:48.0843 3752 APL531 - ok
18:49:49.0109 3752 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:49:49.0140 3752 Apple Mobile Device - ok
18:49:49.0578 3752 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:49:49.0625 3752 AppMgmt - ok
18:49:50.0109 3752 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:49:50.0125 3752 Arp1394 - ok
18:49:50.0656 3752 asc - ok
18:49:51.0000 3752 asc3350p - ok
18:49:51.0265 3752 asc3550 - ok
18:49:51.0562 3752 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:49:51.0703 3752 aspnet_state - ok
18:49:52.0187 3752 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:49:52.0218 3752 AsyncMac - ok
18:49:52.0656 3752 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:49:52.0656 3752 atapi - ok
18:49:53.0000 3752 Atdisk - ok
18:49:53.0265 3752 atierecord - ok
18:49:53.0796 3752 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:49:53.0812 3752 Atmarpc - ok
18:49:54.0171 3752 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:49:54.0187 3752 AudioSrv - ok
18:49:54.0718 3752 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:49:54.0734 3752 audstub - ok
18:49:56.0781 3752 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
18:49:59.0593 3752 AVGIDSAgent - ok
18:50:00.0031 3752 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:50:00.0062 3752 AVGIDSDriver - ok
18:50:00.0562 3752 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:50:00.0562 3752 AVGIDSEH - ok
18:50:01.0015 3752 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:50:01.0031 3752 AVGIDSFilter - ok
18:50:01.0453 3752 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:50:01.0484 3752 AVGIDSShim - ok
18:50:01.0953 3752 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:50:01.0984 3752 Avgldx86 - ok
18:50:02.0578 3752 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:50:02.0593 3752 Avgmfx86 - ok
18:50:03.0000 3752 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:50:03.0031 3752 Avgrkx86 - ok
18:50:03.0515 3752 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:50:03.0656 3752 Avgtdix - ok
18:50:04.0000 3752 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
18:50:04.0031 3752 avgwd - ok
18:50:04.0328 3752 basfipm - ok
18:50:04.0718 3752 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:50:04.0734 3752 Beep - ok
18:50:05.0187 3752 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:50:05.0359 3752 BITS - ok
18:50:05.0796 3752 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:50:05.0984 3752 Bonjour Service - ok
18:50:06.0375 3752 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:50:06.0406 3752 Browser - ok
18:50:06.0734 3752 CamAv - ok
18:50:07.0156 3752 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:50:07.0171 3752 cbidf2k - ok
18:50:07.0500 3752 cccredmgr - ok
18:50:07.0906 3752 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:50:07.0921 3752 CCDECODE - ok
18:50:08.0218 3752 cd20xrnt - ok
18:50:08.0687 3752 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:50:08.0703 3752 Cdaudio - ok
18:50:09.0171 3752 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:50:09.0187 3752 Cdfs - ok
18:50:09.0718 3752 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:50:09.0750 3752 Cdrom - ok
18:50:10.0031 3752 Changer - ok
18:50:10.0359 3752 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:50:10.0375 3752 CiSvc - ok
18:50:10.0796 3752 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:50:10.0812 3752 ClipSrv - ok
18:50:11.0078 3752 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:50:11.0703 3752 clr_optimization_v2.0.50727_32 - ok
18:50:12.0031 3752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:50:12.0078 3752 clr_optimization_v4.0.30319_32 - ok
18:50:12.0593 3752 CmdIde - ok
18:50:12.0859 3752 COMSysApp - ok
18:50:13.0250 3752 Cpqarray - ok
18:50:13.0562 3752 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:50:13.0578 3752 CryptSvc - ok
18:50:13.0875 3752 CTERFXFX.DLL - ok
18:50:14.0171 3752 cvsnt - ok
18:50:14.0562 3752 CXAVXBAR - ok
18:50:14.0921 3752 dac2w2k - ok
18:50:15.0203 3752 dac960nt - ok
18:50:15.0453 3752 db2das00 - ok
18:50:15.0937 3752 dc3d (b7ef38c2c22a7805de919cff5e16a372) C:\WINDOWS\system32\DRIVERS\dc3d.sys
18:50:15.0984 3752 dc3d - ok
18:50:16.0484 3752 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:50:16.0500 3752 DcomLaunch - ok
18:50:16.0843 3752 Defrag32 - ok
18:50:17.0031 3752 defragfs - ok
18:50:17.0328 3752 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:50:17.0328 3752 Dhcp - ok
18:50:17.0968 3752 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:50:18.0000 3752 Disk - ok
18:50:18.0250 3752 dmadmin - ok
18:50:18.0765 3752 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:50:18.0906 3752 dmboot - ok
18:50:19.0468 3752 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:50:19.0484 3752 dmio - ok
18:50:20.0109 3752 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:50:20.0125 3752 dmload - ok
18:50:20.0625 3752 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:50:20.0640 3752 dmserver - ok
18:50:21.0187 3752 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:50:21.0218 3752 DMusic - ok
18:50:21.0562 3752 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
18:50:21.0578 3752 Dnscache - ok
18:50:22.0062 3752 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:50:22.0078 3752 Dot3svc - ok
18:50:22.0562 3752 dpti2o - ok
18:50:23.0000 3752 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:50:23.0015 3752 drmkaud - ok
18:50:23.0656 3752 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:50:23.0671 3752 EapHost - ok
18:50:24.0375 3752 ehstart - ok
18:50:24.0812 3752 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
18:50:24.0843 3752 EL90XBC - ok
18:50:25.0328 3752 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:50:25.0343 3752 ERSvc - ok
18:50:25.0750 3752 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:50:25.0765 3752 Eventlog - ok
18:50:26.0375 3752 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:50:26.0531 3752 EventSystem - ok
18:50:27.0187 3752 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:50:27.0203 3752 Fastfat - ok
18:50:27.0828 3752 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:50:27.0906 3752 FastUserSwitchingCompatibility - ok
18:50:28.0375 3752 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:50:28.0406 3752 Fdc - ok
18:50:28.0906 3752 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:50:28.0921 3752 Fips - ok
18:50:29.0562 3752 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:50:29.0968 3752 FLEXnet Licensing Service - ok
18:50:30.0500 3752 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:50:30.0531 3752 Flpydisk - ok
18:50:30.0937 3752 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:50:30.0953 3752 FltMgr - ok
18:50:31.0890 3752 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:50:32.0046 3752 FontCache3.0.0.0 - ok
18:50:33.0359 3752 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:50:33.0453 3752 Fs_Rec - ok
18:50:33.0906 3752 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:50:33.0968 3752 Ftdisk - ok
18:50:34.0406 3752 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:50:34.0437 3752 GEARAspiWDM - ok
18:50:34.0828 3752 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:50:34.0843 3752 Gpc - ok
18:50:35.0265 3752 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:50:35.0281 3752 gusvc - ok
18:50:35.0500 3752 helpsvc - ok
18:50:35.0734 3752 HidServ - ok
18:50:36.0171 3752 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:50:36.0203 3752 HidUsb - ok
18:50:36.0578 3752 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:50:36.0593 3752 hkmsvc - ok
18:50:37.0015 3752 hpn - ok
18:50:37.0468 3752 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:50:37.0484 3752 HPZid412 - ok
18:50:38.0046 3752 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:50:38.0062 3752 HPZipr12 - ok
18:50:38.0484 3752 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:50:38.0500 3752 HPZius12 - ok
18:50:38.0843 3752 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:50:38.0875 3752 HTTP - ok
18:50:39.0031 3752 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:50:39.0046 3752 HTTPFilter - ok
18:50:39.0109 3752 i2omgmt - ok
18:50:39.0578 3752 i2omp - ok
18:50:40.0093 3752 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:50:40.0109 3752 i8042prt - ok
18:50:40.0515 3752 iaimfp3 - ok
18:50:40.0781 3752 iAimTV6 - ok
18:50:41.0031 3752 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:50:41.0515 3752 IDriverT - ok
18:50:42.0375 3752 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:50:42.0687 3752 idsvc - ok
18:50:42.0906 3752 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:50:42.0906 3752 Imapi - ok
18:50:43.0390 3752 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
18:50:43.0390 3752 ImapiService - ok
18:50:43.0765 3752 ini910u - ok
18:50:43.0906 3752 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:50:43.0906 3752 IntelIde - ok
18:50:44.0109 3752 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:50:44.0109 3752 intelppm - ok
18:50:44.0562 3752 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
18:50:44.0562 3752 IntuitUpdateService - ok
18:50:45.0015 3752 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:50:45.0031 3752 ip6fw - ok
18:50:45.0265 3752 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:50:45.0265 3752 IpFilterDriver - ok
18:50:45.0843 3752 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:50:45.0859 3752 IpInIp - ok
18:50:46.0125 3752 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:50:46.0218 3752 IpNat - ok
18:50:46.0625 3752 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:50:46.0656 3752 iPod Service - ok
18:50:46.0859 3752 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:50:46.0875 3752 IPSec - ok
18:50:47.0031 3752 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:50:47.0031 3752 IRENUM - ok
18:50:47.0656 3752 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:50:47.0671 3752 isapnp - ok
18:50:48.0015 3752 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
18:50:48.0031 3752 JavaQuickStarterService - ok
18:50:48.0796 3752 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:50:48.0828 3752 Kbdclass - ok
18:50:49.0750 3752 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:50:49.0765 3752 kbdhid - ok
18:50:49.0984 3752 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:50:49.0984 3752 kmixer - ok
18:50:50.0171 3752 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:50:50.0171 3752 KSecDD - ok
18:50:50.0343 3752 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:50:50.0359 3752 lanmanserver - ok
18:50:50.0531 3752 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:50:50.0546 3752 lanmanworkstation - ok
18:50:50.0765 3752 lbrtfdc - ok
18:50:50.0984 3752 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:50:50.0984 3752 LightScribeService - ok
18:50:51.0125 3752 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:50:51.0140 3752 LmHosts - ok
18:50:51.0187 3752 LMIInfo - ok
18:50:51.0390 3752 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:50:51.0390 3752 lmimirr - ok
18:50:51.0500 3752 LMIRfsClientNP - ok
18:50:51.0578 3752 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:50:51.0578 3752 LMIRfsDriver - ok
18:50:51.0734 3752 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:50:51.0750 3752 MBAMProtector - ok
18:50:51.0937 3752 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:50:51.0968 3752 MBAMService - ok
18:50:52.0109 3752 mclogmanagerservice - ok
18:50:52.0312 3752 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
18:50:52.0328 3752 MDM - ok
18:50:52.0531 3752 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:50:52.0531 3752 Messenger - ok
18:50:52.0546 3752 mgactrl - ok
18:50:52.0562 3752 mhndrv - ok
18:50:52.0734 3752 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:50:52.0781 3752 Microsoft Office Groove Audit Service - ok
18:50:52.0968 3752 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:50:52.0984 3752 mnmdd - ok
18:50:53.0187 3752 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
18:50:53.0187 3752 mnmsrvc - ok
18:50:53.0375 3752 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:50:53.0375 3752 Modem - ok
18:50:53.0546 3752 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:50:53.0546 3752 Mouclass - ok
18:50:53.0718 3752 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:50:53.0718 3752 mouhid - ok
18:50:53.0906 3752 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:50:53.0906 3752 MountMgr - ok
18:50:54.0046 3752 mraid35x - ok
18:50:54.0093 3752 mrobeservice - ok
18:50:54.0218 3752 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:50:54.0328 3752 MRxDAV - ok
18:50:54.0890 3752 MRxSmb (95032f6914eae0edac3090801283514c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:50:54.0937 3752 MRxSmb - ok
18:50:55.0250 3752 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
18:50:55.0250 3752 MSDTC - ok
18:50:55.0531 3752 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:50:55.0546 3752 Msfs - ok
18:50:55.0625 3752 MSIServer - ok
18:50:55.0718 3752 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:50:55.0718 3752 MSKSSRV - ok
18:50:55.0875 3752 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:50:55.0890 3752 MSPCLOCK - ok
18:50:56.0046 3752 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:50:56.0062 3752 MSPQM - ok
18:50:56.0625 3752 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:50:56.0734 3752 mssmbios - ok
18:50:57.0328 3752 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:50:57.0406 3752 MSTEE - ok
18:50:58.0265 3752 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:50:58.0265 3752 Mup - ok
18:50:58.0531 3752 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:50:58.0546 3752 NABTSFEC - ok
18:50:58.0812 3752 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:50:58.0828 3752 napagent - ok
18:50:59.0062 3752 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:50:59.0093 3752 NDIS - ok
18:50:59.0390 3752 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:50:59.0390 3752 NdisIP - ok
18:50:59.0562 3752 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:50:59.0562 3752 NdisTapi - ok
18:50:59.0734 3752 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:50:59.0734 3752 Ndisuio - ok
18:50:59.0906 3752 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:50:59.0906 3752 NdisWan - ok
18:51:00.0078 3752 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:51:00.0078 3752 NDProxy - ok
18:51:00.0359 3752 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:51:00.0359 3752 NetBIOS - ok
18:51:00.0546 3752 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:51:00.0546 3752 NetBT - ok
18:51:00.0718 3752 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:51:00.0718 3752 NetDDE - ok
18:51:00.0734 3752 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:51:00.0750 3752 NetDDEdsdm - ok
18:51:00.0875 3752 netdetect - ok
18:51:00.0937 3752 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
18:51:00.0937 3752 Netlogon - ok
18:51:01.0046 3752 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:51:01.0062 3752 Netman - ok
18:51:01.0437 3752 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:51:01.0453 3752 NetTcpPortSharing - ok
18:51:01.0640 3752 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:51:01.0640 3752 NIC1394 - ok
18:51:01.0765 3752 nimcdfxk - ok
18:51:01.0843 3752 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
18:51:01.0859 3752 Nla - ok
18:51:02.0062 3752 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:51:02.0078 3752 Npfs - ok
18:51:02.0421 3752 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:51:02.0468 3752 Ntfs - ok
18:51:02.0640 3752 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
18:51:02.0640 3752 NtLmSsp - ok
18:51:02.0921 3752 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:51:02.0937 3752 NtmsSvc - ok
18:51:03.0171 3752 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:51:03.0171 3752 NuidFltr - ok
18:51:03.0593 3752 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:51:03.0609 3752 Null - ok
18:51:03.0859 3752 nv (8e836672c1e476772cd18b7b4a671b4b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:51:03.0921 3752 nv - ok
18:51:04.0062 3752 nvmpu401 - ok
18:51:04.0140 3752 NVSvc (e0f8f86eecac5d01af9bb4406a347178) C:\WINDOWS\system32\nvsvc32.exe
18:51:04.0156 3752 NVSvc - ok
18:51:04.0359 3752 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:51:04.0359 3752 NwlnkFlt - ok
18:51:04.0531 3752 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:51:04.0531 3752 NwlnkFwd - ok
18:51:04.0812 3752 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:51:04.0843 3752 odserv - ok
18:51:05.0046 3752 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:51:05.0046 3752 ohci1394 - ok
18:51:05.0265 3752 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:51:05.0281 3752 ose - ok
18:51:05.0531 3752 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:51:05.0531 3752 Parport - ok
18:51:05.0718 3752 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:51:05.0718 3752 PartMgr - ok
18:51:05.0859 3752 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:51:05.0875 3752 ParVdm - ok
18:51:06.0125 3752 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:51:06.0125 3752 PCI - ok
18:51:06.0265 3752 PCIDump - ok
18:51:06.0437 3752 PCIIde - ok
18:51:06.0625 3752 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:51:06.0640 3752 Pcmcia - ok
18:51:06.0796 3752 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\WINDOWS\system32\drivers\PCTCore.sys
18:51:06.0812 3752 PCTCore - ok
18:51:06.0953 3752 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\system32\drivers\pctgntdi.sys
18:51:06.0968 3752 pctgntdi - ok
18:51:07.0109 3752 pctplsg (95a8562701e6b4494993847f85b2d60e) C:\WINDOWS\system32\drivers\pctplsg.sys
18:51:07.0125 3752 pctplsg - ok
18:51:07.0250 3752 PDCOMP - ok
18:51:07.0265 3752 PDFRAME - ok
18:51:07.0281 3752 PDRELI - ok
18:51:07.0312 3752 PDRFRAME - ok
18:51:07.0343 3752 perc2 - ok
18:51:07.0375 3752 perc2hib - ok
18:51:07.0453 3752 pfmfs_27B (a3e9309e52bf8ac1c8ad1b53f9d3c544) C:\WINDOWS\system32\Drivers\pfmfs_27B.sys
18:51:07.0468 3752 pfmfs_27B - ok
18:51:07.0640 3752 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:51:07.0656 3752 PlugPlay - ok
18:51:07.0781 3752 Pml Driver HPZ12 (fb03f341ff5380394bf2ee52f1979925) C:\WINDOWS\system32\HPZipm12.exe
18:51:07.0796 3752 Pml Driver HPZ12 - ok
18:51:07.0921 3752 PNRPSvc (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\psadd.dll
18:51:07.0953 3752 Suspicious file (NoAccess): C:\WINDOWS\system32\psadd.dll. md5: 11028c6a84a967070cb1286550f2058f
18:51:07.0953 3752 PNRPSvc ( Backdoor.Multi.ZAccess.gen ) - infected
18:51:07.0953 3752 PNRPSvc - detected Backdoor.Multi.ZAccess.gen (0)
18:51:08.0062 3752 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
18:51:08.0078 3752 PolicyAgent - ok
18:51:08.0265 3752 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:51:08.0281 3752 PptpMiniport - ok
18:51:08.0453 3752 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:51:08.0468 3752 Processor - ok
18:51:08.0625 3752 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:51:08.0625 3752 ProtectedStorage - ok
18:51:08.0828 3752 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:51:08.0828 3752 PSched - ok
18:51:09.0015 3752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:51:09.0015 3752 Ptilink - ok
18:51:09.0156 3752 ql1080 - ok
18:51:09.0187 3752 Ql10wnt - ok
18:51:09.0203 3752 ql12160 - ok
18:51:09.0234 3752 ql1240 - ok
18:51:09.0265 3752 ql1280 - ok
18:51:09.0312 3752 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:51:09.0312 3752 RasAcd - ok
18:51:09.0500 3752 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:51:09.0515 3752 RasAuto - ok
18:51:09.0703 3752 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:51:09.0718 3752 Rasl2tp - ok
18:51:09.0921 3752 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:51:09.0937 3752 RasMan - ok
18:51:10.0312 3752 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:51:10.0328 3752 RasPppoe - ok
18:51:10.0500 3752 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:51:10.0500 3752 Raspti - ok
18:51:10.0687 3752 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:51:10.0687 3752 Rdbss - ok
18:51:10.0812 3752 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:51:10.0812 3752 RDPCDD - ok
18:51:11.0000 3752 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:51:11.0015 3752 rdpdr - ok
18:51:11.0281 3752 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:51:11.0296 3752 RDPWD - ok
18:51:11.0468 3752 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:51:11.0484 3752 RDSessMgr - ok
18:51:11.0671 3752 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:51:11.0687 3752 redbook - ok
18:51:11.0859 3752 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:51:11.0875 3752 RemoteAccess - ok
18:51:12.0062 3752 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:51:12.0062 3752 RemoteRegistry - ok
18:51:12.0234 3752 RichVideo (7728b6aedc83bc0defd0a53371d4613b) C:\Program Files\CyberLink\Shared files\RichVideo.exe
18:51:12.0250 3752 RichVideo - ok
18:51:12.0531 3752 RMSvc - ok
18:51:12.0593 3752 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
18:51:12.0609 3752 RpcLocator - ok
18:51:12.0750 3752 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:51:12.0765 3752 RpcSs - ok
18:51:12.0906 3752 RR2Ctrl - ok
18:51:12.0984 3752 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
18:51:13.0000 3752 RSVP - ok
18:51:13.0078 3752 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:51:13.0093 3752 SamSs - ok
18:51:13.0265 3752 SANDRA (24c68978d48f41084dc00159aa07fab8) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys
18:51:13.0296 3752 SANDRA - ok
18:51:13.0421 3752 SandraAgentSrv (3a4ab78a64e391ef3d75be0619eb428a) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
18:51:13.0421 3752 SandraAgentSrv - ok
18:51:13.0609 3752 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:51:13.0625 3752 SCardSvr - ok
18:51:13.0750 3752 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:51:13.0765 3752 Schedule - ok
18:51:13.0968 3752 sdAuxService (ee088b31f5eb673a62e7e0d09b0007b0) C:\Program Files\Spyware Doctor\pctsAuxs.exe
18:51:14.0156 3752 sdAuxService - ok
18:51:14.0750 3752 sdCoreService (747ffe0a5a34c349a363be97c632b7c4) C:\Program Files\Spyware Doctor\pctsSvc.exe
18:51:14.0812 3752 sdCoreService - ok
18:51:15.0000 3752 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:51:15.0015 3752 Secdrv - ok
18:51:15.0171 3752 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:51:15.0187 3752 seclogon - ok
18:51:15.0296 3752 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
18:51:15.0312 3752 SENS - ok
18:51:15.0453 3752 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:51:15.0453 3752 serenum - ok
18:51:15.0625 3752 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:51:15.0640 3752 Serial - ok
18:51:15.0906 3752 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:51:15.0921 3752 Sfloppy - ok
18:51:16.0078 3752 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:51:16.0109 3752 SharedAccess - ok
18:51:16.0343 3752 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:51:16.0343 3752 ShellHWDetection - ok
18:51:16.0500 3752 Simbad - ok
18:51:16.0562 3752 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:51:16.0562 3752 SLIP - ok
18:51:16.0703 3752 Sparrow - ok
18:51:16.0781 3752 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:51:16.0796 3752 splitter - ok
18:51:17.0015 3752 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:51:17.0015 3752 Spooler - ok
18:51:17.0250 3752 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
18:51:17.0265 3752 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:51:17.0265 3752 sptd ( LockedFile.Multi.Generic ) - warning
18:51:17.0265 3752 sptd - detected LockedFile.Multi.Generic (1)
18:51:17.0437 3752 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:51:17.0437 3752 sr - ok
18:51:17.0593 3752 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:51:17.0609 3752 srservice - ok
18:51:17.0734 3752 SRTSPL - ok
18:51:17.0828 3752 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
18:51:17.0843 3752 Srv - ok
18:51:17.0984 3752 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:51:18.0000 3752 SSDPSRV - ok
18:51:18.0125 3752 stacsv - ok
18:51:18.0234 3752 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:51:18.0281 3752 stisvc - ok
18:51:18.0562 3752 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:51:18.0562 3752 streamip - ok
18:51:18.0796 3752 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:51:18.0796 3752 swenum - ok
18:51:18.0984 3752 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:51:18.0984 3752 swmidi - ok
18:51:19.0265 3752 SwPrv - ok
18:51:19.0500 3752 symc810 - ok
18:51:19.0609 3752 symc8xx - ok
18:51:19.0671 3752 sym_hi - ok
18:51:19.0765 3752 sym_u3 - ok
18:51:19.0921 3752 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:51:19.0937 3752 sysaudio - ok
18:51:20.0031 3752 syslogd - ok
18:51:20.0093 3752 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:51:20.0109 3752 SysmonLog - ok
18:51:20.0281 3752 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:51:20.0296 3752 TapiSrv - ok
18:51:20.0453 3752 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:51:20.0484 3752 Tcpip - ok
18:51:20.0687 3752 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:51:20.0687 3752 TDPIPE - ok
18:51:20.0859 3752 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:51:20.0859 3752 TDTCP - ok
18:51:21.0031 3752 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:51:21.0046 3752 TermDD - ok
18:51:21.0218 3752 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:51:21.0234 3752 TermService - ok
18:51:21.0421 3752 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
18:51:21.0437 3752 Themes - ok
18:51:21.0578 3752 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
18:51:21.0578 3752 TlntSvr - ok
18:51:21.0796 3752 TosIde - ok
18:51:21.0859 3752 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:51:21.0875 3752 TrkWks - ok
18:51:22.0015 3752 tunmp - ok
18:51:22.0031 3752 U3sHlpDr - ok
18:51:22.0062 3752 UBHelper - ok
18:51:22.0171 3752 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:51:22.0187 3752 Udfs - ok
18:51:22.0312 3752 ultra - ok
18:51:22.0718 3752 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:51:22.0734 3752 Update - ok
18:51:22.0906 3752 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:51:22.0921 3752 upnphost - ok
18:51:23.0078 3752 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:51:23.0093 3752 UPS - ok
18:51:23.0234 3752 us30sys - ok
18:51:23.0359 3752 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:51:23.0375 3752 USBAAPL - ok
18:51:23.0484 3752 usbatapi2000 - ok
18:51:23.0625 3752 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:51:23.0625 3752 usbccgp - ok
18:51:23.0781 3752 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:51:23.0781 3752 usbehci - ok
18:51:24.0015 3752 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:51:24.0015 3752 usbhub - ok
18:51:24.0203 3752 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:51:24.0203 3752 usbohci - ok
18:51:24.0375 3752 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:51:24.0375 3752 usbprint - ok
18:51:24.0546 3752 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:51:24.0546 3752 usbscan - ok
18:51:24.0734 3752 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:51:24.0734 3752 USBSTOR - ok
18:51:24.0906 3752 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:51:24.0906 3752 usbuhci - ok
18:51:25.0031 3752 useraccess - ok
18:51:25.0156 3752 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:51:25.0156 3752 VgaSave - ok
18:51:25.0562 3752 ViaIde - ok
18:51:25.0718 3752 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:51:25.0734 3752 VolSnap - ok
18:51:25.0843 3752 vproeventmonitor - ok
18:51:25.0921 3752 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:51:25.0937 3752 VSS - ok
18:51:26.0203 3752 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
18:51:26.0250 3752 vToolbarUpdater10.2.0 - ok
18:51:26.0406 3752 vulfnths - ok
18:51:26.0500 3752 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:51:26.0515 3752 W32Time - ok
18:51:26.0703 3752 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:51:26.0718 3752 Wanarp - ok
18:51:26.0828 3752 wap3gx - ok
18:51:26.0906 3752 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
18:51:26.0906 3752 wceusbsh - ok
18:51:27.0093 3752 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:51:27.0109 3752 Wdf01000 - ok
18:51:27.0343 3752 WDICA - ok
18:51:27.0484 3752 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:51:27.0500 3752 wdmaud - ok
18:51:27.0640 3752 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:51:27.0640 3752 WebClient - ok
18:51:27.0796 3752 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:51:27.0796 3752 winmgmt - ok
18:51:28.0015 3752 WISTechVIDCAP (80f9670acd3213f4601a43cbb474b1b6) C:\WINDOWS\system32\drivers\wisgostrm.sys
18:51:28.0078 3752 WISTechVIDCAP - ok
18:51:28.0281 3752 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:51:28.0281 3752 WmdmPmSN - ok
18:51:28.0421 3752 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:51:28.0421 3752 Wmi - ok
18:51:28.0687 3752 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
18:51:28.0812 3752 WmiApSrv - ok
18:51:28.0984 3752 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:51:29.0203 3752 WMPNetworkSvc - ok
18:51:29.0640 3752 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:51:30.0359 3752 WPFFontCache_v0400 - ok
18:51:30.0796 3752 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:51:30.0812 3752 WS2IFSL - ok
18:51:31.0031 3752 WSearch - ok
18:51:31.0515 3752 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:51:31.0531 3752 WSTCODEC - ok
18:51:31.0968 3752 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:51:31.0984 3752 WudfPf - ok
18:51:32.0687 3752 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:51:32.0703 3752 WudfRd - ok
18:51:33.0093 3752 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:51:33.0140 3752 WudfSvc - ok
18:51:33.0593 3752 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:51:33.0656 3752 WZCSVC - ok
18:51:33.0843 3752 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:51:33.0859 3752 xmlprov - ok
18:51:34.0062 3752 xMrMINI (cbf2cf50e28d968ad811cd512754d151) C:\WINDOWS\system32\DRIVERS\xMrMini.sys
18:51:34.0093 3752 xMrMINI - ok
18:51:34.0375 3752 xVGAMINI (07e55eabc0d9d21a013b0b8075fe0a5c) C:\WINDOWS\system32\DRIVERS\xVgaMini.sys
18:51:34.0406 3752 xVGAMINI - ok
18:51:34.0578 3752 xVGAUSB (863a8486491208395ae05bc5ecb29592) C:\WINDOWS\system32\drivers\xvgausb.sys
18:51:34.0578 3752 xVGAUSB - ok
18:51:34.0640 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:51:34.0656 3752 \Device\Harddisk1\DR1 - ok
18:51:34.0671 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
18:51:34.0671 3752 \Device\Harddisk2\DR2 - ok
18:51:34.0687 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
18:51:34.0687 3752 \Device\Harddisk3\DR3 - ok
18:51:34.0718 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
18:51:34.0718 3752 \Device\Harddisk4\DR4 - ok
18:51:34.0734 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
18:51:34.0828 3752 \Device\Harddisk5\DR5 - ok
18:51:34.0859 3752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:51:35.0062 3752 \Device\Harddisk0\DR0 - ok
18:51:35.0062 3752 Boot (0x1200) (278114c6fef5f37ff75179a97131ec7d) \Device\Harddisk5\DR5\Partition0
18:51:35.0078 3752 \Device\Harddisk5\DR5\Partition0 - ok
18:51:35.0093 3752 Boot (0x1200) (39f59585eba8ff75def963a4489bb72e) \Device\Harddisk0\DR0\Partition0
18:51:35.0093 3752 \Device\Harddisk0\DR0\Partition0 - ok
18:51:35.0093 3752 ============================================================
18:51:35.0093 3752 Scan finished
18:51:35.0093 3752 ============================================================
18:51:35.0140 3736 Detected object count: 2
18:51:35.0140 3736 Actual detected object count: 2
18:51:59.0250 3736 HKLM\SYSTEM\ControlSet001\services\PNRPSvc - will be deleted on reboot
18:51:59.0250 3736 C:\WINDOWS\system32\psadd.dll - will be deleted on reboot
18:51:59.0265 3736 PNRPSvc ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
18:51:59.0265 3736 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:51:59.0265 3736 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[parkcitytrainer]

ComboFix 12-03-30.06 - Rob 03/30/2012 20:10:17.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1102 [GMT -6:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe
c:\documents and settings\All Users\Application Data\xml11C.tmp
c:\documents and settings\All Users\Application Data\xml11D.tmp
c:\documents and settings\All Users\Application Data\xml11E.tmp
c:\documents and settings\All Users\Application Data\xml9A.tmp
c:\documents and settings\All Users\invokesi.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\documents and settings\Rob\Application Data\55AE.0A3
c:\documents and settings\Rob\Application Data\Adobe\plugs
c:\documents and settings\Rob\Application Data\Adobe\shed
c:\windows\$NtUninstallKB22432$
c:\windows\$NtUninstallKB22432$\530276279
c:\windows\$NtUninstallKB43103$\517846658\@
c:\windows\$NtUninstallKB43103$\517846658\cfg.ini
c:\windows\$NtUninstallKB43103$\517846658\Desktop.ini
c:\windows\$NtUninstallKB43103$\517846658\L\sqgtmnim
c:\windows\$NtUninstallKB43103$\517846658\oemid
c:\windows\$NtUninstallKB43103$\517846658\U\00000001.@
c:\windows\$NtUninstallKB43103$\517846658\U\00000002.@
c:\windows\$NtUninstallKB43103$\517846658\U\00000004.@
c:\windows\$NtUninstallKB43103$\517846658\U\80000000.@
c:\windows\$NtUninstallKB43103$\517846658\U\80000004.@
c:\windows\$NtUninstallKB43103$\517846658\U\80000032.@
c:\windows\$NtUninstallKB43103$\517846658\version
c:\windows\$NtUninstallKB43103$\742387349
c:\windows\system32\Cache
c:\windows\system32\Cache\0aa4b0ad4c053e15.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\9b7caa4613118a6f.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dde491035b3c615a.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\wanusb.dll
c:\windows\$NtUninstallKB43103$ . . . . Failed to delete
.
c:\windows\system32\drivers\StMp3Rec.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.redbook
-------\Legacy_lkclassads
-------\Service_lkclassads
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 00:51 . 2012-03-31 00:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 22:32 . 2008-04-13 17:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-26 23:28 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-26 23:28 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-26 23:28 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-26 23:28 . 2010-02-05 15:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-26 23:28 . 2012-03-26 23:52 -------- d-----w- c:\program files\Spyware Doctor
2012-03-26 23:28 . 2012-03-26 23:36 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-26 23:28 . 2012-03-26 23:28 -------- d-----w- c:\documents and settings\Rob\Application Data\PC Tools
2012-03-26 23:28 . 2012-03-26 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-03-26 23:08 . 2012-03-26 23:36 -------- d-----w- c:\documents and settings\Rob\Application Data\GetRightToGo
2012-03-26 22:59 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-03-26 17:52 . 2012-03-26 17:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-11 19:36 . 2012-03-11 19:36 -------- d-----w- C:\MCT
2012-03-11 19:36 . 2007-11-14 13:57 315392 ----a-w- c:\windows\system32\MCTCIDUtil.exe
2012-03-11 19:07 . 2008-11-08 00:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-03-11 19:07 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2012-03-11 18:59 . 2012-03-11 18:59 -------- d-----w- c:\documents and settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-10 05:00 . 2012-03-10 05:00 -------- d-----w- c:\program files\ATI
2012-03-10 05:00 . 2012-03-10 05:00 -------- d-----w- c:\program files\ATI Technologies
2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- C:\ATI
2012-03-10 04:57 . 2011-08-10 23:39 21784 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-03-10 04:57 . 2011-08-10 23:39 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-03-10 04:57 . 2011-08-10 23:39 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-03-06 13:16 . 2012-03-06 13:16 -------- d-----w- c:\program files\Microsoft Silverlight
2012-03-05 22:17 . 2012-03-05 22:17 -------- d-----w- C:\TRITTON_uv100_8.0.1.0229.1153
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-15 00:43 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-15 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2009-03-06 03:17 143160 ----a-w- c:\windows\system32\pfmshx_27B.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-15 982880]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"MCTCIDUtil"="c:\windows\system32\MCTCIDUtil.exe" [2007-11-14 315392]
"trutil0"="c:\windows\system32\trutil01.exe" [2008-02-26 253952]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-12-16 22:19 2402512 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dcmsvc]
2009-04-07 20:53 30440 ----a-w- c:\program files\dcmsvc\dcmsvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-07-15 17:42 4112384 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-11 19:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2009-05-20 05:16 222504 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MFirefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8242:TCP"= 8242:TCP:BitComet 8242 TCP
"8242:UDP"= 8242:UDP:BitComet 8242 UDP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/26/2012 5:28 PM 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/24/2011 5:41 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 295248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/26/2012 5:28 PM 233136]
R1 pfmfs_27B;pfmfs_27B;c:\windows\system32\drivers\pfmfs_27B.sys [3/18/2009 6:49 PM 179896]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2010 9:38 PM 652360]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/14/2012 6:43 PM 918880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2010 9:38 PM 20464]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [3/11/2012 1:35 PM 247680]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [3/11/2012 1:35 PM 253056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 9:44 PM 580992]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [3/9/2012 10:57 PM 45288]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/26/2012 5:28 PM 70408]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [4/19/2009 11:51 AM 98488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/26/2012 5:28 PM 365280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [3/11/2012 1:35 PM 34944]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
3combootp
tunmp
UBHelper
tsscoreservice
NWFILTER
mrobeservice
cvsnt
nvmpu401
mclogmanagerservice
us30sys
RMSvc
vulfnths
basfipm
iaimfp3
SRTSPL
CamAv
vproeventmonitor
stacsv
atierecord
PNRPSvc
aexnsclient
digisptiservice
lkclassads
cmuda
alertservice
usbatapi2000
CTERFXFX.DLL
RR2Ctrl
defragfs
nimcdfxk
netdetect
CXAVXBAR
mhndrv
db2das00
wap3gx
cccredmgr
mgactrl
ehstart
Defrag32
iAimTV6
wmp54gsvc
procmon10
useraccess
U3sHlpDr
syslogd
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2009-07-02 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4238293067.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]
.
2012-03-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-11 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = <local>;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49495
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-25031618.sys
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 20:57
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(984)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2896)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-03-30 21:11:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 03:10
.
Pre-Run: 113,021,190,144 bytes free
Post-Run: 113,665,613,824 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - 3574204847D365964FE23C21F8E78314

 

[Broni]

Uninstall Advanced SystemCare 3.
Registry cleaners/optimizers are not recommended for several reasons:

• Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
  
  The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  
• Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  
• Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  
• Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  
• The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

• Ed Bott's Webog: Why I don't use registry cleaners
• Do I need a Registry Cleaner?

==================================================================

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\drivers\StMp3Rec.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

====================================================================

For 32-bit systems please download GrantPerms.zip and save it to your desktop.
For 64-bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

c:\windows\$NtUninstallKB43103$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

 

[parkcitytrainer]

I uninstalled Advanced SystemCare 3.
My hidden files, folders, and operating system was already set to viewable.
The file "StMp3Rec.sys" is for Oakly Thump sunglasses and was located in two different directories other than "c:\windows\system32\drivers\StMp3Rec.sys"
I tested both copies at http://www.virustotal.com/ with 0 /42 detected.

GrantPerms by Farbar
Ran by Rob (administrator) at 2012-03-31 21:03:44

===============================================
\\?\c:\windows\$NtUninstallKB43103$

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)
BUILTIN\Power Users change ALLOW (I)
BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)
BUILTIN\Administrators FULL ALLOW (I)
BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)

 

[parkcitytrainer]

and AVG is finding;

Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 7:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 6:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 5:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 4:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 3:16:31 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse ZeroAccess.T;"c:\System Volume Information\_restore{9C55FB55-E83F-4556-94BC-FA8B893B5CAF}\RP726\A0104555.sys";"Infected";"3/31/2012, 2:19:38 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse ZeroAccess.T;"c:\WINDOWS\system32\drivers\mrxsmb.sys";"Object is white-listed (critical/system file that should not be removed)";"3/31/2012, 2:15:34 PM";"file";"C:\WINDOWS\system32\svchost.exe"
Trojan horse ZeroAccess.T;"c:\WINDOWS\system32\drivers\mrxsmb.sys";"Object is white-listed (critical/system file that should not be removed)";"3/31/2012, 6:44:56 AM";"file";"C:\WINDOWS\system32\svchost.exe"

 

[Broni]

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

 

[parkcitytrainer]

SHA256: 810ffd54c7d05e512d51c1833dee61f38c601800eb47273cb107cc60905276bd
File name: mrxsmb.sys
Detection ratio: 18 / 42
Analysis date: 2012-04-01 03:57:48 UTC ( 0 minutes ago )

 

[Broni]

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Use the following settings:

• Click the NONE button
• Under Custom Scans/Fixes paste:

/md5start
mrxsmb.sys
/md5stop

• Finally hit Run Scan and wait for the log to open.
• Please post the content of the log into your next reply.

 

[parkcitytrainer]

OTL logfile created on: 3/31/2012 10:20:16 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 54.04% Memory free
3.35 Gb Paging File | 2.42 Gb Available in Paging File | 72.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 105.70 Gb Free Space | 45.39% Space Free | Partition Type: NTFS
Drive E: | 136.72 Gb Total Space | 67.09 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
Drive F: | 33.90 Gb Total Space | 4.46 Gb Free Space | 13.14% Space Free | Partition Type: NTFS

Computer Name: FRANCIS-SV1 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< Code: >

< --------- >

< MD5 for: MRXSMB.SYS >
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
[2009/03/15 11:10:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2009/03/15 12:13:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2009/03/15 11:10:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
[2009/03/15 12:13:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/05/05 03:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2004/08/04 00:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2008/10/24 05:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/10/24 05:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 04:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] () MD5=95032F6914EAE0EDAC3090801283514C -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/10/27 19:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2010/02/24 05:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys

< --------- >

< End of report >

 

[parkcitytrainer]

During the running of OTL, AVG also detected C:\WINDOWS\system32\drivers\mrxsmb.sys

It gave only one option; Ignore the threat. I haven't clicked on the AVG box yet.

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

FCopy::
C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys | C:\WINDOWS\system32\drivers\mrxsmb.sys

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

================================================================

Re-run OTL with the very same settings as before.

 

[parkcitytrainer]

ComboFix 12-03-30.06 - Rob 04/02/2012 14:58:24.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1104 [GMT -6:00]
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rob\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\mrxsmb.sys --> c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-03-31 00:51 . 2012-03-31 00:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-29 22:32 . 2008-04-13 17:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys
2012-03-29 22:32 . 2008-04-13 17:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-03-26 23:28 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-26 23:28 . 2009-10-06 22:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-26 23:28 . 2009-09-23 22:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-26 23:28 . 2010-02-05 15:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-26 23:28 . 2012-03-26 23:52 -------- d-----w- c:\program files\Spyware Doctor
2012-03-26 23:28 . 2012-03-26 23:36 -------- d-----w- c:\program files\Common Files\PC Tools
2012-03-26 23:28 . 2012-03-26 23:28 -------- d-----w- c:\documents and settings\Rob\Application Data\PC Tools
2012-03-26 23:28 . 2012-03-26 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-03-26 23:08 . 2012-03-26 23:36 -------- d-----w- c:\documents and settings\Rob\Application Data\GetRightToGo
2012-03-26 22:59 . 2008-04-13 17:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-03-26 17:52 . 2012-03-26 17:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-03-11 19:36 . 2012-03-11 19:36 -------- d-----w- C:\MCT
2012-03-11 19:36 . 2007-11-14 13:57 315392 ----a-w- c:\windows\system32\MCTCIDUtil.exe
2012-03-11 19:07 . 2008-11-08 00:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-03-11 19:07 . 2008-04-13 23:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2012-03-11 18:59 . 2012-03-11 18:59 -------- d-----w- c:\documents and settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-10 05:00 . 2012-03-10 05:00 -------- d-----w- c:\program files\ATI
2012-03-10 05:00 . 2012-03-10 05:00 -------- d-----w- c:\program files\ATI Technologies
2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- C:\ATI
2012-03-10 04:57 . 2011-08-10 23:39 21784 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2012-03-10 04:57 . 2011-08-10 23:39 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-03-10 04:57 . 2011-08-10 23:39 45288 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2012-03-06 13:16 . 2012-03-06 13:16 -------- d-----w- c:\program files\Microsoft Silverlight
2012-03-05 22:17 . 2012-03-05 22:17 -------- d-----w- C:\TRITTON_uv100_8.0.1.0229.1153
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-31_02.57.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-02 20:53 . 2012-04-02 20:53 16384 c:\windows\Temp\Perflib_Perfdata_4a0.dat
+ 2011-06-06 18:55 . 2011-06-06 18:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2002-08-29 12:00 . 2008-04-13 19:17 456576 c:\windows\system32\dllcache\mrxsmb.sys
+ 2011-06-06 18:55 . 2011-06-06 18:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 937920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-04-01 03:18 . 2012-04-01 03:18 2295808 c:\windows\Installer\229178d.msi
+ 2011-06-06 18:55 . 2011-06-06 18:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 1189004 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 18:55 . 2011-06-06 18:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 18:55 . 2011-06-06 18:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 18:55 . 2011-06-06 18:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-01-03 17:44 . 2012-01-03 17:44 15929344 c:\windows\Installer\229178e.msp
+ 2011-06-06 18:55 . 2011-06-06 18:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-15 00:43 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-15 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2009-03-06 03:17 143160 ----a-w- c:\windows\system32\pfmshx_27B.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-15 982880]
"nwiz"="nwiz.exe" [2004-07-15 843776]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1313640]
"MCTCIDUtil"="c:\windows\system32\MCTCIDUtil.exe" [2007-11-14 315392]
"trutil0"="c:\windows\system32\trutil01.exe" [2008-02-26 253952]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 01:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 9.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Palo Alto Software Update Manager 9.0.lnk
backup=c:\windows\pss\Palo Alto Software Update Manager 9.0.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dcmsvc]
2009-04-07 20:53 30440 ----a-w- c:\program files\dcmsvc\dcmsvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 17:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2004-07-15 17:42 4112384 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-11 19:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2009-05-20 05:16 222504 ----a-w- c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MFirefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8242:TCP"= 8242:TCP:BitComet 8242 TCP
"8242:UDP"= 8242:UDP:BitComet 8242 UDP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/26/2012 5:28 PM 207280]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/24/2011 5:41 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 295248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/26/2012 5:28 PM 233136]
R1 pfmfs_27B;pfmfs_27B;c:\windows\system32\drivers\pfmfs_27B.sys [3/18/2009 6:49 PM 179896]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/27/2010 9:38 PM 652360]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/14/2012 6:43 PM 918880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/27/2010 9:38 PM 20464]
R3 xMrMINI;xMrMINI;c:\windows\system32\drivers\xMrMini.sys [3/11/2012 1:35 PM 247680]
R3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [3/11/2012 1:35 PM 253056]
R3 xVGAUSB;USB 2.0 VGA DEVICE-1;c:\windows\system32\drivers\xvgausb.sys [3/11/2012 1:35 PM 34944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 9:44 PM 580992]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 7:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [3/9/2012 10:57 PM 45288]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [3/26/2012 5:28 PM 70408]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [4/19/2009 11:51 AM 98488]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/26/2012 5:28 PM 365280]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
3combootp
tunmp
UBHelper
tsscoreservice
NWFILTER
mrobeservice
cvsnt
nvmpu401
mclogmanagerservice
us30sys
RMSvc
vulfnths
basfipm
iaimfp3
SRTSPL
CamAv
vproeventmonitor
stacsv
atierecord
PNRPSvc
aexnsclient
digisptiservice
lkclassads
cmuda
alertservice
usbatapi2000
CTERFXFX.DLL
RR2Ctrl
defragfs
nimcdfxk
netdetect
CXAVXBAR
mhndrv
db2das00
wap3gx
cccredmgr
mgactrl
ehstart
Defrag32
iAimTV6
wmp54gsvc
procmon10
useraccess
U3sHlpDr
syslogd
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2009-07-02 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4238293067.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 23:56]
.
2012-03-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-11 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = <local>;*.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 49495
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-02 15:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2012-04-02 15:18:28
ComboFix-quarantined-files.txt 2012-04-02 21:18
ComboFix2.txt 2012-03-31 03:11
.
Pre-Run: 113,376,088,064 bytes free
Post-Run: 113,385,431,040 bytes free
.
- - End Of File - - C9CBA7413E396AB531098415350B168A

 

[parkcitytrainer]

OTL logfile created on: 4/2/2012 3:25:35 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 54.86% Memory free
3.35 Gb Paging File | 2.78 Gb Available in Paging File | 82.81% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 105.63 Gb Free Space | 45.36% Space Free | Partition Type: NTFS
Drive E: | 136.72 Gb Total Space | 67.09 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
Drive F: | 33.90 Gb Total Space | 4.46 Gb Free Space | 13.14% Space Free | Partition Type: NTFS

Computer Name: FRANCIS-SV1 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< Code: >

< --------- >

< MD5 for: MRXSMB.SYS >
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:mrxsmb.sys
[2009/03/15 11:10:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2009/03/15 12:13:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2009/03/15 11:10:14 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:mrxsmb.sys
[2009/03/15 12:13:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/05/05 03:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2004/08/04 00:15:16 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2008/10/24 05:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2008/04/13 13:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/10/24 05:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 04:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2004/10/27 19:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2010/02/24 05:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 07:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys

< --------- >

< End of report >

 

[Broni]

Perfect!

• Re-run OTL. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[parkcitytrainer]

Only one notepad window opened. Only one text file was created. It was OTL.Txt

OTL logfile created on: 4/2/2012 7:17:10 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Rob\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 45.35% Memory free
3.35 Gb Paging File | 2.56 Gb Available in Paging File | 76.42% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 105.63 Gb Free Space | 45.36% Space Free | Partition Type: NTFS
Drive E: | 136.72 Gb Total Space | 67.09 Gb Free Space | 49.07% Space Free | Partition Type: NTFS
Drive F: | 33.90 Gb Total Space | 4.46 Gb Free Space | 13.14% Space Free | Partition Type: NTFS

Computer Name: FRANCIS-SV1 | User Name: Rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/31 22:18:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
PRC - [2012/03/23 20:11:46 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\MFirefox\firefox.exe
PRC - [2012/03/14 18:43:48 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/23 20:11:45 | 001,969,080 | ---- | M] () -- C:\Program Files\MFirefox\mozjs.dll
MOD - [2012/03/14 18:43:48 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
MOD - [2012/03/06 17:46:00 | 000,085,288 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{5b79bc2a-25c2-4f2a-bb86-606ea88ab950}\components\RadioWMPCoreGecko11.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/15 18:34:52 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/04/15 18:34:48 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/04/15 18:34:47 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/04/15 18:34:45 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/04/15 18:34:34 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/04/15 18:34:34 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/04/15 18:34:34 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/04/15 18:34:34 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/04/15 18:34:34 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/04/15 18:34:33 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/04/15 18:34:33 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/04/15 18:34:32 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/04/15 18:34:32 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/04/08 07:22:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll
MOD - [2011/04/08 07:10:42 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/04/08 07:10:41 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/04/08 07:10:39 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/04/08 07:10:38 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/04/08 07:10:32 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/04/08 07:10:32 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/04/08 07:10:30 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/04/08 07:10:29 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/04/08 07:10:26 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/04/08 07:10:17 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/04/08 07:06:51 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2011/04/08 07:06:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll
MOD - [2003/03/09 21:31:04 | 000,561,152 | ---- | M] () -- C:\WINDOWS\system32\hpotscl.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmnetadapter.dll -- (wap3gx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bthmodem.dll -- (vulfnths)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavprsrv.dll -- (vproeventmonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iPassP.dll -- (useraccess)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\udfs.dll -- (usbatapi2000)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WINFLASH.dll -- (us30sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\z525bus.dll -- (UBHelper)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HECI.dll -- (U3sHlpDr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sqlagent$pinnaclesys.dll -- (tunmp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mxserver.dll -- (syslogd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvichw32.dll -- (stacsv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USB11LDR.dll -- (SRTSPL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wampapache.dll -- (RR2Ctrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RT25USBAP.dll -- (RMSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dnsexit.dll -- (nvmpu401)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AsusACPI.dll -- (nimcdfxk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dmisrv.dll -- (netdetect)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsproct.dll -- (mrobeservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\messenger.dll -- (mhndrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmPsd.dll -- (mgactrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dmgmt.dll -- (mclogmanagerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AdobeActiveFileMonitor6.0.dll -- (iAimTV6)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2jds.dll -- (iaimfp3)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll -- (helpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snapman380.dll -- (ehstart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vtserver.dll -- (digisptiservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bwcsrv.dll -- (defragfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DC21x4.dll -- (Defrag32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TOSHIBASoftModem.dll -- (db2das00)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lvmvdrv.dll -- (CXAVXBAR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\senfilt.dll -- (cvsnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\adsexpb.dll -- (CTERFXFX.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk23.dll -- (cmuda)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atfsd.dll -- (cccredmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se44nd5.dll -- (CamAv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA8032C.dll -- (basfipm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HssSrv.dll -- (atierecord)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\yukonwlh.dll -- (alertservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\egathdrv.dll -- (aexnsclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rasirda.dll -- (3combootp)
SRV - [2012/03/14 18:43:48 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/17 23:45:05 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/12/11 14:53:38 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZius12.sys -- (HPZius12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aw8c2276)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/10 17:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/03/24 17:41:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009/10/01 19:34:19 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/03/05 21:17:01 | 000,179,896 | ---- | M] (Pismo Technic Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pfmfs_27B.sys -- (pfmfs_27B)
DRV - [2008/11/25 22:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/07/24 18:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/14 15:38:46 | 000,253,056 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xVgaMini.sys -- (xVGAMINI)
DRV - [2008/02/14 15:37:20 | 000,247,680 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xMrMini.sys -- (xMrMINI)
DRV - [2008/02/14 09:36:00 | 000,034,944 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\xvgausb.sys -- (xVGAUSB)
DRV - [2006/07/31 21:44:00 | 000,580,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov550i.sys -- (APL531)
DRV - [2006/06/05 20:08:54 | 000,268,736 | ---- | M] (WIS Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wisgostrm.sys -- (WISTechVIDCAP)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={48D41E03-2907-47AA-B2A1-370C75359700}&mid=387167394180b0f22ab90d3b04459851-2c2dacd3e26cf7ffa75ab6ab9e5252e41065988b&lang=en&ds=AVG&pr=fr&d=2011-11-23 04:53:10&v=8.0.0.40&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\SearchScopes\Yahoo!: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=iobit-trans
IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search Powered by Google"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2384137&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://google.atcomet.com/b/"
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5b79bc2a-25c2-4f2a-bb86-606ea88ab950}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49495
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Rob\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Rob\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 13:36:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/26 09:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\MFirefox\components [2012/03/23 20:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\MFirefox\plugins [2012/03/31 21:18:03 | 000,000,000 | ---D | M]

[2009/03/14 22:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Extensions
[2012/03/11 12:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions
[2011/08/26 05:00:00 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/07/23 00:15:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/11 12:14:12 | 000,000,000 | ---D | M] (foxnewstalk Community Toolbar) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{5b79bc2a-25c2-4f2a-bb86-606ea88ab950}
[2010/12/09 21:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/01/29 21:48:44 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2011/11/23 05:53:25 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\avg@toolbar
[2009/10/10 13:07:15 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\extensions\LogMeInClient@logmein.com
[2009/10/21 20:01:26 | 000,000,866 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\fc6gsug0.default\searchplugins\conduit.xml
[2010/04/27 22:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/21 04:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2012/03/30 20:57:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MCTCIDUtil] C:\WINDOWS\system32\MCTCIDUtil.exe (TODO: <Company name>)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [trutil0] C:\WINDOWS\system32\trutil01.exe (Magic Control Technology Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - Reg Error: Value error. File not found
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263616039703 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263616028390 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5706A2B-9D9E-4269-8A6A-16790A8480BC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/14 22:47:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/06 23:22:10 | 000,000,000 | -H-- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: 3combootp - %systemroot%\system32\rasirda.dll File not found
NetSvcs: tunmp - %systemroot%\system32\sqlagent$pinnaclesys.dll File not found
NetSvcs: UBHelper - %systemroot%\system32\z525bus.dll File not found
NetSvcs: tsscoreservice - File not found
NetSvcs: NWFILTER - File not found
NetSvcs: mrobeservice - %systemroot%\system32\dsproct.dll File not found
NetSvcs: cvsnt - %systemroot%\system32\senfilt.dll File not found
NetSvcs: nvmpu401 - %systemroot%\system32\dnsexit.dll File not found
NetSvcs: mclogmanagerservice - %systemroot%\system32\SE2Dmgmt.dll File not found
NetSvcs: us30sys - %systemroot%\system32\WINFLASH.dll File not found
NetSvcs: RMSvc - %systemroot%\system32\RT25USBAP.dll File not found
NetSvcs: vulfnths - %systemroot%\system32\bthmodem.dll File not found
NetSvcs: basfipm - %systemroot%\system32\MA8032C.dll File not found
NetSvcs: iaimfp3 - %systemroot%\system32\db2jds.dll File not found
NetSvcs: SRTSPL - %systemroot%\system32\USB11LDR.dll File not found
NetSvcs: CamAv - %systemroot%\system32\se44nd5.dll File not found
NetSvcs: vproeventmonitor - %systemroot%\system32\pavprsrv.dll File not found
NetSvcs: stacsv - %systemroot%\system32\tvichw32.dll File not found
NetSvcs: atierecord - %systemroot%\system32\HssSrv.dll File not found
NetSvcs: PNRPSvc - File not found
NetSvcs: aexnsclient - %systemroot%\system32\egathdrv.dll File not found
NetSvcs: digisptiservice - %systemroot%\system32\vtserver.dll File not found
NetSvcs: lkclassads - File not found
NetSvcs: cmuda - %systemroot%\system32\PSSdk23.dll File not found
NetSvcs: alertservice - %systemroot%\system32\yukonwlh.dll File not found
NetSvcs: usbatapi2000 - %systemroot%\system32\udfs.dll File not found
NetSvcs: CTERFXFX.DLL - %systemroot%\system32\adsexpb.dll File not found
NetSvcs: RR2Ctrl - %systemroot%\system32\wampapache.dll File not found
NetSvcs: defragfs - %systemroot%\system32\bwcsrv.dll File not found
NetSvcs: nimcdfxk - %systemroot%\system32\AsusACPI.dll File not found
NetSvcs: netdetect - %systemroot%\system32\dmisrv.dll File not found
NetSvcs: CXAVXBAR - %systemroot%\system32\lvmvdrv.dll File not found
NetSvcs: mhndrv - %systemroot%\system32\messenger.dll File not found
NetSvcs: db2das00 - %systemroot%\system32\TOSHIBASoftModem.dll File not found
NetSvcs: wap3gx - %systemroot%\system32\vmnetadapter.dll File not found
NetSvcs: cccredmgr - %systemroot%\system32\atfsd.dll File not found
NetSvcs: mgactrl - %systemroot%\system32\EpmPsd.dll File not found
NetSvcs: ehstart - %systemroot%\system32\snapman380.dll File not found
NetSvcs: Defrag32 - %systemroot%\system32\DC21x4.dll File not found
NetSvcs: iAimTV6 - %systemroot%\system32\AdobeActiveFileMonitor6.0.dll File not found
NetSvcs: wmp54gsvc - File not found
NetSvcs: procmon10 - File not found
NetSvcs: useraccess - %systemroot%\system32\iPassP.dll File not found
NetSvcs: U3sHlpDr - %systemroot%\system32\HECI.dll File not found
NetSvcs: syslogd - %systemroot%\system32\mxserver.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - %SystemRoot%\PCHealth\HelpCtr\Binaries\pchsvc.dlles\pchsvc.dll File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - mpegacm.acm File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - ulmp3acm.acm File not found
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)

 

[parkcitytrainer]

The file was too long. Here is the rest of it.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 22:18:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2012/03/31 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\GrantPerms
[2012/03/30 19:26:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/30 19:21:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/30 19:21:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/30 19:21:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/30 19:21:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/30 19:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/30 19:15:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/30 19:07:33 | 004,450,054 | R--- | C] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2012/03/30 18:51:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/30 18:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\tdsskiller
[2012/03/29 18:04:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\bootkit_remover
[2012/03/29 17:28:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
[2012/03/27 21:18:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Rob\Start Menu\Programs\Administrative Tools
[2012/03/27 20:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\topic58138_files
[2012/03/26 17:28:57 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012/03/26 17:28:52 | 000,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012/03/26 17:28:52 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012/03/26 17:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor
[2012/03/26 17:28:46 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012/03/26 17:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2012/03/26 17:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/26 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\PC Tools
[2012/03/26 17:28:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/26 17:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\Downloads
[2012/03/26 17:08:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\GetRightToGo
[2012/03/26 16:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012/03/26 16:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Desktop\Download Removal Tool _ Cleanpcguide.com_files
[2012/03/26 16:31:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rob\Recent
[2012/03/26 11:52:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/03/12 13:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\My Documents\Canon Pixma MP470
[2012/03/11 13:36:17 | 000,000,000 | ---D | C] -- C:\MCT
[2012/03/11 13:36:16 | 000,315,392 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\MCTCIDUtil.exe
[2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil06.exe
[2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil05.exe
[2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil04.exe
[2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil03.exe
[2012/03/11 13:35:59 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil02.exe
[2012/03/11 13:35:58 | 000,253,952 | ---- | C] (Magic Control Technology Corporation) -- C:\WINDOWS\System32\trutil01.exe
[2012/03/11 13:35:58 | 000,245,760 | ---- | C] (Generic Provider) -- C:\WINDOWS\System32\Patch.exe
[2012/03/11 13:35:57 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xVGAUSB64.sys
[2012/03/11 13:35:57 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0764.sys
[2012/03/11 13:35:57 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xvgausb.sys
[2012/03/11 13:35:56 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0664.sys
[2012/03/11 13:35:56 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB07.sys
[2012/03/11 13:35:55 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0564.sys
[2012/03/11 13:35:55 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0464.sys
[2012/03/11 13:35:55 | 000,044,800 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB0364.sys
[2012/03/11 13:35:55 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB06.sys
[2012/03/11 13:35:55 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB05.sys
[2012/03/11 13:35:55 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB04.sys
[2012/03/11 13:35:55 | 000,034,944 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xUSB03.sys
[2012/03/11 13:35:53 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xVGAMINI64.sys
[2012/03/11 13:35:53 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xVgaMini.sys
[2012/03/11 13:35:52 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI64.sys
[2012/03/11 13:35:52 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0764.sys
[2012/03/11 13:35:52 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xVGADISP64.dll
[2012/03/11 13:35:52 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xVgaDisp.dll
[2012/03/11 13:35:51 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI07.sys
[2012/03/11 13:35:50 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0664.sys
[2012/03/11 13:35:50 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0564.sys
[2012/03/11 13:35:50 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI06.sys
[2012/03/11 13:35:49 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI05.sys
[2012/03/11 13:35:48 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0464.sys
[2012/03/11 13:35:48 | 000,272,896 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI0364.sys
[2012/03/11 13:35:48 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI04.sys
[2012/03/11 13:35:48 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMINI03.sys
[2012/03/11 13:35:47 | 000,247,680 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMrMini.sys
[2012/03/11 13:35:46 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0764.dll
[2012/03/11 13:35:46 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0664.dll
[2012/03/11 13:35:46 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0564.dll
[2012/03/11 13:35:46 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP07.dll
[2012/03/11 13:35:46 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP06.dll
[2012/03/11 13:35:46 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP05.dll
[2012/03/11 13:35:45 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0764.sys
[2012/03/11 13:35:45 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0464.dll
[2012/03/11 13:35:45 | 000,090,112 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP0364.dll
[2012/03/11 13:35:45 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP04.dll
[2012/03/11 13:35:45 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDISP03.dll
[2012/03/11 13:35:45 | 000,065,792 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xMrDisp.dll
[2012/03/11 13:35:44 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0664.sys
[2012/03/11 13:35:44 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI07.sys
[2012/03/11 13:35:44 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI06.sys
[2012/03/11 13:35:43 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0564.sys
[2012/03/11 13:35:43 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0464.sys
[2012/03/11 13:35:43 | 000,279,040 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI0364.sys
[2012/03/11 13:35:43 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI05.sys
[2012/03/11 13:35:43 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI04.sys
[2012/03/11 13:35:42 | 000,253,056 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\xMINI03.sys
[2012/03/11 13:35:42 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0764.dll
[2012/03/11 13:35:42 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0664.dll
[2012/03/11 13:35:42 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP07.dll
[2012/03/11 13:35:42 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP06.dll
[2012/03/11 13:35:41 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0564.dll
[2012/03/11 13:35:41 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0464.dll
[2012/03/11 13:35:41 | 000,119,296 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP0364.dll
[2012/03/11 13:35:41 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP05.dll
[2012/03/11 13:35:41 | 000,085,120 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\xDISP04.dll
[2012/03/11 13:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Tritton
[2012/03/11 13:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\InstallShield
[2012/03/11 12:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/09 23:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/03/09 23:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/03/09 22:57:57 | 000,000,000 | ---D | C] -- C:\ATI
[2012/03/09 22:57:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Keyboard
[2012/03/09 22:57:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/03/09 22:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob\Start Menu\Programs\Dell Inc
[2012/03/06 07:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/06 07:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/05 16:17:02 | 000,000,000 | ---D | C] -- C:\TRITTON_uv100_8.0.1.0229.1153
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/02 14:55:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/02 14:53:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 14:53:05 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 14:22:15 | 093,337,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/04/02 14:16:57 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/31 22:18:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe
[2012/03/31 21:18:05 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/31 21:14:42 | 000,026,242 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\avghistory.csv
[2012/03/31 21:00:58 | 000,450,985 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\GrantPerms.zip
[2012/03/30 20:57:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/30 19:26:54 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2012/03/30 19:07:50 | 004,450,054 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2012/03/30 18:47:32 | 002,048,299 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\tdsskiller.zip
[2012/03/29 18:03:05 | 000,044,607 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\bootkit_remover.zip
[2012/03/29 18:02:09 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\MBR.dat
[2012/03/29 17:29:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
[2012/03/29 16:29:20 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/27 20:01:52 | 000,095,851 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\topic58138.html
[2012/03/27 10:35:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/03/26 18:40:59 | 000,002,404 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/26 17:51:41 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/26 17:28:51 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2012/03/26 16:59:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/03/26 16:52:03 | 000,022,608 | ---- | M] () -- C:\Documents and Settings\Rob\Desktop\Download Removal Tool _ Cleanpcguide.com.htm
[2012/03/25 18:39:01 | 000,439,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/03/25 13:33:36 | 000,000,000 | ---- | M] () -- C:\hpfr3420.xml
[2012/03/11 20:37:48 | 000,029,863 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\build shelves.jpg
[2012/03/11 18:02:01 | 000,114,210 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\V1 Valentine One Radar Dector Wire Repair for Cigarette Plug.jpg
[2012/03/11 17:57:18 | 000,009,402 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\standard phone wiring.jpg
[2012/03/11 17:57:18 | 000,005,325 | ---- | M] () -- C:\Documents and Settings\Rob\My Documents\reversed end for V1 Valentine One radar detector.jpg
[2012/03/11 13:07:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012/03/11 13:07:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012/03/11 09:10:18 | 000,496,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/11 09:10:18 | 000,083,224 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/06 07:11:18 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/05 16:36:00 | 000,002,396 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/31 21:18:05 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/31 21:18:04 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/31 21:14:42 | 000,026,242 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\avghistory.csv
[2012/03/31 21:00:54 | 000,450,985 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\GrantPerms.zip
[2012/03/30 19:26:54 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2012/03/30 19:26:47 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/30 19:21:15 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/30 19:21:15 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/30 19:21:15 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/30 19:21:15 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/30 19:21:15 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/30 18:47:25 | 002,048,299 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\tdsskiller.zip
[2012/03/29 18:03:03 | 000,044,607 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\bootkit_remover.zip
[2012/03/29 18:02:09 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\MBR.dat
[2012/03/27 20:01:48 | 000,095,851 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\topic58138.html
[2012/03/26 17:55:49 | 1609,646,080 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/26 17:51:40 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/26 17:28:57 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2012/03/26 17:28:52 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2012/03/26 17:28:52 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2012/03/26 17:28:51 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2012/03/26 17:28:46 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2012/03/26 16:59:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/03/26 16:52:01 | 000,022,608 | ---- | C] () -- C:\Documents and Settings\Rob\Desktop\Download Removal Tool _ Cleanpcguide.com.htm
[2012/03/26 12:05:42 | 000,002,404 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/11 20:37:48 | 000,029,863 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\build shelves.jpg
[2012/03/11 18:00:50 | 000,114,210 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\V1 Valentine One Radar Dector Wire Repair for Cigarette Plug.jpg
[2012/03/11 17:57:18 | 000,005,325 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\reversed end for V1 Valentine One radar detector.jpg
[2012/03/11 17:51:53 | 000,009,402 | ---- | C] () -- C:\Documents and Settings\Rob\My Documents\standard phone wiring.jpg
[2012/03/11 13:07:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01009.Wdf
[2012/03/11 13:07:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/07/10 20:48:47 | 000,070,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/24 23:10:59 | 000,302,718 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2052111302-1060284298-682003330-1003-0.dat
[2011/06/24 05:12:35 | 000,302,718 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/27 16:00:01 | 000,001,560 | -HS- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
[2011/05/27 16:00:01 | 000,001,560 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
[2011/05/14 23:48:55 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
[2011/05/14 23:48:54 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
[2011/04/15 23:06:22 | 001,375,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/04 21:13:20 | 000,102,400 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2011/04/04 20:45:55 | 000,409,037 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\census.cache
[2011/04/04 20:40:12 | 000,208,090 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\ars.cache
[2011/04/04 19:55:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\housecall.guid.cache
[2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\4555zz.ini
[2011/03/14 14:50:33 | 000,114,933 | ---- | C] () -- C:\Program Files\Common Files\Theme_Slate_theme.thmx
[2011/03/05 09:37:53 | 000,002,256 | ---- | C] () -- C:\WINDOWS\current_settings.bin
[2010/09/23 21:55:58 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/09/23 21:53:58 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/08/30 19:18:23 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010/04/05 00:23:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\prvlcl.dat

========== LOP Check ==========

[2012/03/24 07:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/11/23 06:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/11/29 09:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/09/28 21:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2010/11/29 09:26:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/24 17:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/12/02 18:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/09/01 13:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2010/09/23 21:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2011/01/06 23:03:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/19 22:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/05/25 22:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/04/02 14:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/28 20:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2009/03/18 18:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Palo Alto Software
[2009/03/18 18:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PAS
[2011/01/06 23:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/01/04 02:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/01/02 22:53:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/03/15 20:44:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/12 13:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/17 22:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/10 19:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/14 16:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\AVG Secure Search
[2011/11/23 05:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\AVG2012
[2011/02/27 12:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\BitComet
[2010/08/09 21:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Windows Desktop Search
[2012/02/11 20:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\Windows Search
[2009/11/14 19:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Ashampoo
[2011/11/23 05:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AVG Secure Search
[2011/11/23 05:50:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\AVG2012
[2011/12/04 16:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\BitComet
[2012/03/11 12:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/29 21:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011/11/21 17:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\DAEMON Tools Lite
[2010/02/02 00:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Facebook
[2010/07/29 20:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GARMIN
[2012/03/26 17:36:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\GetRightToGo
[2009/11/29 14:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\IObit
[2011/03/04 23:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\OpenCandy
[2009/03/18 18:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Palo Alto Software
[2010/01/02 21:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Styler
[2011/03/28 19:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\SystemRequirementsLab
[2010/09/01 13:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Ulead Systems
[2009/03/15 13:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Windows Desktop Search
[2009/03/15 15:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob\Application Data\Windows Search
[2009/07/02 04:24:26 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1238293067.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/05/25 22:50:19 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/12/02 18:04:53 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2011/09/13 20:57:23 | 000,023,871 | ---- | M] () -- C:\ashampoo-acdw-log.txt
[2009/03/14 22:47:50 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/06 22:34:22 | 000,000,876 | ---- | M] () -- C:\bar.emf
[2011/04/04 18:28:36 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2012/03/30 19:26:54 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/04/02 15:18:29 | 000,021,293 | ---- | M] () -- C:\ComboFix.txt
[2009/03/14 22:47:50 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/09/23 07:04:55 | 000,001,255 | ---- | M] () -- C:\Cucu_Video_log.txt
[2012/04/02 14:53:05 | 1609,646,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/25 13:33:36 | 000,000,000 | ---- | M] () -- C:\hpfr3420.xml
[2012/03/25 13:33:39 | 000,082,095 | ---- | M] () -- C:\hpfr3425.log
[2009/03/14 22:47:50 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/09/03 06:55:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/03/14 22:47:50 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
[2002/01/05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2009/03/15 11:12:38 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/03/15 12:17:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/04/02 14:53:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2012/03/30 18:54:55 | 000,095,870 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_30.03.2012_18.49.25_log.txt
[2008/04/30 16:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/03/14 22:47:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/10/01 19:34:19 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/03/14 15:23:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/03/14 15:23:09 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/03/14 15:23:09 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/03/15 12:22:50 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/03/15 12:29:58 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/03/14 21:59:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/03/29 17:29:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Rob\Desktop\aswMBR.exe
[2012/03/30 19:07:50 | 004,450,054 | R--- | M] (Swearware) -- C:\Documents and Settings\Rob\Desktop\ComboFix.exe
[2012/03/31 22:18:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >
[2008/04/23 15:48:24 | 000,114,933 | ---- | M] () -- C:\Program Files\Common Files\Theme_Slate_theme.thmx

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2011/10/30 15:18:52 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2002/08/29 06:00:00 | 000,000,065 | RH-- | M] () -- C:\WINDOWS\tasks\desktop.ini
[2009/07/02 04:24:26 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1238293067.job
[2012/03/27 10:35:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/04/02 15:18:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/03/15 12:29:58 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Rob\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2009/07/17 11:55:36 | 000,300,848 | ---- | M] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe
[2011/04/13 15:58:51 | 000,009,068 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/04/02 15:32:25 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Rob\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/29 06:00:00 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 13:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 13:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/29 06:00:00 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/29 06:00:00 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/29 06:00:00 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 13:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 12:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-08 13:41:46

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aw8c2276)
  IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
  IE - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
  O3 - HKU\S-1-5-21-2052111302-1060284298-682003330-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
  O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
  O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
  [2011/05/27 16:00:01 | 000,001,560 | -HS- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\s7846w86gi86yo4j3444wfp8hl
  [2011/05/27 16:00:01 | 000,001,560 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s7846w86gi86yo4j3444wfp8hl
  [2011/05/14 23:48:55 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
  [2011/05/14 23:48:54 | 000,001,408 | -HS- | C] () -- C:\Documents and Settings\Rob\Local Settings\Application Data\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
  [2011/03/29 22:33:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rob\Application Data\4555zz.ini
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[parkcitytrainer]

As per your instructions I copy and pasted the exact code into OTL and clicked the Run Fix button at the top. I had shut down Malwarebytes ans all service that I could associated with AVG prior to this. After clicking the Run Fix button the messages displayed in OTL were:

Killing processes. DO NOT INTERRUPT...

I let this run for over 90 minutes to no avail. Everything locked up but the ability to move the curser via mouse. After rebooting I attempted a second time with the same results.

I was able to download and install the most current version of Java and remove all old versions.

Ran Security Check and will post results.

Ran Farbar Service Scanner and will post results.

Ran Temp File Cleaner and again locked up system. Had to reboot.

Will run ESET online scanner after posting results of Security Check and Farbar.

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Spyware Doctor 7.0
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 31
Out of date Java installed!
Adobe Reader X (10.1.2)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


Farbar Service Scanner Version: 01-03-2012
Ran by Rob (administrator) on 02-04-2012 at 23:39:19
Running from "C:\Documents and Settings\Rob\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) pctgntdi(9) PSched(7) Tcpip(4)
0x09000000050000000100000002000000030000000400000009000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

[parkcitytrainer]

ESET Scan results

C:\Documents and Settings\Rob\My Documents\Downloads\The_Complete_Unabridged_Anne_Rice_Collection___1759597_6758.exe Win32/Adware.1ClickDownload application deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\wanusb.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir Win32/Sirefef.DA trojan cleaned by deleting - quarantined

 

[Broni]

Run OTL fix from safe mode.