Solved Google Redirect-Tried Everything: Please HELP!

Status
Not open for further replies.
C

coolm19

Posts: 17   +0
I’m having issues with a Google redirect malware/virus. I have run the following programs with their results:

Malware Bytes, Super Anti Spyware, I-Obit: No unusual results

AVG and Avira Antivirus: No unusual results

Spy No More:
Spyware Name/Category/Location

Trojan/Trojan/HKEY_CURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

Trojan.Oficla.Is/Trojan/C:\Users\mwilson\AppData\Local\Temp\BCD.tmp

windrv.sys/Search Hijacker/C:\Windows\system32\windrv.sys

Internet Explorer Hijacker/Altered Setting/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplore.exe

I thought after removing these my issue would be fixed, but it’s not. I have just gone through the 8 posted preliminary removal instructions and pasted the logs below.

Gmer Log: Empty

Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org

Database version: 6398

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

4/20/2011 4:24:39 PM
mbam-log-2011-04-20 (16-24-39).txt

Scan type: Quick scan
Objects scanned: 189037
Time elapsed: 4 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mmartin at 16:20:49.97 on Wed 04/20/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2011 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Business Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Business Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\rundll32.exe
C:\Windows\system32\atashost.exe
C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Intel\AMT\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
c:\Windows\system32\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\mwilson\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = hxxp://172.16.24.*;http://192.168.244.*;http://10.224.224.*;http://172.16.28.*;http://172.16.29.*;https://earchive.*
uInternet Settings,ProxyServer = adserver03.indiana.in1stbank.com:3128
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwMkup.exe /Station
mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\SoundMAX.exe" /tray
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} - hxxps://ftp.raddon.com/COM/MOVEitUploadWizard5.0.0.ocx
DPF: {0E409091-0585-415E-88B9-820BDC57094C} - hxxps://filetransfer.opensolutions.com/COM/MOVEitUploadWizard5.5.0.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mwilson\appdata\roaming\mozilla\firefox\profiles\b172519m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-7-13 43920]
R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2009-7-13 45056]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-19 312152]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-5-22 2062872]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-12-7 17984]
R3 agloifob;agloifob;C:\agloifob.sys [2011-4-20 100480]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]
R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2009-7-13 14848]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-29 38224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-21 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-4-18 161144]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-19 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-15 1343400]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2011-04-20 20:17:30 100480 ----a-w- C:\agloifob.sys
2011-04-20 18:58:34 -------- d-----w- c:\program files\SpyNoMore
2011-04-20 13:24:27 -------- d-----w- c:\users\mwilson\appdata\local\ElevatedDiagnostics
2011-04-19 17:17:55 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 17:17:55 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-19 17:17:55 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-19 17:17:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-19 16:08:29 -------- d-----w- c:\windows\system32\SPReview
2011-04-19 16:05:59 859648 ----a-w- c:\windows\system32\dsadmin.dll
2011-04-19 16:04:59 7680 ----a-w- c:\windows\system32\spwizres.dll
2011-04-19 16:03:45 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-19 16:03:45 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-19 14:11:25 -------- d-----w- c:\program files\CCleaner
2011-04-19 12:44:14 -------- d-----w- c:\users\mwilson\appdata\roaming\IObit
2011-04-19 12:44:05 -------- d-----w- c:\progra~2\IObit
2011-04-19 12:44:01 -------- d-----w- c:\program files\IObit
2011-04-19 07:00:24 -------- d-----w- C:\7c93843c302316bf28868b650e
2011-04-18 20:03:02 -------- d-----w- c:\program files\KODAK
2011-04-18 17:43:52 90112 --sha-r- c:\windows\system32\wlangpui8.dll
2011-04-18 13:45:33 -------- d-----w- c:\windows\idmu
2011-04-18 13:45:31 -------- d-----w- c:\windows\ADAM
2011-04-18 13:35:04 -------- d-----w- c:\program files\Hyper-V
2011-04-18 13:35:00 -------- d-----w- c:\windows\system32\Windows System Resource Manager
2011-04-18 13:34:57 627712 ----a-w- c:\windows\system32\gpprefbr.dll
2011-04-18 13:34:52 2548736 ----a-w- c:\windows\system32\propshts.dll
2011-04-18 13:34:49 225280 ----a-w- c:\windows\system32\gpregistrybrowser.dll
2011-04-18 13:34:48 166400 ----a-w- c:\windows\system32\gpprefcn.dll
2011-04-18 13:34:47 4342784 ----a-w- c:\windows\system32\gppref.dll
2011-04-18 13:34:41 -------- d-----w- c:\windows\Cluster
2011-04-18 13:34:41 -------- d-----w- C:\inetpub
2011-04-18 13:07:22 110456 ----a-w- c:\users\mwilson\g2ax_customer_downloadhelper_win32_x86.exe
2011-04-15 20:38:54 -------- d-----w- c:\windows\system32\BestPractices
2011-04-15 19:34:37 18944 ----a-w- c:\windows\system32\certpick.dll
2011-04-15 19:34:12 6656 ----a-w- c:\windows\system32\nfsclusrc.dll
2011-04-15 19:34:10 138240 ----a-w- c:\windows\system32\cluster.exe
2011-04-15 19:33:52 80384 ----a-w- c:\windows\system32\vmclusex.dll
2011-04-15 19:33:51 856064 ----a-w- c:\windows\system32\Microsoft.Storage.SanMmc.dll
2011-04-15 19:33:21 98304 ----a-w- c:\windows\system32\mtedit.exe
2011-04-15 19:33:11 13824 ----a-w- c:\windows\system32\dfscmd.exe
2011-04-15 19:33:11 11776 ----a-w- c:\windows\system32\redirusr.exe
2011-04-15 19:33:11 11776 ----a-w- c:\windows\system32\redircmp.exe
2011-04-15 19:33:01 53248 ----a-w- c:\windows\system32\wlbs.exe
2011-04-15 19:33:01 53248 ----a-w- c:\windows\system32\nlb.exe
2011-04-15 19:32:48 46592 ----a-w- c:\windows\system32\gpfixup.exe
2011-04-15 19:32:31 70656 ----a-w- c:\windows\system32\netdom.exe
2011-04-15 19:32:23 59392 ----a-w- c:\windows\system32\Volshext.dll
2011-04-15 19:32:23 393216 ----a-w- c:\windows\system32\DfsrHelper.dll
2011-04-15 19:32:23 33280 ----a-w- c:\windows\system32\avolprop.dll
2011-04-15 19:31:41 98304 ----a-w- c:\windows\system32\SanMgmtR.dll
2011-04-15 19:31:41 22528 ----a-w- c:\windows\system32\StorageRes.dll
2011-04-15 19:29:30 258048 ----a-w- c:\windows\DfsrAdmin.exe
2011-04-15 19:29:16 73728 ----a-w- c:\windows\system32\srmlib.dll
2011-04-15 19:29:16 10752 ----a-w- c:\windows\system32\Interop.DfsrHelper.dll
2011-04-15 19:15:07 -------- d-----w- c:\windows\Panther
2011-04-15 19:12:37 -------- d-----w- c:\windows\system32\Wat
2011-04-15 19:04:21 -------- d--h--w- C:\$WINDOWS.~Q
2011-04-15 18:58:06 65536 ----a-w- c:\windows\system32\a3d.dll
2011-04-15 18:58:06 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys
2011-04-15 18:58:06 259648 ----a-w- c:\windows\system32\drivers\smwdm.sys
2011-04-15 18:58:06 133200 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2011-04-15 18:58:00 -------- d-----w- C:\SoundmaxDrivers
2011-04-15 18:49:58 -------- d--h--w- C:\$INPLACE.~TR
2011-04-15 18:19:52 -------- d-----w- c:\windows\pss
2011-04-15 17:33:44 -------- d-----w- c:\users\mwilson\appdata\local\VirtualStore
2011-04-15 17:33:22 -------- d-sh--w- C:\Recovery
2011-04-15 16:43:19 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 16:43:18 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 16:43:18 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 16:43:14 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 16:43:08 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 16:43:08 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 16:43:04 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-04-15 16:43:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 16:43:04 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 16:42:38 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 16:42:37 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-04-15 16:42:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-15 16:41:54 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-04-15 16:41:07 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 16:41:05 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 16:41:05 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 16:39:55 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 16:25:57 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-15 15:20:54 -------- d-----w- c:\progra~2\SonicFocus
2011-04-15 15:20:53 -------- d-----w- c:\program files\Analog Devices
2011-04-14 20:33:51 -------- d-----w- C:\cf8e69e39a84a7179a95e0ec9f9a1e01
2011-04-11 13:33:30 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-04-08 20:01:09 -------- d-----w- c:\users\mwilson\appdata\local\Microsoft Corporation
.
==================== Find3M ====================
.
2011-04-19 16:12:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-11 23:26:38 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2011-02-11 23:26:32 137752 ----a-w- c:\windows\system32\igfxtray.exe
2011-02-11 23:26:30 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-02-11 23:26:30 172568 ----a-w- c:\windows\system32\igfxpers.exe
2011-02-11 23:26:28 179224 ----a-w- c:\windows\system32\igfxext.exe
2011-02-11 23:26:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
2011-02-11 23:26:22 3157528 ----a-w- c:\windows\system32\GfxUI.exe
2011-02-11 23:20:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 23:12:16 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2011-02-11 23:09:48 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2011-02-11 23:04:40 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-11 22:51:10 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
2011-02-11 22:41:30 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2011-02-11 22:41:30 195584 ----a-w- c:\windows\system32\igfxpph.dll
2011-02-11 22:41:30 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-02-11 22:41:28 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-11 22:41:12 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-11 22:40:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
2011-02-11 22:40:48 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-11 22:40:42 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-02-11 22:40:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-02-11 22:40:38 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-02-11 22:40:38 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-02-11 22:40:38 228864 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-11 22:35:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2011-02-11 22:35:00 147456 ----a-w- c:\windows\system32\iglhcp32.dll
2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 16:22:33.86 ===============


Attach Log.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/15/2011 1:33:23 PM
System Uptime: 4/20/2011 4:13:35 PM (0 hours ago)
.
Motherboard: Intel Corporation | | DQ45CB
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | LGA775 | 2497/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 158.257 GiB free.
D: is CDROM ()
H: is NetworkDisk (NTFS) - 62 GiB total, 1.279 GiB free.
O: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
P: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
Q: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&FA6E15C&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&FA6E15C&0&1
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP BiDi Channel Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 9.4.3 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
CCleaner
Cooking Aficionado Professional 3.1
Distributed Document Services Component
eWebEditPro 4 Client
FBViewerCtrl
File Renamer - Basic
Google Update Helper
GoToAssist Customer 1.5.0.274
GoToAssist Expert 1.5.0.274
GoToMeeting 4.5.0.457
Host OpenAL (ADI)
Intel Reseller Tracking Utility
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections 13.1.4.0
Intel® Active Management Technology
IObit Security 360
Java Auto Updater
KODAK Capture Pro Software Find and View
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.1
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
OGA Notifier 2.0.0048.0
OneTouch 4.0
PaperPort 9.0
PrimoPDF
QuickTime
RiskID Communicator
Scanner Utility for Microsoft Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Software Operation Panel
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
SpyNoMore 2.98
SUPERAntiSpyware Free Edition
U3Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
VCRedistSetup
Vid-Center (Build 18223)
WebEx
Windows Media Player Firefox Plugin
ZipGenius 6 (6.3.1.2590)
.
==== End Of File ===========================


Please help, I'm out of options.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

You're running two AV programs, Avira and AVG.
One of them has to go.
If AVG (preferably), use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools

Then.....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here is the log from MBRcheck. I had an issue running ComboFix that I explain below.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer: GLEDist
System Product Name:
Logical Drives Mask: 0x0001c08c

Kernel Drivers (total 199):
0x82C40000 \SystemRoot\system32\ntkrnlpa.exe
0x82C09000 \SystemRoot\system32\halmacpi.dll
0x80BA8000 \SystemRoot\system32\kdcom.dll
0x8322C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832B1000 \SystemRoot\system32\PSHED.dll
0x832C2000 \SystemRoot\system32\BOOTVID.dll
0x832CA000 \SystemRoot\system32\CLFS.SYS
0x8330C000 \SystemRoot\system32\CI.dll
0x8382F000 \SystemRoot\system32\drivers\Wdf01000.sys
0x838A0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x838AE000 \SystemRoot\system32\drivers\ACPI.sys
0x838F6000 \SystemRoot\system32\drivers\WMILIB.SYS
0x838FF000 \SystemRoot\system32\drivers\msisadrv.sys
0x83907000 \SystemRoot\system32\drivers\pci.sys
0x83931000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8393C000 \SystemRoot\System32\drivers\partmgr.sys
0x8394D000 \SystemRoot\system32\drivers\volmgr.sys
0x8395D000 \SystemRoot\System32\drivers\volmgrx.sys
0x839A8000 \SystemRoot\system32\drivers\pciide.sys
0x839AF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x839BD000 \SystemRoot\System32\drivers\mountmgr.sys
0x839D3000 \SystemRoot\system32\drivers\vmbus.sys
0x83800000 \SystemRoot\system32\drivers\winhv.sys
0x83812000 \SystemRoot\system32\drivers\atapi.sys
0x833B7000 \SystemRoot\system32\drivers\ataport.SYS
0x8381B000 \SystemRoot\system32\DRIVERS\aic78xx.sys
0x833DA000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x83200000 \SystemRoot\system32\drivers\amdxata.sys
0x83A25000 \SystemRoot\system32\drivers\fltmgr.sys
0x83A59000 \SystemRoot\system32\drivers\fileinfo.sys
0x83A6A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x83B99000 \SystemRoot\System32\Drivers\msrpc.sys
0x83BC4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B224000 \SystemRoot\System32\Drivers\cng.sys
0x8B281000 \SystemRoot\System32\drivers\pcw.sys
0x8B28F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B298000 \SystemRoot\system32\drivers\ndis.sys
0x8B34F000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B38D000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B401000 \SystemRoot\System32\drivers\tcpip.sys
0x8B54B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B57C000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8B585000 \SystemRoot\system32\drivers\volsnap.sys
0x8B5C4000 \SystemRoot\System32\Drivers\spldr.sys
0x8B5CC000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B3B2000 \SystemRoot\System32\Drivers\mup.sys
0x8B3C2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B3CA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B200000 \SystemRoot\system32\DRIVERS\disk.sys
0x83BD7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x83209000 \SystemRoot\system32\drivers\cdrom.sys
0x8B5F9000 \SystemRoot\System32\Drivers\Null.SYS
0x90805000 \SystemRoot\System32\Drivers\Beep.SYS
0x9080C000 \SystemRoot\System32\drivers\vga.sys
0x90818000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90839000 \SystemRoot\System32\drivers\watchdog.sys
0x90846000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x9084E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90856000 \SystemRoot\system32\drivers\rdprefmp.sys
0x9085E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90869000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90877000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9088E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9089A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x908CC000 \SystemRoot\system32\drivers\afd.sys
0x90926000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9092D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9094C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9095A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9096D000 \SystemRoot\system32\drivers\termdd.sys
0x9097E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x909A0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x909A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x909E7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x909F1000 \SystemRoot\system32\drivers\mssmbios.sys
0x90C10000 \SystemRoot\System32\drivers\discache.sys
0x90C1C000 \SystemRoot\system32\drivers\csc.sys
0x90C80000 \SystemRoot\System32\Drivers\dfsc.sys
0x90C98000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90CA6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x91419000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91D39000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x90CC7000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91DF0000 \SystemRoot\system32\DRIVERS\HECI.sys
0x90D00000 \SystemRoot\system32\DRIVERS\serial.sys
0x91400000 \SystemRoot\system32\DRIVERS\serenum.sys
0x90D1A000 \SystemRoot\system32\DRIVERS\e1k6032.sys
0x9140A000 \SystemRoot\system32\drivers\usbuhci.sys
0x90D46000 \SystemRoot\system32\drivers\USBPORT.SYS
0x90D91000 \SystemRoot\system32\drivers\usbehci.sys
0x90DA0000 \SystemRoot\system32\drivers\HDAudBus.sys
0x90DBF000 \SystemRoot\system32\DRIVERS\scsiscan.sys
0x90DC9000 \SystemRoot\system32\drivers\1394ohci.sys
0x90DF6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x90C00000 \SystemRoot\system32\drivers\tpm.sys
0x97229000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9723B000 \SystemRoot\system32\drivers\CompositeBus.sys
0x97248000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9725A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x97272000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9727D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9729F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x972B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x972CE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x972E5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x972EF000 \SystemRoot\system32\drivers\kbdclass.sys
0x972FC000 \SystemRoot\system32\drivers\mouclass.sys
0x97309000 \SystemRoot\system32\drivers\swenum.sys
0x9730B000 \SystemRoot\system32\drivers\ks.sys
0x9733F000 \SystemRoot\system32\drivers\umbus.sys
0x9734D000 \SystemRoot\system32\drivers\usbhub.sys
0x97391000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8201A000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8207A000 \SystemRoot\system32\drivers\portcls.sys
0x820A9000 \SystemRoot\system32\drivers\drmk.sys
0x98CF0000 \SystemRoot\System32\win32k.sys
0x820C2000 \SystemRoot\System32\drivers\Dxapi.sys
0x820CC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x820D9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x820E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x820ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x820FE000 \SystemRoot\system32\drivers\usbccgp.sys
0x82115000 \SystemRoot\system32\drivers\USBD.SYS
0x82117000 \SystemRoot\system32\drivers\hidusb.sys
0x82122000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x82135000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x8213C000 \SystemRoot\system32\drivers\kbdhid.sys
0x82148000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82153000 \SystemRoot\system32\DRIVERS\point32k.sys
0x8215E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98F50000 \SystemRoot\System32\TSDDD.dll
0x98F80000 \SystemRoot\System32\cdd.dll
0x98FA0000 \SystemRoot\System32\ATMFD.DLL
0x82169000 \SystemRoot\system32\drivers\luafv.sys
0x82184000 \SystemRoot\system32\drivers\WudfPf.sys
0x8219E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x821AE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9922F000 \SystemRoot\system32\drivers\HTTP.sys
0x992B4000 \SystemRoot\system32\DRIVERS\bowser.sys
0x992CD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x992DF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99302000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9933D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99370000 \SystemRoot\System32\drivers\aspi32.sys
0x9A024000 \SystemRoot\system32\drivers\peauth.sys
0x9A0BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9A0C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A0E6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9A0F3000 \SystemRoot\system32\WinFLdrv.sys
0x9A0FB000 \??\C:\Windows\system32\WinVd32.sys
0x9A127000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A177000 \SystemRoot\System32\DRIVERS\srv.sys
0x9A1D3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9A1DC000 \??\C:\Users\mwilson\AppData\Local\Temp\agloifob.sys
0x9A1F5000 \??\C:\Users\mwilson\AppData\Local\Temp\mbr.sys
0x9A000000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x99374000 \SystemRoot\System32\Drivers\avgldx86.sys
0x993A8000 \SystemRoot\System32\Drivers\avgtdix.sys
0x9A006000 \SystemRoot\System32\Drivers\avgrkx86.sys
0x9A012000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x777D0000 \Windows\System32\ntdll.dll
0x47FF0000 \Windows\System32\smss.exe
0x77A10000 \Windows\System32\apisetschema.dll
0x00F00000 \Windows\System32\autochk.exe
0x779E0000 \Windows\System32\imm32.dll
0x77630000 \Windows\System32\setupapi.dll
0x77430000 \Windows\System32\iertutil.dll
0x77990000 \Windows\System32\gdi32.dll
0x77980000 \Windows\System32\normaliz.dll
0x773A0000 \Windows\System32\oleaut32.dll
0x772D0000 \Windows\System32\msctf.dll
0x77960000 \Windows\System32\sechost.dll
0x77950000 \Windows\System32\lpk.dll
0x77190000 \Windows\System32\urlmon.dll
0x77030000 \Windows\System32\ole32.dll
0x76FB0000 \Windows\System32\comdlg32.dll
0x76360000 \Windows\System32\shell32.dll
0x77920000 \Windows\System32\imagehlp.dll
0x762C0000 \Windows\System32\advapi32.dll
0x76260000 \Windows\System32\shlwapi.dll
0x761B0000 \Windows\System32\msvcrt.dll
0x760E0000 \Windows\System32\user32.dll
0x76040000 \Windows\System32\usp10.dll
0x75FB0000 \Windows\System32\clbcatq.dll
0x75EB0000 \Windows\System32\wininet.dll
0x75E70000 \Windows\System32\ws2_32.dll
0x77910000 \Windows\System32\psapi.dll
0x75E60000 \Windows\System32\nsi.dll
0x75E10000 \Windows\System32\Wldap32.dll
0x75D60000 \Windows\System32\rpcrt4.dll
0x75C80000 \Windows\System32\kernel32.dll
0x75C20000 \Windows\System32\difxapi.dll
0x75BD0000 \Windows\System32\KernelBase.dll
0x75B40000 \Windows\System32\comctl32.dll
0x75B20000 \Windows\System32\devobj.dll
0x75AF0000 \Windows\System32\cfgmgr32.dll
0x759D0000 \Windows\System32\crypt32.dll
0x759A0000 \Windows\System32\wintrust.dll
0x75990000 \Windows\System32\msasn1.dll

Processes (total 71):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
372 csrss.exe
424 C:\Windows\System32\wininit.exe
436 csrss.exe
476 C:\Windows\System32\services.exe
492 C:\Windows\System32\lsass.exe
500 C:\Windows\System32\lsm.exe
568 C:\Windows\System32\winlogon.exe
656 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
1080 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1416 C:\Windows\System32\spoolsv.exe
1424 C:\Windows\System32\taskeng.exe
1460 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\AEADISRV.EXE
1596 C:\Windows\System32\rundll32.exe
1620 C:\Windows\System32\atashost.exe
1664 C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
1696 C:\Windows\System32\inetsrv\inetinfo.exe
1728 C:\Program Files\IObit\IObit Security 360\is360srv.exe
1784 C:\Program Files\Intel\AMT\LMS.exe
1832 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
1924 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
312 C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
420 C:\Windows\System32\IoctlSvc.exe
752 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
1028 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1344 C:\Windows\System32\svchost.exe
1208 C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
2340 C:\Windows\System32\svchost.exe
2492 C:\Windows\System32\svchost.exe
3032 C:\Windows\System32\dwm.exe
3092 C:\Windows\explorer.exe
3120 C:\Windows\System32\taskhost.exe
3580 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3636 C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
3644 C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
3676 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3688 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3696 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
3752 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3784 C:\Windows\System32\hkcmd.exe
3804 C:\Windows\System32\igfxpers.exe
3980 C:\ProgramData\U3\U3Launcher\LaunchU3.exe
2880 C:\Windows\System32\SearchIndexer.exe
4356 C:\Program Files\AVG\AVG9\avgwdsvc.exe
5052 C:\Program Files\AVG\AVG9\avgam.exe
6084 C:\Program Files\AVG\AVG9\avgnsx.exe
2352 C:\Program Files\AVG\AVG9\avgrsx.exe
1040 C:\Program Files\AVG\AVG9\avgchsvx.exe
352 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3136 C:\Program Files\AVG\AVG9\avgtray.exe
5444 C:\Program Files\AVG\AVG9\avgcsrvx.exe
5392 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2136 C:\Windows\System32\wuauclt.exe
5188 C:\Windows\System32\audiodg.exe
5304 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
3728 C:\Program Files\AVG\AVG9\avgcsrvx.exe
5088 C:\Program Files\Mozilla Firefox\firefox.exe
5320 C:\Program Files\Mozilla Firefox\plugin-container.exe
5960 C:\Windows\System32\SearchProtocolHost.exe
3572 <unknown>
2044 C:\Users\mwilson\Desktop\MBRCheck.exe
5748 C:\Windows\System32\conhost.exe
4752 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 4.AAA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!





Combo Fix Issue:

I uninstalled AVG and Avira (using Add/Remove Programs) and also using each programs removal tool. When launching combofix it said that it still noticed both as active real time scanners. I tried running combofix in safe mode also and it said the same thing. I did bypass this error and let combofix run in safe mode but get the following error:
'Error saving file..., Continue with next file? [RegCreateKeyEx: 5 - Access is denied]

Any recommendations on what to do? Try the rkill steps?
 
It does that repeatedly for each file. Just continue through each until it finishes and post the log?
 
ComboFix 11-04-21.04 - mmartin 04/22/2011 8:07.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2169 [GMT -4:00]
Running from: c:\users\mwilson\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Business Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: AVG Anti-Virus Business Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\mwilson\AppData\Roaming\.#
c:\users\mwilson\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\mwilson\g2ax_expert_downloadhelper_win32_x86.exe
c:\users\mwilson\g2mdlhlpx.exe
c:\windows\system32\bidisp.dll
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\system32\XY_msvbvm60.dll
.
----- BITS: Possible infected sites -----
.
hxxp://exch07mod03.indiana.in1stbank.com
.
((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
.
.
2011-04-22 12:11 . 2011-04-22 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-21 19:13 . 2011-04-21 19:13 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-04-21 14:10 . 2011-04-21 14:10 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-04-20 20:17 . 2011-04-20 20:17 100480 ----a-w- C:\agloifob.sys
2011-04-20 18:58 . 2011-04-20 19:30 -------- d-----w- c:\program files\SpyNoMore
2011-04-19 17:17 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-19 17:17 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-19 17:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-19 17:17 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-19 16:08 . 2011-04-19 16:08 -------- d-----w- c:\windows\system32\SPReview
2011-04-19 16:05 . 2010-11-20 12:21 1010688 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-04-19 16:04 . 2010-11-20 12:07 2048 ----a-w- c:\windows\system32\tzres.dll
2011-04-19 16:03 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-19 16:03 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-19 14:11 . 2011-04-19 14:11 -------- d-----w- c:\program files\CCleaner
2011-04-19 12:44 . 2011-04-19 12:44 -------- d-----w- c:\programdata\IObit
2011-04-19 12:44 . 2011-04-19 14:53 -------- d-----w- c:\program files\IObit
2011-04-19 07:00 . 2011-04-19 07:00 -------- d-----w- C:\7c93843c302316bf28868b650e
2011-04-18 20:03 . 2011-04-18 20:03 -------- d-----w- c:\program files\KODAK
2011-04-18 17:43 . 2011-04-18 17:43 90112 --sha-r- c:\windows\system32\wlangpui8.dll
2011-04-18 13:45 . 2011-04-18 13:45 -------- d-----w- c:\windows\idmu
2011-04-18 13:45 . 2011-04-19 17:00 -------- d-----w- c:\windows\ADAM
2011-04-18 13:35 . 2011-04-19 17:00 -------- d-----w- c:\program files\Hyper-V
2011-04-18 13:35 . 2011-04-18 13:35 -------- d-----w- c:\windows\system32\Windows System Resource Manager
2011-04-18 13:34 . 2011-04-19 16:12 627712 ----a-w- c:\windows\system32\gpprefbr.dll
2011-04-18 13:34 . 2011-04-19 16:12 2548736 ----a-w- c:\windows\system32\propshts.dll
2011-04-18 13:34 . 2011-04-19 16:12 225280 ----a-w- c:\windows\system32\gpregistrybrowser.dll
2011-04-18 13:34 . 2011-04-19 16:12 166400 ----a-w- c:\windows\system32\gpprefcn.dll
2011-04-18 13:34 . 2011-04-19 16:12 4342784 ----a-w- c:\windows\system32\gppref.dll
2011-04-18 13:34 . 2011-04-19 17:00 -------- d-----w- c:\windows\Cluster
2011-04-18 13:34 . 2011-04-18 13:34 -------- d-----w- C:\inetpub
2011-04-15 20:38 . 2011-04-15 20:38 -------- d-----w- c:\windows\system32\BestPractices
2011-04-15 19:34 . 2009-07-14 01:15 18944 ----a-w- c:\windows\system32\certpick.dll
2011-04-15 19:34 . 2009-07-14 01:15 6656 ----a-w- c:\windows\system32\nfsclusrc.dll
2011-04-15 19:34 . 2009-07-14 01:14 138240 ----a-w- c:\windows\system32\cluster.exe
2011-04-15 19:33 . 2009-07-13 23:28 80384 ----a-w- c:\windows\system32\vmclusex.dll
2011-04-15 19:33 . 2009-07-14 01:22 856064 ----a-w- c:\windows\system32\Microsoft.Storage.SanMmc.dll
2011-04-15 19:33 . 2009-07-14 01:26 98304 ----a-w- c:\windows\system32\mtedit.exe
2011-04-15 19:33 . 2009-07-14 01:14 11776 ----a-w- c:\windows\system32\redirusr.exe
2011-04-15 19:33 . 2009-07-14 01:14 11776 ----a-w- c:\windows\system32\redircmp.exe
2011-04-15 19:33 . 2009-07-14 01:14 13824 ----a-w- c:\windows\system32\dfscmd.exe
2011-04-15 19:33 . 2009-07-14 01:14 53248 ----a-w- c:\windows\system32\wlbs.exe
2011-04-15 19:33 . 2009-07-14 01:14 53248 ----a-w- c:\windows\system32\nlb.exe
2011-04-15 19:32 . 2009-07-14 01:14 46592 ----a-w- c:\windows\system32\gpfixup.exe
2011-04-15 19:32 . 2009-07-14 01:14 70656 ----a-w- c:\windows\system32\netdom.exe
2011-04-15 19:32 . 2009-07-14 01:16 59392 ----a-w- c:\windows\system32\Volshext.dll
2011-04-15 19:32 . 2009-07-14 01:16 33280 ----a-w- c:\windows\system32\avolprop.dll
2011-04-15 19:32 . 2009-07-14 01:15 393216 ----a-w- c:\windows\system32\DfsrHelper.dll
2011-04-15 19:31 . 2009-07-14 01:10 22528 ----a-w- c:\windows\system32\StorageRes.dll
2011-04-15 19:31 . 2009-07-14 01:09 98304 ----a-w- c:\windows\system32\SanMgmtR.dll
2011-04-15 19:29 . 2009-07-14 01:19 258048 ----a-w- c:\windows\DfsrAdmin.exe
2011-04-15 19:29 . 2009-07-14 01:26 10752 ----a-w- c:\windows\system32\Interop.DfsrHelper.dll
2011-04-15 19:29 . 2009-07-14 01:25 73728 ----a-w- c:\windows\system32\srmlib.dll
2011-04-15 19:15 . 2011-04-15 17:33 -------- d-----w- c:\windows\Panther
2011-04-15 19:12 . 2011-04-15 19:12 -------- d-----w- c:\windows\system32\Wat
2011-04-15 19:04 . 2011-04-15 16:01 -------- d-----w- C:\$WINDOWS.~Q
2011-04-15 18:58 . 2004-09-01 18:18 259648 ----a-w- c:\windows\system32\drivers\smwdm.sys
2011-04-15 18:58 . 2004-05-17 16:23 133200 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2011-04-15 18:58 . 2004-04-26 15:49 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys
2011-04-15 18:58 . 2003-08-20 01:36 65536 ----a-w- c:\windows\system32\a3d.dll
2011-04-15 18:58 . 2011-04-15 18:58 -------- d-----w- C:\SoundmaxDrivers
2011-04-15 18:49 . 2011-04-15 18:58 -------- d-----w- C:\$INPLACE.~TR
2011-04-15 17:33 . 2011-04-15 17:33 -------- d-----w- C:\Recovery
2011-04-15 16:43 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-15 16:43 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-15 16:43 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-15 16:43 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-04-15 16:43 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-15 16:43 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-15 16:43 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 16:43 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 16:43 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-04-15 16:42 . 2011-03-07 05:33 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-15 16:42 . 2011-03-07 05:31 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-04-15 16:42 . 2011-03-07 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-15 16:41 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-04-15 16:41 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-15 16:41 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-15 16:41 . 2010-11-20 12:17 802304 ----a-w- c:\windows\system32\WFS.exe
2011-04-15 16:39 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-04-15 16:25 . 2011-04-21 19:14 -------- d-----w- c:\windows\system32\wbem\Performance
2011-04-15 15:52 . 2011-04-15 15:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-04-15 15:20 . 2011-04-15 15:20 -------- d-----w- c:\programdata\SonicFocus
2011-04-15 15:20 . 2011-04-15 15:25 -------- d-----w- c:\program files\Analog Devices
2011-04-14 20:33 . 2011-04-14 20:37 -------- d-----w- C:\cf8e69e39a84a7179a95e0ec9f9a1e01
2011-04-13 19:02 . 2011-04-13 19:02 40984 ----a-w- c:\windows\system32\drivers\point32.sys
2011-04-12 17:01 . 2011-04-12 17:01 45464 ----a-w- c:\windows\system32\drivers\dc3d.sys
2011-04-11 13:33 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2011-04-09 03:02 . 2011-04-09 03:02 391168 ----a-w- c:\windows\system32\itpcoin815.dll
2011-04-09 03:02 . 2011-04-09 03:02 390656 ----a-w- c:\windows\system32\ipcoin815.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-19 16:12 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-11 23:26 . 2011-02-11 23:26 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2011-02-11 23:26 . 2011-02-11 23:26 137752 ----a-w- c:\windows\system32\igfxtray.exe
2011-02-11 23:26 . 2011-02-11 23:26 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-02-11 23:26 . 2011-02-11 23:26 172568 ----a-w- c:\windows\system32\igfxpers.exe
2011-02-11 23:26 . 2011-02-11 23:26 179224 ----a-w- c:\windows\system32\igfxext.exe
2011-02-11 23:26 . 2011-02-11 23:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
2011-02-11 23:26 . 2011-02-11 23:26 3157528 ----a-w- c:\windows\system32\GfxUI.exe
2011-02-11 23:20 . 2011-02-11 23:20 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 23:12 . 2011-02-11 23:12 9036800 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2011-02-11 23:12 . 2011-02-11 23:12 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2011-02-11 23:09 . 2011-02-11 23:09 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2011-02-11 23:04 . 2010-08-26 00:23 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-11 22:51 . 2011-02-11 22:51 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-02-11 22:44 . 2011-02-11 22:44 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-02-11 22:44 . 2011-02-11 22:44 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-02-11 22:44 . 2011-02-11 22:44 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-02-11 22:44 . 2011-02-11 22:44 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-02-11 22:44 . 2011-02-11 22:44 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-02-11 22:44 . 2011-02-11 22:44 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2011-02-11 22:44 . 2011-02-11 22:44 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-02-11 22:44 . 2011-02-11 22:44 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-02-11 22:41 . 2011-02-11 22:41 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2011-02-11 22:41 . 2011-02-11 22:41 195584 ----a-w- c:\windows\system32\igfxpph.dll
2011-02-11 22:41 . 2011-02-11 22:41 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-02-11 22:41 . 2011-02-11 22:41 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-11 22:41 . 2010-08-25 23:59 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-11 22:40 . 2011-02-11 22:40 130048 ----a-w- c:\windows\system32\igfxdo.dll
2011-02-11 22:40 . 2010-08-25 23:59 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-11 22:40 . 2011-02-11 22:40 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-02-11 22:40 . 2011-02-11 22:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-02-11 22:40 . 2011-02-11 22:40 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-02-11 22:40 . 2011-02-11 22:40 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-02-11 22:40 . 2011-02-11 22:40 228864 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-11 22:35 . 2011-02-11 22:35 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2011-02-11 22:35 . 2011-02-11 22:35 147456 ----a-w- c:\windows\system32\iglhcp32.dll
2011-02-03 02:40 . 2010-06-01 11:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-18 17:53 . 2011-04-19 15:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2007-12-14 131072]
"FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2007-09-28 118784]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2003-05-04 40960]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2003-05-04 57393]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-24 780824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-06-24 1310720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-7-17 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2011-04-18 13:07 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Error Recovery Guide.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk
backup=c:\windows\pss\Error Recovery Guide.lnk.CommonStartup
backupExtension=.CommonStartup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 135664]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe Start=service [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2011-04-19 12872]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-15 1343400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-04-19 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2011-04-19 67656]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-09-24 43920]
S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2007-03-08 45056]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-06-24 2062872]
S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-12-07 17984]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\DRIVERS\scsiscan.sys [2009-07-14 14848]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - AvgRkx86
*Deregistered* - AvgTdiX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 19:58]
.
2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 19:58]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = hxxp://172.16.24.*;http://192.168.244.*;http://10.224.224.*;http://172.16.28.*;http://172.16.29.*;https://earchive.*
uInternet Settings,ProxyServer = adserver03.indiana.in1stbank.com:3128
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} - hxxps://ftp.raddon.com/COM/MOVEitUploadWizard5.0.0.ocx
DPF: {0E409091-0585-415E-88B9-820BDC57094C} - hxxps://filetransfer.opensolutions.com/COM/MOVEitUploadWizard5.5.0.ocx
FF - ProfilePath - c:\users\mwilson\AppData\Roaming\Mozilla\Firefox\Profiles\b172519m.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - adserver03.indiana.in1stbank.com
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\AEADISRV.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Visioneer\OneTouch 4.0\OtService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\programdata\U3\U3Launcher\LaunchU3.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2011-04-22 08:16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-22 12:16
.
Pre-Run: 164,618,887,168 bytes free
Post-Run: 164,530,507,776 bytes free
.
- - End Of File - - 45B0E5F23DC56B7F3FDE9EA1A1DE5C69
 
Looks good now.

How is redirection?

You can reinstall ONE of your AV programs now.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The redirection was still happening after I ran combofix. It's not doing it now, but its hit or miss throughout the day to begin with.

OTL Extras logfile created on: 4/22/2011 11:50:28 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mwilson\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 150.53 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
Drive H: | 61.52 Gb Total Space | 1.27 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
Drive O: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
Drive P: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
Drive Q: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS

Computer Name: ITASSIST-0609 | User Name: mmartin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F52A3FF-AA13-44E3-A9AD-9581215AE9D6}" = FBViewerCtrl
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.1.4.0
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{34D54195-9A21-4A54-AEB9-A1DF268054D4}" = KODAK Capture Pro Software Find and View
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2BB796-A02C-4AD5-847C-0FC307EB79D1}" = OneTouch 4.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISSTDR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
"{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94ECA004-8B62-45E8-B83D-A85F61A1F0B9}" = eWebEditPro 4 Client
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-1033-F400-BA7E-000000000004}_943" = Adobe Acrobat 9.4.3 - CPSID_83708
"{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C3674C4D-3846-4D9A-8FF4-7397B58AA99E}" = RiskID Communicator
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E64404F1-98DC-4CC8-A1A7-EF36E4E21033}" = Nero 8 Essentials
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EBED57B3-DD9C-4CCC-84F7-2F9B77D51765}" = Intel Reseller Tracking Utility
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.3.1.2590)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FDCE9C15-EB45-11D5-89C7-0050DA162A25}" = PaperPort 9.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"BSI Document Services" = Distributed Document Services Component
"CCleaner" = CCleaner
"Cooking Aficionado_is1" = Cooking Aficionado Professional 3.1
"File Renamer - Basic" = File Renamer - Basic
"GoToAssist Express Customer" = GoToAssist Customer 1.5.0.274
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"IObit Security 360_is1" = IObit Security 360
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"PrimoPDF4.0.1" = PrimoPDF
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSetDX" = Intel(R) Network Connections 13.1.4.0
"Software Operation Panel" = Software Operation Panel
"SpyNoMore" = SpyNoMore 2.98
"Vid-Center_is1" = Vid-Center (Build 18223)
"VISSTDR" = Microsoft Office Visio Standard 2007

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToAssist Express Expert" = GoToAssist Expert 1.5.0.274
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Part 1 of OTL

OTL logfile created on: 4/22/2011 11:50:28 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mwilson\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 150.53 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
Drive H: | 61.52 Gb Total Space | 1.27 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
Drive O: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
Drive P: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
Drive Q: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS

Computer Name: ITASSIST-0609 | User Name: mmartin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/22 11:47:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2011/04/22 11:47:03 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2011/04/22 11:47:03 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2011/04/22 11:47:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2011/04/22 11:47:02 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/04/22 11:47:02 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2011/04/22 11:47:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2011/04/22 11:47:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
PRC - [2009/09/24 16:05:41 | 000,043,920 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/07/13 21:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2008/06/24 05:42:29 | 002,062,872 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/06/24 05:42:25 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/06/24 05:42:06 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/12/21 13:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2007/12/14 10:01:24 | 000,131,072 | ---- | M] (FUJITSU LIMITED) -- C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
PRC - [2007/10/23 09:45:40 | 001,336,632 | ---- | M] () -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
PRC - [2007/09/28 00:38:04 | 000,118,784 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe


========== Modules (SafeList) ==========

MOD - [2011/04/22 11:47:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2011/04/22 11:47:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2011/04/22 11:47:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2011/04/18 09:07:41 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe -- (GoToAssist Express Customer)
SRV - [2011/04/15 15:12:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/02/04 12:33:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/24 16:05:41 | 000,043,920 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/06/24 05:42:29 | 002,062,872 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2008/06/24 05:42:25 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2008/06/24 05:42:06 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/12/21 13:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
SRV - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/04/22 11:47:20 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2011/04/22 11:47:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/04/22 11:47:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2011/04/22 11:47:05 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/04/19 09:15:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2011/04/19 09:15:52 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/19 09:15:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/12/07 11:21:17 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\WinVd32.sys -- (WinVd32)
DRV - [2009/12/07 11:21:16 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 20:14:43 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 18:02:52 | 000,164,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress) Intel(R)
DRV - [2008/06/24 05:42:34 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2008/02/21 00:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/07/06 12:16:12 | 000,064,000 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aic78xx.sys -- (aic78xx)
DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\senfilt.sys -- (senfilt)
DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 AE 09 A9 13 79 CA 01 [binary data]
IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://172.16.24.*;http://192.168.2...16.28.*;http://172.16.29.*;https://earchive.*
IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = adserver03.indiana.in1stbank.com:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.ftp: "adserver03.indiana.in1stbank.com"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "adserver03.indiana.in1stbank.com"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "http://172.16.24.*,http://192.168.244.*,http://10.224.224.*,http://172.16.28.*,http://172.16.29.*,https://earchive.*"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "adserver03.indiana.in1stbank.com"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "adserver03.indiana.in1stbank.com"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/04/22 11:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/19 11:26:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 10:03:53 | 000,000,000 | ---D | M]

[2011/04/19 11:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mwilson\AppData\Roaming\mozilla\Extensions
[2011/04/20 14:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/15 11:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/04/15 11:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/15 11:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/15 11:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2011/04/15 11:28:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/09/24 16:01:59 | 000,061,840 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/22 08:14:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} https://ftp.raddon.com/COM/MOVEitUploadWizard5.0.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {0E409091-0585-415E-88B9-820BDC57094C} https://filetransfer.opensolutions.com/COM/MOVEitUploadWizard5.5.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.224.224.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Indiana.in1stbank.com
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll - C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\mwilson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\mwilson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
Part 2 of OTL

========== Files/Folders - Created Within 30 Days ==========

[2011/04/22 11:47:20 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011/04/22 11:47:20 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011/04/22 11:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 9.0
[2011/04/22 11:47:19 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011/04/22 11:47:11 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011/04/22 11:47:05 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011/04/22 11:47:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2011/04/22 11:46:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
[2011/04/22 08:16:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/04/22 08:11:44 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\temp
[2011/04/22 08:05:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/21 15:49:14 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Desktop\Administrative Tools
[2011/04/21 15:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2011/04/21 15:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011/04/21 10:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2011/04/21 10:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2011/04/21 08:29:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/21 08:29:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/21 08:29:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/21 08:21:42 | 000,367,616 | ---- | C] (Avira GmbH) -- C:\Users\mwilson\Desktop\removaltool-win32-en.exe
[2011/04/21 08:21:11 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\mwilson\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/04/21 08:19:29 | 006,343,736 | ---- | C] (OPSWAT, Inc.) -- C:\Users\mwilson\Desktop\AppRemover.exe
[2011/04/21 08:19:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/20 16:17:30 | 000,100,480 | ---- | C] (GMER) -- C:\agloifob.sys
[2011/04/20 16:10:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\mwilson\Desktop\TFC.exe
[2011/04/20 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/04/20 14:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2011/04/20 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
[2011/04/20 14:52:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/20 09:24:27 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\ElevatedDiagnostics
[2011/04/19 12:08:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011/04/19 12:05:10 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011/04/19 10:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/19 10:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/19 08:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Security 360
[2011/04/19 08:44:14 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Roaming\IObit
[2011/04/19 08:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2011/04/19 08:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/04/19 03:00:24 | 000,000,000 | ---D | C] -- C:\7c93843c302316bf28868b650e
[2011/04/18 16:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak Capture Software Find and View
[2011/04/18 16:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\KODAK
[2011/04/18 09:45:33 | 000,000,000 | ---D | C] -- C:\Windows\idmu
[2011/04/18 09:45:31 | 000,000,000 | ---D | C] -- C:\Windows\ADAM
[2011/04/18 09:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hyper-V
[2011/04/18 09:35:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\Windows System Resource Manager
[2011/04/18 09:34:41 | 000,000,000 | ---D | C] -- C:\inetpub
[2011/04/18 09:34:41 | 000,000,000 | ---D | C] -- C:\Windows\Cluster
[2011/04/15 16:38:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2011/04/15 16:36:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/04/15 15:15:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2011/04/15 15:12:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2011/04/15 15:04:21 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
[2011/04/15 14:58:00 | 000,000,000 | ---D | C] -- C:\SoundmaxDrivers
[2011/04/15 14:49:58 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
[2011/04/15 14:19:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/15 13:35:30 | 000,000,000 | -H-D | C] -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/04/15 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\VirtualStore
[2011/04/15 13:33:22 | 000,000,000 | ---D | C] -- C:\Recovery
[2011/04/15 11:22:18 | 000,000,000 | --SD | C] -- C:\Users\mwilson\AppData\Roaming\Microsoft
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Videos
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Saved Games
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Pictures
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Music
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Links
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Favorites
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Downloads
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Documents
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Desktop
[2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\AppData\Local\Temporary Internet Files
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Templates
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Start Menu
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\SendTo
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Recent
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\PrintHood
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\NetHood
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Documents\My Videos
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Documents\My Pictures
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Documents\My Music
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\My Documents
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Local Settings
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\AppData\Local\History
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Cookies
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Application Data
[2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\AppData\Local\Application Data
[2011/04/15 11:22:18 | 000,000,000 | -H-D | C] -- C:\Users\mwilson\AppData
[2011/04/15 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\Microsoft
[2011/04/15 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Roaming\Media Center Programs
[2011/04/15 11:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2011/04/15 11:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2011/04/15 11:18:11 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011/04/14 16:33:51 | 000,000,000 | ---D | C] -- C:\cf8e69e39a84a7179a95e0ec9f9a1e01
[2011/04/08 16:01:09 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\Microsoft Corporation
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009/06/02 14:59:44 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll

========== Files - Modified Within 30 Days ==========

[2011/04/22 11:48:56 | 074,985,920 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/04/22 11:47:20 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2011/04/22 11:47:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2011/04/22 11:47:20 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2011/04/22 11:47:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011/04/22 11:47:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2011/04/22 11:47:05 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011/04/22 11:47:05 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2011/04/22 11:47:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
[2011/04/22 11:24:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/22 09:26:03 | 000,000,556 | ---- | M] () -- C:\Windows\ABSBM.INI
[2011/04/22 08:21:04 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 08:21:04 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/22 08:17:42 | 000,678,326 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/22 08:17:42 | 000,126,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/22 08:14:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/04/22 08:13:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/22 08:13:55 | 000,000,174 | ---- | M] () -- C:\Windows\hpbafd.ini
[2011/04/22 08:13:33 | 000,422,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/22 08:13:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/22 08:12:53 | 2384,326,656 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/22 08:05:32 | 004,326,658 | R--- | M] () -- C:\Users\mwilson\Desktop\ComboFix.exe
[2011/04/21 15:13:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011/04/21 10:09:56 | 011,473,440 | ---- | M] () -- C:\Users\mwilson\Desktop\BankManager_April_2011.EXE
[2011/04/21 10:09:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/04/21 08:21:43 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Users\mwilson\Desktop\removaltool-win32-en.exe
[2011/04/21 08:21:14 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\mwilson\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/04/21 08:19:47 | 006,343,736 | ---- | M] (OPSWAT, Inc.) -- C:\Users\mwilson\Desktop\AppRemover.exe
[2011/04/21 08:09:26 | 000,080,384 | ---- | M] () -- C:\Users\mwilson\Desktop\MBRCheck.exe
[2011/04/20 16:20:49 | 000,625,664 | ---- | M] () -- C:\Users\mwilson\Desktop\dds.scr
[2011/04/20 16:17:30 | 000,100,480 | ---- | M] (GMER) -- C:\agloifob.sys
[2011/04/20 16:17:14 | 000,301,568 | ---- | M] () -- C:\Users\mwilson\Desktop\7viucd7q.exe
[2011/04/20 16:11:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\TFC.exe
[2011/04/20 14:58:35 | 000,000,947 | ---- | M] () -- C:\Users\mwilson\Desktop\SpyNoMore.lnk
[2011/04/20 14:48:32 | 000,004,024 | ---- | M] () -- C:\Users\mwilson\AppData\Roaming\mainhst.zgh
[2011/04/19 11:26:17 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/19 11:26:17 | 000,001,098 | ---- | M] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/19 11:20:26 | 000,001,419 | ---- | M] () -- C:\Users\mwilson\Desktop\Internet Explorer.lnk
[2011/04/19 11:19:46 | 000,001,413 | ---- | M] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/19 10:11:26 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/19 08:44:19 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2011/04/18 16:03:02 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Find-and-View.lnk
[2011/04/18 15:24:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/04/18 13:58:51 | 000,148,771 | ---- | M] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\remotedesktop.msc
[2011/04/18 13:43:52 | 000,090,112 | RHS- | M] () -- C:\Windows\System32\wlangpui8.dll
[2011/04/18 13:23:26 | 000,006,506 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/04/18 09:50:18 | 000,000,485 | ---- | M] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Administrative Tools - Shortcut.lnk
[2011/04/18 09:45:30 | 000,000,435 | ---- | M] () -- C:\Windows\System32\dsac.exe.config
[2011/04/18 09:34:33 | 000,001,315 | ---- | M] () -- C:\Windows\DfsrAdmin.exe.config
[2011/04/18 09:34:33 | 000,001,311 | ---- | M] () -- C:\Windows\System32\DfsMgmt.dll.config
[2011/04/18 09:32:16 | 000,001,996 | -H-- | M] () -- C:\Users\mwilson\Documents\Default.rdp
[2011/04/15 15:14:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/04/15 13:33:44 | 000,003,152 | RHS- | M] () -- C:\Users\mwilson\ntuser.pol
[2011/04/15 12:17:48 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/04/15 11:59:01 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
[2011/04/15 11:21:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
[2011/04/15 10:45:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/15 10:45:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/15 10:06:56 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011/04/15 10:06:56 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
[2011/04/15 10:06:18 | 000,002,325 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2011/04/04 11:02:54 | 000,005,977 | ---- | M] () -- C:\Users\mwilson\AppData\Roaming\PrimoPDFSet.xml
[2011/04/04 11:01:03 | 000,002,889 | ---- | M] () -- C:\Users\mwilson\Desktop\Microsoft Office Document Imaging.lnk
[2011/04/01 09:46:08 | 000,002,355 | ---- | M] () -- C:\Users\mwilson\Desktop\PaperPort.lnk
[2011/03/30 13:00:36 | 002,498,560 | ---- | M] () -- C:\Users\mwilson\Documents\DVRs.mdb

========== Files Created - No Company Name ==========

[2011/04/22 11:47:20 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2011/04/22 11:47:05 | 074,985,920 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/04/22 11:47:05 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2011/04/21 15:13:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
[2011/04/21 10:09:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2011/04/21 10:08:39 | 011,473,440 | ---- | C] () -- C:\Users\mwilson\Desktop\BankManager_April_2011.EXE
[2011/04/21 08:29:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/21 08:29:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/21 08:29:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/21 08:29:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/21 08:29:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/21 08:09:10 | 000,080,384 | ---- | C] () -- C:\Users\mwilson\Desktop\MBRCheck.exe
[2011/04/20 16:20:41 | 000,625,664 | ---- | C] () -- C:\Users\mwilson\Desktop\dds.scr
[2011/04/20 16:16:43 | 000,301,568 | ---- | C] () -- C:\Users\mwilson\Desktop\7viucd7q.exe
[2011/04/20 14:58:35 | 000,000,947 | ---- | C] () -- C:\Users\mwilson\Desktop\SpyNoMore.lnk
[2011/04/20 14:50:16 | 004,326,658 | R--- | C] () -- C:\Users\mwilson\Desktop\ComboFix.exe
[2011/04/19 13:15:08 | 000,001,098 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/19 12:06:09 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/04/19 12:05:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/19 12:05:04 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011/04/19 12:04:59 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011/04/19 11:26:17 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/19 11:26:17 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/19 11:20:26 | 000,001,419 | ---- | C] () -- C:\Users\mwilson\Desktop\Internet Explorer.lnk
[2011/04/19 11:19:46 | 000,001,419 | ---- | C] () -- C:\Users\mwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/04/19 11:19:46 | 000,001,413 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/04/19 10:11:26 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/04/19 08:44:19 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
[2011/04/18 16:03:02 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Find-and-View.lnk
[2011/04/18 15:24:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011/04/18 13:43:52 | 000,090,112 | RHS- | C] () -- C:\Windows\System32\wlangpui8.dll
[2011/04/18 13:27:50 | 000,148,771 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\remotedesktop.msc
[2011/04/18 09:50:18 | 000,000,485 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Administrative Tools - Shortcut.lnk
[2011/04/18 09:45:39 | 000,000,435 | ---- | C] () -- C:\Windows\System32\dsac.exe.config
[2011/04/18 09:34:47 | 000,001,311 | ---- | C] () -- C:\Windows\System32\DfsMgmt.dll.config
[2011/04/18 09:34:41 | 000,001,315 | ---- | C] () -- C:\Windows\DfsrAdmin.exe.config
[2011/04/15 15:34:38 | 000,097,194 | ---- | C] () -- C:\Windows\System32\SanMmc.msc
[2011/04/15 15:34:26 | 000,150,924 | ---- | C] () -- C:\Windows\System32\CluAdmin.msc
[2011/04/15 15:34:12 | 000,063,978 | ---- | C] () -- C:\Windows\System32\tsadmin.msc
[2011/04/15 15:33:41 | 000,144,646 | ---- | C] () -- C:\Windows\System32\dssite.msc
[2011/04/15 15:33:39 | 000,144,380 | ---- | C] () -- C:\Windows\System32\adsiedit.msc
[2011/04/15 15:33:10 | 000,151,743 | ---- | C] () -- C:\Windows\System32\FailoverClusters.SnapInHelper.msc
[2011/04/15 15:32:58 | 000,146,080 | ---- | C] () -- C:\Windows\System32\gptedit.msc
[2011/04/15 15:32:48 | 000,004,988 | ---- | C] () -- C:\Windows\System32\delegwiz.inf
[2011/04/15 15:32:47 | 000,033,652 | ---- | C] () -- C:\Windows\System32\StorExpl.msc
[2011/04/15 15:32:42 | 000,144,951 | ---- | C] () -- C:\Windows\System32\domain.msc
[2011/04/15 15:32:31 | 000,268,640 | ---- | C] () -- C:\Windows\System32\dfsrHealthReport.xsl
[2011/04/15 15:32:31 | 000,155,741 | ---- | C] () -- C:\Windows\System32\dfsrPropagationReport.xsl
[2011/04/15 15:31:52 | 000,145,017 | ---- | C] () -- C:\Windows\System32\dsa.msc
[2011/04/15 15:31:44 | 000,042,131 | ---- | C] () -- C:\Windows\System32\tsmmc.msc
[2011/04/15 15:31:42 | 000,115,308 | ---- | C] () -- C:\Windows\System32\ServerManager.msc
[2011/04/15 15:31:32 | 000,146,694 | ---- | C] () -- C:\Windows\System32\dhcpmgmt.msc
[2011/04/15 15:30:52 | 000,108,940 | ---- | C] () -- C:\Windows\System32\StorageMgmt.msc
[2011/04/15 15:30:35 | 000,115,778 | ---- | C] () -- C:\Windows\System32\WSRM.msc
[2011/04/15 15:30:03 | 000,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
[2011/04/15 15:30:03 | 000,001,048 | ---- | C] () -- C:\Windows\System32\SetupNfsIdMap.exe.config
[2011/04/15 15:30:03 | 000,000,989 | ---- | C] () -- C:\Windows\System32\NfsConfigGuide.exe.config
[2011/04/15 15:30:03 | 000,000,940 | ---- | C] () -- C:\Windows\System32\ProvisionShare.exe.config
[2011/04/15 15:30:03 | 000,000,933 | ---- | C] () -- C:\Windows\System32\ProvisionStorage.exe.config
[2011/04/15 15:30:02 | 000,145,867 | ---- | C] () -- C:\Windows\System32\dnsmgmt.msc
[2011/04/15 15:29:51 | 000,146,446 | ---- | C] () -- C:\Windows\System32\gpmc.msc
[2011/04/15 15:29:50 | 000,146,712 | ---- | C] () -- C:\Windows\System32\gpme.msc
[2011/04/15 15:29:35 | 000,055,953 | ---- | C] () -- C:\Windows\System32\dfsmgmt.msc
[2011/04/15 13:33:44 | 000,003,152 | RHS- | C] () -- C:\Users\mwilson\ntuser.pol
[2011/04/15 13:33:27 | 000,006,506 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/15 12:20:00 | 2384,326,656 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/15 11:59:01 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/04/15 11:22:18 | 000,000,290 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/04/15 11:21:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/04/15 11:21:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/04/15 11:21:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
[2011/04/15 11:20:16 | 000,011,136 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/15 11:20:16 | 000,011,136 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/17 09:26:20 | 000,013,824 | ---- | C] () -- C:\Windows\System32\BM_SMTPMail.dll
[2010/08/16 14:30:29 | 000,004,024 | ---- | C] () -- C:\Users\mwilson\AppData\Roaming\mainhst.zgh
[2010/07/21 14:52:43 | 000,000,229 | ---- | C] () -- C:\Windows\IPSSETUP.INI
[2010/04/01 11:42:56 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/18 09:34:06 | 000,000,702 | ---- | C] () -- C:\Windows\Bank.ini
[2010/01/20 17:09:37 | 000,171,020 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/12/28 11:28:42 | 000,000,019 | ---- | C] () -- C:\Windows\System32\scins.dll
[2009/12/07 11:21:17 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
[2009/12/07 11:21:16 | 000,017,984 | ---- | C] () -- C:\Windows\System32\WinFLdrv.sys
[2009/12/07 11:21:16 | 000,007,680 | ---- | C] () -- C:\Windows\System32\WinFLsrv.exe
[2009/12/07 11:21:16 | 000,000,990 | -HS- | C] () -- C:\Users\mwilson\AppData\Roaming\systemfl.$dk
[2009/08/05 14:36:25 | 000,121,393 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2009/08/04 16:17:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,422,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,678,326 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,126,342 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 15:56:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0409.dll
[2009/07/13 15:56:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6240ex0411.dll
[2009/07/13 15:53:17 | 000,000,712 | R--- | C] () -- C:\Windows\FJTWSTI.INI
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0416.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0410.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex040C.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0407.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0410.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex040C.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0409.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0407.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0416.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0410.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex040C.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0409.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0407.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0416.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0410.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex040C.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0409.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0407.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0410.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex040C.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0409.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0407.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0416.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0410.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex040C.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0409.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0407.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60fex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0410.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex040C.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0407.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0C0A.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0419.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0416.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0410.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex040C.dll
[2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0407.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6240ex0412.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230Tex0412.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230Tex0411.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230ex0412.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230ex0411.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6140ex0412.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6140ex0411.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130Tex0412.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130Tex0411.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130ex0412.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130ex0411.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi60Fex0409.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0412.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0411.dll
[2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0409.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6240ex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6240ex0404.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230Tex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230Tex0404.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230ex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230ex0404.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6140ex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6140ex0404.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130Tex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130Tex0404.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130ex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130ex0404.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi60Fex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi60Fex0411.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5900Xex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5900ex0804.dll
[2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5900ex0404.dll
[2009/07/13 15:53:13 | 000,172,032 | ---- | C] () -- C:\Windows\System32\fi4530ex.dll
[2009/07/13 15:53:13 | 000,167,936 | ---- | C] () -- C:\Windows\System32\fi4220ex.dll
[2009/07/13 15:53:13 | 000,167,936 | ---- | C] () -- C:\Windows\System32\fi4120ex.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0419.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0419.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0409.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0419.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0409.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0419.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0409.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0419.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0409.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0419.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0409.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi4340ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi4340ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi4340ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi4340ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi42202ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi42202ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi42202ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi42202ex0407.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi41202ex0C0A.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi41202ex0410.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi41202ex040C.dll
[2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi41202ex0407.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900Xex0412.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900Xex0411.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900Xex0409.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5750ex0409.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5650ex0419.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5650ex0409.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5530ex0412.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5530ex0411.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi55302ex0412.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi55302ex0411.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5220ex0412.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5220ex0411.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5120ex0412.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5120ex0411.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5110ex0411.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0c0a.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0419.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0410.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex040C.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0409.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0407.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4340ex0409.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex0C0A.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex0410.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex040C.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex0409.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex0407.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi42202ex0409.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex0C0A.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex0410.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex040C.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex0409.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex0407.dll
[2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi41202ex0409.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5750ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5750ex0411.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5650ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5650ex0411.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5530ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi55302ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5220ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5120ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5110ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4530ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4530ex0411.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4340ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4340ex0411.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4220ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4220ex0411.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi42202ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi42202ex0411.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4120ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4120ex0411.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi41202ex0804.dll
[2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi41202ex0411.dll
[2009/07/13 15:38:02 | 000,000,423 | ---- | C] () -- C:\Windows\pixcache.ini
[2009/07/13 15:37:32 | 000,000,080 | ---- | C] () -- C:\Windows\setscan.ini
[2009/07/08 09:16:02 | 000,000,224 | ---- | C] () -- C:\Users\mwilson\AppData\Roaming\APUSet.xml
[2009/07/08 09:16:01 | 000,005,977 | ---- | C] () -- C:\Users\mwilson\AppData\Roaming\PrimoPDFSet.xml
[2009/07/02 14:07:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/06/02 16:04:48 | 000,026,337 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/06/02 15:46:32 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/06/02 15:20:05 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2009/06/02 14:59:51 | 000,000,556 | ---- | C] () -- C:\Windows\ABSBM.INI
[2009/06/02 14:59:46 | 000,978,432 | ---- | C] () -- C:\Windows\System32\PG32.DLL
[2009/06/02 14:59:46 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
[2009/06/02 14:59:46 | 000,100,352 | ---- | C] () -- C:\Windows\System32\PG32CONV.DLL
[2009/06/02 14:59:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Absicon.dll
[2009/06/02 14:56:21 | 000,000,049 | ---- | C] () -- C:\Windows\wwwbatch.ini
[2009/06/02 14:45:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/05/22 17:27:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1508.dll
[2009/05/22 17:27:12 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2006/11/06 18:49:36 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
[2006/04/25 16:45:26 | 000,501,440 | ---- | C] () -- C:\Windows\System32\FBIMG.dll
[2006/03/14 15:10:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\VSAnnotationReader.dll
[2005/12/09 16:45:12 | 000,000,028 | ---- | C] () -- C:\Windows\System32\License_IMAGE_SDK_release.dat
[2005/11/01 17:07:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imhost8.dll
[2005/10/26 13:35:40 | 000,000,028 | ---- | C] () -- C:\Windows\System32\License_BARCODE1D_SDK_release.dat
[2005/10/03 12:00:52 | 000,000,028 | ---- | C] () -- C:\Windows\System32\License_ANNOTATION_SDK_release.dat
[2004/10/29 14:10:18 | 000,152,704 | ---- | C] () -- C:\Windows\System32\ekmediatransfer4.dll
[2004/10/29 14:09:10 | 000,271,480 | ---- | C] () -- C:\Windows\System32\ewepoperation4.dll
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
 
Part 3 of OTL

========== LOP Check ==========

[2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Canneverbe Limited
[2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Fujitsu
[2011/04/19 10:53:13 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\IObit
[2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\IrfanView
[2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Leadertech
[2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\LinkManager 4.0
[2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\OneTouch 4.0
[2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\PKWARE
[2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\ScanSoft
[2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Systenance
[2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\UDC Profiles
[2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Xerox
[2011/04/15 11:49:26 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\ZipGenius
[2009/07/14 00:53:46 | 000,007,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/20 16:17:30 | 000,100,480 | ---- | M] (GMER) -- C:\agloifob.sys
[2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/01/24 12:58:09 | 000,475,556 | ---- | M] () -- C:\bar.emf
[2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2011/04/15 15:14:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/22 08:12:53 | 2384,326,656 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/02 14:56:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/21 14:52:43 | 000,001,759 | ---- | M] () -- C:\IPSSetup.log
[2009/06/02 14:56:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/04/22 08:12:59 | 3179,102,208 | -HS- | M] () -- C:\pagefile.sys
[2010/05/06 16:40:13 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
[2010/02/02 17:02:25 | 000,000,133 | ---- | M] () -- C:\Sys_LogWin.log
[2011/04/20 14:49:14 | 000,066,574 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_20.04.2011_14.48.44_log.txt
[2008/09/18 11:56:46 | 000,000,029 | ---- | M] () -- C:\update.abs

< %systemroot%\Fonts\*.com >
[2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/04/04 21:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp5r1.dll
[2008/01/16 18:45:58 | 000,241,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5k4.DLL
[2008/01/19 03:34:30 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >
[2011/04/18 09:34:33 | 000,001,315 | ---- | M] () -- C:\Windows\DfsrAdmin.exe.config

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/16 16:48:01 | 000,000,286 | -HS- | M] () -- C:\Users\mwilson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/04/19 11:19:46 | 000,000,284 | -HS- | M] () -- C:\Users\mwilson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/04/18 13:58:51 | 000,148,771 | ---- | M] () -- C:\Users\mwilson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\remotedesktop.msc

< %USERPROFILE%\Desktop\*.exe >
[2011/04/20 16:17:14 | 000,301,568 | ---- | M] () -- C:\Users\mwilson\Desktop\7viucd7q.exe
[2011/04/21 08:19:47 | 006,343,736 | ---- | M] (OPSWAT, Inc.) -- C:\Users\mwilson\Desktop\AppRemover.exe
[2011/04/21 08:21:14 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\mwilson\Desktop\avg_remover_stf_x86_2011_1322.exe
[2011/04/21 10:09:56 | 011,473,440 | ---- | M] () -- C:\Users\mwilson\Desktop\BankManager_April_2011.EXE
[2011/04/22 08:05:32 | 004,326,658 | R--- | M] () -- C:\Users\mwilson\Desktop\ComboFix.exe
[2011/04/21 08:09:26 | 000,080,384 | ---- | M] () -- C:\Users\mwilson\Desktop\MBRCheck.exe
[2011/04/22 11:47:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
[2011/04/21 08:21:43 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Users\mwilson\Desktop\removaltool-win32-en.exe
[2011/04/20 16:11:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/04/22 08:02:14 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/04/22 08:02:14 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2011/04/15 13:33:27 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2011/04/15 13:33:27 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/04/19 13:13:12 | 000,000,402 | -HS- | M] () -- C:\Users\mwilson\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/18 13:23:26 | 000,006,506 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
File Renamer - Basic Uninstaller.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1997/12/22 20:23:36 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\img:$WIMMOUNTDATA

< End of report >
 
I typicaly use firefox (v4), which it is affecting. It's also affecting IE (v8). It's only several times during the day it happens, sometimes they work fine.

I do recognize all the addresses. They are related to our work network and IP's.
 
OK.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7601 (Service Pack 1)
Number of processors #4
==============================================
>Drivers
==============================================
0x92236000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9568256 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82C01000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
0x82C01000 PnpManager 4268032 bytes
0x82C01000 RAW 4268032 bytes
0x82C01000 WMIxWDM 4268032 bytes
0x98D90000 Win32k 2416640 bytes
0x98D90000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B436000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
0x83A7E000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x91E19000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B288000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x832E6000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9A358000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9A213000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83206000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8383B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x914BD000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x98659000 C:\Windows\system32\drivers\ADIHdAud.sys 393216 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x8B214000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8FB43000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9C2C0000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x9C270000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x98C40000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x91F6E000 C:\Windows\system32\drivers\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83969000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x838BA000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x98604000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x832A4000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x9145C000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B5BA000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B33F000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9A2E6000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8FAD7000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x91ED0000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83013000 ACPI_HAL 225280 bytes
0x83013000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x9154D000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x83A39000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91400000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8B3BA000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8FB11000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B580000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x986B9000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x92B56000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8B408000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x91F37000 C:\Windows\system32\DRIVERS\e1k6032.sys 180224 bytes (Intel Corporation, Intel(R) Gigabit Adapter NDIS 6.x driver)
0x9C244000 C:\Windows\system32\WinVd32.sys 180224 bytes
0x83BAD000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x83913000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x83800000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
0x833C8000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x83A00000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8B37D000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x83391000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9A2C3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x92BCA000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x91434000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x9C20E000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x91581000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FA55000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8FA1C000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x91FC8000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8FBA4000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x98C20000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x987B0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9A321000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91F13000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
0x987CB000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9A298000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x986E8000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x91521000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92BA7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x92200000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x92218000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x915A2000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8FAB4000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x9873D000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x839C9000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x833B4000 C:\Windows\system32\DRIVERS\aic78xx.sys 81920 bytes (Windows (R) Codename Longhorn DDK provider, Adaptec Ultra SCSI miniport)
0x98772000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x83BD8000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x915E1000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8FBD1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x839DF000 00000068 73728 bytes
0x92B95000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x92B83000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0x9A2B1000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x839DF000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
0x8B3EC000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9872C000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x83A6D000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x98648000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x83948000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8328B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8FBE4000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x987E5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B3A2000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x83959000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x91FB9000 C:\Windows\system32\drivers\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x91539000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8FBC3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8FAA6000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x839BB000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8B271000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x915D3000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x838AC000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x91E0C000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x9870B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x915B9000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x915C6000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x9C22F000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8FA76000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8B200000 C:\Windows\System32\Drivers\avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0x914B1000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x98785000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8FACB000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
0x91E00000 C:\Windows\system32\drivers\tpm.sys 49152 bytes (Microsoft Corporation, TPM Device Driver)
0x8FA49000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x98718000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x98767000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x987A5000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x98791000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8FA9B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x92BBF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x91F63000 C:\Windows\system32\drivers\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8393D000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x98756000 C:\Windows\system32\DRIVERS\dc3d.sys 40960 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
0x98701000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x91FF1000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0x91F09000 C:\Windows\system32\DRIVERS\HECI.sys 40960 bytes (Intel Corporation, Intel(R) Management Engine Interface)
0x914A7000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9149D000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x92BEC000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x91FE7000 C:\Windows\system32\DRIVERS\scsiscan.sys 40960 bytes (Microsoft Corporation, SCSI Scanner Driver)
0x9A3EF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x91F2D000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x9C312000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
0x8382A000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x9C386000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x839F1000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x98723000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8B27F000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x9C38F000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9879C000 C:\Windows\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
0x98FF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B5B1000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x83902000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8329C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8B3B2000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B9D000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8390B000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8FA83000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8FA8B000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8FA93000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8B400000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x9C23C000 C:\Windows\system32\WinFLdrv.sys 32768 bytes
0x8FA42000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x98760000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8FA3B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x839B4000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8FB9D000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x91547000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x91456000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x9A354000 C:\Windows\System32\drivers\aspi32.sys 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0x91FFB000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x98754000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x9C346F2E Unknown thread object [ ETHREAD 0x8590F478 ] , 600 bytes
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
No infections found. Log:

2011/04/25 12:55:58.0373 2276 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/25 12:55:58.0739 2276 ================================================================================
2011/04/25 12:55:58.0739 2276 SystemInfo:
2011/04/25 12:55:58.0739 2276
2011/04/25 12:55:58.0739 2276 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/25 12:55:58.0739 2276 Product type: Workstation
2011/04/25 12:55:58.0739 2276 ComputerName: ITASSIST-0609
2011/04/25 12:55:58.0739 2276 UserName: mmartin
2011/04/25 12:55:58.0739 2276 Windows directory: C:\Windows
2011/04/25 12:55:58.0739 2276 System windows directory: C:\Windows
2011/04/25 12:55:58.0739 2276 Processor architecture: Intel x86
2011/04/25 12:55:58.0739 2276 Number of processors: 4
2011/04/25 12:55:58.0739 2276 Page size: 0x1000
2011/04/25 12:55:58.0739 2276 Boot type: Normal boot
2011/04/25 12:55:58.0739 2276 ================================================================================
2011/04/25 12:55:58.0741 2276 SetPrivileges failed!
2011/04/25 12:55:59.0115 2276 Initialize success
2011/04/25 12:56:33.0350 2072 ================================================================================
2011/04/25 12:56:33.0350 2072 Scan started
2011/04/25 12:56:33.0351 2072 Mode: Manual;
2011/04/25 12:56:33.0351 2072 ================================================================================
2011/04/25 12:56:34.0181 2072 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/04/25 12:56:34.0266 2072 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/04/25 12:56:34.0352 2072 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/04/25 12:56:34.0426 2072 ADIHdAudAddService (183de6c1893192dc117510f71bf693a3) C:\Windows\system32\drivers\ADIHdAud.sys
2011/04/25 12:56:34.0510 2072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/25 12:56:34.0594 2072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/25 12:56:34.0690 2072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/25 12:56:34.0805 2072 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\Windows\system32\drivers\aeaudio.sys
2011/04/25 12:56:34.0886 2072 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/04/25 12:56:34.0978 2072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/04/25 12:56:35.0033 2072 aic78xx (cb387d65d0d73cad4d6661c389bd676c) C:\Windows\system32\DRIVERS\aic78xx.sys
2011/04/25 12:56:35.0099 2072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/04/25 12:56:35.0154 2072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/04/25 12:56:35.0211 2072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/04/25 12:56:35.0291 2072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/25 12:56:35.0360 2072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/25 12:56:35.0430 2072 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/04/25 12:56:35.0492 2072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/25 12:56:35.0549 2072 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/04/25 12:56:35.0621 2072 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/04/25 12:56:35.0753 2072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/25 12:56:35.0800 2072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/25 12:56:35.0871 2072 Aspi32 (20d04091eba710f6988f710507d85868) C:\Windows\system32\drivers\aspi32.sys
2011/04/25 12:56:35.0959 2072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/25 12:56:36.0014 2072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/04/25 12:56:36.0138 2072 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2011/04/25 12:56:36.0205 2072 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2011/04/25 12:56:36.0258 2072 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
2011/04/25 12:56:36.0327 2072 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2011/04/25 12:56:36.0406 2072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/25 12:56:36.0481 2072 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/25 12:56:36.0577 2072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/25 12:56:36.0630 2072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/25 12:56:36.0720 2072 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/25 12:56:36.0814 2072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/25 12:56:36.0843 2072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/25 12:56:36.0898 2072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/25 12:56:36.0948 2072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/25 12:56:36.0991 2072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/25 12:56:37.0024 2072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/25 12:56:37.0072 2072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/25 12:56:37.0274 2072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/25 12:56:37.0379 2072 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/04/25 12:56:37.0432 2072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/25 12:56:37.0495 2072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/25 12:56:37.0577 2072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/25 12:56:37.0635 2072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/04/25 12:56:37.0721 2072 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/25 12:56:37.0771 2072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/25 12:56:37.0850 2072 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/25 12:56:37.0916 2072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/25 12:56:38.0063 2072 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/04/25 12:56:38.0148 2072 dc3d (734bbe7c66e6fd6047a1bd29b9343b30) C:\Windows\system32\DRIVERS\dc3d.sys
2011/04/25 12:56:38.0261 2072 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/04/25 12:56:38.0321 2072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/25 12:56:38.0396 2072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/25 12:56:38.0478 2072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/25 12:56:38.0550 2072 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/25 12:56:38.0683 2072 e1kexpress (3ea531906572ffd549b72a10f828e58c) C:\Windows\system32\DRIVERS\e1k6032.sys
2011/04/25 12:56:38.0849 2072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/25 12:56:39.0050 2072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/25 12:56:39.0124 2072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/04/25 12:56:39.0228 2072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/25 12:56:39.0264 2072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/25 12:56:39.0325 2072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/25 12:56:39.0387 2072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/25 12:56:39.0436 2072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/25 12:56:39.0515 2072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/25 12:56:39.0577 2072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/25 12:56:39.0647 2072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/25 12:56:39.0693 2072 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/25 12:56:39.0752 2072 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/25 12:56:39.0811 2072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/25 12:56:39.0875 2072 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/25 12:56:39.0960 2072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/25 12:56:40.0046 2072 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/25 12:56:40.0085 2072 HECI (d2b5c0bb34eee3876b38ffc7bfa72007) C:\Windows\system32\DRIVERS\HECI.sys
2011/04/25 12:56:40.0137 2072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/25 12:56:40.0176 2072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/25 12:56:40.0220 2072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/25 12:56:40.0308 2072 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/25 12:56:40.0390 2072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/25 12:56:40.0457 2072 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/04/25 12:56:40.0506 2072 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/25 12:56:40.0572 2072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/04/25 12:56:40.0669 2072 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/04/25 12:56:40.0977 2072 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/25 12:56:41.0343 2072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/25 12:56:41.0458 2072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/04/25 12:56:41.0527 2072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/25 12:56:41.0625 2072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/25 12:56:41.0734 2072 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/25 12:56:41.0782 2072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/25 12:56:41.0832 2072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/25 12:56:41.0901 2072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/04/25 12:56:41.0944 2072 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/04/25 12:56:41.0992 2072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/25 12:56:42.0044 2072 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/25 12:56:42.0107 2072 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/25 12:56:42.0174 2072 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/25 12:56:42.0272 2072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/25 12:56:42.0352 2072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/25 12:56:42.0399 2072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/25 12:56:42.0450 2072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/25 12:56:42.0488 2072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/25 12:56:42.0554 2072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/25 12:56:42.0626 2072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/25 12:56:42.0689 2072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/25 12:56:42.0723 2072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/25 12:56:42.0773 2072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/25 12:56:42.0838 2072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/25 12:56:42.0934 2072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/25 12:56:42.0988 2072 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/25 12:56:43.0052 2072 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/04/25 12:56:43.0098 2072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/25 12:56:43.0160 2072 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/04/25 12:56:43.0221 2072 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/25 12:56:43.0272 2072 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/25 12:56:43.0324 2072 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/25 12:56:43.0401 2072 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/04/25 12:56:43.0439 2072 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/04/25 12:56:43.0511 2072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/25 12:56:43.0554 2072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/25 12:56:43.0604 2072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/04/25 12:56:43.0684 2072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/25 12:56:43.0738 2072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/25 12:56:43.0790 2072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/25 12:56:43.0841 2072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/25 12:56:43.0904 2072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/04/25 12:56:44.0007 2072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/25 12:56:44.0052 2072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/25 12:56:44.0102 2072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/25 12:56:44.0147 2072 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\Windows\system32\Drivers\iqvw32.sys
2011/04/25 12:56:44.0217 2072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/25 12:56:44.0300 2072 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/04/25 12:56:44.0381 2072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/25 12:56:44.0459 2072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/25 12:56:44.0508 2072 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/25 12:56:44.0569 2072 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/25 12:56:44.0632 2072 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/04/25 12:56:44.0710 2072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/25 12:56:44.0772 2072 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/25 12:56:44.0899 2072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/25 12:56:44.0939 2072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/25 12:56:44.0984 2072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/25 12:56:45.0062 2072 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/04/25 12:56:45.0134 2072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/25 12:56:45.0187 2072 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/04/25 12:56:45.0223 2072 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/04/25 12:56:45.0275 2072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/04/25 12:56:45.0348 2072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/04/25 12:56:45.0433 2072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/25 12:56:45.0484 2072 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/04/25 12:56:45.0543 2072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/25 12:56:45.0608 2072 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/04/25 12:56:45.0671 2072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/04/25 12:56:45.0728 2072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/25 12:56:45.0777 2072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/25 12:56:45.0835 2072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/25 12:56:46.0010 2072 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
2011/04/25 12:56:46.0101 2072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/25 12:56:46.0145 2072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/25 12:56:46.0217 2072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/25 12:56:46.0293 2072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/25 12:56:46.0379 2072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/25 12:56:46.0431 2072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/25 12:56:46.0470 2072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/25 12:56:46.0531 2072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/25 12:56:46.0632 2072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/25 12:56:46.0679 2072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/25 12:56:46.0718 2072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/25 12:56:46.0763 2072 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/25 12:56:46.0818 2072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/25 12:56:46.0862 2072 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/25 12:56:46.0916 2072 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/04/25 12:56:46.0996 2072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/25 12:56:47.0032 2072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/25 12:56:47.0084 2072 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/04/25 12:56:47.0156 2072 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/04/25 12:56:47.0267 2072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/25 12:56:47.0318 2072 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/04/25 12:56:47.0401 2072 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/25 12:56:47.0431 2072 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/04/25 12:56:47.0455 2072 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/04/25 12:56:47.0560 2072 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/04/25 12:56:47.0630 2072 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/25 12:56:47.0714 2072 scsiscan (5aaf9869cc6279fd747412be7457abdc) C:\Windows\system32\DRIVERS\scsiscan.sys
2011/04/25 12:56:47.0784 2072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/25 12:56:47.0853 2072 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\Windows\system32\drivers\senfilt.sys
2011/04/25 12:56:47.0956 2072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/25 12:56:47.0995 2072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/25 12:56:48.0051 2072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/25 12:56:48.0118 2072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/04/25 12:56:48.0154 2072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/25 12:56:48.0189 2072 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/25 12:56:48.0241 2072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/25 12:56:48.0312 2072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/04/25 12:56:48.0384 2072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/25 12:56:48.0429 2072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/25 12:56:48.0489 2072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/25 12:56:48.0564 2072 smwdm (ce52bffebfaf1e59553e2885cab80b52) C:\Windows\system32\drivers\smwdm.sys
2011/04/25 12:56:48.0660 2072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/25 12:56:48.0762 2072 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/25 12:56:48.0796 2072 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/25 12:56:48.0857 2072 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/25 12:56:48.0939 2072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/25 12:56:49.0010 2072 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/25 12:56:49.0081 2072 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/04/25 12:56:49.0140 2072 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/04/25 12:56:49.0248 2072 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/04/25 12:56:49.0383 2072 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/25 12:56:49.0458 2072 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/25 12:56:49.0510 2072 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/04/25 12:56:49.0538 2072 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/04/25 12:56:49.0610 2072 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/25 12:56:49.0654 2072 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/04/25 12:56:49.0770 2072 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2011/04/25 12:56:49.0865 2072 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/25 12:56:49.0942 2072 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/25 12:56:50.0014 2072 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/25 12:56:50.0094 2072 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/25 12:56:50.0149 2072 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/25 12:56:50.0238 2072 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/25 12:56:50.0307 2072 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/04/25 12:56:50.0372 2072 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/25 12:56:50.0463 2072 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/25 12:56:50.0502 2072 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/04/25 12:56:50.0544 2072 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/04/25 12:56:50.0656 2072 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/04/25 12:56:50.0714 2072 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/25 12:56:50.0753 2072 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/25 12:56:50.0817 2072 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/04/25 12:56:50.0859 2072 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/04/25 12:56:50.0938 2072 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/25 12:56:51.0012 2072 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/25 12:56:51.0089 2072 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/25 12:56:51.0137 2072 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/04/25 12:56:51.0209 2072 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/04/25 12:56:51.0263 2072 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/25 12:56:51.0329 2072 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/04/25 12:56:51.0369 2072 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/04/25 12:56:51.0429 2072 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/25 12:56:51.0469 2072 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/04/25 12:56:51.0525 2072 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/25 12:56:51.0580 2072 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/04/25 12:56:51.0639 2072 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/25 12:56:51.0693 2072 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/04/25 12:56:51.0761 2072 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/25 12:56:51.0824 2072 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 12:56:51.0841 2072 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/25 12:56:51.0933 2072 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/25 12:56:51.0991 2072 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/25 12:56:52.0095 2072 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/25 12:56:52.0129 2072 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/25 12:56:52.0183 2072 WinFLdrv (7acc77e135a709ae0f7e1df428a2f908) C:\Windows\system32\WinFLdrv.sys
2011/04/25 12:56:52.0278 2072 WinVd32 (58997182304759f46902a62128d44d5c) C:\Windows\system32\WinVd32.sys
2011/04/25 12:56:52.0348 2072 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/25 12:56:52.0467 2072 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/25 12:56:52.0524 2072 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
2011/04/25 12:56:52.0615 2072 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/04/25 12:56:52.0694 2072 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/25 12:56:52.0761 2072 ================================================================================
2011/04/25 12:56:52.0761 2072 Scan finished
2011/04/25 12:56:52.0761 2072 ================================================================================
 
Good :)

Keep me posted on your redirection issue (if any).

Is this your required proxy setting?
"http://172.16.24.*,http://192.168.244.*,http://10.224.224.*,http://172.16.28.*,http://172.16.29.*,https://earchive.*"

====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 160 bytes -> C:\img:$WIMMOUNTDATA

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Those proxy settings were used a few weeks ago during a testing scenario here at work. The proxy isn't being used anymore in either of my browsers. The above info is still in Firefox & IE, but automatically detect settings are selected for both. I haven't used google much yet today, but haven't had an issue. I"ll do these last few scans and post shortly.
 
OTL Log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\img:$WIMMOUNTDATA deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes

User: administrator.INDIANA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mwilson
->Temp folder emptied: 8304003 bytes
->Temporary Internet Files folder emptied: 17602231 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 249844328 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9946 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2097152 bytes
RecycleBin emptied: 3859906 bytes

Total Files Cleaned = 269.00 mb


[EMPTYFLASH]

User: Administrator

User: administrator.INDIANA
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: mwilson
->Flash cache emptied: 0 bytes

User: Public

User: user

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04252011_131056

Files\Folders moved on Reboot...
C:\Windows\temp\wbxtra_04252011_130007.wbt moved successfully.

Registry entries deleted on Reboot...
 
Security Check Log

Results of screen317's Security Check version 0.99.7
Windows 7 Service Pack 1 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
AVG 9.0
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Adobe Flash Player 10.2.159.1
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back