TechSpot

Rootkit.TDSS.TDL4

By Veets
Jun 13, 2012
  1. I got this alert from AVG Antivirus after running a whole computer scan. It looks more serious than anything I have ever come across.

    Here are the logs. I appreciate any help. Thanks.

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.12.09

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 8.0.6001.19272
    Vittorio :: VITTORIO-PC [administrator]

    Protection: Enabled

    6/13/2012 5:14:28 PM
    mbam-log-2012-06-13 (17-14-28).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224620
    Time elapsed: 3 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    NO GMER LOG
    "GMER hasn't found any system modification. "


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 1.6.0_30
    Run by Vittorio at 17:43:58 on 2012-06-13
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Users\Vittorio\Desktop\cyhex6kh.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Vittorio\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Syncplicity] C:\Program Files\Syncplicity\Syncplicity.exe
    uRun: [Google Update] "C:\Users\Vittorio\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    mRun: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe
    mRun: [PDF6 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\Vittorio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Open with Nuance PDF Converter 6.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll /100
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A377890D-A22F-4E59-AD4D-0319B33E1ED3} : DhcpNameServer = 192.168.1.1
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO-X64: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB-X64: Nuance PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [SiteAdvisor] "C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe
    mRun-x64: [PDF6 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe
    mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Vittorio\AppData\Roaming\Mozilla\Firefox\Profiles\9tn0evzh.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - google.com/ig
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll
    FF - plugin: C:\Program Files (x86)\Nuance\PDF Professional 6\Bin\nppdf.dll
    FF - plugin: C:\Users\Vittorio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? AVGIDSAgent;AVGIDSAgent
    R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
    R? PerfHost;Performance Counter DLL Host
    R? Sfltmglitoup;Sfltmglitoup
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    R? WSVD;WSVD
    R? XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver
    S? athrusb;Atheros Wireless LAN USB device driver
    S? AVGIDSDriver;AVGIDSDriver
    S? AVGIDSFilter;AVGIDSFilter
    S? AVGIDSHA;AVGIDSHA
    S? Avgldx64;AVG AVI Loader Driver
    S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
    S? Avgrkx64;AVG Anti-Rootkit Driver
    S? Avgtdia;AVG TDI Driver
    S? avgwd;AVG WatchDog
    S? BUNAgentSvc;NTI Backup Now 5 Agent Service
    S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
    S? ETService;Empowering Technology Service
    S? FontCache;Windows Font Cache Service
    S? Lbd;Lbd
    S? MBAMProtector;MBAMProtector
    S? MBAMService;MBAMService
    S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
    S? NTIBackupSvc;NTI Backup Now 5 Backup Service
    S? NTISchedulerSvc;NTI Backup Now 5 Scheduler Service
    S? NVHDA;Service for NVIDIA High Definition Audio Driver
    S? nvUpdatusService;NVIDIA Update Service Daemon
    S? PDFProFiltSrv;PDFProFiltSrv
    S? QBVSS;QBIDPService
    .
    =============== File Associations ===============
    .
    inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-06-13 03:51:20 -------- d-----w- C:\Users\Vittorio\AppData\Roaming\Malwarebytes
    2012-06-13 03:50:58 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-13 03:50:58 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-13 03:50:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-13 02:08:27 -------- d-----w- C:\Users\Vittorio\AppData\Roaming\Ad-Aware Antivirus
    2012-06-05 01:16:48 -------- d-----w- C:\ProgramData\IObit
    2012-05-16 01:44:26 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2012-06-13 02:25:10 58957832 ----a-w- C:\Windows\System32\mrt.exe
    2012-05-15 20:15:08 2767360 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-15 06:37:49 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-15 06:37:29 1212416 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-05-15 06:37:28 105984 ----a-w- C:\Windows\SysWow64\url.dll
    2012-05-15 06:35:37 206848 ----a-w- C:\Windows\SysWow64\occache.dll
    2012-05-15 06:33:44 611840 ----a-w- C:\Windows\SysWow64\mstime.dll
    2012-05-15 06:33:11 67072 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-05-15 06:33:11 6007808 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-05-15 06:33:07 629760 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-05-15 06:33:07 55296 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
    2012-05-15 06:32:25 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-05-15 06:32:10 25600 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-05-15 06:32:00 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-15 06:31:44 164352 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-05-15 06:31:44 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-05-15 06:31:43 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2012-05-15 06:31:43 2000384 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-05-15 06:31:42 55808 ----a-w- C:\Windows\SysWow64\iernonce.dll
    2012-05-15 06:31:42 184320 ----a-w- C:\Windows\SysWow64\iepeers.dll
    2012-05-15 06:31:42 11111424 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-05-15 06:31:38 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
    2012-05-15 05:01:56 385024 ----a-w- C:\Windows\SysWow64\html.iec
    2012-05-15 03:26:05 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-15 03:25:37 174080 ----a-w- C:\Windows\SysWow64\ie4uinit.exe
    2012-05-15 03:24:09 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
    2012-05-15 03:23:41 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 02:19:57 1147392 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 02:19:43 1488384 ----a-w- C:\Windows\System32\urlmon.dll
    2012-05-15 02:19:43 108032 ----a-w- C:\Windows\System32\url.dll
    2012-05-15 02:18:19 243712 ----a-w- C:\Windows\System32\occache.dll
    2012-05-15 02:16:23 1062912 ----a-w- C:\Windows\System32\mstime.dll
    2012-05-15 02:15:51 98304 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-05-15 02:15:51 9328640 ----a-w- C:\Windows\System32\mshtml.dll
    2012-05-15 02:15:47 742912 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-05-15 02:15:47 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll
    2012-05-15 02:15:14 56832 ----a-w- C:\Windows\System32\licmgr10.dll
    2012-05-15 02:15:01 31744 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-05-15 02:14:53 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-15 02:14:26 77312 ----a-w- C:\Windows\System32\iesetup.dll
    2012-05-15 02:14:26 2350592 ----a-w- C:\Windows\System32\iertutil.dll
    2012-05-15 02:14:26 219136 ----a-w- C:\Windows\System32\ieui.dll
    2012-05-15 02:14:26 132096 ----a-w- C:\Windows\System32\iesysprep.dll
    2012-05-15 02:14:24 72192 ----a-w- C:\Windows\System32\iernonce.dll
    2012-05-15 02:14:23 252416 ----a-w- C:\Windows\System32\iepeers.dll
    2012-05-15 02:14:23 12508672 ----a-w- C:\Windows\System32\ieframe.dll
    2012-05-15 02:14:12 459776 ----a-w- C:\Windows\System32\iedkcs32.dll
    2012-05-15 01:21:55 479232 ----a-w- C:\Windows\System32\html.iec
    2012-05-15 00:40:32 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-15 00:40:10 70656 ----a-w- C:\Windows\System32\ie4uinit.exe
    2012-05-15 00:39:38 12288 ----a-w- C:\Windows\System32\msfeedssync.exe
    2012-05-15 00:39:13 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-03-19 09:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    .
    ============= FINISH: 17:45:13.28 ===============


    .
    ==== Installed Programs ======================
    .
    Acer Assist
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer eRecovery Management
    Acer Registration
    Acer ScreenSaver
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe Flash Player 11 ActiveX
    Adobe Illustrator 10
    Adobe Photoshop CS
    Adobe Reader 8.3.1
    Adobe SVG Viewer 3.0
    Alice Greenfingers
    Azada
    Backspin Billiards
    Big Kahuna Reef
    Bookworm Deluxe
    Bricks of Egypt
    Cake Mania
    Canon MF Toolbox 4.9.1.1.mf12
    Chicken Invaders 3
    Chuzzle
    Core FTP LE
    Coupon Printer for Windows
    DAEMON Tools Lite
    Diner Dash Flo on the Go
    eSobi v2
    Flip Words 2
    Free YouTube to MP3 Converter version 3.10.11.923
    Google Chrome
    Google Drive
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Java(TM) 6 Update 30
    Jewel Quest Solitaire
    Kick N Rush
    LightScribe 1.4.142.1
    Mahjong Escape Ancient China
    Mahjongg Artifacts
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee SiteAdvisor
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Works
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Music Manager
    Mystery Case Files - Huntsville
    Mystery Solitaire - Secret Island
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA ForceWare Network Access Manager
    OpenOffice.org 3.3
    PandoraRecovery (Remove Only)
    Photo-Objects 50,000 Premium Image Collection
    Picasa 3
    QuickBooks
    QuickBooks Pro 2011
    Realtek High Definition Audio Driver
    Scansoft PDF Professional
    Scribus 1.4.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    SugarSync Manager
    Tax Forms Helper 2011 10.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Office 2007 (KB934528)
    Update for Office System 2007 Setup (KB929722)
    Visual Studio 2008 x64 Redistributables
    WinSCP 4.3.5
    Zuma Deluxe
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. Veets

    Veets TS Rookie Topic Starter

    Thanks. Here are the logs.

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`a0100000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: e1b28fb08fe20a40b585aa8434ade744

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-13 18:33:11
    -----------------------------
    18:33:11.149 OS Version: Windows x64 6.0.6002 Service Pack 2
    18:33:11.150 Number of processors: 2 586 0x6B02
    18:33:11.151 ComputerName: VITTORIO-PC UserName: Vittorio
    18:33:12.496 Initialize success
    18:34:46.186 AVAST engine defs: 12061301
    18:34:51.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
    18:34:51.018 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
    18:34:51.021 Device \Driver\nvstor64 -> MajorFunction fffffa80050986c0
    18:34:51.025 Disk 0 MBR read successfully
    18:34:51.029 Disk 0 MBR scan
    18:34:51.083 Disk 0 unknown MBR code
    18:34:51.105 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18944 MB offset 2048
    18:34:51.126 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143143 MB offset 38799360
    18:34:51.153 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143156 MB offset 331956224
    18:34:51.259 Disk 0 scanning C:\Windows\system32\drivers
    18:35:02.573 Service scanning
    18:35:26.959 Modules scanning
    18:35:26.966 Disk 0 trace - called modules:
    18:35:26.973 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa80050986c0]<<hal.dll
    18:35:26.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e3c3e0]
    18:35:26.984 3 CLASSPNP.SYS[fffffa6001003c33] -> nt!IofCallDriver -> [0xfffffa80040bf930]
    18:35:26.989 5 acpi.sys[fffffa60008fffde] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8004b75550]
    18:35:26.995 \Driver\nvstor64[0xfffffa8004e5ee70] -> IRP_MJ_CREATE -> 0xfffffa80050986c0
    18:35:28.373 AVAST engine scan C:\Windows
    18:35:31.365 AVAST engine scan C:\Windows\system32
    18:38:33.153 AVAST engine scan C:\Windows\system32\drivers
    18:38:44.922 AVAST engine scan C:\Users\Vittorio
    18:45:33.148 AVAST engine scan C:\ProgramData
    18:46:58.627 Scan finished successfully
    18:48:00.835 Disk 0 MBR has been saved successfully to "C:\Users\Vittorio\Desktop\MBR.dat"
    18:48:00.842 The log file has been saved successfully to "C:\Users\Vittorio\Desktop\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. Veets

    Veets TS Rookie Topic Starter

    Required Reboot

    20:33:59.0868 4128TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
    20:34:00.0236 4128============================================================
    20:34:00.0236 4128Current date / time: 2012/06/13 20:34:00.0236
    20:34:00.0236 4128SystemInfo:
    20:34:00.0236 4128
    20:34:00.0236 4128OS Version: 6.0.6002 ServicePack: 2.0
    20:34:00.0236 4128Product type: Workstation
    20:34:00.0236 4128ComputerName: VITTORIO-PC
    20:34:00.0237 4128UserName: Vittorio
    20:34:00.0237 4128Windows directory: C:\Windows
    20:34:00.0237 4128System windows directory: C:\Windows
    20:34:00.0237 4128Running under WOW64
    20:34:00.0237 4128Processor architecture: Intel x64
    20:34:00.0237 4128Number of processors: 2
    20:34:00.0237 4128Page size: 0x1000
    20:34:00.0237 4128Boot type: Normal boot
    20:34:00.0237 4128============================================================
    20:34:00.0658 4128Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    20:34:00.0689 4128Drive \Device\Harddisk1\DR1 - Size: 0x3E800000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x7F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    20:34:00.0691 4128============================================================
    20:34:00.0691 4128\Device\Harddisk0\DR0:
    20:34:00.0691 4128MBR partitions:
    20:34:00.0691 4128\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2500800, BlocksNum 0x11793800
    20:34:00.0691 4128\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13C94000, BlocksNum 0x1179A000
    20:34:00.0691 4128\Device\Harddisk1\DR1:
    20:34:00.0692 4128MBR partitions:
    20:34:00.0692 4128\Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x3B, BlocksNum 0x1F3F05
    20:34:00.0692 4128============================================================
    20:34:00.0717 4128C: <-> \Device\Harddisk0\DR0\Partition0
    20:34:00.0754 4128D: <-> \Device\Harddisk0\DR0\Partition1
    20:34:00.0754 4128============================================================
    20:34:00.0755 4128Initialize success
    20:34:00.0755 4128============================================================
    20:34:04.0731 1872============================================================
    20:34:04.0732 1872Scan started
    20:34:04.0732 1872Mode: Manual;
    20:34:04.0732 1872============================================================
    20:34:05.0287 18720161011339632217mcinstcleanup - ok
    20:34:05.0414 1872ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
    20:34:05.0431 1872ACPI - ok
    20:34:05.0520 1872Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    20:34:05.0532 1872Adobe LM Service - ok
    20:34:05.0717 1872adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
    20:34:05.0747 1872adp94xx - ok
    20:34:05.0802 1872adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
    20:34:05.0811 1872adpahci - ok
    20:34:05.0841 1872adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
    20:34:05.0844 1872adpu160m - ok
    20:34:05.0869 1872adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
    20:34:05.0878 1872adpu320 - ok
    20:34:05.0913 1872AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
    20:34:05.0915 1872AeLookupSvc - ok
    20:34:05.0966 1872AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
    20:34:05.0978 1872AFD - ok
    20:34:06.0007 1872AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
    20:34:06.0008 1872AgereModemAudio - ok
    20:34:06.0095 1872AgereSoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
    20:34:06.0128 1872AgereSoftModem - ok
    20:34:06.0272 1872agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
    20:34:06.0276 1872agp440 - ok
    20:34:06.0316 1872aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
    20:34:06.0329 1872aic78xx - ok
    20:34:06.0351 1872ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
    20:34:06.0353 1872ALG - ok
    20:34:06.0377 1872aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
    20:34:06.0379 1872aliide - ok
    20:34:06.0398 1872amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
    20:34:06.0400 1872amdide - ok
    20:34:06.0432 1872AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
    20:34:06.0434 1872AmdK8 - ok
    20:34:06.0489 1872Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
    20:34:06.0490 1872Appinfo - ok
    20:34:06.0510 1872arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
    20:34:06.0512 1872arc - ok
    20:34:06.0535 1872arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
    20:34:06.0540 1872arcsas - ok
    20:34:06.0575 1872AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:34:06.0576 1872AsyncMac - ok
    20:34:06.0594 1872atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
    20:34:06.0595 1872atapi - ok
    20:34:06.0701 1872athrusb (788914c42ad8318f1dd7a565eaffb049) C:\Windows\system32\DRIVERS\athrxusb.sys
    20:34:06.0743 1872athrusb - ok
    20:34:06.0802 1872AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
    20:34:06.0814 1872AudioEndpointBuilder - ok
    20:34:06.0824 1872AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
    20:34:06.0833 1872AudioSrv - ok
    20:34:07.0102 1872AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    20:34:07.0151 1872AVGIDSAgent - ok
    20:34:07.0315 1872AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    20:34:07.0320 1872AVGIDSDriver - ok
    20:34:07.0342 1872AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    20:34:07.0343 1872AVGIDSFilter - ok
    20:34:07.0378 1872AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
    20:34:07.0379 1872AVGIDSHA - ok
    20:34:07.0420 1872Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
    20:34:07.0427 1872Avgldx64 - ok
    20:34:07.0452 1872Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
    20:34:07.0454 1872Avgmfx64 - ok
    20:34:07.0494 1872Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
    20:34:07.0495 1872Avgrkx64 - ok
    20:34:07.0533 1872Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
    20:34:07.0545 1872Avgtdia - ok
    20:34:07.0607 1872avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    20:34:07.0610 1872avgwd - ok
    20:34:07.0675 1872BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
    20:34:07.0685 1872BFE - ok
    20:34:07.0785 1872BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
    20:34:07.0826 1872BITS - ok
    20:34:07.0869 1872blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
    20:34:07.0871 1872blbdrive - ok
    20:34:07.0899 1872bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
    20:34:07.0904 1872bowser - ok
    20:34:07.0922 1872BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
    20:34:07.0924 1872BrFiltLo - ok
    20:34:07.0933 1872BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
    20:34:07.0935 1872BrFiltUp - ok
    20:34:07.0974 1872Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
    20:34:07.0979 1872Browser - ok
    20:34:08.0002 1872Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
    20:34:08.0006 1872Brserid - ok
    20:34:08.0020 1872BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
    20:34:08.0022 1872BrSerWdm - ok
    20:34:08.0045 1872BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
    20:34:08.0046 1872BrUsbMdm - ok
    20:34:08.0068 1872BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
    20:34:08.0070 1872BrUsbSer - ok
    20:34:08.0088 1872BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
    20:34:08.0090 1872BTHMODEM - ok
    20:34:08.0162 1872BUNAgentSvc (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    20:34:08.0163 1872BUNAgentSvc - ok
    20:34:08.0177 1872cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
    20:34:08.0182 1872cdfs - ok
    20:34:08.0218 1872cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
    20:34:08.0224 1872cdrom - ok
    20:34:08.0262 1872CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
    20:34:08.0264 1872CertPropSvc - ok
    20:34:08.0289 1872circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
    20:34:08.0291 1872circlass - ok
    20:34:08.0330 1872CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
    20:34:08.0343 1872CLFS - ok
    20:34:08.0406 1872clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:34:08.0409 1872clr_optimization_v2.0.50727_32 - ok
    20:34:08.0474 1872clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    20:34:08.0479 1872clr_optimization_v2.0.50727_64 - ok
    20:34:08.0541 1872clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:34:08.0542 1872clr_optimization_v4.0.30319_32 - ok
    20:34:08.0591 1872clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    20:34:08.0592 1872clr_optimization_v4.0.30319_64 - ok
    20:34:08.0630 1872cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
    20:34:08.0632 1872cmdide - ok
    20:34:08.0646 1872Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
    20:34:08.0647 1872Compbatt - ok
    20:34:08.0655 1872COMSysApp - ok
    20:34:08.0671 1872crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
    20:34:08.0673 1872crcdisk - ok
    20:34:08.0714 1872CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
    20:34:08.0725 1872CryptSvc - ok
    20:34:08.0811 1872DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
    20:34:08.0825 1872DcomLaunch - ok
    20:34:08.0858 1872DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
    20:34:08.0863 1872DfsC - ok
    20:34:09.0090 1872DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
    20:34:09.0188 1872DFSR - ok
    20:34:09.0342 1872Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
    20:34:09.0347 1872Dhcp - ok
    20:34:09.0401 1872disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
    20:34:09.0406 1872disk - ok
    20:34:09.0447 1872Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
    20:34:09.0460 1872Dnscache - ok
    20:34:09.0513 1872dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
    20:34:09.0529 1872dot3svc - ok
    20:34:09.0577 1872DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
    20:34:09.0580 1872DPS - ok
    20:34:09.0678 1872drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
    20:34:09.0680 1872drmkaud - ok
    20:34:09.0795 1872dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    20:34:09.0817 1872dtsoftbus01 - ok
    20:34:09.0979 1872DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
    20:34:10.0007 1872DXGKrnl - ok
    20:34:10.0054 1872E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
    20:34:10.0082 1872E1G60 - ok
    20:34:10.0146 1872EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
    20:34:10.0148 1872EapHost - ok
    20:34:10.0207 1872Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
    20:34:10.0211 1872Ecache - ok
    20:34:10.0321 1872eDataSecurity Service (b7dc2580425225c320ceda78de55a3d0) C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    20:34:10.0326 1872eDataSecurity Service - ok
    20:34:10.0374 1872ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
    20:34:10.0396 1872ehRecvr - ok
    20:34:10.0440 1872ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
    20:34:10.0452 1872ehSched - ok
    20:34:10.0488 1872ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
    20:34:10.0490 1872ehstart - ok
    20:34:10.0644 1872elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
    20:34:10.0652 1872elxstor - ok
    20:34:10.0709 1872EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
    20:34:10.0722 1872EMDMgmt - ok
    20:34:10.0749 1872ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
    20:34:10.0750 1872ErrDev - ok
    20:34:10.0821 1872ETService (20d3741680ab88269badcdb161b36705) C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    20:34:10.0822 1872ETService - ok
    20:34:10.0868 1872EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
    20:34:10.0881 1872EventSystem - ok
    20:34:10.0916 1872exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
    20:34:10.0926 1872exfat - ok
    20:34:10.0965 1872fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
    20:34:10.0975 1872fastfat - ok
    20:34:11.0003 1872fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
    20:34:11.0004 1872fdc - ok
    20:34:11.0026 1872fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
    20:34:11.0027 1872fdPHost - ok
    20:34:11.0040 1872FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
    20:34:11.0042 1872FDResPub - ok
    20:34:11.0059 1872FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
    20:34:11.0061 1872FileInfo - ok
    20:34:11.0068 1872Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
    20:34:11.0069 1872Filetrace - ok
    20:34:11.0078 1872flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:34:11.0080 1872flpydisk - ok
    20:34:11.0122 1872FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
    20:34:11.0126 1872FltMgr - ok
    20:34:11.0222 1872FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
    20:34:11.0269 1872FontCache - ok
    20:34:11.0342 1872FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    20:34:11.0343 1872FontCache3.0.0.0 - ok
    20:34:11.0442 1872ForceWare Intelligent Application Manager (IAM) (03ec8c6eeb24e245dad858c9fc6a1b68) C:\Program Files\bin32\nSvcAppFlt.exe
    20:34:11.0478 1872ForceWare Intelligent Application Manager (IAM) - ok
    20:34:11.0570 1872Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
    20:34:11.0571 1872Fs_Rec - ok
    20:34:11.0594 1872gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
    20:34:11.0599 1872gagp30kx - ok
    20:34:11.0660 1872gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
    20:34:11.0675 1872gpsvc - ok
    20:34:11.0762 1872gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:34:11.0774 1872gupdate - ok
    20:34:11.0780 1872gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    20:34:11.0781 1872gupdatem - ok
    20:34:11.0803 1872gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:34:11.0806 1872gusvc - ok
    20:34:11.0853 1872HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
    20:34:11.0861 1872HdAudAddService - ok
    20:34:11.0936 1872HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:34:11.0975 1872HDAudBus - ok
    20:34:12.0001 1872HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
    20:34:12.0003 1872HidBth - ok
    20:34:12.0039 1872HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
    20:34:12.0044 1872HidIr - ok
    20:34:12.0083 1872hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
    20:34:12.0084 1872hidserv - ok
    20:34:12.0107 1872HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
    20:34:12.0108 1872HidUsb - ok
    20:34:12.0143 1872hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
    20:34:12.0148 1872hkmsvc - ok
    20:34:12.0188 1872HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
    20:34:12.0190 1872HpCISSs - ok
    20:34:12.0261 1872HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
    20:34:12.0273 1872HTTP - ok
    20:34:12.0296 1872i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
    20:34:12.0297 1872i2omp - ok
    20:34:12.0329 1872i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
    20:34:12.0331 1872i8042prt - ok
    20:34:12.0356 1872iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
    20:34:12.0364 1872iaStorV - ok
    20:34:12.0598 1872idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    20:34:12.0617 1872idsvc - ok
    20:34:12.0638 1872iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
    20:34:12.0640 1872iirsp - ok
    20:34:12.0685 1872IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
    20:34:12.0697 1872IKEEXT - ok
    20:34:12.0856 1872int15 (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\SysWOW64\drivers\int15_64.sys
    20:34:12.0856 1872int15 - ok
    20:34:13.0206 1872IntcAzAudAddService (2c62599e693372a9221c262b8040e3ac) C:\Windows\system32\drivers\RTKVHD64.sys
    20:34:13.0265 1872IntcAzAudAddService - ok
    20:34:13.0504 1872intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
    20:34:13.0505 1872intelide - ok
    20:34:13.0523 1872intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
    20:34:13.0525 1872intelppm - ok
    20:34:13.0553 1872IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
    20:34:13.0558 1872IPBusEnum - ok
    20:34:13.0584 1872IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:34:13.0586 1872IpFilterDriver - ok
    20:34:13.0622 1872iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
    20:34:13.0631 1872iphlpsvc - ok
    20:34:13.0636 1872IpInIp - ok
    20:34:13.0654 1872IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
    20:34:13.0656 1872IPMIDRV - ok
    20:34:13.0669 1872IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
    20:34:13.0672 1872IPNAT - ok
    20:34:13.0680 1872IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
    20:34:13.0683 1872IRENUM - ok
    20:34:13.0708 1872isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
    20:34:13.0710 1872isapnp - ok
    20:34:13.0764 1872iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
    20:34:13.0773 1872iScsiPrt - ok
    20:34:13.0780 1872iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
    20:34:13.0782 1872iteatapi - ok
    20:34:13.0800 1872iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
    20:34:13.0802 1872iteraid - ok
    20:34:13.0820 1872kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
    20:34:13.0822 1872kbdclass - ok
    20:34:13.0835 1872kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
    20:34:13.0836 1872kbdhid - ok
    20:34:13.0859 1872KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    20:34:13.0861 1872KeyIso - ok
    20:34:13.0920 1872KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
    20:34:13.0939 1872KSecDD - ok
    20:34:13.0963 1872ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
    20:34:13.0965 1872ksthunk - ok
    20:34:14.0018 1872KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
    20:34:14.0029 1872KtmRm - ok
    20:34:14.0061 1872LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
    20:34:14.0072 1872LanmanServer - ok
    20:34:14.0126 1872LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
    20:34:14.0136 1872LanmanWorkstation - ok
    20:34:14.0338 1872Lavasoft Ad-Aware Service (4d99fca201b72e0f2ca996e357baa170) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    20:34:14.0358 1872Lavasoft Ad-Aware Service - ok
    20:34:14.0625 1872Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
    20:34:14.0627 1872Lbd - ok
    20:34:14.0696 1872LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    20:34:14.0697 1872LightScribeService - ok
    20:34:14.0723 1872lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
    20:34:14.0725 1872lltdio - ok
    20:34:14.0758 1872lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
    20:34:14.0789 1872lltdsvc - ok
    20:34:14.0815 1872lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
    20:34:14.0817 1872lmhosts - ok
    20:34:14.0845 1872LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
    20:34:14.0847 1872LSI_FC - ok
    20:34:14.0868 1872LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
    20:34:14.0873 1872LSI_SAS - ok
    20:34:14.0906 1872LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
    20:34:14.0910 1872LSI_SCSI - ok
    20:34:14.0952 1872luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
    20:34:14.0968 1872luafv - ok
    20:34:14.0993 1872MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
    20:34:14.0994 1872MBAMProtector - ok
    20:34:15.0050 1872MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    20:34:15.0055 1872MBAMService - ok
    20:34:15.0130 1872McAfee SiteAdvisor Service (f8040a47a0e447f96144a8d3e1170119) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    20:34:15.0131 1872McAfee SiteAdvisor Service - ok
    20:34:15.0170 1872Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
    20:34:15.0172 1872Mcx2Svc - ok
    20:34:15.0203 1872megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
    20:34:15.0204 1872megasas - ok
    20:34:15.0258 1872MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
    20:34:15.0294 1872MegaSR - ok
    20:34:15.0331 1872MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    20:34:15.0334 1872MMCSS - ok
    20:34:15.0348 1872Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
    20:34:15.0351 1872Modem - ok
    20:34:15.0388 1872monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
    20:34:15.0390 1872monitor - ok
    20:34:15.0401 1872mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
    20:34:15.0403 1872mouclass - ok
    20:34:15.0424 1872mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
    20:34:15.0425 1872mouhid - ok
    20:34:15.0446 1872MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
    20:34:15.0448 1872MountMgr - ok
    20:34:15.0493 1872mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
    20:34:15.0505 1872mpio - ok
    20:34:15.0539 1872mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
    20:34:15.0541 1872mpsdrv - ok
    20:34:15.0607 1872MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
    20:34:15.0666 1872MpsSvc - ok
    20:34:15.0674 1872Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
    20:34:15.0676 1872Mraid35x - ok
    20:34:15.0711 1872MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
    20:34:15.0723 1872MRxDAV - ok
    20:34:15.0754 1872mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:34:15.0765 1872mrxsmb - ok
    20:34:15.0807 1872mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:34:15.0815 1872mrxsmb10 - ok
    20:34:15.0859 1872mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:34:15.0862 1872mrxsmb20 - ok
    20:34:15.0900 1872msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
    20:34:15.0902 1872msahci - ok
    20:34:15.0922 1872msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
    20:34:15.0926 1872msdsm - ok
    20:34:15.0968 1872MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
    20:34:15.0980 1872MSDTC - ok
    20:34:16.0013 1872Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
    20:34:16.0015 1872Msfs - ok
    20:34:16.0040 1872msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
    20:34:16.0041 1872msisadrv - ok
    20:34:16.0073 1872MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
    20:34:16.0084 1872MSiSCSI - ok
    20:34:16.0089 1872msiserver - ok
    20:34:16.0121 1872MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
    20:34:16.0122 1872MSKSSRV - ok
    20:34:16.0135 1872MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:34:16.0136 1872MSPCLOCK - ok
    20:34:16.0150 1872MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
    20:34:16.0152 1872MSPQM - ok
    20:34:16.0192 1872MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
    20:34:16.0231 1872MsRPC - ok
    20:34:16.0252 1872mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
    20:34:16.0254 1872mssmbios - ok
    20:34:16.0259 1872MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
    20:34:16.0260 1872MSTEE - ok
    20:34:16.0282 1872Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
    20:34:16.0284 1872Mup - ok
    20:34:16.0326 1872napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
    20:34:16.0338 1872napagent - ok
    20:34:16.0384 1872NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
    20:34:16.0395 1872NativeWifiP - ok
    20:34:16.0509 1872NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
    20:34:16.0530 1872NDIS - ok
    20:34:16.0563 1872NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
    20:34:16.0565 1872NdisTapi - ok
    20:34:16.0581 1872Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
    20:34:16.0582 1872Ndisuio - ok
    20:34:16.0620 1872NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
    20:34:16.0627 1872NdisWan - ok
    20:34:16.0639 1872NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
    20:34:16.0642 1872NDProxy - ok
    20:34:16.0653 1872NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
    20:34:16.0657 1872NetBIOS - ok
    20:34:16.0694 1872netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
    20:34:16.0702 1872netbt - ok
    20:34:16.0726 1872Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    20:34:16.0728 1872Netlogon - ok
    20:34:16.0768 1872Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
    20:34:16.0776 1872Netman - ok
    20:34:16.0805 1872netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
    20:34:16.0820 1872netprofm - ok
    20:34:16.0890 1872NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:34:16.0894 1872NetTcpPortSharing - ok
    20:34:16.0927 1872nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
    20:34:16.0929 1872nfrd960 - ok
    20:34:16.0957 1872NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
    20:34:16.0966 1872NlaSvc - ok
    20:34:16.0993 1872Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
    20:34:16.0995 1872Npfs - ok
    20:34:17.0017 1872nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
    20:34:17.0021 1872nsi - ok
    20:34:17.0035 1872nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
    20:34:17.0036 1872nsiproxy - ok
    20:34:17.0090 1872nSvcIp (c5117e7ff9f373ad470ce5379617f464) C:\Program Files\bin32\nSvcIp.exe
    20:34:17.0100 1872nSvcIp - ok
    20:34:17.0236 1872Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
    20:34:17.0286 1872Ntfs - ok
    20:34:17.0332 1872NTIBackupSvc (cb76f68ba0d57c5d25b538981b1c611c) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    20:34:17.0335 1872NTIBackupSvc - ok
    20:34:17.0475 1872NTIDrvr (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
    20:34:17.0477 1872NTIDrvr - ok
    20:34:17.0520 1872NTISchedulerSvc (df1c10a75df7e50195fc417f88a33227) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    20:34:17.0527 1872NTISchedulerSvc - ok
    20:34:17.0542 1872Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
    20:34:17.0544 1872Null - ok
    20:34:17.0598 1872NVENETFD (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
    20:34:17.0608 1872NVENETFD - ok
    20:34:17.0631 1872NVHDA (73b0abbca290a5709a193c3b6877d34e) C:\Windows\system32\drivers\nvhda64v.sys
    20:34:17.0634 1872NVHDA - ok
    20:34:18.0552 1872nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    20:34:18.0747 1872nvlddmkm - ok
    20:34:18.0889 1872NVNET (cf2a023f422ce6e43302b139e4b87b05) C:\Windows\system32\DRIVERS\nvmfdx64.sys
    20:34:18.0904 1872NVNET - ok
    20:34:18.0927 1872nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
    20:34:18.0937 1872nvraid - ok
    20:34:18.0952 1872nvsmu (f6c6d8298dd85507f680437ec2e6899c) C:\Windows\system32\DRIVERS\nvsmu.sys
    20:34:18.0953 1872nvsmu - ok
    20:34:18.0978 1872nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
    20:34:18.0980 1872nvstor - ok
    20:34:19.0006 1872nvstor64 (14e8409cce4bfc7591f8697a8748dc5b) C:\Windows\system32\DRIVERS\nvstor64.sys
    20:34:19.0009 1872nvstor64 - ok
    20:34:19.0081 1872nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
    20:34:19.0089 1872nvsvc - ok
    20:34:19.0252 1872nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    20:34:19.0297 1872nvUpdatusService - ok
    20:34:19.0415 1872nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
    20:34:19.0420 1872nv_agp - ok
    20:34:19.0424 1872NwlnkFlt - ok
    20:34:19.0432 1872NwlnkFwd - ok
    20:34:19.0541 1872odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    20:34:19.0552 1872odserv - ok
    20:34:19.0589 1872ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
    20:34:19.0592 1872ohci1394 - ok
    20:34:19.0612 1872ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:34:19.0623 1872ose - ok
    20:34:19.0692 1872p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    20:34:19.0710 1872p2pimsvc - ok
    20:34:19.0722 1872p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    20:34:19.0730 1872p2psvc - ok
    20:34:19.0766 1872Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
    20:34:19.0771 1872Parport - ok
    20:34:19.0802 1872partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
    20:34:19.0804 1872partmgr - ok
    20:34:19.0833 1872PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
    20:34:19.0838 1872PcaSvc - ok
    20:34:19.0870 1872pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
    20:34:19.0881 1872pci - ok
    20:34:19.0909 1872pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
    20:34:19.0910 1872pciide - ok
    20:34:19.0931 1872pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
    20:34:19.0940 1872pcmcia - ok
    20:34:20.0019 1872PDFProFiltSrv (52243e196bb773b5163700b183a67123) C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe
    20:34:20.0030 1872PDFProFiltSrv - ok
    20:34:20.0082 1872PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
    20:34:20.0101 1872PEAUTH - ok
    20:34:20.0187 1872PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
    20:34:20.0191 1872PerfHost - ok
    20:34:20.0371 1872pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
    20:34:20.0396 1872pla - ok
    20:34:20.0523 1872PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
    20:34:20.0537 1872PlugPlay - ok
    20:34:20.0609 1872PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    20:34:20.0617 1872PNRPAutoReg - ok
    20:34:20.0631 1872PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
    20:34:20.0640 1872PNRPsvc - ok
    20:34:20.0692 1872PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
    20:34:20.0706 1872PolicyAgent - ok
    20:34:20.0768 1872PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
    20:34:20.0773 1872PptpMiniport - ok
    20:34:20.0790 1872Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
    20:34:20.0792 1872Processor - ok
    20:34:20.0822 1872ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
    20:34:20.0832 1872ProfSvc - ok
    20:34:20.0850 1872ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    20:34:20.0852 1872ProtectedStorage - ok
    20:34:20.0880 1872PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
    20:34:20.0886 1872PSched - ok
    20:34:20.0910 1872PSDFilter (e4f35efd9962a3c80365e029e5acbc92) C:\Windows\system32\DRIVERS\psdfilter.sys
    20:34:20.0912 1872PSDFilter - ok
    20:34:20.0928 1872PSDNServ (41031289856ab4c99a49218e6c4e9f46) C:\Windows\system32\DRIVERS\PSDNServ.sys
    20:34:20.0929 1872PSDNServ - ok
    20:34:20.0944 1872psdvdisk (c33fb61864c5096b0bf4b9dbc01bb5a9) C:\Windows\system32\DRIVERS\PSDVdisk.sys
    20:34:20.0946 1872psdvdisk - ok
    20:34:21.0037 1872QBCFMonitorService (5fa5863e603426b0b52762492a032dee) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    20:34:21.0039 1872QBCFMonitorService - ok
    20:34:21.0084 1872QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    20:34:21.0086 1872QBFCService - ok
    20:34:21.0226 1872QBVSS (d7246c306fd40706e651957d1847639e) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
     
  6. Veets

    Veets TS Rookie Topic Starter

    20:34:21.0279 1872QBVSS - ok
    20:34:21.0493 1872ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
    20:34:21.0536 1872ql2300 - ok
    20:34:21.0668 1872ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
    20:34:21.0677 1872ql40xx - ok
    20:34:21.0728 1872QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
    20:34:21.0740 1872QWAVE - ok
    20:34:21.0757 1872QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
    20:34:21.0759 1872QWAVEdrv - ok
    20:34:21.0767 1872RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
    20:34:21.0768 1872RasAcd - ok
    20:34:21.0797 1872RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
    20:34:21.0810 1872RasAuto - ok
    20:34:21.0843 1872Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:34:21.0855 1872Rasl2tp - ok
    20:34:21.0886 1872RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
    20:34:21.0899 1872RasMan - ok
    20:34:21.0926 1872RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:34:21.0929 1872RasPppoe - ok
    20:34:21.0960 1872RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
    20:34:21.0963 1872RasSstp - ok
    20:34:22.0008 1872rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
    20:34:22.0023 1872rdbss - ok
    20:34:22.0051 1872RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:34:22.0052 1872RDPCDD - ok
    20:34:22.0088 1872rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
    20:34:22.0103 1872rdpdr - ok
    20:34:22.0108 1872RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
    20:34:22.0110 1872RDPENCDD - ok
    20:34:22.0155 1872RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
    20:34:22.0180 1872RDPWD - ok
    20:34:22.0206 1872RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
    20:34:22.0211 1872RemoteAccess - ok
    20:34:22.0248 1872RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
    20:34:22.0257 1872RemoteRegistry - ok
    20:34:22.0287 1872RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
    20:34:22.0289 1872RpcLocator - ok
    20:34:22.0360 1872RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
    20:34:22.0368 1872RpcSs - ok
    20:34:22.0409 1872rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
    20:34:22.0414 1872rspndr - ok
    20:34:22.0434 1872SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
    20:34:22.0435 1872SamSs - ok
    20:34:22.0454 1872sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
    20:34:22.0459 1872sbp2port - ok
    20:34:22.0502 1872SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
    20:34:22.0514 1872SCardSvr - ok
    20:34:22.0586 1872Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
    20:34:22.0604 1872Schedule - ok
    20:34:22.0628 1872SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
    20:34:22.0629 1872SCPolicySvc - ok
    20:34:22.0666 1872SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
    20:34:22.0678 1872SDRSVC - ok
    20:34:22.0714 1872secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    20:34:22.0715 1872secdrv - ok
    20:34:22.0728 1872seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
    20:34:22.0731 1872seclogon - ok
    20:34:22.0751 1872SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
    20:34:22.0755 1872SENS - ok
    20:34:22.0774 1872Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
    20:34:22.0776 1872Serenum - ok
    20:34:22.0797 1872Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
    20:34:22.0801 1872Serial - ok
    20:34:22.0814 1872sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
    20:34:22.0816 1872sermouse - ok
    20:34:22.0844 1872SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
    20:34:22.0849 1872SessionEnv - ok
    20:34:22.0871 1872sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
    20:34:22.0873 1872sffdisk - ok
    20:34:22.0879 1872sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
    20:34:22.0881 1872sffp_mmc - ok
    20:34:22.0897 1872sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
    20:34:22.0899 1872sffp_sd - ok
    20:34:22.0918 1872sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
    20:34:22.0919 1872sfloppy - ok
    20:34:22.0928 1872Sfltmglitoup - ok
    20:34:22.0973 1872SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
    20:34:22.0979 1872SharedAccess - ok
    20:34:23.0018 1872ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
    20:34:23.0034 1872ShellHWDetection - ok
    20:34:23.0052 1872SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
    20:34:23.0053 1872SiSRaid2 - ok
    20:34:23.0066 1872SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
    20:34:23.0069 1872SiSRaid4 - ok
    20:34:23.0137 1872SiteAdvisor Service (daebfa1e3f7491f1c1f73f9451cb3d0e) C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
    20:34:23.0140 1872SiteAdvisor Service - ok
    20:34:23.0284 1872slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
    20:34:23.0342 1872slsvc - ok
    20:34:23.0444 1872SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
    20:34:23.0450 1872SLUINotify - ok
    20:34:23.0516 1872Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
    20:34:23.0520 1872Smb - ok
    20:34:23.0546 1872SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
    20:34:23.0549 1872SNMPTRAP - ok
    20:34:23.0569 1872spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
    20:34:23.0570 1872spldr - ok
    20:34:23.0609 1872Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
    20:34:23.0618 1872Spooler - ok
    20:34:23.0660 1872srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
    20:34:23.0671 1872srv - ok
    20:34:23.0687 1872srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
    20:34:23.0690 1872srv2 - ok
    20:34:23.0710 1872srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
    20:34:23.0722 1872srvnet - ok
    20:34:23.0755 1872SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
    20:34:23.0765 1872SSDPSRV - ok
    20:34:23.0802 1872SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
    20:34:23.0813 1872SstpSvc - ok
    20:34:23.0858 1872stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
    20:34:23.0873 1872stisvc - ok
    20:34:23.0895 1872swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
    20:34:23.0896 1872swenum - ok
    20:34:23.0951 1872swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
    20:34:23.0969 1872swprv - ok
    20:34:23.0985 1872Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
    20:34:23.0987 1872Symc8xx - ok
    20:34:24.0000 1872Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
    20:34:24.0002 1872Sym_hi - ok
    20:34:24.0017 1872Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
    20:34:24.0019 1872Sym_u3 - ok
    20:34:24.0086 1872SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
    20:34:24.0103 1872SysMain - ok
    20:34:24.0138 1872TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
    20:34:24.0143 1872TabletInputService - ok
    20:34:24.0191 1872TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
    20:34:24.0212 1872TapiSrv - ok
    20:34:24.0234 1872TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
    20:34:24.0240 1872TBS - ok
    20:34:24.0358 1872Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
    20:34:24.0407 1872Tcpip - ok
    20:34:24.0657 1872Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
    20:34:24.0678 1872Tcpip6 - ok
    20:34:24.0816 1872tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
    20:34:24.0819 1872tcpipreg - ok
    20:34:24.0832 1872TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
    20:34:24.0833 1872TDPIPE - ok
    20:34:24.0841 1872TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
    20:34:24.0843 1872TDTCP - ok
    20:34:24.0874 1872tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
    20:34:24.0878 1872tdx - ok
    20:34:24.0909 1872TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
    20:34:24.0911 1872TermDD - ok
    20:34:24.0960 1872TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
    20:34:24.0976 1872TermService - ok
    20:34:25.0017 1872Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
    20:34:25.0021 1872Themes - ok
    20:34:25.0038 1872THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
    20:34:25.0040 1872THREADORDER - ok
    20:34:25.0072 1872TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
    20:34:25.0084 1872TrkWks - ok
    20:34:25.0130 1872TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
    20:34:25.0131 1872TrustedInstaller - ok
    20:34:25.0159 1872tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:34:25.0160 1872tssecsrv - ok
    20:34:25.0171 1872tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
    20:34:25.0173 1872tunmp - ok
    20:34:25.0198 1872tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
    20:34:25.0199 1872tunnel - ok
    20:34:25.0208 1872uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
    20:34:25.0210 1872uagp35 - ok
    20:34:25.0232 1872UBHelper (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
    20:34:25.0233 1872UBHelper - ok
    20:34:25.0274 1872udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
    20:34:25.0281 1872udfs - ok
    20:34:25.0319 1872UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
    20:34:25.0322 1872UI0Detect - ok
    20:34:25.0338 1872uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
    20:34:25.0340 1872uliagpkx - ok
    20:34:25.0370 1872uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
    20:34:25.0378 1872uliahci - ok
    20:34:25.0401 1872UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
    20:34:25.0413 1872UlSata - ok
    20:34:25.0438 1872ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
    20:34:25.0449 1872ulsata2 - ok
    20:34:25.0491 1872umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
    20:34:25.0492 1872umbus - ok
    20:34:25.0523 1872upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
    20:34:25.0538 1872upnphost - ok
    20:34:25.0579 1872usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:34:25.0585 1872usbccgp - ok
    20:34:25.0606 1872usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
    20:34:25.0608 1872usbcir - ok
    20:34:25.0630 1872usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
    20:34:25.0632 1872usbehci - ok
    20:34:25.0675 1872usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
    20:34:25.0683 1872usbhub - ok
    20:34:25.0705 1872usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
    20:34:25.0707 1872usbohci - ok
    20:34:25.0736 1872usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
    20:34:25.0739 1872usbprint - ok
    20:34:25.0775 1872usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
    20:34:25.0776 1872usbscan - ok
    20:34:25.0807 1872USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:34:25.0809 1872USBSTOR - ok
    20:34:25.0836 1872usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
    20:34:25.0838 1872usbuhci - ok
    20:34:25.0869 1872UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
    20:34:25.0872 1872UxSms - ok
    20:34:25.0931 1872vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
    20:34:25.0940 1872vds - ok
    20:34:25.0949 1872vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:34:25.0951 1872vga - ok
    20:34:25.0967 1872VgaSave (b83ab16b51feda65dd81b8c59d114d63)

    C:\Windows\System32\drivers\vga.sys
    20:34:25.0969 1872VgaSave - ok
    20:34:25.0986 1872viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
    20:34:25.0988 1872viaide - ok
    20:34:26.0018 1872volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
    20:34:26.0020 1872volmgr - ok
    20:34:26.0065 1872volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
    20:34:26.0075 1872volmgrx - ok
    20:34:26.0113 1872volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
    20:34:26.0121 1872volsnap - ok
    20:34:26.0150 1872vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
    20:34:26.0162 1872vsmraid - ok
    20:34:26.0275 1872VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
    20:34:26.0318 1872VSS - ok
    20:34:26.0483 1872W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
    20:34:26.0505 1872W32Time - ok
    20:34:26.0558 1872WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
    20:34:26.0560 1872WacomPen - ok
    20:34:26.0593 1872Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    20:34:26.0598 1872Wanarp - ok
    20:34:26.0605 1872Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
    20:34:26.0607 1872Wanarpv6 - ok
    20:34:26.0662 1872wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
    20:34:26.0676 1872wcncsvc - ok
    20:34:26.0705 1872WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
    20:34:26.0709 1872WcsPlugInService - ok
    20:34:26.0727 1872Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
    20:34:26.0729 1872Wd - ok
    20:34:26.0796 1872Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
    20:34:26.0827 1872Wdf01000 - ok
    20:34:26.0856 1872WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    20:34:26.0870 1872WdiServiceHost - ok
    20:34:26.0875 1872WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
    20:34:26.0879 1872WdiSystemHost - ok
    20:34:26.0918 1872WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
    20:34:26.0927 1872WebClient - ok
    20:34:26.0961 1872Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
    20:34:26.0970 1872Wecsvc - ok
    20:34:26.0994 1872wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
    20:34:26.0999 1872wercplsupport - ok
    20:34:27.0019 1872WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
    20:34:27.0031 1872WerSvc - ok
    20:34:27.0066 1872WinDefend - ok
    20:34:27.0078 1872WinHttpAutoProxySvc - ok
    20:34:27.0136 1872Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
    20:34:27.0147 1872Winmgmt - ok
    20:34:27.0337 1872WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
    20:34:27.0405 1872WinRM - ok
    20:34:27.0616 1872Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
    20:34:27.0640 1872Wlansvc - ok
    20:34:27.0676 1872WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
    20:34:27.0679 1872WmiAcpi - ok
    20:34:27.0770 1872wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
    20:34:27.0785 1872wmiApSrv - ok
    20:34:27.0830 1872WMPNetworkSvc - ok
    20:34:27.0883 1872WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
    20:34:27.0892 1872WPCSvc - ok
    20:34:27.0931 1872WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
    20:34:27.0941 1872WPDBusEnum - ok
    20:34:27.0980 1872WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
    20:34:27.0982 1872WpdUsb - ok
    20:34:28.0132 1872WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    20:34:28.0152 1872WPFFontCache_v0400 - ok
    20:34:28.0182 1872ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
    20:34:28.0183 1872ws2ifsl - ok
    20:34:28.0210 1872wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
    20:34:28.0224 1872wscsvc - ok
    20:34:28.0229 1872WSearch - ok
    20:34:28.0297 1872WSVD (339d31047af8bdf960142d88a30d0b29) C:\Windows\system32\drivers\WSVD.sys
    20:34:28.0300 1872WSVD - ok
    20:34:28.0461 1872wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
    20:34:28.0537 1872wuauserv - ok
    20:34:28.0664 1872WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:34:28.0667 1872WUDFRd - ok
    20:34:28.0682 1872wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
    20:34:28.0689 1872wudfsvc - ok
    20:34:28.0769 1872XG762_VS (aec505976ef01bbd8f57cba912f39259) C:\Windows\system32\DRIVERS\WlanGZG.sys
    20:34:28.0796 1872XG762_VS - ok
    20:34:28.0855 1872MBR (0x1B8) (2a080142f24453c8922b5dafd5af0874) \Device\Harddisk0\DR0
    20:34:28.0883 1872\Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
    20:34:28.0884 1872\Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    20:34:28.0894 1872MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    20:34:28.0946 1872\Device\Harddisk1\DR1 - ok
    20:34:28.0983 1872Boot (0x1200) (5aeabd846252594b6047d0aa0a7ea8db) \Device\Harddisk0\DR0\Partition0
    20:34:28.0984 1872\Device\Harddisk0\DR0\Partition0 - ok
    20:34:29.0010 1872Boot (0x1200) (a83c397280dafa2170148803f2d745be) \Device\Harddisk0\DR0\Partition1
    20:34:29.0012 1872\Device\Harddisk0\DR0\Partition1 - ok
    20:34:29.0019 1872Boot (0x1200) (efd75ed6fcf2b1e282f2a1883faaab2f) \Device\Harddisk1\DR1\Partition0
    20:34:29.0021 1872\Device\Harddisk1\DR1\Partition0 - ok
    20:34:29.0022 1872============================================================
    20:34:29.0022 1872Scan finished
    20:34:29.0022 1872============================================================
    20:34:29.0044 0352Detected object count: 1
    20:34:29.0044 0352Actual detected object count: 1
    20:34:58.0183 0352\Device\Harddisk0\DR0\# - copied to quarantine
    20:34:58.0184 0352\Device\Harddisk0\DR0 - copied to quarantine
    20:34:58.0213 0352\Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
    20:34:58.0215 0352\Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
    20:34:58.0244 0352\Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    20:34:58.0246 0352\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    20:34:58.0249 0352\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    20:34:58.0261 0352\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    20:34:58.0268 0352\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    20:34:58.0341 0352\Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    20:34:58.0346 0352\Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    20:34:58.0348 0352\Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
    20:34:58.0349 0352\Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
    20:34:58.0383 0352\Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
    20:34:58.0384 0352\Device\Harddisk0\DR0 - ok
    20:34:58.0608 0352\Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
    20:35:23.0288 3664Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Very good :)

    Is AVG still complaining?

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. Veets

    Veets TS Rookie Topic Starter

    The AVG scan came back with no threats detected.

    ComboFix 12-06-14.01 - Vittorio 06/14/2012 20:32:01.1.2 - x64
    Running from: c:\users\Vittorio\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-14 00:34 . 2012-06-14 00:34--------d-----w-C:\TDSSKiller_Quarantine
    2012-06-13 03:51 . 2012-06-13 03:51--------d-----w-c:\users\Vittorio\AppData\Roaming\Malwarebytes
    2012-06-13 03:50 . 2012-06-13 03:51--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-06-13 03:50 . 2012-06-13 03:50--------d-----w-c:\programdata\Malwarebytes
    2012-06-13 03:50 . 2012-04-04 19:5624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-13 02:08 . 2012-06-13 02:09--------d-----w-c:\users\Vittorio\AppData\Roaming\Ad-Aware Antivirus
    2012-06-05 01:16 . 2012-06-05 01:16--------d-----w-c:\programdata\IObit
    2012-06-05 00:54 . 2012-06-05 00:54--------d-----w-c:\users\Default\AppData\Local\Google
    2012-05-16 01:44 . 2012-03-30 12:451423744----a-w-c:\windows\system32\drivers\tcpip.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-19 08:50 . 2012-04-19 08:5028480----a-w-c:\windows\system32\drivers\avgidsha.sys
    2012-03-19 09:17 . 2012-03-19 09:17383808----a-w-c:\windows\system32\drivers\avgtdia.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 06:38121392----a-w-c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Syncplicity"="c:\program files\Syncplicity\Syncplicity.exe" [2011-11-03 689664]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-01 39408]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-16 11921064]
    "MusicManager"="c:\users\Vittorio\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SiteAdvisor"="c:\program files (x86)\SiteAdvisor\6172\SiteAdv.exe" [2007-08-24 36640]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "PDFHook"="c:\program files (x86)\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-24 2080768]
    "PDF6 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 6\RegistryController.exe" [2009-06-30 111904]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 22:14]
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 22:14]
    .
    2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4276029816-3923807344-3762223726-1000Core.job
    - c:\users\Vittorio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 02:48]
    .
    2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4276029816-3923807344-3762223726-1000UA.job
    - c:\users\Vittorio\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 02:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-03-05 06:3951248----a-w-c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-05-16 21:53754712----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-05-16 21:53754712----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-05-16 21:53754712----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-05-16 21:53754712----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
    @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
    [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
    2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
    @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
    [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
    2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
    @="{A759AFF6-5851-457D-A540-F4ECED148351}"
    [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
    2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
    @="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
    [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
    2012-03-19 20:23463952----a-w-c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Folder)]
    @="{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}"
    [HKEY_CLASSES_ROOT\CLSID\{02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1}]
    2011-11-03 16:3146080----a-w-c:\program files\Syncplicity\SyncplicityShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Fully Synced)]
    @="{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}"
    [HKEY_CLASSES_ROOT\CLSID\{CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1}]
    2011-11-03 16:3146080----a-w-c:\program files\Syncplicity\SyncplicityShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Not Latest Version)]
    @="{284C090F-EB1D-4A6E-872E-6DB72E417E24}"
    [HKEY_CLASSES_ROOT\CLSID\{284C090F-EB1D-4A6E-872E-6DB72E417E24}]
    2011-11-03 16:3146080----a-w-c:\program files\Syncplicity\SyncplicityShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Syncplicity Icon Overlay (Shared Folder)]
    @="{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}"
    [HKEY_CLASSES_ROOT\CLSID\{3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC}]
    2011-11-03 16:3146080----a-w-c:\program files\Syncplicity\SyncplicityShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
    "EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
    "eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-03-05 560688]
    "RtHDVCpl"="RAVCpl64.exe" [2008-03-26 6150656]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://en.us.acer.yahoo.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\Vittorio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Open with Nuance PDF Converter 6.0 - c:\program files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll /100
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    TCP: DhcpNameServer = 192.168.1.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Vittorio\AppData\Roaming\Mozilla\Firefox\Profiles\9tn0evzh.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - google.com/ig
    FF - prefs.js: network.proxy.type - 0
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
    AddRemove-Photo-Objects 50,000 Premium Image Collection - c:\program files (x86)\Hemera Photo-Objects 50
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4276029816-3923807344-3762223726-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**%R%ë*]
    @Class="Shell"
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2012-06-14 20:46:37
    ComboFix-quarantined-files.txt 2012-06-15 00:46
    .
    Pre-Run: 100,493,590,528 bytes free
    Post-Run: 100,682,940,416 bytes free
    .
    - - End Of File - - 30C4AA61FFCDA9ADA1BC3869E68A115B
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    Any current issues?

    You can reinstall AVG now.

    Next....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. Veets

    Veets TS Rookie Topic Starter

    Ooops. I never uninstalled AVG. I didnt have any issue running combofix.

    I used to get a bunch of errors on startup saying that numerous programs/processes stopped or closed. I guess those errors were attributable to this because I haven't gotten any after the last couple reboots.

    OTL logfile created on: 6/14/2012 9:49:20 PM - Run 1
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Vittorio\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 46.16% Memory free
    7.72 Gb Paging File | 5.54 Gb Available in Paging File | 71.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.79 Gb Total Space | 93.81 Gb Free Space | 67.11% Space Free | Partition Type: NTFS
    Drive D: | 139.80 Gb Total Space | 33.49 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
    Drive G: | 999.63 Mb Total Space | 501.34 Mb Free Space | 50.15% Space Free | Partition Type: FAT

    Computer Name: VITTORIO-PC | User Name: Vittorio | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/14 21:44:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Vittorio\Desktop\OTL.exe
    PRC - [2012/04/09 16:04:32 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2012/04/09 16:02:52 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
    PRC - [2012/04/09 14:53:32 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/02/26 05:49:27 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/10/27 21:05:41 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2011/10/27 21:05:40 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2009/07/24 08:53:42 | 002,080,768 | R--- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe
    PRC - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe
    PRC - [2008/04/30 16:33:56 | 000,341,280 | ---- | M] () -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe
    PRC - [2008/03/05 02:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/03/05 02:38:30 | 000,454,704 | ---- | M] (Egis inc.) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/04/09 16:03:54 | 000,125,800 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
    MOD - [2012/04/09 16:03:48 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.DLL
    MOD - [2012/04/09 16:03:30 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
    MOD - [2012/04/09 16:03:02 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
    MOD - [2012/04/09 16:03:00 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
    MOD - [2012/04/09 16:02:58 | 000,348,008 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
    MOD - [2005/07/20 00:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/04/25 16:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV:64bit: - [2008/01/29 15:25:30 | 000,920,064 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
    SRV:64bit: - [2008/01/29 15:24:52 | 000,193,024 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
    SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/12/10 23:11:00 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
    SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/04/09 14:53:32 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/02/26 05:49:27 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/10/27 21:05:40 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/08 14:25:28 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/30 16:49:06 | 000,134,944 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 6\PDFProFiltSrv.exe -- (PDFProFiltSrv)
    SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/04/30 16:33:56 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe -- (SiteAdvisor Service)
    SRV - [2008/03/05 02:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/10/28 18:33:25 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/08/18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
    DRV:64bit: - [2011/07/28 22:46:10 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WlanGZG.sys -- (XG762_VS)
    DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2008/07/29 04:47:00 | 001,075,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrxusb.sys -- (athrusb)
    DRV:64bit: - [2008/04/21 20:49:00 | 000,054,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2008/03/05 02:39:22 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
    DRV:64bit: - [2008/03/05 02:39:22 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
    DRV:64bit: - [2008/03/05 02:39:20 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
    DRV:64bit: - [2008/01/30 20:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2008/01/30 20:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2007/12/16 17:58:12 | 000,116,584 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSVD.sys -- (WSVD)
    DRV - [2011/09/19 20:59:52 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2008/04/25 16:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\SearchScopes,DefaultScope = {7F790FB3-5AF2-4C76-B73A-DDD389DAAC78}
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\SearchScopes\{7F790FB3-5AF2-4C76-B73A-DDD389DAAC78}: "URL" = http://www.google.com/search?q={sea...oft:en-US&ie=utf8&oe=utf8&rlz=1I7ADFA_enUS472
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-acer
    IE - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "google.com/ig"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll (Zeon Corporation)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Vittorio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Vittorio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/12 22:12:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/06/14 20:03:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/22 20:37:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/06/14 20:03:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/23 21:43:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/03 19:40:20 | 000,000,000 | ---D | M]

    [2011/08/08 19:09:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vittorio\AppData\Roaming\Mozilla\Extensions
    [2012/06/08 07:06:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vittorio\AppData\Roaming\Mozilla\Firefox\Profiles\9tn0evzh.default\extensions
    [2011/10/07 20:46:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Vittorio\AppData\Roaming\Mozilla\Firefox\Profiles\9tn0evzh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2011/09/06 22:57:55 | 000,003,739 | ---- | M] () -- C:\Users\Vittorio\AppData\Roaming\Mozilla\Firefox\Profiles\9tn0evzh.default\searchplugins\avg-secure-search.xml
    [2012/01/29 21:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/01/29 21:52:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    [2011/09/19 21:09:18 | 000,166,004 | ---- | M] () (No name found) -- C:\USERS\VITTORIO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9TN0EVZH.DEFAULT\EXTENSIONS\{A64F9D1E-FA5E-11DA-A187-6B94C2ED2B83}.XPI
    [2012/01/23 21:43:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/01/29 21:51:43 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/01/23 21:43:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/23 21:43:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: 20-20 3D Viewer for IKEA (Enabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\NP_2020Player_IKEA.dll
    CHR - plugin: Intel(R) Threading Building Blocks for Windows (Enabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbb.dll
    CHR - plugin: Intel(R) Threading Building Blocks for Windows (Enabled) = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbjlpbcjbhgeeloohnpbcfblhnkhffm\5.0.93.0_0\tbbmalloc.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Professional 6\bin\nppdf.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Shortcuts for Google\u2122 = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd\1.6.4.0_0\
    CHR - Extension: Web Developer = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.3.1_0\
    CHR - Extension: Teambox = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.1.3_0\
    CHR - Extension: YouTube = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: SiteAdvisor = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
    CHR - Extension: Rapportive = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin\1.2.6_0\
    CHR - Extension: Google +1 Button = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
    CHR - Extension: AVG Safe Search = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
    CHR - Extension: Zoho CRM = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigppphkaknhndejgcmckacpipcioacn\1.1.1_0\
    CHR - Extension: HootSuite = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij\5.244_0\
    CHR - Extension: AVG Do Not Track = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
    CHR - Extension: Lovely Charts = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhlgmfplghldoenkoigffhhlkahnjkh\1.0_0\
    CHR - Extension: TabCloud = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof\1.15_0\
    CHR - Extension: Todo.ly = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhefmbclkekanpjjpkbciloojcmpkap\2_0\
    CHR - Extension: imo instant messenger = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocaebkdojpikfmhmnekiflipcicedobi\1.3_0\
    CHR - Extension: Google Calendar Checker (by Google) = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\1.2.2_0\
    CHR - Extension: Gmail = C:\Users\Vittorio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2011/11/29 22:48:26 | 000,000,755 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 6\bin\ZeonIEFavClient.dll (Zeon Corporation)
    O3:64bit: - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3:64bit: - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
    O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
    O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDF6 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 6\RegistryController.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Professional 6\PdfPro6Hook.exe (Nuance Communications, Inc.)
    O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
    O4 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000..\Run: [MusicManager] C:\Users\Vittorio\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
    O4 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000..\Run: [Syncplicity] C:\Program Files\Syncplicity\Syncplicity.exe ()
    O4 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1001..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-4276029816-3923807344-3762223726-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vittorio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 6.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vittorio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Open with Nuance PDF Converter 6.0 - C:\Program Files (x86)\Nuance\PDF Professional 6\cnvres_eng.dll ()
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A377890D-A22F-4E59-AD4D-0319B33E1ED3}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Acer01.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    System Restore Service not available.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/14 21:44:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Vittorio\Desktop\OTL.exe
    [2012/06/14 20:46:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/06/14 20:46:39 | 000,000,000 | ---D | C] -- C:\Users\Vittorio\AppData\Local\temp
    [2012/06/14 20:30:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/14 20:30:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/14 20:30:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/14 20:29:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/06/14 20:29:50 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/14 17:40:06 | 004,557,483 | R--- | C] (Swearware) -- C:\Users\Vittorio\Desktop\ComboFix.exe
    [2012/06/13 20:34:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/06/13 18:32:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Vittorio\Desktop\aswMBR.exe
    [2012/06/13 17:43:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Vittorio\Desktop\dds.scr
    [2012/06/12 23:51:20 | 000,000,000 | ---D | C] -- C:\Users\Vittorio\AppData\Roaming\Malwarebytes
    [2012/06/12 23:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/12 23:50:58 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/12 23:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/12 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/12 22:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/06/12 22:08:27 | 000,000,000 | ---D | C] -- C:\Users\Vittorio\AppData\Roaming\Ad-Aware Antivirus
    [2012/06/04 21:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vittorio\Desktop\TDSSKiller.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/06/14 21:53:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/14 21:44:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Vittorio\Desktop\OTL.exe
    [2012/06/14 21:30:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/14 21:30:09 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/14 21:03:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4276029816-3923807344-3762223726-1000UA.job
    [2012/06/14 21:03:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4276029816-3923807344-3762223726-1000Core.job
    [2012/06/14 18:36:43 | 000,458,391 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/06/14 17:53:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/14 17:39:58 | 004,557,483 | R--- | M] (Swearware) -- C:\Users\Vittorio\Desktop\ComboFix.exe
    [2012/06/14 17:36:53 | 100,404,965 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/06/14 17:30:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
    [2012/06/14 17:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/13 20:33:25 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vittorio\Desktop\TDSSKiller.exe
    [2012/06/13 20:33:11 | 002,108,959 | ---- | M] () -- C:\Users\Vittorio\Desktop\tdsskiller.zip
    [2012/06/13 18:48:00 | 000,000,512 | ---- | M] () -- C:\Users\Vittorio\Desktop\MBR.dat
    [2012/06/13 18:31:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Vittorio\Desktop\aswMBR.exe
    [2012/06/13 18:30:39 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Vittorio\Desktop\boot_cleaner.exe
    [2012/06/13 18:30:24 | 000,044,607 | ---- | M] () -- C:\Users\Vittorio\Desktop\bootkit_remover.zip
    [2012/06/13 00:33:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Vittorio\Desktop\dds.scr
    [2012/06/13 00:02:03 | 000,302,592 | ---- | M] () -- C:\Users\Vittorio\Desktop\cyhex6kh.exe
    [2012/06/12 23:51:00 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/12 22:48:16 | 000,337,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/12 22:33:12 | 000,718,136 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/12 22:33:12 | 000,604,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/12 22:33:12 | 000,103,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/12 22:31:12 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/06/12 22:12:44 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/06/12 22:08:00 | 000,034,764 | ---- | M] () -- C:\Users\Vittorio\AppData\Local\dt.dat
    [2012/06/12 20:03:15 | 590,182,503 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/06/05 20:52:08 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/06/05 20:52:08 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012/06/04 21:41:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2012/05/26 17:51:34 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2012/05/26 10:06:12 | 000,002,062 | ---- | M] () -- C:\Users\Vittorio\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
     
  11. Veets

    Veets TS Rookie Topic Starter

    ========== Files Created - No Company Name ==========

    [2012/06/14 20:30:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/14 20:30:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/14 20:30:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/14 20:30:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/14 20:30:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/13 20:33:18 | 002,108,959 | ---- | C] () -- C:\Users\Vittorio\Desktop\tdsskiller.zip
    [2012/06/13 18:48:00 | 000,000,512 | ---- | C] () -- C:\Users\Vittorio\Desktop\MBR.dat
    [2012/06/13 18:30:29 | 000,044,607 | ---- | C] () -- C:\Users\Vittorio\Desktop\bootkit_remover.zip
    [2012/06/13 00:14:08 | 000,302,592 | ---- | C] () -- C:\Users\Vittorio\Desktop\cyhex6kh.exe
    [2012/06/12 23:51:00 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/12 22:08:00 | 000,034,764 | ---- | C] () -- C:\Users\Vittorio\AppData\Local\dt.dat
    [2012/06/10 09:46:43 | 590,182,503 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/06/04 21:41:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
    [2011/10/10 22:25:46 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\LFFPX7.DLL
    [2011/10/10 22:25:46 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\LFKODAK.DLL
    [2011/10/10 22:25:46 | 000,088,576 | ---- | C] () -- C:\Windows\SysWow64\lffpx90n.dll
    [2011/10/10 22:25:12 | 000,000,280 | ---- | C] () -- C:\Windows\_delis32.ini
    [2011/10/05 21:50:21 | 000,017,920 | ---- | C] () -- C:\Users\Vittorio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/03 21:54:42 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011/10/03 21:54:42 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/09/19 16:46:48 | 000,000,600 | ---- | C] () -- C:\Users\Vittorio\AppData\Roaming\winscp.rnd
    [2011/09/13 17:49:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/08/25 21:49:02 | 000,004,096 | -H-- | C] () -- C:\Users\Vittorio\AppData\Local\keyfile3.drm
    [2011/08/08 19:09:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/07/29 23:08:43 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2011/07/29 23:08:02 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2011/07/29 23:07:07 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2011/07/29 23:06:25 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2011/07/28 22:56:11 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/07/28 22:32:30 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
    [2011/07/28 22:32:30 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

    ========== LOP Check ==========

    [2008/04/30 16:41:16 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Acer GameZone Console
    [2011/07/28 22:26:11 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Acer
    [2008/04/30 16:41:16 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Acer GameZone Console
    [2012/06/12 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Ad-Aware Antivirus
    [2011/09/06 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\AVG2012
    [2011/10/04 20:30:42 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Canon
    [2011/09/27 22:51:23 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\CoreFTP
    [2012/06/04 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\DAEMON Tools Lite
    [2011/10/07 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\DVDVideoSoft
    [2011/10/07 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/09/19 16:40:29 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\GlobalSCAPE
    [2012/06/04 21:56:47 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\IObit
    [2011/07/28 22:26:11 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Leadertech
    [2011/10/28 18:55:17 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Nuance
    [2011/09/20 21:58:16 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\OpenOffice.org
    [2012/04/24 23:28:58 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\PandoraRecovery
    [2001/01/02 00:08:00 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Scribus
    [2011/10/28 18:53:41 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Zeon
    [2012/06/13 21:47:41 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/11/18 22:53:50 | 000,012,234 | ---- | M] () -- C:\aaw7boot.log
    [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/04/30 00:55:47 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/11/18 23:50:07 | 000,000,090 | ---- | M] () -- C:\CLMS.log
    [2012/06/14 20:46:37 | 000,016,421 | ---- | M] () -- C:\ComboFix.txt
    [2011/11/18 23:52:41 | 000,000,090 | ---- | M] () -- C:\Creator.log
    [2011/07/28 22:28:04 | 000,000,173 | ---- | M] () -- C:\eRyInfo.dat
    [2011/11/18 23:47:24 | 000,000,090 | ---- | M] () -- C:\MDisc.log
    [2011/11/18 23:48:10 | 000,000,090 | ---- | M] () -- C:\MDR.log
    [2012/06/14 17:30:04 | 043,638,783 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/18 23:51:31 | 000,000,090 | ---- | M] () -- C:\PnR.log
    [2011/11/18 23:52:08 | 000,000,090 | ---- | M] () -- C:\PSD.log
    [2008/04/30 16:18:18 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
    [2011/11/18 23:49:01 | 000,000,090 | ---- | M] () -- C:\SDMA.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 11:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 11:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 11:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/07/30 15:37:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2006/10/19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
    [2006/10/19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/11/29 22:45:11 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/29 21:07:07 | 000,000,344 | -HS- | M] () -- C:\Users\Vittorio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/13 18:31:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Vittorio\Desktop\aswMBR.exe
    [2012/06/13 18:30:39 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Vittorio\Desktop\boot_cleaner.exe
    [2012/06/14 17:39:58 | 004,557,483 | R--- | M] (Swearware) -- C:\Users\Vittorio\Desktop\ComboFix.exe
    [2012/06/13 00:02:03 | 000,302,592 | ---- | M] () -- C:\Users\Vittorio\Desktop\cyhex6kh.exe
    [2012/06/14 21:44:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Vittorio\Desktop\OTL.exe
    [2012/06/13 20:33:25 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vittorio\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/14 17:53:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/14 21:53:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/14 21:03:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4276029816-3923807344-3762223726-1000Core.job
    [2012/06/14 21:03:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4276029816-3923807344-3762223726-1000UA.job
    [2012/06/14 17:30:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/13 21:47:41 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/07/28 22:25:46 | 000,000,402 | -HS- | M] () -- C:\Users\Vittorio\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/10/28 18:41:53 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    < End of report >

    OTL Extras logfile created on: 6/14/2012 9:49:20 PM - Run 1
    OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Vittorio\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 46.16% Memory free
    7.72 Gb Paging File | 5.54 Gb Available in Paging File | 71.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.79 Gb Total Space | 93.81 Gb Free Space | 67.11% Space Free | Partition Type: NTFS
    Drive D: | 139.80 Gb Total Space | 33.49 Gb Free Space | 23.96% Space Free | Partition Type: NTFS
    Drive G: | 999.63 Mb Total Space | 501.34 Mb Free Space | 50.15% Space Free | Partition Type: FAT

    Computer Name: VITTORIO-PC | User Name: Vittorio | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hta[@ = HemeraThumbnail.Archive] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hta [@ = HemeraThumbnail.Archive] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 9F 3E 74 96 D6 4E CC 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1AFADD18-50F5-4D79-81BB-68B9E5BF123C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{42B60398-9A4A-4BF7-9C16-9A46F6C6EEB5}" = rport=445 | protocol=6 | dir=out | app=system |
    "{45CC76B6-FE50-4AE9-8A1C-A582A862BE3D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{58BCB75D-7111-4D81-B5A1-765FAB79EBBD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{77A949D9-FDC4-4AFC-8C1F-4480BBABB9EB}" = lport=138 | protocol=17 | dir=in | app=system |
    "{7C99A09C-6EA0-4279-9BDD-1D334EA30A64}" = rport=137 | protocol=17 | dir=out | app=system |
    "{888F98E3-2884-4A87-93C8-3DE33F92BC7E}" = rport=139 | protocol=6 | dir=out | app=system |
    "{9A4B2529-6DC8-4F52-876B-64559AA97F7D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{AEFD06A7-2546-4D09-870A-46F0042DEE17}" = lport=139 | protocol=6 | dir=in | app=system |
    "{F19CA498-DED9-4F26-AB68-517705EF401B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0F1F034E-FC52-46EF-9619-179E93E39942}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{10BACE6D-90FE-4DFC-BFFE-DDBEBF5DF2E2}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{1C58B2B4-FF0A-452B-AC83-8630D07968D7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{245A40B0-237C-4BDE-ACD4-98A05EF7102B}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{37A4F5C9-302A-4AEB-8FDC-F6F02AF72986}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{3826B0F8-B79D-4684-8CE0-FC2D8B60F0E4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{40791F3A-66CA-4409-A8C5-C6A6806B4744}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{45706D98-6FDA-491A-85BF-742F7DE459D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{4C420268-19FF-42AA-80D5-1178C0CCB0FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{4E3C35BF-6832-4981-88C2-A4118BB49475}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{513EE733-49FE-4605-9C6C-21071623B76A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{58DF3C85-44B0-4A5B-8DAF-48299E7EC555}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{5A29AEAA-025B-4FEF-A2CA-D6926CC1541E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{5E0CF3C8-B143-4B37-A56F-2B280187DAA3}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{68831DAA-203F-4B92-92A6-A3F7048B340D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{769A5FBE-EC5B-4206-B70B-CA6BE96EF2A6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{889EAC97-F3FC-497D-912E-D2B65ED026C0}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{9092F413-B54E-450A-8168-C8D51B47E4A7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{924BA778-50D5-4080-B7C3-32D698B694B6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A27BB373-E9F0-435A-88B8-208E74A27687}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{A5DFC901-FD7E-4462-85F9-19D23133C861}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{A95EE3CF-CA14-4577-9ABA-A9B0CF00F1D0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{AA21433D-B8A8-423D-8C18-1017B585AFA1}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{ABE288C8-1910-4F4D-BC02-7317D6D99DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{CD5F71D9-7590-45B9-95DE-A4C5CD9FFB69}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{CDBA5C14-758F-4120-B649-1F032263478D}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{E302615F-6C85-4B39-854C-C92BB0B9F37D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{ED30777F-DF4A-4B3B-84ED-188093B9FBB6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{13471520-D60E-405E-BF84-346E6255F6EE}" = Nuance PDF Professional 6
    "{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{983B6776-EDF8-4D0C-9030-53A01CF70610}" = Syncplicity
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
    "AVG" = AVG 2012
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
    "{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{5542B6FC-191D-4D38-A4AF-BED6451A038B}" = Google Drive
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
    "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "CoreFTP" = Core FTP LE
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "PandoraRecovery" = PandoraRecovery (Remove Only)
    "Photo-Objects 50,000 Premium Image Collection" = Photo-Objects 50,000 Premium Image Collection
    "Picasa 3" = Picasa 3
    "Scribus 1.4.0" = Scribus 1.4.0
    "SugarSync" = SugarSync Manager
    "Tax Forms Helper 2011_is1" = Tax Forms Helper 2011 10.0
    "winscp3_is1" = WinSCP 4.3.5

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4276029816-3923807344-3762223726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "MusicManager" = Music Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/5/2012 5:22:33 PM | Computer Name = Vittorio-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 6/5/2012 5:22:33 PM | Computer Name = Vittorio-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 6/5/2012 5:22:33 PM | Computer Name = Vittorio-PC | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 6/5/2012 6:12:25 PM | Computer Name = Vittorio-PC | Source = Application Error | ID = 1000
    Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
    0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x75a7a57d, process id 0x9d8, application start time
    0x01cd4368492e4521.

    Error - 6/5/2012 6:12:54 PM | Computer Name = Vittorio-PC | Source = Application Error | ID = 1000
    Description = Faulting application verclsid.exe, version 6.0.6000.16386, time stamp
    0x4549b0f0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x75a7a57d, process id 0x3b4, application start time
    0x01cd43685aff9471.

    Error - 6/5/2012 6:13:25 PM | Computer Name = Vittorio-PC | Source = Application Error | ID = 1000
    Description = Faulting application verclsid.exe, version 6.0.6000.16386, time stamp
    0x4549b0f0, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x75a7a57d, process id 0xd08, application start time
    0x01cd43686d738c61.

    Error - 6/5/2012 10:18:06 PM | Computer Name = Vittorio-PC | Source = Application Error | ID = 1000
    Description = Faulting application chrome.exe, version 19.0.1084.52, time stamp
    0x4fbc2f58, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x75a7a57d, process id 0x17d4, application start time
    0x01cd438a9b8b0431.

    Error - 6/7/2012 10:48:13 PM | Computer Name = Vittorio-PC | Source = Application Error | ID = 1000
    Description = Faulting application regsvr32.exe, version 6.0.6000.16386, time stamp
    0x4549b3c7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x75b6a57d, process id 0x978, application start time
    0x01cd452125519614.

    Error - 6/7/2012 10:48:15 PM | Computer Name = Vittorio-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/7/2012 10:50:28 PM | Computer Name = Vittorio-PC | Source = Application Error | ID = 1000
    Description = Faulting application regsvr32.exe, version 6.0.6000.16386, time stamp
    0x4549b3c7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x75b6a57d, process id 0x144, application start time
    0x01cd452175fc56f4.

    Error - 6/7/2012 10:52:02 PM | Computer Name = Vittorio-PC | Source = Application Error | ID = 1000
    Description = Faulting application regsvr32.exe, version 6.0.6000.16386, time stamp
    0x4549b3c7, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
    code 0xc0000005, fault offset 0x75b6a57d, process id 0x125c, application start time
    0x01cd4521aca1e924.

    [ System Events ]
    Error - 7/30/2011 9:31:36 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 7/30/2011 9:31:36 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 8/1/2011 5:21:31 PM | Computer Name = Vittorio-PC | Source = DCOM | ID = 10005
    Description =

    Error - 8/1/2011 5:21:47 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 8/1/2011 5:21:47 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 8/1/2011 5:21:47 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 8/1/2011 5:34:09 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 8/1/2011 5:57:43 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 8/1/2011 5:57:44 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 8/1/2011 6:06:14 PM | Computer Name = Vittorio-PC | Source = Service Control Manager | ID = 7030
    Description =


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      [2012/06/12 22:09:30 | 000,000,000 | ---D | M] -- C:\Users\Vittorio\AppData\Roaming\Ad-Aware Antivirus
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. Veets

    Veets TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EmpoweringTechnology deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
    C:\Users\Vittorio\AppData\Roaming\Ad-Aware Antivirus\Logs\20120613T020825.882330PID5088 folder moved successfully.
    C:\Users\Vittorio\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
    C:\Users\Vittorio\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Vittorio
    ->Temp folder emptied: 34835 bytes
    ->Temporary Internet Files folder emptied: 5480583 bytes
    ->Java cache emptied: 19535 bytes
    ->FireFox cache emptied: 47434155 bytes
    ->Google Chrome cache emptied: 395395353 bytes
    ->Flash cache emptied: 9450 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 428.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: Vittorio
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: Vittorio
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.48.0 log created on 06142012_223821

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    Results of screen317's Security Check version 0.99.24
    Windows Vista x64 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    McAfee SiteAdvisor
    Java(TM) 6 Update 30
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    ``````````End of Log````````````
    Farbar Service Scanner Version: 09-06-2012
    Ran by Vittorio (administrator) on 14-06-2012 at 22:56:17
    Running from "C:\Users\Vittorio\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll
    [2008-01-20 22:49] - [2008-01-20 22:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcsvc.dll
    [2011-07-29 23:07] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

    C:\Windows\System32\drivers\afd.sys
    [2012-02-16 22:16] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2012-05-15 21:44] - [2012-03-30 08:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E

    C:\Windows\System32\dnsrslvr.dll
    [2011-07-28 23:24] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

    C:\Windows\System32\mpssvc.dll
    [2011-07-29 23:08] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

    C:\Windows\System32\bfe.dll
    [2011-07-29 23:06] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2008-01-20 22:47] - [2008-01-20 22:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

    C:\Windows\System32\vssvc.exe
    [2011-07-29 23:08] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

    C:\Windows\System32\wscsvc.dll
    [2011-07-29 23:06] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

    C:\Windows\System32\wbem\WMIsvc.dll
    [2011-07-29 23:07] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

    C:\Windows\System32\wuaueng.dll
    [2011-07-28 23:04] - [2009-08-06 22:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

    C:\Windows\System32\qmgr.dll
    [2011-07-29 23:08] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

    C:\Windows\System32\es.dll
    [2011-07-29 23:08] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

    C:\Windows\System32\cryptsvc.dll
    [2011-07-29 23:07] - [2009-04-11 03:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

    C:\Program Files\Windows Defender\MpSvc.dll
    [2008-01-20 22:47] - [2008-01-20 22:47] - 0383544 ____A (Microsoft Corporation) 7D2A43E8FDF725A1133F6C6056A72CDC

    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll
    [2011-07-29 23:08] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



    **** End of log ****

    C:\TDSSKiller_Quarantine\13.06.2012_20.34.00\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.06.2012_20.34.00\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.R trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.06.2012_20.34.00\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.ORF trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.06.2012_20.34.00\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.R trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.06.2012_20.34.00\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\13.06.2012_20.34.00\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.A trojan cleaned by deleting - quarantined
    C:\Users\Vittorio\Downloads\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    D:\CCV\Old Website\TMDhosting\public_html\1.zip PHP/Rst.G trojan deleted - quarantined
    D:\CCV\Website\Old Website\TMDhosting\www\1.zip PHP/Rst.G trojan deleted - quarantined
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ==========================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  15. Veets

    Veets TS Rookie Topic Starter

    I no longer get all the errors on startup, but I know get the following error with Google Chrome when it loads.

    Problem signature:
    Problem Event Name:BEX
    Application Name:chrome.exe
    Application Version:19.0.1084.56
    Application Timestamp:4fd04f16
    Fault Module Name:StackHash_fd00
    Fault Module Version:0.0.0.0
    Fault Module Timestamp:00000000
    Exception Offset:001eef4c
    Exception Code:c0000005
    Exception Data:00000008
    OS Version:6.0.6002.2.2.0.768.3
    Locale ID:1033
    Additional Information 1:fd00
    Additional Information 2:ea6f5fe8924aaa756324d57f87834160
    Additional Information 3:fd00
    Additional Information 4:ea6f5fe8924aaa756324d57f87834160

    Here is the OTL log...

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Vittorio
    ->Temp folder emptied: 56793186 bytes
    ->Temporary Internet Files folder emptied: 6694630 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 36856899 bytes
    ->Flash cache emptied: 841 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 5377610 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 50941 bytes

    Total Files Cleaned = 101.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: Vittorio
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    User: Vittorio
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    System Restore Service not available.

    OTL by OldTimer - Version 3.2.48.0 log created on 06182012_221556

    Files\Folders moved on Reboot...
    C:\Users\Vittorio\AppData\Local\Temp\Syncplicity.log moved successfully.

    Registry entries deleted on Reboot...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Uninstall Chrome...

    1. Go to Start > All Programs > Google Chrome > Uninstall Google Chrome.
    2. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete browser data" checkbox.
    3. Select the default browser you'd like to use.
    4. Click OK in the confirmation prompt.
    The uninstall process will begin.
    If you're having problems uninstalling the browser using these methods, try manually uninstalling the browser instead.

    Install fresh copy.
     
  17. Veets

    Veets TS Rookie Topic Starter

    Ok. That cleared up the browser error. From the OTL log it looks like I still need to create a restore point?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    Yes, turn system restore off, restart computer and turn system restore on.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...