Solved Re-Direct Virus (Plomedia, etc) Completed all scans, logs attached

Status
Not open for further replies.
OTL

OTL logfile created on: 3/16/2011 11:20:57 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andreita\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 663.00 Mb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 1800 3200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 18.69 Gb Free Space | 27.18% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.33 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

Computer Name: ANDREITA-LAP | User Name: Andreita | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/24 19:37:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/28 21:50:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/13 19:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/06/13 14:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/06/12 21:50:30 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/25 09:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/04/25 19:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/23 12:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/01/14 17:31:30 | 000,046,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2007/06/12 13:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/27 05:56:00 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/03/28 10:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/09 17:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 19:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



[2011/03/02 10:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreita\AppData\Roaming\Mozilla\Extensions
[2010/05/22 21:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreita\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2008/01/12 20:59:51 | 000,000,000 | ---D | M] (WebMail) -- C:\USERS\ANDREITA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\F7JXI5MM.DEFAULT\EXTENSIONS\{3C8E8390-2CF6-11D9-9669-0800200C9A66}
[2008/01/12 21:01:04 | 000,000,000 | ---D | M] (WebMail - Hotmail) -- C:\USERS\ANDREITA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\F7JXI5MM.DEFAULT\EXTENSIONS\{A6A33690-2C6A-11D9-9669-0800200C9A66}

O1 HOSTS File: ([2011/03/12 22:32:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..Trusted Domains: mlxchange.com ([sef] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} http://sef.mlxchange.com/5.2.06.12571/Control/FileCruiser.cab (FileCruiser Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Agatha%20Christie/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} http://sef.mlxchange.com/5.2.06.12571/Control/Specfile.cab (Specfile Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://sef.mlxchange.com/5.2.06.12571/Control/MLSClientUtils.cab (MLS Client Utils)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} http://sef.mlxchange.com/5.2.06.12571/Control/LiteGrid.cab (LiteGridCtl Class)
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} http://sef.mlxchange.com/5.2.06.12571/Control/IRCWebPrint.cab (IRCWwwPrint Class)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://sef.mlxchange.com/5.2.06.12571/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://sef.mlxchange.com/5.2.06.12571/Control/WebDog.cab (Cerebus Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} http://sef.mlxchange.com/5.2.06.12571/Control/AspCustomCtrls.cab (DropList Class)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.182.32.146 65.182.32.35
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Andreita\Pictures\Crusero\P4050162.JPG
O24 - Desktop BackupWallPaper: C:\Users\Andreita\Pictures\Crusero\P4050162.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/16 23:10:13 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Andreita\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/16 13:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/03/16 13:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/03/15 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Andreita\Desktop\Virus
[2011/03/15 14:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/15 13:45:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/15 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\Andreita\Documents\Andrea Archive
[2011/03/15 12:02:16 | 000,000,000 | ---D | C] -- C:\Users\Andreita\Documents\Real Estate
[2011/03/15 11:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2011/03/15 11:41:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/03/15 11:41:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/03/15 11:40:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/03/15 11:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/03/15 10:58:46 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\Lexmark Productivity Studio
[2011/03/15 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2011/03/15 10:53:02 | 000,000,000 | ---D | C] -- C:\logs
[2011/03/15 10:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/03/15 10:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2500 Series
[2011/03/15 10:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2500 Series
[2011/03/15 10:46:54 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2011/03/15 10:46:54 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2011/03/15 10:46:54 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2011/03/15 10:46:54 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2011/03/15 10:46:53 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2011/03/15 10:46:53 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2011/03/15 10:46:53 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2011/03/15 10:46:53 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2011/03/15 10:46:53 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2011/03/15 10:46:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2011/03/15 10:46:53 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2011/03/15 10:46:52 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2011/03/15 10:46:52 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2011/03/15 10:46:52 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2011/03/15 10:46:52 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[2011/03/15 10:44:08 | 000,000,000 | ---D | C] -- C:\drivers
[2011/03/15 10:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/15 09:42:44 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\Windows Live
[2011/03/15 01:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/15 01:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2011/03/14 22:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/03/14 19:00:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/14 19:00:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/14 19:00:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/14 17:43:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/14 15:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/14 15:18:03 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/03/14 14:30:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/03/13 23:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/03/13 21:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/03/13 18:29:35 | 000,000,000 | ---D | C] -- C:\_OTL(19)
[2011/03/13 16:04:27 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\NOS
[2011/03/13 13:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/13 12:51:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/13 11:31:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
[2011/03/12 22:43:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/12 22:43:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/12 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\temp
[2011/03/12 22:11:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/12 22:11:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/12 22:11:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/12 22:10:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/12 22:10:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/12 22:10:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/05 17:04:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/04 21:39:35 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\AVG9
[2011/03/02 10:28:26 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\offsync
[2011/03/02 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\Starfield
[2011/02/25 20:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/25 09:25:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/02/24 19:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/02/24 19:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/02/24 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\Malwarebytes
[2007/09/25 08:18:57 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/09/25 08:14:32 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/09/25 08:14:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/08/13 00:40:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/08/12 23:36:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

========== Files - Modified Within 30 Days ==========

[2011/03/16 23:17:09 | 004,288,660 | R--- | M] () -- C:\Users\Andreita\Desktop\ComboFix.exe
[2011/03/16 23:10:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Andreita\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/16 23:01:16 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/16 23:01:16 | 000,108,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/16 22:56:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/16 22:55:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/16 22:55:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/16 22:25:12 | 001,006,764 | ---- | M] () -- C:\Users\Andreita\Desktop\rkill.scr
[2011/03/15 16:50:30 | 000,326,999 | ---- | M] () -- C:\Users\Andreita\Documents\WestonBusinesses.pdf
[2011/03/15 11:55:48 | 000,256,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/15 10:53:24 | 000,061,773 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/03/15 10:07:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/15 10:06:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/14 16:21:25 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
[2011/03/12 22:32:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/10 16:30:06 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/03/05 01:01:42 | 000,000,947 | ---- | M] () -- C:\Users\Andreita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/25 10:24:30 | 000,073,728 | ---- | M] () -- C:\Windows\System32\APISlice_AVG_RESTORED.dll
[2011/02/25 10:24:29 | 000,073,728 | ---- | M] () -- C:\Windows\System32\APISlice.dll
[2011/02/19 14:40:02 | 000,000,119 | -H-- | M] () -- C:\Users\Andreita\Documents\.~lock.michelleq.odt#
[2011/02/19 14:34:18 | 000,000,119 | -H-- | M] () -- C:\Users\Andreita\Documents\.~lock.Andreita carta Emmaus.odt#

========== Files Created - No Company Name ==========

[2011/03/16 23:17:09 | 004,288,660 | R--- | C] () -- C:\Users\Andreita\Desktop\ComboFix.exe
[2011/03/16 22:25:12 | 001,006,764 | ---- | C] () -- C:\Users\Andreita\Desktop\rkill.scr
[2011/03/15 23:27:42 | 001,049,814 | ---- | C] () -- C:\Users\Andreita\Documents\pic.bmp
[2011/03/15 16:50:30 | 000,326,999 | ---- | C] () -- C:\Users\Andreita\Documents\WestonBusinesses.pdf
[2011/03/15 11:39:53 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/03/15 11:38:48 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/03/15 11:35:31 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/03/15 11:33:51 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/03/15 10:47:14 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2011/03/15 10:46:54 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2011/03/15 10:46:54 | 000,061,773 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2011/03/15 10:46:53 | 000,646,455 | ---- | C] () -- C:\Windows\System32\lxddhelp.chm
[2011/03/15 10:46:52 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2011/03/15 10:46:51 | 000,001,932 | ---- | C] () -- C:\Windows\System32\lxdd.loc
[2011/03/15 10:07:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/15 10:06:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/14 22:59:10 | 000,002,415 | ---- | C] () -- C:\Users\Andreita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/03/14 17:40:17 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/03/14 17:40:13 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/03/14 17:39:55 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/03/14 17:39:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/14 17:39:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/14 17:39:42 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/03/14 17:39:34 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/03/14 17:39:03 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/03/14 17:38:59 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/03/14 17:36:54 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/03/14 17:36:41 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/03/14 16:21:25 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/03/12 22:11:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/12 22:11:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/12 22:11:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/12 22:11:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/12 22:11:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/05 17:00:52 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/05 17:00:52 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/05 17:00:52 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/05 00:52:26 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/05 00:42:14 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/03/05 00:28:33 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
[2011/03/05 00:28:32 | 000,002,449 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
[2011/02/25 10:24:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice_AVG_RESTORED.dll
[2011/02/25 10:24:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2011/02/24 19:31:30 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
[2011/02/19 14:40:02 | 000,000,119 | -H-- | C] () -- C:\Users\Andreita\Documents\.~lock.michelleq.odt#
[2011/02/19 14:34:18 | 000,000,119 | -H-- | C] () -- C:\Users\Andreita\Documents\.~lock.Andreita carta Emmaus.odt#
[2011/02/15 13:29:37 | 000,045,208 | ---- | C] () -- C:\Users\Andreita\Desktop\JennySM.jpg
[2010/09/05 15:17:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/22 19:39:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/27 16:56:00 | 000,005,972 | ---- | C] () -- C:\Users\Andreita\AppData\Local\d3d9caps.dat
[2008/01/12 19:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/26 02:30:55 | 000,036,352 | ---- | C] () -- C:\Users\Andreita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/13 16:01:44 | 003,395,343 | ---- | C] () -- C:\Program Files\openofficeorg4.cab
[2007/11/13 16:00:51 | 067,695,863 | ---- | C] () -- C:\Program Files\openofficeorg3.cab
[2007/11/13 15:49:19 | 017,646,967 | ---- | C] () -- C:\Program Files\openofficeorg2.cab
[2007/11/13 15:48:24 | 018,827,152 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2007/11/13 15:47:02 | 004,364,800 | ---- | C] () -- C:\Program Files\openofficeorg23.msi
[2007/11/13 15:47:02 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2007/09/25 09:04:01 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2007/09/25 09:04:00 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/09/25 08:18:57 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/08/14 03:30:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/13 00:47:50 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/08/13 00:47:50 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/08/13 00:47:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/08/13 00:40:27 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/13 00:00:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/12 23:58:20 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/08/12 23:37:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/12 23:36:23 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/12 23:36:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/08/12 23:36:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/04/25 19:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 19:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 19:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 19:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 19:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007/03/28 14:16:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2007/01/23 19:40:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 17:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/12/25 18:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 08:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\Windows\System32\missouri.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,256,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,188 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/06 17:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/18 02:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2002/08/09 07:18:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pandoras.dll
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/02/24 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acer
[2011/02/24 17:04:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2011/02/24 16:28:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2007/12/25 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Acer
[2011/03/04 21:39:35 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\AVG9
[2009/06/07 23:10:16 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\FloodLightGames
[2009/10/27 00:00:32 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\GetRightToGo
[2011/03/13 23:50:44 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\IObit
[2010/09/18 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\IrfanView
[2007/12/25 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Leadertech
[2011/03/15 10:58:46 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Lexmark Productivity Studio
[2010/04/29 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\OpenOffice.org
[2009/06/07 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\SpinTop
[2008/01/12 19:51:10 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Thunderbird
[2011/03/16 22:55:05 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\RunOnce: [] File not found
    O15 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..Trusted Domains: mlxchange.com ([sef] http in Trusted sites)
    [2011/03/15 11:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
    [2011/03/15 01:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/03/15 01:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
    [2011/03/04 21:39:35 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\AVG9
    [2011/02/25 10:24:30 | 000,073,728 | ---- | M] () -- C:\Windows\System32\APISlice_AVG_RESTORED.dll
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

Try Combofix again (after rebooting).
 
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry key HKEY_USERS\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlxchange.com\sef\ deleted successfully.
C:\ProgramData\App4rTemp folder moved successfully.
C:\Program Files\AVG\AVG9\Notification folder moved successfully.
C:\Program Files\AVG\AVG9\Icons folder moved successfully.
C:\Program Files\AVG\AVG9\3rd_party\licenses folder moved successfully.
C:\Program Files\AVG\AVG9\3rd_party folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\ProgramData\avg9\Log folder moved successfully.
C:\ProgramData\avg9 folder moved successfully.
C:\Users\Andreita\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\Andreita\AppData\Roaming\AVG9 folder moved successfully.
C:\Windows\System32\APISlice_AVG_RESTORED.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Andreita
->Temp folder emptied: 241411 bytes
->Temporary Internet Files folder emptied: 4868019 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Andreita
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03162011_235002

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
GREAT JOB fixing the AVG problem....

Here's COMBOFIX

ComboFix 11-03-16.03 - Andreita 03/17/2011 0:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.254 [GMT -4:00]
Running from: c:\users\Andreita\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 04:17 . 2011-03-17 04:17 -------- d-----w- c:\users\Andreita\AppData\Local\temp
2011-03-17 04:17 . 2011-03-17 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 17:48 . 2011-03-16 17:48 -------- d-----w- c:\program files\7-Zip
2011-03-15 18:49 . 2011-03-17 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 15:41 . 2011-03-15 15:41 -------- d-----w- c:\windows\en
2011-03-15 15:41 . 2010-09-23 04:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-15 15:41 . 2011-03-15 15:41 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-15 15:36 . 2011-03-15 15:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-15 15:18 . 2011-03-15 15:18 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\438545691cbe32410\MeshBetaRemover.exe
2011-03-15 15:18 . 2011-03-15 15:18 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f9d83e91cbe3240f\InstallManager_WLE_WLE.exe
2011-03-15 15:17 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-15 15:17 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-15 15:17 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-15 15:17 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-15 15:14 . 2011-03-15 15:14 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a9e729091cbe32309\DSETUP.dll
2011-03-15 15:14 . 2011-03-15 15:14 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a9e729091cbe32309\DXSETUP.exe
2011-03-15 15:14 . 2011-03-15 15:14 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a9e729091cbe32309\dsetup32.dll
2011-03-15 15:13 . 2011-03-15 15:13 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\9795d4491cbe32307\DSETUP.dll
2011-03-15 15:13 . 2011-03-15 15:13 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\9795d4491cbe32307\DXSETUP.exe
2011-03-15 15:13 . 2011-03-15 15:13 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\9795d4491cbe32307\dsetup32.dll
2011-03-15 14:58 . 2011-03-15 14:58 -------- d-----w- c:\users\Andreita\AppData\Roaming\Lexmark Productivity Studio
2011-03-15 14:53 . 2011-03-15 15:21 -------- d-----w- c:\program files\Lx_cats
2011-03-15 14:53 . 2011-03-15 14:53 -------- d-----w- C:\logs
2011-03-15 14:52 . 2007-02-27 09:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdddrpp.dll
2011-03-15 14:47 . 2011-03-15 14:47 -------- d-----w- c:\program files\Lexmark Toolbar
2011-03-15 14:47 . 2011-03-15 14:48 -------- d-----w- c:\program files\Lexmark 2500 Series
2011-03-15 14:44 . 2011-03-15 14:44 -------- d-----w- C:\drivers
2011-03-15 14:08 . 2011-03-15 14:08 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-15 13:42 . 2011-03-15 18:33 -------- d-----w- c:\users\Andreita\AppData\Local\Windows Live
2011-03-15 13:38 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-15 13:36 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-15 13:36 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-15 13:36 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-15 13:35 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-15 13:35 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-15 13:35 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-15 13:35 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-15 13:35 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-15 13:35 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-15 13:35 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-15 13:31 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-15 13:31 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-15 13:31 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-15 02:59 . 2011-03-15 02:59 3584 ----a-r- c:\users\Andreita\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-03-15 02:59 . 2011-03-15 02:59 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-03-15 01:17 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2011-03-14 23:00 . 2011-03-14 23:03 -------- d-----w- c:\windows\system32\ca-ES
2011-03-14 23:00 . 2011-03-14 23:03 -------- d-----w- c:\windows\system32\eu-ES
2011-03-14 23:00 . 2011-03-14 23:03 -------- d-----w- c:\windows\system32\vi-VN
2011-03-14 21:43 . 2011-03-14 21:43 -------- d-----w- c:\windows\system32\EventProviders
2011-03-14 21:41 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-03-14 21:41 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-03-14 21:41 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-03-14 21:41 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-03-14 21:41 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-03-14 21:41 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-03-14 21:41 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-03-14 21:39 . 2009-04-11 06:28 1985024 ----a-w- c:\windows\system32\authui.dll
2011-03-14 21:38 . 2009-04-11 06:32 122344 ----a-w- c:\windows\system32\drivers\Storport.sys
2011-03-14 21:37 . 2009-04-11 06:28 17920 ----a-w- c:\windows\system32\wscisvif.dll
2011-03-14 21:36 . 2009-04-11 06:28 17408 ----a-w- c:\windows\system32\vdmdbg.dll
2011-03-14 21:35 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-03-14 21:35 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-14 21:35 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-03-14 20:15 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-14 20:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-14 20:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-14 20:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-14 20:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-14 20:15 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-14 20:15 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-14 20:15 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-03-14 19:18 . 2011-03-14 19:18 -------- d-----w- c:\program files\VS Revo Group
2011-03-14 18:30 . 2011-03-14 18:30 -------- d--h--w- c:\programdata\Common Files
2011-03-14 16:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-03-14 03:50 . 2011-03-14 03:50 -------- d-----w- c:\program files\IObit
2011-03-14 01:40 . 2011-03-14 01:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-13 20:04 . 2011-03-14 01:58 -------- d-----w- c:\users\Andreita\AppData\Local\NOS
2011-03-13 17:26 . 2011-03-13 17:26 -------- d-----w- c:\program files\ESET
2011-03-13 16:51 . 2011-03-14 18:09 -------- d-----w- C:\_OTL
2011-03-13 03:30 . 2011-02-23 14:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F85AA5-C7EF-41F1-A332-C1415CF23048}\mpengine.dll
2011-03-05 21:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 21:01 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 21:01 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 21:01 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 21:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 21:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 04:52 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-05 04:51 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-02 14:28 . 2011-03-02 14:28 -------- d-----w- c:\users\Andreita\AppData\Local\offsync
2011-03-02 14:23 . 2011-03-02 14:23 -------- d-----w- c:\users\Andreita\AppData\Local\Starfield
2011-02-26 00:32 . 2011-02-26 00:32 -------- d-----w- c:\program files\Apple Software Update
2011-02-25 14:24 . 2011-02-25 14:24 73728 ----a-w- c:\windows\system32\APISlice.dll
2011-02-25 13:25 . 2011-02-25 13:25 -------- d-----w- c:\windows\Sun
2011-02-24 23:37 . 2011-02-25 03:28 -------- d-----w- c:\programdata\FLEXnet
2011-02-24 23:37 . 2011-02-24 23:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-24 22:49 . 2011-03-15 18:50 -------- d-----w- c:\users\Andreita\AppData\Roaming\Malwarebytes
2011-02-24 20:26 . 2011-02-24 21:37 -------- d-----w- c:\users\Administrator
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 15:57 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-15 03:23 . 2010-04-26 15:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-10 02:45 . 2011-02-10 02:45 1409 ----a-w- c:\windows\QTFont.for
2011-02-02 22:11 . 2010-04-26 16:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 08:47 . 2011-02-09 04:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 04:17 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 04:17 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 10:54 413696 ----a-w- c:\windows\system32\odbc32.dll
2007-11-13 19:47 . 2007-11-13 19:47 4364800 ----a-w- c:\program files\openofficeorg23.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-13 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 857648]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-29 707080]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-14 46592]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/MLSClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/IRCSharc.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 00:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-17 00:23:12
ComboFix-quarantined-files.txt 2011-03-17 04:23
.
Pre-Run: 18,977,910,784 bytes free
Post-Run: 18,839,658,496 bytes free
.
- - End Of File - - 9D448D5438FACC07AAC3D664467A1163
 
You read my mind.....AVG has lost it's favor with me!

Looks like this one fixed my MLS (Real Estate) database issues too.

DOUBLE THANKS!!!
 
Since my bed time will be coming, when you're done with Avast/Avira scan (unless it finds something horrible - I doubt), it'd be safe to say....

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Got it...will load avast and scan and clean up in the AM....12.44 here in FL

Thanks for the help....Bright spot to finish my day
 
Step #2 above should remove most of them.
If anything left, you can simply delete it.
 
Upon install of Avast, boot scan caught this:

c:\users\...\AppData\Local\Low\Funwebproducts\installer\cache\0c694B91.exe infected by win32: mywebsearch-x [PUP]

Could not repair so I deleted
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2011/03/18 12:49:20.0746 4804 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/18 12:49:21.0042 4804 ================================================================================
2011/03/18 12:49:21.0042 4804 SystemInfo:
2011/03/18 12:49:21.0042 4804
2011/03/18 12:49:21.0042 4804 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/18 12:49:21.0042 4804 Product type: Workstation
2011/03/18 12:49:21.0042 4804 ComputerName: ANDREITA-LAP
2011/03/18 12:49:21.0042 4804 UserName: Andreita
2011/03/18 12:49:21.0042 4804 Windows directory: C:\Windows
2011/03/18 12:49:21.0042 4804 System windows directory: C:\Windows
2011/03/18 12:49:21.0042 4804 Processor architecture: Intel x86
2011/03/18 12:49:21.0042 4804 Number of processors: 2
2011/03/18 12:49:21.0042 4804 Page size: 0x1000
2011/03/18 12:49:21.0042 4804 Boot type: Normal boot
2011/03/18 12:49:21.0042 4804 ================================================================================
2011/03/18 12:49:22.0290 4804 Initialize success
2011/03/18 12:49:26.0346 4596 ================================================================================
2011/03/18 12:49:26.0346 4596 Scan started
2011/03/18 12:49:26.0346 4596 Mode: Manual;
2011/03/18 12:49:26.0346 4596 ================================================================================
2011/03/18 12:49:27.0469 4596 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/18 12:49:27.0547 4596 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/03/18 12:49:27.0672 4596 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/03/18 12:49:27.0703 4596 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/03/18 12:49:27.0750 4596 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/03/18 12:49:27.0891 4596 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/18 12:49:27.0984 4596 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/18 12:49:28.0109 4596 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/03/18 12:49:28.0156 4596 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/18 12:49:28.0265 4596 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/03/18 12:49:28.0312 4596 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/03/18 12:49:28.0343 4596 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/03/18 12:49:28.0452 4596 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/03/18 12:49:28.0515 4596 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/03/18 12:49:28.0593 4596 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/03/18 12:49:28.0655 4596 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/03/18 12:49:28.0733 4596 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\Windows\system32\drivers\aswFsBlk.sys
2011/03/18 12:49:28.0842 4596 aswMonFlt (b0f137f664f10829cd2380b0e20e7c29) C:\Windows\system32\drivers\aswMonFlt.sys
2011/03/18 12:49:28.0905 4596 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\Windows\system32\drivers\aswRdr.sys
2011/03/18 12:49:28.0967 4596 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\Windows\system32\drivers\aswSnx.sys
2011/03/18 12:49:29.0107 4596 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\Windows\system32\drivers\aswSP.sys
2011/03/18 12:49:29.0139 4596 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\Windows\system32\drivers\aswTdi.sys
2011/03/18 12:49:29.0201 4596 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/18 12:49:29.0263 4596 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/18 12:49:29.0388 4596 athr (42a781b795b36a7182ded8b55c245153) C:\Windows\system32\DRIVERS\athr.sys
2011/03/18 12:49:29.0575 4596 b57nd60x (aa6b367ca7da571dfc3374ec137d87a5) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/03/18 12:49:29.0638 4596 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/18 12:49:29.0778 4596 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/18 12:49:29.0903 4596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/18 12:49:29.0950 4596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/18 12:49:29.0997 4596 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/18 12:49:30.0028 4596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/18 12:49:30.0075 4596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/18 12:49:30.0106 4596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/18 12:49:30.0231 4596 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/18 12:49:30.0402 4596 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/18 12:49:30.0449 4596 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/18 12:49:30.0652 4596 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/18 12:49:30.0714 4596 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/18 12:49:30.0839 4596 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/18 12:49:30.0901 4596 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/03/18 12:49:30.0948 4596 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/18 12:49:30.0979 4596 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/03/18 12:49:31.0042 4596 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/03/18 12:49:31.0213 4596 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/18 12:49:31.0291 4596 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/18 12:49:31.0354 4596 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/03/18 12:49:31.0416 4596 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/18 12:49:31.0479 4596 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/18 12:49:31.0603 4596 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/18 12:49:31.0697 4596 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/18 12:49:31.0775 4596 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/03/18 12:49:31.0962 4596 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/18 12:49:32.0056 4596 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/18 12:49:32.0118 4596 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/18 12:49:32.0181 4596 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/18 12:49:32.0305 4596 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/18 12:49:32.0352 4596 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/18 12:49:32.0415 4596 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/18 12:49:32.0508 4596 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/03/18 12:49:32.0649 4596 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/18 12:49:32.0711 4596 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/18 12:49:32.0758 4596 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/18 12:49:32.0820 4596 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/18 12:49:32.0961 4596 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/18 12:49:33.0007 4596 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/18 12:49:33.0070 4596 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/18 12:49:33.0210 4596 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/18 12:49:33.0257 4596 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/03/18 12:49:33.0335 4596 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/18 12:49:33.0444 4596 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/03/18 12:49:33.0507 4596 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/18 12:49:33.0569 4596 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/18 12:49:33.0600 4596 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/03/18 12:49:33.0819 4596 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/18 12:49:33.0959 4596 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/18 12:49:34.0084 4596 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
2011/03/18 12:49:34.0193 4596 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/18 12:49:34.0349 4596 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/18 12:49:34.0411 4596 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/18 12:49:34.0458 4596 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/18 12:49:34.0552 4596 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/18 12:49:34.0692 4596 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/18 12:49:34.0755 4596 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/18 12:49:34.0786 4596 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/03/18 12:49:34.0833 4596 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/18 12:49:34.0879 4596 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/18 12:49:34.0989 4596 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/18 12:49:35.0051 4596 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/18 12:49:35.0113 4596 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/18 12:49:35.0191 4596 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/18 12:49:35.0332 4596 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/18 12:49:35.0425 4596 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/18 12:49:35.0472 4596 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/18 12:49:35.0503 4596 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/18 12:49:35.0550 4596 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/18 12:49:35.0706 4596 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/03/18 12:49:35.0769 4596 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/18 12:49:35.0831 4596 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/18 12:49:35.0909 4596 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/18 12:49:35.0956 4596 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/18 12:49:36.0065 4596 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/18 12:49:36.0112 4596 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/03/18 12:49:36.0174 4596 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/18 12:49:36.0205 4596 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/18 12:49:36.0268 4596 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/18 12:49:36.0393 4596 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/18 12:49:36.0439 4596 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/18 12:49:36.0471 4596 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/18 12:49:36.0533 4596 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/03/18 12:49:36.0564 4596 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/03/18 12:49:36.0705 4596 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/18 12:49:36.0767 4596 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/18 12:49:36.0845 4596 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/18 12:49:36.0876 4596 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/18 12:49:36.0907 4596 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/18 12:49:37.0063 4596 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/18 12:49:37.0110 4596 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/18 12:49:37.0188 4596 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/18 12:49:37.0235 4596 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/18 12:49:37.0407 4596 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/18 12:49:37.0547 4596 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/18 12:49:37.0765 4596 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/18 12:49:37.0890 4596 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/18 12:49:37.0968 4596 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/18 12:49:38.0062 4596 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/18 12:49:38.0124 4596 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/18 12:49:38.0483 4596 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/18 12:49:38.0904 4596 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/18 12:49:39.0013 4596 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/18 12:49:39.0310 4596 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/18 12:49:39.0466 4596 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/18 12:49:39.0591 4596 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/03/18 12:49:39.0637 4596 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/18 12:49:39.0700 4596 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/18 12:49:39.0747 4596 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/03/18 12:49:39.0778 4596 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/03/18 12:49:39.0949 4596 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/03/18 12:49:40.0168 4596 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/18 12:49:40.0339 4596 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/18 12:49:40.0433 4596 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/18 12:49:40.0480 4596 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/18 12:49:40.0589 4596 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/18 12:49:40.0683 4596 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/03/18 12:49:40.0776 4596 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/18 12:49:40.0870 4596 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/18 12:49:41.0073 4596 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/18 12:49:41.0119 4596 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/03/18 12:49:41.0182 4596 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/18 12:49:41.0369 4596 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/03/18 12:49:41.0478 4596 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
2011/03/18 12:49:41.0541 4596 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
2011/03/18 12:49:41.0603 4596 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/18 12:49:41.0665 4596 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/03/18 12:49:41.0790 4596 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/18 12:49:41.0853 4596 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/18 12:49:41.0899 4596 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/18 12:49:41.0962 4596 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/18 12:49:42.0102 4596 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/18 12:49:42.0165 4596 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/18 12:49:42.0227 4596 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/18 12:49:42.0289 4596 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/18 12:49:42.0383 4596 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/03/18 12:49:42.0508 4596 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/18 12:49:42.0586 4596 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/18 12:49:42.0679 4596 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/03/18 12:49:42.0711 4596 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/18 12:49:42.0835 4596 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/03/18 12:49:42.0882 4596 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/18 12:49:42.0960 4596 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/18 12:49:43.0023 4596 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/18 12:49:43.0163 4596 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/18 12:49:43.0210 4596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/18 12:49:43.0257 4596 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/18 12:49:43.0303 4596 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/18 12:49:43.0335 4596 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/18 12:49:43.0522 4596 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/18 12:49:43.0569 4596 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/18 12:49:43.0615 4596 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/18 12:49:43.0631 4596 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/18 12:49:43.0709 4596 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/03/18 12:49:43.0740 4596 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/03/18 12:49:43.0834 4596 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/03/18 12:49:43.0912 4596 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/18 12:49:44.0068 4596 SNP2UVC (1c550748f896e53b7b0fe7717845132b) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/03/18 12:49:44.0208 4596 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/18 12:49:44.0333 4596 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/18 12:49:44.0645 4596 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/18 12:49:44.0676 4596 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/18 12:49:44.0770 4596 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/18 12:49:44.0832 4596 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/18 12:49:44.0895 4596 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/18 12:49:45.0019 4596 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/18 12:49:45.0066 4596 SynTP (978acc15501e62d4b26c1567ce42fbad) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/18 12:49:45.0222 4596 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/18 12:49:45.0409 4596 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/18 12:49:45.0503 4596 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/18 12:49:45.0581 4596 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/18 12:49:45.0721 4596 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/18 12:49:45.0784 4596 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/18 12:49:45.0877 4596 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/18 12:49:46.0127 4596 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/18 12:49:46.0189 4596 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/18 12:49:46.0252 4596 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/18 12:49:46.0330 4596 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/03/18 12:49:46.0392 4596 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/18 12:49:46.0533 4596 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/18 12:49:46.0579 4596 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/03/18 12:49:46.0626 4596 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/18 12:49:46.0657 4596 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/18 12:49:46.0798 4596 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/18 12:49:46.0876 4596 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\Windows\system32\Drivers\usbaapl.sys
2011/03/18 12:49:46.0954 4596 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/18 12:49:47.0016 4596 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/18 12:49:47.0063 4596 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/18 12:49:47.0172 4596 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/18 12:49:47.0219 4596 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/18 12:49:47.0281 4596 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/18 12:49:47.0375 4596 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/18 12:49:47.0422 4596 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/18 12:49:47.0531 4596 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/18 12:49:47.0578 4596 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/18 12:49:47.0640 4596 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/18 12:49:47.0687 4596 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/18 12:49:47.0734 4596 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/03/18 12:49:47.0843 4596 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/03/18 12:49:47.0890 4596 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/03/18 12:49:47.0952 4596 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/18 12:49:48.0046 4596 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/18 12:49:48.0467 4596 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/18 12:49:48.0529 4596 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/03/18 12:49:48.0670 4596 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/18 12:49:48.0717 4596 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/18 12:49:48.0748 4596 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/18 12:49:48.0810 4596 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/03/18 12:49:48.0857 4596 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/18 12:49:49.0013 4596 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/03/18 12:49:49.0185 4596 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/18 12:49:49.0294 4596 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/18 12:49:49.0528 4596 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/18 12:49:49.0668 4596 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/18 12:49:49.0777 4596 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
2011/03/18 12:49:49.0840 4596 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/18 12:49:49.0855 4596 ================================================================================
2011/03/18 12:49:49.0855 4596 Scan finished
2011/03/18 12:49:49.0855 4596 ================================================================================
2011/03/18 12:49:49.0871 1412 Detected object count: 1
2011/03/18 12:49:57.0671 1412 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/18 12:49:57.0671 1412 \HardDisk0 - ok
2011/03/18 12:49:57.0702 1412 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/18 12:50:02.0445 5456 Deinitialize success
 
Status
Not open for further replies.
Back