gy18
-
Posts
26 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by gy18
-
-
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.20.14Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16736Gerry :: GERRY-HP [administrator]11/21/2013 12:13:55 AMmbam-log-2013-11-21 (00-13-55).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 397782Time elapsed: 55 minute(s), 40 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)C:\Documents and Settings\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5XF8UUV\wajam_download[1].exe Win32/Wajam.C applicationC:\Documents and Settings\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFXTAIJD\SpeedUpMyPC-standalone-setup[1].exe multiple threatsC:\Documents and Settings\Gerry\AppData\Roaming\Search Protection\SearchProtection.exe a variant of Win32/Toolbar.Widgi applicationC:\Documents and Settings\Gerry\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi applicationC:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5XF8UUV\wajam_download[1].exe Win32/Wajam.C applicationC:\Users\Gerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFXTAIJD\SpeedUpMyPC-standalone-setup[1].exe multiple threatsC:\Users\Gerry\AppData\Roaming\Search Protection\SearchProtection.exe a variant of Win32/Toolbar.Widgi applicationC:\Users\Gerry\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi application
-
RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Gerry [Admin rights]Mode : Scan -- Date : 11/18/2013 23:07:40| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST640LM0 00 HM641JI SATA Disk Device +++++--- User ---[MBR] a9170f2a98bd823d599c96af3f4682c7[bSP] 64b910be8d7ee242f93cd740d0858b6a : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 590425 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1209600000 | Size: 19751 Mo3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_11182013_230740.txt >>
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.11.2Run by Gerry at 18:39:12 on 2013-11-15Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5609.3574 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\HP SimplePass\TrueSuiteService.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\Hpservice.exeC:\Windows\System32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k WbioSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\valWBFPolicyService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\HP SimplePass\TouchControl.exeC:\Windows\system32\taskhost.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exeC:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Windows\system32\wbem\wmiprvse.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\wuauclt.exeC:\Program Files (x86)\HP SimplePass\DownloadAD.exeC:\Users\Gerry\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Gerry\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Gerry\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Gerry\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Gerry\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Gerry\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Gerry\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dllBHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dllBHO: Privacy Safeguard BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dlluRun: [Google Update] "C:\Users\Gerry\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exeuRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [bitTorrent] "C:\Users\Gerry\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZEDmRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exemRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeymRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option...INFO: HKLM has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 192.168.2.1TCP: Interfaces\{C6B5DCDE-0D0C-48E7-B028-14CE425B373D} : DHCPNameServer = 192.168.2.1TCP: Interfaces\{C6B5DCDE-0D0C-48E7-B028-14CE425B373D}\368696E61647F677E6 : DHCPNameServer = 172.16.0.1TCP: Interfaces\{E018E128-C296-40DF-B3AE-C19C3E726B3C} : DHCPNameServer = 192.168.2.1Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllFilter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qnx64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dllx64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-RunOnce: [NCPluginUpdater] "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update.INFO: x64-HKLM has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-mASetup: {6032497A-4479-462B-ADB8-A0A372BB9A23} - msiexec /fu {6032497A-4479-462B-ADB8-A0A372BB9A23} /qnHosts: 127.0.0.1 www.spywareinfo.com.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-13 82048]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-13 42624]R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-1-18 31360]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-11-15 46368]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-27 235520]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-1-26 361984]R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-11-13 55936]R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\drivers\appexDrv.sys [2012-6-26 189760]R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2013-2-7 1641768]R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-3-28 101888]R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-8-2 9216]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-9-10 1153368]R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [2013-11-15 1734680]R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-10-26 102528]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-6-26 46136]R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-10-26 219776]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-6 95248]R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-10-26 266896]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-26 646248]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-6-26 56448]R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-23 418376]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-23 701512]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-23 25928]S3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2011-10-13 20016]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2013-1-7 401856]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-19 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-11-15 22:36:05 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB919C91-15B9-429C-B7FE-7C8C70564084}\mpengine.dll2013-11-15 22:32:20 -------- d-----w- C:\Users\Gerry\AppData\Local\AVG SafeGuard toolbar2013-11-15 22:32:03 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-11-15 22:31:56 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar2013-11-15 22:31:56 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search2013-11-15 22:31:54 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar2013-11-15 01:15:57 -------- d-----w- C:\Users\Gerry\AppData\Roaming\Uniblue.==================== Find3M ====================.2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-09-03 18:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll.============= FINISH: 18:39:37.85 ===============GMER 2.1.19163 - http://www.gmer.netRootkit scan 2013-11-15 18:49:51Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d ST640LM0 rev.2AJ1 596.17GBRunning: myxq8vl8.exe; Driver: C:\Users\Gerry\AppData\Local\Temp\fgtiqpob.sys---- Threads - GMER 2.1 ----Thread C:\Windows\System32\svchost.exe [4244:1040] 000007fee6639688---- EOF - GMER 2.1 ----
-
I noticed that lately, my laptop started running a bit more slowly than usual. So I checked my task manager. I found a program that I haven't seen before. It's called csrss.exe. I can't end the program like normal through task manager so I googled the program name. This program is supposedly a registered trojan. Is there any possibility of removing it?
-
Yes. Thanks a lot!
-
I re-installed the flash player and it seems to work now.
-
I was able to watch videos online. But it was only after I went to settings on the flash player and disable hardware acceleration. If I were to enable it again, I wouldn't be able to watch videos online. Is there a way to fix this?
-
I updated to the latest version of firefox but i am still having the same problem.
-
I used Mozilla Firefox and internet explorer 7
-
Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 2 x86
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup
AVG 2012
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
AVG PC Tuneup
Java DB 10.2.2.0
Java 6 Update 14
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Java SE Development Kit 6 Update 3
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (4.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````
-
I still cannot watch videos online. It still freezes my computer when the video tries loading and I would have to force shut down the computer and restart it.
-
All processes killed
========== OTL ==========
Error: No service named ymdwqbuwixvpepmk was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ymdwqbuwixvpepmk deleted successfully.
Service mferkdk stopped successfully!
Service mferkdk deleted successfully!
Error: No service named adbm0aq2 was found to stop!
Service\Driver key adbm0aq2 not found.
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ deleted successfully.
C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\modules folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\locale\en-US folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\locale folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\components\FF4 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\components folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar folder moved successfully.
C:\Documents and Settings\Glenn\Local Settings\Application Data\604866v5f616x168a661d1ner1a5 moved successfully.
C:\Documents and Settings\All Users\Application Data\604866v5f616x168a661d1ner1a5 moved successfully.
C:\Documents and Settings\Glenn\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c moved successfully.
C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\pOlFiHc05200\ not found.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\DNA folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\xml\data folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\xml folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\themes folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\overlays folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\image_cache folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\torrents folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\tmp folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\plugins folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\net folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\logs\save folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\logs folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\dht folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus\active folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\azureus folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\FrostWire folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\xml\schemas folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\xml\misc folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\xml\data folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\xml folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\themes\windows_theme folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\themes folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\promotion folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile\updates\0 folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile\updates folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile\extensions folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile\Cache folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\mozilla-profile folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\certificate folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res\html folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res\fonts folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res\dtd folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\res folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\plugins folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\modules folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\greprefs folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\dictionaries folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\defaults folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\components folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner\chrome folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser\xulrunner folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\browser folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\LimeWire folder moved successfully.
C:\Documents and Settings\Glenn\Application Data\uTorrent folder moved successfully.
Folder C:\Documents and Settings\Glenn\Application Data\Viewpoint\ not found.
Folder C:\Documents and Settings\Glenn\Application Data\vShare\ not found.
========== FILES ==========
File\Folder C:\Program Files\DNA not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->FireFox cache emptied: 2130409 bytes
->Flash cache emptied: 519 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 70113 bytes
->FireFox cache emptied: 3593665 bytes
User: Glenn
->Temp folder emptied: 51863588 bytes
->Temporary Internet Files folder emptied: 20329499 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 217457946 bytes
->Google Chrome cache emptied: 6472928 bytes
->Flash cache emptied: 3915 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 71070586 bytes
->Java cache emptied: 15156 bytes
->Flash cache emptied: 10324 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119073 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 878625 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 3896324 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 39762 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 362.00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.35.1 log created on 03092012_205207
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
What is supposed to happen when I run the scan? I tried running it a couple of times. When I start the scan, the program, windows.exe stops running. This prevents me from opening the start menu. I let it scan for 4 hours today and nothing happened. When I checked on it, it ends up saying that OTL isn't responding so I have to force shut down my computer.
-
OTL:
OTL logfile created on: 3/4/2012 11:17:28 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Glenn\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.21% Memory free
3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 63.48 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
Drive F: | 170.10 Gb Total Space | 51.70 Gb Free Space | 30.40% Space Free | Partition Type: NTFS
Computer Name: GLENN-XO7NI61RK | User Name: Glenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/03/04 22:25:29 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Glenn\My Documents\Downloads\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2007/07/11 15:31:14 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/09/11 19:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/09/11 19:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/13 16:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2004/10/25 16:01:52 | 000,421,888 | ---- | M] (Dell) -- C:\WINDOWS\system32\dlbtcoms.exe
========== Modules (No Company Name) ==========
MOD - [2011/03/21 16:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/03/29 10:42:20 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\mmfinfo.dll
MOD - [2008/03/29 10:41:52 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\mkunicode.dll
MOD - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
MOD - [2006/04/13 16:14:26 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2006/04/13 16:14:26 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2006/04/13 16:14:26 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
MOD - [2004/11/10 14:35:12 | 000,007,680 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtmcro.dll
MOD - [2004/11/10 14:32:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetScan.dll
MOD - [2004/11/10 14:31:24 | 000,065,536 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetImage.dll
MOD - [2004/11/10 14:30:56 | 000,028,672 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetPDF.dll
MOD - [2004/11/10 14:30:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\JetFunc.dll
MOD - [2004/10/08 13:50:56 | 000,287,232 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTSTRN.DLL
MOD - [2004/10/08 13:49:08 | 000,004,096 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTPCFG.DLL
MOD - [2004/10/08 13:49:02 | 000,075,264 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL
MOD - [2004/10/08 13:48:36 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTUI5C.DLL
MOD - [2004/10/08 13:48:08 | 000,096,768 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBTDR5C.DLL
MOD - [2004/03/10 10:36:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\ConvDIB.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/10/29 01:02:00 | 003,407,292 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/09 23:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/11/15 04:53:14 | 006,447,744 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe -- (wampmysqld)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/09/11 19:59:28 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/11 19:56:02 | 000,135,227 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/09/11 19:55:42 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 16:14:26 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
SRV - [2004/10/25 16:01:52 | 000,421,888 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Unknown] -- -- (ymdwqbuwixvpepmk)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (mferkdk)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (adbm0aq2)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/02/11 07:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/08/04 15:29:51 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/07 02:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/08/22 19:51:28 | 009,611,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/07/27 22:30:26 | 002,371,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/12/06 06:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/10/18 14:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/09/11 06:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 06:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/11 06:45:26 | 000,110,592 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/08/21 05:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/18 23:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/17 04:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 06:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/12 21:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]
IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = D9 FC CD 03 E8 D6 F5 41 BE FD B3 06 76 3B 9A 1C [binary data]
IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\..\SearchScopes\{388ABC47-34A4-405F-8384-3AB0FAEF5157}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/quakelive: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpf,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Glenn\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.15: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.15: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Glenn\Application Data\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/26 18:23:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/20 12:40:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/23 21:19:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Glenn\Application Data\Move Networks [2012/01/17 23:47:51 | 000,000,000 | ---D | M]
[2010/04/18 07:54:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Extensions
[2009/04/10 01:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/22 13:13:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions
[2011/03/17 20:12:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/18 20:31:37 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\vshare@toolbar
[2011/05/20 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/20 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/05/20 12:25:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/17 23:47:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\GLENN\APPLICATION DATA\MOVE NETWORKS
[2012/02/26 18:23:02 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2008/12/14 13:49:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/04/12 16:28:26 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/03/11 19:49:09 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Documents and Settings\Glenn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
O1 HOSTS File: ([2012/02/24 02:45:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLBTCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..\Run: [Aim] C:\Program Files\AIM\aim.exe -cnetwait.odl File not found
O4 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-261478967-839522115-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271014203546 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271015953046 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AF64B4D-F8E2-4E6D-ACCC-7C06B6C6B884}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Glenn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/15 12:19:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1645522239-261478967-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/02/26 18:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn\Application Data\AVG
[2012/02/26 18:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/26 18:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/26 18:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2012/02/24 15:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/24 02:57:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/24 02:29:57 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/22 14:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Glenn\Application Data\AVG2012
[2012/02/22 14:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/02/22 12:58:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/22 12:58:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/22 12:58:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/22 12:27:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 01:41:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/04 23:15:54 | 000,000,630 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2012/03/04 23:09:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/04 20:23:53 | 090,795,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/03/04 20:23:14 | 000,002,163 | ---- | M] () -- C:\Documents and Settings\Glenn\Application Data\Microsoft\Internet Explorer\Quick Launch\Steam.lnk
[2012/03/04 20:09:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 18:37:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Glenn Logon.job
[2012/03/04 18:35:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/04 18:35:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/04 15:58:05 | 000,030,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/02/26 18:23:02 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/26 04:54:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/24 14:49:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/24 02:45:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/24 02:06:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/02/26 18:35:58 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup Integrator Start On Glenn Logon.job
[2012/02/26 18:23:02 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/02/24 14:49:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/22 12:58:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/22 12:58:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/22 12:58:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/22 12:58:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/22 12:58:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/24 18:23:57 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/12/24 18:20:50 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2011/12/17 17:24:46 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\Glenn\Local Settings\Application Data\604866v5f616x168a661d1ner1a5
[2011/12/17 17:24:46 | 000,001,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\604866v5f616x168a661d1ner1a5
[2011/05/15 14:28:52 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\Glenn\Local Settings\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 14:28:52 | 000,001,444 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kqxjax25212syk721811b172n8n71yg66c
[2011/03/08 18:00:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/23 20:38:40 | 000,000,371 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
========== LOP Check ==========
[2010/04/11 13:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ooVoo Details
[2009/01/09 16:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2008/11/18 17:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/06/22 16:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2012/02/22 12:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2012/02/26 18:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/03/16 21:55:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/04 15:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2008/03/29 16:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/03/31 17:56:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2007/12/22 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JCreator
[2011/05/12 18:26:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2007/12/17 22:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2012/03/04 20:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/12/08 22:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2012/03/04 22:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/02/06 23:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pOlFiHc05200
[2008/04/12 16:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2011/06/16 09:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegistryCleanerFree
[2008/03/20 22:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/07/09 13:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2008/03/21 00:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2012/03/04 18:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/22 16:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/10/22 20:24:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/26 00:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/05/20 12:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/12/19 15:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\acccore
[2008/03/04 22:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Aim
[2008/04/19 09:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Any Video Converter
[2012/02/26 18:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\AVG
[2011/03/16 21:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\AVG10
[2012/02/22 14:06:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\AVG2012
[2009/08/04 15:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\DAEMON Tools
[2009/08/04 15:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\DAEMON Tools Lite
[2009/10/01 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Dev-Cpp
[2012/02/24 02:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\DNA
[2011/10/18 20:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Dropbox
[2011/03/05 14:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\FrostWire
[2009/04/05 11:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\GARMIN
[2009/03/31 17:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\id Software
[2009/11/15 13:34:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Glenn\Application Data\ijjigame
[2007/12/22 17:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\JCreator
[2011/05/12 18:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Juniper Networks
[2010/12/12 21:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\LimeWire
[2011/07/04 21:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\LolClient
[2008/12/08 22:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\National Instruments
[2010/01/04 16:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\ooVoo Details
[2011/06/12 11:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\PhotoScape
[2010/10/24 20:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Processing
[2011/06/16 09:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\RegistryCleanerFree
[2011/08/20 10:40:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\SystemRequirementsLab
[2008/09/16 18:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\uTorrent
[2007/12/19 20:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Viewpoint
[2011/02/18 20:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\vShare
[2008/01/03 06:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\Vso
[2008/03/05 00:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Glenn\Application Data\WeGame
[2012/03/04 18:37:34 | 000,000,368 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup Integrator Start On Glenn Logon.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
< End of report >
Extras:
OTL Extras logfile created on: 3/4/2012 11:17:28 PM - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Documents and Settings\Glenn\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 65.21% Memory free
3.85 Gb Paging File | 3.25 Gb Available in Paging File | 84.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 63.48 Gb Free Space | 49.60% Space Free | Partition Type: NTFS
Drive F: | 170.10 Gb Total Space | 51.70 Gb Free Space | 30.40% Space Free | Partition Type: NTFS
Computer Name: GLENN-XO7NI61RK | User Name: Glenn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Documents and Settings\Glenn\My Documents\gerry\Microsoft Expression Web\Microsoft Expression Web\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Documents and Settings\Glenn\My Documents\gerry\Microsoft Expression Web\Microsoft Expression Web\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"57025:TCP" = 57025:TCP:*:Enabled:Pando Media Booster
"57025:UDP" = 57025:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"57025:TCP" = 57025:TCP:*:Enabled:Pando Media Booster
"57025:UDP" = 57025:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Steam\steamapps\mercviper\day of defeat source\hl2.exe" = C:\Program Files\Steam\steamapps\mercviper\day of defeat source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Guild Wars\Gw.exe" = C:\Program Files\Guild Wars\Gw.exe:*:Enabled:Guild Wars -- (ArenaNet)
"C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe" = C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Steam\steamapps\yellow0neinyci\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\yellow0neinyci\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Steam\steamapps\yellow0neinyci\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\yellow0neinyci\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
"C:\Program Files\Steam\steamapps\xchooloo8x\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\xchooloo8x\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Steam\steamapps\xchooloo8x\condition zero\hl.exe" = C:\Program Files\Steam\steamapps\xchooloo8x\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E545F-4846-0CDD-0560-A9DFC8598134}" = CCC Help Czech
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0AA97D42-3BBB-EB76-F572-D422806CF158}" = Catalyst Control Center Localization Portuguese
"{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0
"{13632239-7686-8D1E-F0B9-123AA2902E43}" = Catalyst Control Center Localization German
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{18652404-4857-3ED3-7F09-A29E6F68FAFD}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{232230B8-65D9-29D1-356E-FCBFC18498F2}" = CCC Help Polish
"{23e5c72c-cc08-4ee0-9cc2-d925b232b331}" = Microsoft MSDN 2005 Express Edition - ENU
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 14
"{292D65EA-6113-0329-78FF-D66728D04FA6}" = CCC Help Swedish
"{294BC355-2869-F9BD-A1C7-1AA054E8526D}" = Catalyst Control Center Localization Hungarian
"{29F1D86D-D16C-9BEE-8757-35D7189363AD}" = Catalyst Control Center Localization Finnish
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160030}" = Java SE Development Kit 6 Update 3
"{342d4ad7-ec4c-4ec8-aea6-e70f5905a490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{38A11DAC-1B93-B697-BEB5-0F37767F6347}" = Catalyst Control Center Graphics Light
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{4193C526-031D-1C21-4B2C-E2980B8654A3}" = CCC Help Danish
"{4210F550-BCA8-903D-3A65-0FD1254B109D}" = CCC Help Norwegian
"{49F11AEE-DF90-B606-0E3E-50C60F8FDB36}" = CCC Help French
"{4A5A5AFD-A449-593C-474A-53CC63F6E568}" = Catalyst Control Center Graphics Full Existing
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C4F84FF-FB61-5A5C-D2D2-31E8F29FD0B6}" = Catalyst Control Center Localization Thai
"{4CBF6D2C-64B2-ED99-C643-8DB643856225}" = CCC Help German
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4F0D2C92-826B-611B-0842-D26655BEA966}" = Skins
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{53351EFD-67E1-4603-A7B9-5C8560AAF38F}" = Catalyst Control Center Localization Dutch
"{53428412-84F4-1C3B-3D3C-C7E7A8C48C24}" = Catalyst Control Center Localization Swedish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A41C8CE-5F2D-61C8-D01B-40548008BA70}" = Catalyst Control Center Localization Danish
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C55B074-2958-CBCC-5A1B-FC3A7ABFAB5A}" = Catalyst Control Center Graphics Previews Common
"{5F6FBBE5-E20E-11B1-895A-119079D3008E}" = Catalyst Control Center Localization Chinese Traditional
"{6B5E3C84-1829-8A7D-AC5A-5F08BE0973BE}" = CCC Help Thai
"{6FFDD43F-271E-B953-0105-CA7EEA2DD017}" = CCC Help Chinese Traditional
"{700FEDE4-BAB6-FB0E-36AE-35B7C2B3ECAF}" = CCC Help Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76B0CBC3-9482-F745-B940-1F3B48320E95}" = Catalyst Control Center Localization Czech
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77564D1B-9492-B85E-122E-78A845E7F9F2}" = Catalyst Control Center Localization Japanese
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{791C39B5-DB24-E611-6B10-CCC2B25B0F06}" = Catalyst Control Center Localization Norwegian
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7F31A962-5484-6CE6-1A84-554226E3A43E}" = Catalyst Control Center Localization Italian
"{81538B19-7E55-E0D9-8AC9-AE9494BB3D55}" = CCC Help Dutch
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86B879A5-927E-4536-B5FC-17CA96B60078}" = Garmin Communicator Plugin
"{88743E08-4332-15F1-DB8A-72AED7D069FA}" = ccc-core-preinstall
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AAD21E3-3561-9C61-F416-B7648993C0EC}" = Catalyst Control Center Localization Spanish
"{8B1B5F0A-5BD2-8DBA-8256-1787961D0F34}" = ccc-core-static
"{8cadd3f6-e808-4d48-893d-797b4849de72}" = Quake Live Mozilla Plugin
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WebDesigner_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000ff1ce}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_visualwebdeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000ff1ce}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_visualwebdeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006e-0409-0000-0000000ff1ce}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_visualwebdeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000ff1ce}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_visualwebdeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{951EDFAE-B29A-2FB6-7BBA-B5FA80D56ACA}" = CCC Help Korean
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{96F11791-3916-8BC0-AB17-B959A642160E}" = CCC Help English
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99E447AA-C24F-7E07-AAA0-2533D2BA1857}" = Catalyst Control Center Localization Polish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00CF943-CB73-D593-731B-7FC462CC79F8}" = Catalyst Control Center Localization Greek
"{a3051cd0-2f64-3813-a88d-b8dccde8f8c7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3CBDF8A-4E8C-360C-5E8F-3E091364E87D}" = Catalyst Control Center Localization Turkish
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.0
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B1AFE717-EDC1-6B67-8136-AE735D37795A}" = CCC Help Spanish
"{B2042D5E-986D-44EC-AEE3-AFE4108CCC93}" = Python 3.2
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B46DE583-C8C5-CB70-FA59-FAE6D2FEA58D}" = CCC Help Italian
"{B5BDC1B8-FAE5-2E99-D861-0E5B0D01113E}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B81AA136-4243-92EC-0169-2CACCB977BBA}" = Catalyst Control Center Localization French
"{B9169E14-DF66-BD28-5318-E1D3029B8EE3}" = CCC Help Portuguese
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{BE8B2261-C89D-10E3-22FC-DA5059B17D1D}" = Catalyst Control Center Localization Korean
"{BEDBC661-8D69-8CCA-400B-6289F3CEE1FF}" = Catalyst Control Center Localization Chinese Standard
"{c09fb3cd-3d0c-3f2d-899a-6a1d67f2073f}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{c7eec93a-2a61-4b1e-b696-a264680a889d}" = MobileMe Control Panel
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{ce2cdd62-0124-36ca-84d3-9f4dcf5c5bd9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5866667-789F-9078-3B2F-032E46BFF70A}" = Catalyst Control Center Localization Russian
"{D6AFFAD0-56D3-2D76-3466-B3084E171424}" = CCC Help Turkish
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D852836C-7EFF-4471-BC07-4E7AEF5BACE7}" = MyLife Webcam Pro
"{D8CD91C7-4A1A-7D7D-0930-2806D97D137E}" = ccc-utility
"{DA26293D-57F1-8832-042C-FDE09EFE1BD3}" = CCC Help Hungarian
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{E87991C6-AF87-072B-10DC-9B7100504A22}" = Catalyst Control Center Graphics Full New
"{E89921E3-013F-3518-F930-42673090C567}" = CCC Help Russian
"{EA57EFB9-A257-4DD0-BC6D-0FA5625F3421}" = ArcSoft PhotoImpression 5
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F46CC671-A61E-D471-35F6-2C565C50706A}" = CCC Help Finnish
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8F35EDE-7816-36DF-C6EC-DCA2954B0C78}" = CCC Help Greek
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 2.5.9
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab HD Decrypter 4_is1" = DVDFab HD Decrypter 4.1.0.2
"ESET Online Scanner" = ESET Online Scanner v3
"Guild Wars" = Guild Wars
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"JCreator LE_is1" = JCreator LE 4.50
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Media Player - Codec Pack" = Media Player Codec Pack 3.2.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"microsoft .net framework 3.5 sp1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft DirectX SDK (November 2008)" = Microsoft DirectX SDK (November 2008)
"microsoft msdn 2005 express edition - enu" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"pepakura_viewer3en" = Pepakura Viewer 3
"PhotoScape" = PhotoScape
"PopCap Browser Plugin" = PopCap Browser Plugin
"PowerISO" = PowerISO
"RealPlayer 6.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ST6UNST #1" = ProProfs CompTIA A+ Practice Exams
"Starcraft" = Starcraft
"Steam App 10" = Counter-Strike
"Steam App 80" = Condition Zero
"SystemRequirementsLab" = System Requirements Lab
"Veetle TV" = Veetle TV 0.9.15
"ViewpointMediaPlayer" = Viewpoint Media Player
"visualwebdeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VideoLAN VLC media player 0.8.6d
"vshare" = vShare Toolbar
"wampserver 2_is1" = WampServer 2.0
"WebDesigner" = Microsoft Expression Web
"wic" = Windows Imaging Component
"windows live onecare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD Video Codec" = XviD Video Codec 1.1.2-01022007
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1645522239-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 3/4/2012 12:02:14 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 12:02:25 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 1:18:23 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 1:18:31 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 1:19:41 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 1:19:48 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/5/2012 12:00:25 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/5/2012 12:00:32 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/5/2012 12:01:41 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/5/2012 12:01:47 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
[ Application Events ]
Error - 3/4/2012 12:02:14 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 12:02:25 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 1:18:23 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 1:18:31 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 1:19:41 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/4/2012 1:19:48 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/5/2012 12:00:25 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb982168,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/5/2012 12:00:32 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb976576,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/5/2012 12:01:41 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 3/5/2012 12:01:47 AM | Computer Name = GLENN-XO7NI61RK | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
[ System Events ]
Error - 3/5/2012 12:21:24 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:21:44 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:22:04 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:22:24 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:22:44 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:23:04 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:23:24 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:23:44 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:24:04 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
Error - 3/5/2012 12:24:24 AM | Computer Name = GLENN-XO7NI61RK | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service NMIndexingService
with arguments "" in order to run the server: {C6A811AB-F8FF-45A4-93E5-FC5CCB650BE7}
< End of report >
-
aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 19:27:44
-----------------------------
19:27:44.468 OS Version: Windows 5.1.2600 Service Pack 2
19:27:44.484 Number of processors: 2 586 0x4302
19:27:44.484 ComputerName: GLENN-XO7NI61RK UserName: Glenn
19:27:45.046 Initialize success
19:27:54.015 AVAST engine defs: 12030300
19:27:59.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000076
19:27:59.703 Disk 0 Vendor: WDC_WD3200AAKS-00VYA0 12.01B02 Size: 305245MB BusType: 3
19:27:59.718 Device \Driver\nvata -> MajorFunction 8a95c1f8
19:27:59.781 Disk 0 MBR read successfully
19:27:59.781 Disk 0 MBR scan
19:27:59.796 Disk 0 Windows XP default MBR code
19:27:59.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 131061 MB offset 63
19:27:59.812 Disk 0 Partition - 00 0F Extended LBA 174181 MB offset 268414020
19:27:59.843 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 174181 MB offset 268414083
19:27:59.843 Disk 0 scanning sectors +625137345
19:27:59.953 Disk 0 scanning C:\WINDOWS\system32\drivers
19:28:25.546 Service scanning
19:28:34.906 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
19:28:38.156 Modules scanning
19:29:10.953 Disk 0 trace - called modules:
19:29:10.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a95c1f8]<<
19:29:10.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a83aab8]
19:29:10.984 3 CLASSPNP.SYS[ba11905b] -> nt!IofCallDriver -> \Device\00000078[0x8a90ef18]
19:29:10.984 5 ACPI.sys[b9e66620] -> nt!IofCallDriver -> \Device\00000076[0x8a7d6030]
19:29:10.984 \Driver\nvata[0x8a8c5218] -> IRP_MJ_CREATE -> 0x8a95c1f8
19:29:11.234 AVAST engine scan C:\WINDOWS
19:29:33.921 AVAST engine scan C:\WINDOWS\system32
19:34:03.390 AVAST engine scan C:\WINDOWS\system32\drivers
19:34:18.281 AVAST engine scan C:\Documents and Settings\Glenn
20:11:57.859 AVAST engine scan C:\Documents and Settings\All Users
20:14:42.953 Scan finished successfully
22:28:27.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Glenn\My Documents\gerry\MBR.dat"
22:28:27.562 The log file has been saved successfully to "C:\Documents and Settings\Glenn\My Documents\gerry\aswMBRLog.txt"
-
I did as instructed, but I am still having the same problem.
-
I am still having the same problem. It's only the videos that I try watching online. I could watch videos using my other programs just fine though.
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:26:51 PM, on 2/26/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Documents and Settings\Glenn\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aim] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271014203546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271015953046
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Glenn\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe
--
End of file - 10855 bytes
-
Malwarebytes Free are still blocking incoming threats and I still cannot watch videos. It would freeze the computer and I still have to force shut down. But google doesn't redirect me to different pages anymore.
-
Status: Disinfected (events: 15)
2/25/2012 4:47:25 PM Disinfected Trojan program Exploit.Java.Agent.fw C:\Documents and Settings\Glenn\Application Data\Sun\Java\Deployment\cache\6.0\34\129458e2-5d7a6d17 High
2/25/2012 4:47:25 PM Disinfected Trojan program Exploit.Java.Agent.fw C:\Documents and Settings\Glenn\Application Data\Sun\Java\Deployment\cache\6.0\34\129458e2-5d7a6d17/apache/adidas.class High
2/25/2012 4:47:25 PM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\Glenn\Application Data\Sun\Java\Deployment\cache\6.0\35\290a52e3-4b0a97e6 High
2/25/2012 4:47:25 PM Disinfected Trojan program Trojan-Downloader.Java.OpenStream.bq C:\Documents and Settings\Glenn\Application Data\Sun\Java\Deployment\cache\6.0\35\290a52e3-4b0a97e6/glass/boing.class High
2/25/2012 4:47:25 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.u C:\Documents and Settings\Glenn\Application Data\Sun\Java\Deployment\cache\6.0\60\22a9a23c-63e0b0c2 High
2/25/2012 4:47:25 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.u C:\Documents and Settings\Glenn\Application Data\Sun\Java\Deployment\cache\6.0\60\22a9a23c-63e0b0c2/tools/Commander.class High
2/25/2012 4:47:37 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.l C:\Documents and Settings\Glenn\Application Data\Sun\Java\Deployment\cache\6.0\61\29ebbdbd-676bc57a High
2/25/2012 4:47:37 PM Disinfected Trojan program Exploit.Java.CVE-2011-3544.l C:\Documents and Settings\Glenn\Application Data\Sun\Java\Deployment\cache\6.0\61\29ebbdbd-676bc57a/morale.class High
2/25/2012 6:24:51 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.d C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\2d459b3b-59442645 High
2/25/2012 6:24:51 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\78e31ce3-27e3d054 High
2/25/2012 6:24:51 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.d C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\2d459b3b-59442645/encode/ISO.class High
2/25/2012 6:24:51 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\78e31ce3-27e3d054/lort/border.class High
2/25/2012 6:24:51 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.e C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\35\78e31ce3-27e3d054/lort/cooter.class High
2/25/2012 6:24:51 PM Disinfected Trojan program Exploit.Java.CVE-2010-0840.d C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\59\2d459b3b-59442645/lang_driver/restore.class High
2/25/2012 10:50:44 PM Disinfected Trojan program Rootkit.Boot.Pihar.b \Device\Harddisk0\DR0 High
Status: Deleted (events: 2)
2/25/2012 6:25:03 PM Deleted Trojan program Rootkit.Boot.Pihar.b C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\mbr0000\tsk0000.dta High
2/25/2012 10:56:50 PM Deleted Trojan program Trojan.Win32.Crot.a c:\WINDOWS\Installer\155e17.msi High
-
Malwarebytes' Anti-Malware log:
2012/02/24 14:50:48 -0500 GLENN-XO7NI61RK Glenn MESSAGE Starting protection
2012/02/24 14:50:54 -0500 GLENN-XO7NI61RK Glenn MESSAGE Protection started successfully
2012/02/24 14:50:57 -0500 GLENN-XO7NI61RK Glenn MESSAGE Starting IP protection
2012/02/24 14:50:59 -0500 GLENN-XO7NI61RK Glenn MESSAGE IP Protection started successfully
2012/02/24 15:00:33 -0500 GLENN-XO7NI61RK Glenn MESSAGE Executing scheduled update: Daily
2012/02/24 15:00:35 -0500 GLENN-XO7NI61RK Glenn MESSAGE Database already up-to-date
2012/02/24 15:08:02 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 98.142.245.229 (Type: outgoing)
2012/02/24 15:08:05 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 98.142.245.229 (Type: outgoing)
2012/02/24 15:08:11 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 98.142.245.229 (Type: outgoing)
2012/02/24 15:45:33 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.150 (Type: outgoing)
2012/02/24 15:45:36 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.150 (Type: outgoing)
2012/02/24 15:45:42 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.150 (Type: outgoing)
2012/02/24 15:47:56 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:47:59 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:48:05 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:50:18 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:50:21 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:50:27 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:52:39 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:52:42 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:52:48 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:55:00 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:55:03 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
2012/02/24 15:55:09 -0500 GLENN-XO7NI61RK Glenn IP-BLOCK 141.136.16.151 (Type: outgoing)
ESET Online Scanner log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=264e8e8b114f3f4ebcf0aa1d7e04b8eb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-24 09:53:24
# local_time=2012-02-24 04:53:24 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 98229336 98229336 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=221497
# found=19
# cleaned=19
# scan_time=4731
C:\Documents and Settings\Glenn\Desktop\Programs\FirefoxPortable\U92.exe Win32/UltraReach application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Glenn\My Documents\Downloads\RegistryCleanerFree-2.2.7.8.Setup.exe a variant of Win32/Adware.RealRegistryCleaner application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Glenn\My Documents\Downloads\SUPERsetup.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Glenn\My Documents\Downloads\vshare-toolbar.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\vshare\imedix-silent-new.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ctix7b4h.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{868E2DC3-F54D-451F-B294-829CAB984948}\RP10\A0006896.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{868E2DC3-F54D-451F-B294-829CAB984948}\RP10\A0006897.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{868E2DC3-F54D-451F-B294-829CAB984948}\RP16\A0014026.exe Win32/UltraReach application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{868E2DC3-F54D-451F-B294-829CAB984948}\RP16\A0014027.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.IQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\tdlfs0000\tsk0010.dta a variant of Win32/Olmarik.AYG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\24.02.2012_02.56.25\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
I wasn't able to uninstall vShare Toolbar or Viewpoint Media Player before I used combofix. I was able to manually uninstall Limewire through the list of programs in the start menu. I was not able to open up the Add or Remove Programs in the control panel. After I ran my scans, and had to reboot, my computer wasn't able to shut down by itself. I had to force shut down my computer and start it back up again. But I was able to get the log that came from the TDSSKiller scan. I do not know if that would cause a change in the way this malware removal process works but I just wanted you to know that it happened.
ComboFix log:
ComboFix 12-02-21.01 - Glenn 02/24/2012 2:33.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1230 [GMT -5:00]
Running from: c:\documents and settings\Glenn\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Glenn\My Documents\Downloads\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid2152.log
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 07:28 . 2012-02-24 07:28 -------- d-----w- c:\windows\LastGood
2012-02-22 19:06 . 2012-02-22 19:06 -------- d-----w- c:\documents and settings\Glenn\Application Data\AVG2012
2012-02-22 19:05 . 2012-02-24 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-02-11 03:51 . 2012-02-11 03:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:26 . 2011-05-20 17:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 17:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 05:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-22_18.15.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-24 07:19 . 2012-02-24 07:19 16384 c:\windows\Temp\Perflib_Perfdata_1c8.dat
+ 2012-02-24 07:28 . 2011-09-13 11:30 32592 c:\windows\LastGood\system32\DRIVERS\avgrkx86.sys
+ 2012-02-24 07:28 . 2011-08-08 11:08 40016 c:\windows\LastGood\system32\DRIVERS\avgmfx86.sys
+ 2012-02-24 07:28 . 2011-10-04 11:21 16720 c:\windows\LastGood\system32\DRIVERS\AVGIDSShim.sys
+ 2012-02-24 07:28 . 2011-07-11 06:14 24272 c:\windows\LastGood\system32\DRIVERS\AVGIDSFilter.sys
+ 2012-02-24 07:28 . 2011-07-11 06:14 23120 c:\windows\LastGood\system32\DRIVERS\AVGIDSEH.sys
+ 2012-02-24 07:08 . 2012-02-23 01:55 194992 c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
+ 2012-02-24 07:28 . 2011-07-11 06:14 295248 c:\windows\LastGood\system32\DRIVERS\avgtdix.sys
+ 2012-02-24 07:28 . 2011-10-07 11:23 230608 c:\windows\LastGood\system32\DRIVERS\avgldx86.sys
+ 2012-02-24 07:28 . 2011-07-11 06:14 134608 c:\windows\LastGood\system32\DRIVERS\AVGIDSDriver.sys
+ 2012-02-22 19:05 . 2012-02-22 19:05 4698112 c:\windows\Installer\5bb283.msi
+ 2012-02-23 15:35 . 2012-02-23 15:35 2186240 c:\windows\Installer\47b5d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Aim"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-04 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\mercviper\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Guild Wars\\Gw.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\yellow0neinyci\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\yellow0neinyci\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\xchooloo8x\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\xchooloo8x\\condition zero\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"57025:TCP"= 57025:TCP:Pando Media Booster
"57025:UDP"= 57025:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/16/2008 6:48 PM 721904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/19/2007 3:49 PM 24652]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2009 12:16 PM 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Glenn\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Glenn\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2009 12:16 PM 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/2/2008 10:52 PM 47360]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgldx86
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 17:16]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 17:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BitTorrent DNA - c:\program files\DNA\btdna.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-24 02:46
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAKS-00VYA0 rev.12.01B02 -> Harddisk0\DR0 -> \Device\000006da
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4DC49F]<<
c:\docume~1\Glenn\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4e3738]; MOV EAX, [0x8a4e38ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A88D030]
3 CLASSPNP[0xBA11905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\00000077[0x8A914F18]
5 ACPI[0xB9E66620] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8A88F030]
\Driver\nvata[0x8A4F93B8] -> IRP_MJ_CREATE -> 0x8A4DC49F
error: Read Incorrect function.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000075 -> \??\IDE#DiskWDC_WD3200AAKS-00VYA0___________________12.01B02#2020202057202D44435752413157333838343232#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x8a95c1f8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\controlset002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
[HKEY_USERS\S-1-5-21-1645522239-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7C78B93-1769-C2CD-F751-57F80C82F191}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1080)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1144)
c:\windows\system32\WININET.dll
c:\windows\system32\nvappfilter.dll
.
Completion time: 2012-02-24 02:50:10
ComboFix-quarantined-files.txt 2012-02-24 07:50
ComboFix2.txt 2012-02-22 18:27
.
Pre-Run: 71,231,176,704 bytes free
Post-Run: 71,275,491,328 bytes free
.
- - End Of File - - 076936740ECA111418E6218BC842F5D1
TDSSKiller log:
02:56:25.0375 4564 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
02:56:25.0656 4564 ============================================================
02:56:25.0656 4564 Current date / time: 2012/02/24 02:56:25.0656
02:56:25.0656 4564 SystemInfo:
02:56:25.0656 4564
02:56:25.0656 4564 OS Version: 5.1.2600 ServicePack: 2.0
02:56:25.0656 4564 Product type: Workstation
02:56:25.0656 4564 ComputerName: GLENN-XO7NI61RK
02:56:25.0656 4564 UserName: Glenn
02:56:25.0656 4564 Windows directory: C:\WINDOWS
02:56:25.0656 4564 System windows directory: C:\WINDOWS
02:56:25.0656 4564 Processor architecture: Intel x86
02:56:25.0656 4564 Number of processors: 2
02:56:25.0656 4564 Page size: 0x1000
02:56:25.0656 4564 Boot type: Normal boot
02:56:25.0656 4564 ============================================================
02:56:26.0234 4564 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:56:26.0234 4564 \Device\Harddisk0\DR0:
02:56:26.0234 4564 MBR used
02:56:26.0234 4564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
02:56:26.0250 4564 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFFAC83, BlocksNum 0x15432A3E
02:56:26.0296 4564 Initialize success
02:56:26.0296 4564 ============================================================
02:57:14.0937 4088 ============================================================
02:57:14.0937 4088 Scan started
02:57:14.0937 4088 Mode: Manual;
02:57:14.0937 4088 ============================================================
02:57:15.0203 4088 Abiosdsk - ok
02:57:15.0218 4088 abp480n5 - ok
02:57:15.0281 4088 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:57:15.0281 4088 ACPI - ok
02:57:15.0328 4088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:57:15.0328 4088 ACPIEC - ok
02:57:15.0359 4088 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
02:57:15.0375 4088 ADIHdAudAddService - ok
02:57:15.0375 4088 adpu160m - ok
02:57:15.0390 4088 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
02:57:15.0390 4088 AEAudio - ok
02:57:15.0437 4088 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
02:57:15.0437 4088 aec - ok
02:57:15.0453 4088 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
02:57:15.0453 4088 Afc - ok
02:57:15.0500 4088 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
02:57:15.0500 4088 AFD - ok
02:57:15.0500 4088 Aha154x - ok
02:57:15.0515 4088 aic78u2 - ok
02:57:15.0515 4088 aic78xx - ok
02:57:15.0531 4088 AliIde - ok
02:57:15.0562 4088 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
02:57:15.0562 4088 AmdK8 - ok
02:57:15.0562 4088 amsint - ok
02:57:15.0609 4088 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:57:15.0609 4088 Arp1394 - ok
02:57:15.0625 4088 asc - ok
02:57:15.0625 4088 asc3350p - ok
02:57:15.0640 4088 asc3550 - ok
02:57:15.0656 4088 AsIO (663f2fb92608073824ee3106886120f3) C:\WINDOWS\system32\drivers\AsIO.sys
02:57:15.0656 4088 AsIO - ok
02:57:15.0703 4088 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:57:15.0703 4088 AsyncMac - ok
02:57:15.0734 4088 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:57:15.0734 4088 atapi - ok
02:57:15.0734 4088 Atdisk - ok
02:57:15.0828 4088 ati2mtag (3b88b6466896cc1a3a7e3287d72aca85) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:57:15.0843 4088 ati2mtag - ok
02:57:15.0875 4088 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
02:57:15.0875 4088 AtiHdmiService - ok
02:57:15.0890 4088 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:57:15.0890 4088 Atmarpc - ok
02:57:15.0937 4088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:57:15.0937 4088 audstub - ok
02:57:15.0953 4088 AVGIDSDriver - ok
02:57:15.0953 4088 AVGIDSEH - ok
02:57:15.0968 4088 AVGIDSFilter - ok
02:57:15.0968 4088 AVGIDSShim - ok
02:57:15.0984 4088 Avgrkx86 - ok
02:57:15.0984 4088 Avgtdix - ok
02:57:16.0000 4088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:57:16.0000 4088 Beep - ok
02:57:16.0046 4088 catchme - ok
02:57:16.0078 4088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:57:16.0078 4088 cbidf2k - ok
02:57:16.0093 4088 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:57:16.0093 4088 CCDECODE - ok
02:57:16.0093 4088 cd20xrnt - ok
02:57:16.0109 4088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:57:16.0109 4088 Cdaudio - ok
02:57:16.0125 4088 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
02:57:16.0125 4088 Cdfs - ok
02:57:16.0140 4088 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:57:16.0140 4088 Cdrom - ok
02:57:16.0140 4088 Changer - ok
02:57:16.0156 4088 CmdIde - ok
02:57:16.0171 4088 Cpqarray - ok
02:57:16.0187 4088 dac2w2k - ok
02:57:16.0187 4088 dac960nt - ok
02:57:16.0203 4088 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
02:57:16.0203 4088 Disk - ok
02:57:16.0234 4088 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
02:57:16.0250 4088 dmboot - ok
02:57:16.0250 4088 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
02:57:16.0265 4088 dmio - ok
02:57:16.0265 4088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:57:16.0265 4088 dmload - ok
02:57:16.0296 4088 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
02:57:16.0296 4088 DMusic - ok
02:57:16.0296 4088 dpti2o - ok
02:57:16.0343 4088 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
02:57:16.0343 4088 drmkaud - ok
02:57:16.0359 4088 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
02:57:16.0359 4088 Fastfat - ok
02:57:16.0359 4088 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
02:57:16.0359 4088 Fdc - ok
02:57:16.0375 4088 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
02:57:16.0375 4088 Fips - ok
02:57:16.0390 4088 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:57:16.0390 4088 Flpydisk - ok
02:57:16.0421 4088 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
02:57:16.0421 4088 FltMgr - ok
02:57:16.0437 4088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:57:16.0453 4088 Fs_Rec - ok
02:57:16.0453 4088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:57:16.0453 4088 Ftdisk - ok
02:57:16.0484 4088 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
02:57:16.0484 4088 GEARAspiWDM - ok
02:57:16.0515 4088 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:57:16.0515 4088 Gpc - ok
02:57:16.0562 4088 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:57:16.0562 4088 HDAudBus - ok
02:57:16.0562 4088 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:57:16.0562 4088 hidusb - ok
02:57:16.0578 4088 hpn - ok
02:57:16.0578 4088 hpt3xx - ok
02:57:16.0625 4088 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
02:57:16.0625 4088 HTTP - ok
02:57:16.0625 4088 i2omgmt - ok
02:57:16.0640 4088 i2omp - ok
02:57:16.0656 4088 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:57:16.0656 4088 i8042prt - ok
02:57:16.0671 4088 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:57:16.0671 4088 Imapi - ok
02:57:16.0687 4088 ini910u - ok
02:57:16.0687 4088 IntelIde - ok
02:57:16.0734 4088 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
02:57:16.0734 4088 ip6fw - ok
02:57:16.0750 4088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:57:16.0750 4088 IpFilterDriver - ok
02:57:16.0765 4088 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:57:16.0765 4088 IpInIp - ok
02:57:16.0781 4088 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:57:16.0781 4088 IpNat - ok
02:57:16.0796 4088 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:57:16.0796 4088 IPSec - ok
02:57:16.0812 4088 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:57:16.0812 4088 IRENUM - ok
02:57:16.0843 4088 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:57:16.0843 4088 isapnp - ok
02:57:16.0859 4088 Iviaspi (4ac11b2250106774f694df2db4ffed61) C:\WINDOWS\system32\drivers\iviaspi.sys
02:57:16.0859 4088 Iviaspi - ok
02:57:16.0875 4088 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
02:57:16.0875 4088 JGOGO - ok
02:57:16.0890 4088 JRAID (c341318beae24fa4042c5f8c64cb38b6) C:\WINDOWS\system32\DRIVERS\jraid.sys
02:57:16.0890 4088 JRAID - ok
02:57:16.0906 4088 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:57:16.0906 4088 Kbdclass - ok
02:57:16.0906 4088 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:57:16.0906 4088 kbdhid - ok
02:57:16.0937 4088 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
02:57:16.0937 4088 kmixer - ok
02:57:16.0937 4088 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
02:57:16.0953 4088 KSecDD - ok
02:57:16.0953 4088 lbrtfdc - ok
02:57:17.0000 4088 mferkdk - ok
02:57:17.0031 4088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:57:17.0031 4088 mnmdd - ok
02:57:17.0046 4088 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
02:57:17.0046 4088 Modem - ok
02:57:17.0062 4088 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:57:17.0062 4088 Mouclass - ok
02:57:17.0078 4088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:57:17.0078 4088 mouhid - ok
02:57:17.0078 4088 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
02:57:17.0078 4088 MountMgr - ok
02:57:17.0093 4088 mraid35x - ok
02:57:17.0093 4088 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:57:17.0093 4088 MRxDAV - ok
02:57:17.0140 4088 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:57:17.0140 4088 MRxSmb - ok
02:57:17.0140 4088 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
02:57:17.0156 4088 Msfs - ok
02:57:17.0187 4088 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:57:17.0187 4088 MSKSSRV - ok
02:57:17.0203 4088 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:57:17.0203 4088 MSPCLOCK - ok
02:57:17.0203 4088 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
02:57:17.0203 4088 MSPQM - ok
02:57:17.0234 4088 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:57:17.0234 4088 mssmbios - ok
02:57:17.0265 4088 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
02:57:17.0265 4088 MSTEE - ok
02:57:17.0296 4088 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
02:57:17.0296 4088 MTsensor - ok
02:57:17.0312 4088 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
02:57:17.0312 4088 Mup - ok
02:57:17.0328 4088 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:57:17.0328 4088 NABTSFEC - ok
02:57:17.0359 4088 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
02:57:17.0359 4088 NDIS - ok
02:57:17.0375 4088 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:57:17.0375 4088 NdisIP - ok
02:57:17.0390 4088 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:57:17.0390 4088 NdisTapi - ok
02:57:17.0421 4088 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:57:17.0421 4088 Ndisuio - ok
02:57:17.0437 4088 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:57:17.0437 4088 NdisWan - ok
02:57:17.0453 4088 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
02:57:17.0453 4088 NDProxy - ok
02:57:17.0468 4088 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:57:17.0468 4088 NetBIOS - ok
02:57:17.0484 4088 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:57:17.0484 4088 NetBT - ok
02:57:17.0515 4088 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:57:17.0515 4088 NIC1394 - ok
02:57:17.0531 4088 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
02:57:17.0531 4088 Npfs - ok
02:57:17.0578 4088 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
02:57:17.0578 4088 Ntfs - ok
02:57:17.0593 4088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:57:17.0593 4088 Null - ok
02:57:17.0625 4088 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys
02:57:17.0625 4088 nvata - ok
02:57:17.0656 4088 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:57:17.0671 4088 NVENETFD - ok
02:57:17.0687 4088 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:57:17.0687 4088 nvnetbus - ok
02:57:17.0703 4088 NVTCP (c0e7437765a694328579c4674ef3ab20) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
02:57:17.0703 4088 NVTCP - ok
02:57:17.0734 4088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:57:17.0734 4088 NwlnkFlt - ok
02:57:17.0750 4088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:57:17.0750 4088 NwlnkFwd - ok
02:57:17.0765 4088 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:57:17.0765 4088 ohci1394 - ok
02:57:17.0781 4088 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
02:57:17.0781 4088 Parport - ok
02:57:17.0796 4088 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
02:57:17.0796 4088 PartMgr - ok
02:57:17.0796 4088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:57:17.0796 4088 ParVdm - ok
02:57:17.0812 4088 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
02:57:17.0812 4088 PCI - ok
02:57:17.0812 4088 PCIDump - ok
02:57:17.0828 4088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:57:17.0828 4088 PCIIde - ok
02:57:17.0859 4088 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:57:17.0859 4088 Pcmcia - ok
02:57:17.0859 4088 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
02:57:17.0875 4088 pcouffin - ok
02:57:17.0875 4088 PDCOMP - ok
02:57:17.0890 4088 PDFRAME - ok
02:57:17.0890 4088 PDRELI - ok
02:57:17.0906 4088 PDRFRAME - ok
02:57:17.0906 4088 perc2 - ok
02:57:17.0921 4088 perc2hib - ok
02:57:17.0953 4088 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:57:17.0953 4088 PptpMiniport - ok
02:57:17.0953 4088 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
02:57:17.0968 4088 Processor - ok
02:57:17.0968 4088 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
02:57:17.0968 4088 PSched - ok
02:57:17.0984 4088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:57:17.0984 4088 Ptilink - ok
02:57:18.0000 4088 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:57:18.0000 4088 PxHelp20 - ok
02:57:18.0015 4088 ql1080 - ok
02:57:18.0031 4088 Ql10wnt - ok
02:57:18.0031 4088 ql12160 - ok
02:57:18.0046 4088 ql1240 - ok
02:57:18.0046 4088 ql1280 - ok
02:57:18.0062 4088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:57:18.0062 4088 RasAcd - ok
02:57:18.0093 4088 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:57:18.0093 4088 Rasl2tp - ok
02:57:18.0093 4088 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:57:18.0109 4088 RasPppoe - ok
02:57:18.0109 4088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:57:18.0109 4088 Raspti - ok
02:57:18.0140 4088 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:57:18.0140 4088 Rdbss - ok
02:57:18.0156 4088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:57:18.0156 4088 RDPCDD - ok
02:57:18.0171 4088 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:57:18.0171 4088 rdpdr - ok
02:57:18.0203 4088 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
02:57:18.0203 4088 RDPWD - ok
02:57:18.0218 4088 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:57:18.0218 4088 redbook - ok
02:57:18.0250 4088 SCDEmu (3b35ce540758bbabb721e234cb5a4f3f) C:\WINDOWS\system32\drivers\SCDEmu.sys
02:57:18.0250 4088 SCDEmu - ok
02:57:18.0265 4088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:57:18.0265 4088 Secdrv - ok
02:57:18.0296 4088 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
02:57:18.0312 4088 SenFiltService - ok
02:57:18.0312 4088 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:57:18.0312 4088 serenum - ok
02:57:18.0328 4088 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
02:57:18.0328 4088 Serial - ok
02:57:18.0343 4088 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:57:18.0343 4088 Sfloppy - ok
02:57:18.0359 4088 Simbad - ok
02:57:18.0375 4088 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:57:18.0375 4088 SLIP - ok
02:57:18.0593 4088 SNP2UVC (f8e7411b26530e34d1ddc82f8a6b741a) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
02:57:18.0656 4088 SNP2UVC - ok
02:57:18.0656 4088 Sparrow - ok
02:57:18.0687 4088 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
02:57:18.0703 4088 splitter - ok
02:57:18.0750 4088 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
02:57:18.0750 4088 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
02:57:18.0750 4088 sptd ( LockedFile.Multi.Generic ) - warning
02:57:18.0750 4088 sptd - detected LockedFile.Multi.Generic (1)
02:57:18.0765 4088 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
02:57:18.0765 4088 sr - ok
02:57:18.0796 4088 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
02:57:18.0796 4088 Srv - ok
02:57:18.0828 4088 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:57:18.0828 4088 streamip - ok
02:57:18.0843 4088 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:57:18.0843 4088 swenum - ok
02:57:18.0859 4088 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
02:57:18.0859 4088 swmidi - ok
02:57:18.0875 4088 symc810 - ok
02:57:18.0875 4088 symc8xx - ok
02:57:18.0890 4088 sym_hi - ok
02:57:18.0890 4088 sym_u3 - ok
02:57:18.0906 4088 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
02:57:18.0906 4088 sysaudio - ok
02:57:18.0953 4088 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:57:18.0953 4088 Tcpip - ok
02:57:18.0984 4088 Tcpip6 (be4007ab8c9b62e3688fc2f469b98190) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
02:57:18.0984 4088 Tcpip6 - ok
02:57:19.0000 4088 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:57:19.0000 4088 TDPIPE - ok
02:57:19.0031 4088 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
02:57:19.0031 4088 TDTCP - ok
02:57:19.0062 4088 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:57:19.0062 4088 TermDD - ok
02:57:19.0078 4088 TosIde - ok
02:57:19.0093 4088 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
02:57:19.0093 4088 tunmp - ok
02:57:19.0125 4088 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
02:57:19.0125 4088 Udfs - ok
02:57:19.0140 4088 ultra - ok
02:57:19.0156 4088 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
02:57:19.0156 4088 Update - ok
02:57:19.0203 4088 usbaapl (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
02:57:19.0203 4088 usbaapl - ok
02:57:19.0218 4088 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
02:57:19.0218 4088 usbaudio - ok
02:57:19.0234 4088 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:57:19.0234 4088 usbccgp - ok
02:57:19.0250 4088 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:57:19.0250 4088 usbehci - ok
02:57:19.0265 4088 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:57:19.0265 4088 usbhub - ok
02:57:19.0281 4088 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:57:19.0281 4088 usbohci - ok
02:57:19.0312 4088 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:57:19.0312 4088 usbprint - ok
02:57:19.0312 4088 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:57:19.0312 4088 usbscan - ok
02:57:19.0328 4088 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:57:19.0328 4088 USBSTOR - ok
02:57:19.0359 4088 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
02:57:19.0359 4088 VgaSave - ok
02:57:19.0375 4088 ViaIde - ok
02:57:19.0406 4088 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
02:57:19.0406 4088 VolSnap - ok
02:57:19.0453 4088 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:57:19.0453 4088 Wanarp - ok
02:57:19.0453 4088 WDICA - ok
02:57:19.0500 4088 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
02:57:19.0500 4088 wdmaud - ok
02:57:19.0546 4088 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
02:57:19.0546 4088 WpdUsb - ok
02:57:19.0562 4088 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:57:19.0562 4088 WS2IFSL - ok
02:57:19.0593 4088 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:57:19.0593 4088 WSTCODEC - ok
02:57:19.0609 4088 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:57:19.0609 4088 WudfPf - ok
02:57:19.0625 4088 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:57:19.0625 4088 WudfRd - ok
02:57:19.0640 4088 ymdwqbuwixvpepmk - ok
02:57:19.0656 4088 MBR (0x1B8) (1f753b395539269a3484aecd505b79bd) \Device\Harddisk0\DR0
02:57:19.0671 4088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
02:57:19.0671 4088 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
02:57:19.0671 4088 Boot (0x1200) (fab75864fb4bdac02d2c7d424dcb1b73) \Device\Harddisk0\DR0\Partition0
02:57:19.0671 4088 \Device\Harddisk0\DR0\Partition0 - ok
02:57:19.0687 4088 Boot (0x1200) (dd20829a8d99adb4ad0f9b3e873da109) \Device\Harddisk0\DR0\Partition1
02:57:19.0703 4088 \Device\Harddisk0\DR0\Partition1 - ok
02:57:19.0703 4088 ============================================================
02:57:19.0703 4088 Scan finished
02:57:19.0703 4088 ============================================================
02:57:19.0703 5020 Detected object count: 2
02:57:19.0703 5020 Actual detected object count: 2
02:57:55.0296 5020 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:57:55.0296 5020 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:57:55.0593 5020 \Device\Harddisk0\DR0\# - copied to quarantine
02:57:55.0593 5020 \Device\Harddisk0\DR0 - copied to quarantine
02:57:55.0625 5020 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
02:57:55.0625 5020 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
02:57:55.0625 5020 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
02:57:55.0640 5020 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
02:57:55.0640 5020 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
02:57:55.0640 5020 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
02:57:55.0640 5020 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
02:57:55.0640 5020 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
02:57:55.0640 5020 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
02:57:55.0656 5020 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
02:57:55.0656 5020 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
02:57:55.0656 5020 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
02:57:55.0656 5020 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
02:57:55.0656 5020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
02:57:55.0656 5020 \Device\Harddisk0\DR0 - ok
02:57:55.0671 5020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
02:58:03.0484 0428 Deinitialize success
-
ComboFix Log:
ComboFix 12-02-21.01 - Glenn 02/22/2012 13:02:38.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1325 [GMT -5:00]
Running from: c:\documents and settings\Glenn\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ctix7b4h.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ctix7b4h.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ctix7b4h.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ctix7b4h.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ctix7b4h.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\install.rdf
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Documents\dll
c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}
c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\chrome.manifest
c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\chrome\xulcache.jar
c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\defaults\preferences\xulcache.js
c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\extensions\{ca86ec42-c7aa-441f-9d69-14859b47cc0e}\install.rdf
c:\documents and settings\Glenn\snuxcvibmu.tmp
c:\windows\EventSystem.log
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET7C.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
.
.
2012-02-11 03:51 . 2012-02-11 03:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:26 . 2011-05-20 17:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 17:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 05:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-06 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Aim"="c:\program files\AIM\aim.exe" [2005-08-05 67160]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-04 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.15\AsRunHelp.exe" [2006-11-14 363008]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2007-07-11 569344]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Steam\\steamapps\\mercviper\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Guild Wars\\Gw.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\yellow0neinyci\\counter-strike\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\yellow0neinyci\\condition zero\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\xchooloo8x\\counter-strike\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\xchooloo8x\\condition zero\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"57025:TCP"= 57025:TCP:Pando Media Booster
"57025:UDP"= 57025:UDP:Pando Media Booster
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9/16/2008 6:48 PM 721904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/19/2007 3:49 PM 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2009 12:16 PM 135664]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Glenn\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Glenn\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/3/2009 12:16 PM 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [1/2/2008 10:52 PM 47360]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 17:16]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-03 17:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Glenn\Application Data\Mozilla\Firefox\Profiles\pf04h0gi.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{03CDFCD9-D6E8-41F5-BEFD-B306763B9A1c} - c:\windows\system32\atiok3x232.dll
HKLM-Run-dplaysvr - c:\documents and settings\Glenn\Application Data\dplaysvr.exe
HKU-Default-Run-dplaysvr - c:\documents and settings\Glenn\Application Data\dplaysvr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 13:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAKS-00VYA0 rev.12.01B02 -> Harddisk0\DR0 -> \Device\0000009b
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4A449F]<<
c:\docume~1\Glenn\LOCALS~1\Temp\catchme.sys
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a4ab738]; MOV EAX, [0x8a4ab8ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\Harddisk0\DR0[0x8A8BA030]
3 CLASSPNP[0xBA11905B] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> \Device\00000075[0x8A8F4F18]
5 ACPI[0xB9E66620] -> ntkrnlpa!IofCallDriver[0x804EF0BC] -> [0x8A8BC030]
\Driver\nvata[0x8A749360] -> IRP_MJ_CREATE -> 0x8A4A449F
error: Read The system cannot find the file specified.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000073 -> \??\IDE#DiskWDC_WD3200AAKS-00VYA0___________________12.01B02#2020202057202D44435752413157333838343232#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x8a95c1f8
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\controlset002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,15"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"="c:\\WINDOWS\\system32\\SHELL32.dll,17"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,22"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,23"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="c:\\WINDOWS\\system32\\shell32.dll,24"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="c:\\WINDOWS\\system32\\shell32.dll,-175"
"{21EC2020-3AEA-1069-A2DD-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-137"
"{2227A280-3AEA-1069-A2DE-08002B30309D}"="c:\\WINDOWS\\System32\\shell32.dll,-138"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="c:\\WINDOWS\\system32\\shell32.dll,38"
"AudioCD"="c:\\WINDOWS\\System32\\shell32.dll,40"
"{FBF23B42-E3F0-101B-8488-00AA003E56F8}"="c:\\WINDOWS\\system32\\shell32.dll,220"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="c:\\WINDOWS\\system32\\mydocs.dll,0"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="c:\\WINDOWS\\system32\\main.cpl,10"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="c:\\WINDOWS\\system32\\wiashext.dll,0"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="c:\\WINDOWS\\system32\\mstask.dll,-100"
"{88C6C381-2E85-11D0-94DE-444553540000}"="c:\\WINDOWS\\System32\\occache.dll,0"
"{BDEADF00-C265-11d0-BCED-00A0C90AB50F}"="c:\\Program Files\\COMMON~1\\MICROS~1\\WEBFOL~1\\MSONSEXT.DLL,0"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="c:\\WINDOWS\\System32\\shdocvw.dll,-20785"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="c:\\WINDOWS\\System32\\webcheck.dll,0"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="c:\\WINDOWS\\system32\\syncui.dll,0"
.
[HKEY_USERS\S-1-5-21-1645522239-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C7C78B93-1769-C2CD-F751-57F80C82F191}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\WININET.dll
c:\windows\system32\nvappfilter.dll
.
Completion time: 2012-02-22 13:27:40
ComboFix-quarantined-files.txt 2012-02-22 18:27
.
Pre-Run: 71,624,953,856 bytes free
Post-Run: 71,972,741,120 bytes free
.
- - End Of File - - FE6086956A0EFE25AAE92F49923F2767
Add or Remove Programs list:
ABBYY FineReader 5.0 Sprint Plus
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.0
Adobe Shockwave Player
AIM 7
Any Video Converter 2.5.9
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AviSynth 2.5
Bonjour
Compatibility Pack for the 2007 Office system
Condition Zero
Corel Snapfire Plus
Counter-Strike
Counter-Strike: Source
Dell Photo AIO Printer 922
Dev-C++ 5 beta 9 release (4.9.9.2)
DirectXInstallService
DivX Web Player
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVDFab HD Decrypter 4.1.0.2
EMC 10 Content
Garmin Communicator Plugin
Garmin USB Drivers
Google Update Helper
Guild Wars
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Office (KB950278)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
InterVideo DVDCopy5
iTunes
Java DB 10.2.2.0
Java 6 Update 14
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java 6 Update 7
Java SE Development Kit 6 Update 3
JCreator LE 4.50
JMB36X Raid Configurer
Juniper Networks Setup Client Activex Control
League of Legends
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Media Player Codec Pack 3.2.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (November 2008)
Microsoft Expression Web
Microsoft Expression Web
Microsoft Expression Web MUI (English)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft MSDN 2005 Express Edition - ENU
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft XML Parser and SDK
MobileMe Control Panel
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Music Transfer
MyLife Webcam Pro
Nero 7 Essentials
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
ooVoo
Pando Media Booster
Pepakura Viewer 3
PhotoScape
PopCap Browser Plugin
PowerISO
ProProfs CompTIA A+ Practice Exams
Python 3.2
Quake Live Mozilla Plugin
QuickTime
RealPlayer
Rhapsody Player Engine
Roxio Activation Module
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Skype™ 5.5
SmartSound Quicktracks Plugin
Sony Picture Utility
SoundMAX
Spybot - Search & Destroy
SQL Server System CLR Types
Starcraft
Steam
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
System Requirements Lab
System Requirements Lab CYRI
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Veetle TV 0.9.15
Ventrilo Client
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
VoiceOver Kit
vShare Toolbar
WampServer 2.0
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
XviD Video Codec 1.1.2-01022007
-
I don't know if this will help but I was told about a program called HiJackThis. My friend said to use this program and upload the log to see if anyone can help me. If you can help, please do. Here's the log after I scanned with HiJackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:49:42 PM, on 2/21/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\Documents and Settings\Glenn\My Documents\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (no name) - {03CDFCD9-D6E8-41F5-BEFD-B306763B9A1c} - C:\WINDOWS\system32\atiok3x232.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNTY3NDM3ODc2LVQxLVU4NSsxLUJBKzEtS1YzKzctWEwrMS1VQ0FMTCsxLUJBUjhHKzEtVUNBTEwyKzItRkwrOC1GOE05QSszLUY4TTExQysxLVVQRysyMDExLUY4TTExRSsxLVhPMTArMTI"&"prod=90"&"ver=10.0.1204
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Aim] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\DOCUME~1\Glenn\MYDOCU~1\gerry\MICROS~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271014203546
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271015953046
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Glenn\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe
--
End of file - 11741 bytes
Possible virus?
in Resolved Malware Removal Logs
Posted