heybabyzr0
-
Posts
63 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by heybabyzr0
-
-
Gringo,
I have run the cleaners.
Thank you for all your help in restoring my computer.
Justin
-
EST Scan results are attached in this post since the last post had html markup. I've no idea why the html showed up in the post.
-
<p>EST Scan Log:</p>
<p> </p>
<p> </p>
<div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP633\A0203750.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div>
<div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP651\A0206918.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/DownloadAdmin.D application</div>
<div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP656\A0209375.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Toolbar.CrossRider.A application</div>
<div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP656\A0209409.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/OpenInstall application</div>
<div>C:\System Volume Information\_restore{1593D9F2-BEBE-480D-9CDC-68B6495175A6}\RP658\A0209831.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.CrossRider.B application</div>
<div> </div>
-
No issues running any of the programs this time.
The computer speed, audio, and video seem to be ok. Boot up time is still very slow but, this is an old computer.
The browser I use, Chrome, still looks "different." Yesterday sites using Java would not load or would load very slowly. After following your instruction in the above post, those sites seem to be loading better.
MBAM Log:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.06.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Just :: TOSHIBA-USER [administrator]
12/6/2012 2:27:20 AM
mbam-log-2012-12-06 (02-27-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234501
Time elapsed: 20 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:29:53 AM, on 12/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Desktop\HijackThis.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 9324 bytes
-
µTorrent
2350
2350_Help
2350Trb
2Wire Wireless Client
32 Bit HP CIO Components Installer
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.4)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan
AiOSoftware
ALPS Touch Pad Driver
Android USB Driver
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 2013
BufferChm
C4200
C4200_doccd
c4200_Help
CD/DVD Drive Acoustic Silencer
Connect
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Setup
DocProc
DocProcQFolder
DocumentViewer
DVD-RAM Driver
eSupportQFolder
Fax
FileZilla Client 3.5.3
Free Video to MP3 Converter version 5.0.19.1015
Google Chrome
Google Update Helper
HiJackThis
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Customer Participation Program 9.0
HP Image Zone 4.7
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSystemDiagnostics
InstantShare
Java 7 Update 9
Java Auto Updater
JDownloader 0.9
kuler
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
MFC RunTime files
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft IntelliPoint 6.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB954459)
Mysteryville
Notebook Maximizer
Notepad++
PanoStandAlone
PC Connectivity Solution
PdaNet for Android 3.50
PDF Settings CS4
PhotoGallery
Photoshop Camera Raw
Platform
ProductContext
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
QFolder
QuickTime
RarZilla Free Unrar
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
RealUpgrade 1.1
RegAlyzer
Roxio Burn Engine
Samsung New PC Studio
Scan
ScannerCopy
Scribus 1.4.1
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB975713)
Segoe UI
Sex Sim
SkinsHP1
SlimCleaner
SolutionCenter
Sonic DLA
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Status
Suite Shared Configuration CS4
Super Collapse 3
swMSM
TBS WMP Plug-in
Toolbox
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Fax Extension
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Management Utility
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
Touch and Launch
TouchPad On/Off Utility
TrayApp
Unload
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB951978)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VIA Platform Device Manager
VideoToolkit01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Defender
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3
Wise Disk Cleaner 5.93
-
I ran the new script in Combo Fix. The program still froze up. I tried twice and gave in 1.5 hours to work but still nothing but a frozen program.
-
I tried running ComboFix using the script provided twice. Both times the program froze up. I did not click anything with the mouse one the program started and I disabled the antivirus program.
-
OK,
The boot up was a bit faster. The browser in Chrome looks different. Audio and Video are playing back fine.
My anti-virus, AVG, popped up saying it detected a threat called ACS.EXE. I did not take any action.
Justin
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Service relational stopped successfully!
Service relational deleted successfully!
File \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found not found.
Error: No service named 18059 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\18059 deleted successfully.
File globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found not found.
Service mnsframework stopped successfully!
Service mnsframework deleted successfully!
File \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found not found.
Registry key HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "free-downloads.net Customized Web Search" removed from browser.search.selectedEngine
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\skin folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\locale\en-US folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\locale folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\defaults folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\lib folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
Folder C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode\ not found.
C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68 moved successfully.
C:\Documents and Settings\All Users\Application Data\ci256wkm68 moved successfully.
C:\WINDOWS\Lzugogevu.dat moved successfully.
C:\WINDOWS\Bzacujekafiyaci.bin moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Just\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Just\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: Just
->Java cache emptied: 1505574 bytes
User: LocalService
User: NetworkService
User: Owner
Total Java Files Cleaned = 1.00 mb
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 760 bytes
User: All Users
User: Default User
User: Just
->Flash cache emptied: 9523 bytes
User: LocalService
->Flash cache emptied: 343 bytes
User: NetworkService
->Flash cache emptied: 29349 bytes
User: Owner
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12012012_151716
-
Here is the OTL Attachment:
-
Don't know why its posting like this
-
<p> </p>
<div>Sorry. I really don't know what happened in my last post.</div>
<div>Here is the OTL Report:</div>
<div> </div>
<div>OTL logfile created on: 11/30/2012 11:44:17 PM - Run 2</div>
<div>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Just\Desktop</div>
<div>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div>
<div>Internet Explorer (Version = 8.0.6001.18702)</div>
<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>
<div> </div>
<div>1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.22% Memory free</div>
<div>1.89 Gb Paging File | 1.46 Gb Available in Paging File | 77.48% Paging File free</div>
<div>Paging file location(s): C:\pagefile.sys 672 1344 [binary data]</div>
<div> </div>
<div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div>
<div>Drive C: | 55.89 Gb Total Space | 8.48 Gb Free Space | 15.17% Space Free | Partition Type: NTFS</div>
<div> </div>
<div>Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator.</div>
<div>Boot Mode: Normal | Scan Mode: All users</div>
<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>
<div> </div>
<div>========== Processes (SafeList) ==========</div>
<div> </div>
<div>PRC - C:\Documents and Settings\Just\Desktop\OTL.exe (OldTimer Tools)</div>
<div>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div>
<div>PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div>
<div>PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>
<div>PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div>
<div>PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div>
<div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>
<div>PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div>
<div>PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div>
<div>PRC - C:\WINDOWS\system32\acs.exe ()</div>
<div>PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div>
<div>PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</div>
<div>PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div>
<div>PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div>
<div>PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div>
<div> </div>
<div> </div>
<div>========== Modules (No Company Name) ==========</div>
<div> </div>
<div>MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>
<div>MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()</div>
<div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()</div>
<div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div>
<div>MOD - C:\WINDOWS\system32\acs.exe ()</div>
<div> </div>
<div> </div>
<div>========== Services (SafeList) ==========</div>
<div> </div>
<div>SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div>
<div>SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found</div>
<div>SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div>
<div>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</div>
<div>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div>
<div>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>
<div>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>
<div>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</div>
<div>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div>
<div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</div>
<div>SRV - (UDisk Monitor) -- C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe ()</div>
<div>SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div>
<div>SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()</div>
<div>SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)</div>
<div>SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)</div>
<div>SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()</div>
<div>SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()</div>
<div>SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div>
<div>SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div>
<div>SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div>
<div> </div>
<div> </div>
<div>========== Driver Services (SafeList) ==========</div>
<div> </div>
<div>DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found</div>
<div>DRV - (PCIDump) -- File not found</div>
<div>DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found</div>
<div>DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found</div>
<div>DRV - (MR97310_USB_DUAL_CAMERA) -- system32\DRIVERS\mr97310c.sys File not found</div>
<div>DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found</div>
<div>DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found</div>
<div>DRV - (catchme) -- C:\DOCUME~1\Just\LOCALS~1\Temp\catchme.sys File not found</div>
<div>DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found</div>
<div>DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</div>
<div>DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</div>
<div>DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)</div>
<div>DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</div>
<div>DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)</div>
<div>DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)</div>
<div>DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)</div>
<div>DRV - (SRS_AE_Service) -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys ()</div>
<div>DRV - (Generalusbserialser20675) -- C:\WINDOWS\system32\drivers\CT_U_USBSER.sys (Incorporated)</div>
<div>DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)</div>
<div>DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)</div>
<div>DRV - (qrkis) -- C:\WINDOWS\system32\drivers\qrkis.sys (Tether)</div>
<div>DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()</div>
<div>DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)</div>
<div>DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()</div>
<div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div>
<div>DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )</div>
<div>DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div>
<div>DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div>
<div>DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)</div>
<div>DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)</div>
<div>DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)</div>
<div>DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))</div>
<div>DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)</div>
<div>DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)</div>
<div>DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)</div>
<div>DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)</div>
<div>DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.)</div>
<div>DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)</div>
<div>DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)</div>
<div>DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)</div>
<div>DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</div>
<div>DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA )</div>
<div>DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)</div>
<div>DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)</div>
<div>DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)</div>
<div>DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)</div>
<div>DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)</div>
<div>DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)</div>
<div>DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)</div>
<div>DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)</div>
<div>DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)</div>
<div>DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)</div>
<div>DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)</div>
<div>DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )</div>
<div>DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()</div>
<div>DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)</div>
<div>DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)</div>
<div>DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)</div>
<div>DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)</div>
<div>DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC)</div>
<div> </div>
<div> </div>
<div>========== Standard Registry (SafeList) ==========</div>
<div> </div>
<div> </div>
<div>========== Internet Explorer ==========</div>
<div> </div>
<div>IE - HKLM\..\SearchScopes,DefaultScope = </div>
<div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>
<div> </div>
<div> </div>
<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div>
<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div>
<div>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </div>
<div>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div>
<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div>
<div>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </div>
<div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes,DefaultScope = </div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4192031A-6069-4FCE-96EB-85CAB8FF0237}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4B42AEAD-4FCA-4A4A-8971-5F67DF6CD34D}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={25330A0F-1AFF-40EB-9CDD-7C39B26B1797}&mid=b11d2286b1c447d0a80dd1d9d053aeab-eb14df7d87ec26bb2309bd26fddc922cfb7869fd&lang=en&ds=dw011&pr=sa&d=2012-04-06 02:54:53&v=10.2.0.3&sap=dsp&q={searchTerms}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div>
<div> </div>
<div>========== FireFox ==========</div>
<div> </div>
<div>FF - prefs.js..browser.search.defaultenginename: "bing"</div>
<div>FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"</div>
<div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"</div>
<div>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"</div>
<div>FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"</div>
<div>FF - prefs.js..browser.search.useDBForOrder: true</div>
<div>FF - prefs.js..browser.startup.homepage: "www.yahoo.com"</div>
<div>FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1</div>
<div>FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704</div>
<div>FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0</div>
<div>FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5</div>
<div>FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.0</div>
<div>FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10</div>
<div>FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div>
<div>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6</div>
<div>FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.3</div>
<div>FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323</div>
<div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div>
<div>FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1C</div>
<div>FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1</div>
<div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</div>
<div>FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div>
<div>FF - prefs.js..network.proxy.ftp: "84.25.123.69"</div>
<div>FF - prefs.js..network.proxy.ftp_port: 8080</div>
<div>FF - prefs.js..network.proxy.gopher: "84.25.123.69"</div>
<div>FF - prefs.js..network.proxy.gopher_port: 8080</div>
<div>FF - prefs.js..network.proxy.socks: "84.25.123.69"</div>
<div>FF - prefs.js..network.proxy.socks_port: 8080</div>
<div>FF - prefs.js..network.proxy.ssl: "84.25.123.69"</div>
<div>FF - prefs.js..network.proxy.ssl_port: 8080</div>
<div>FF - prefs.js..network.proxy.http: "127.0.0.1"</div>
<div>FF - prefs.js..network.proxy.http_port: 61333</div>
<div>FF - prefs.js..network.proxy.type: 1</div>
<div> </div>
<div> </div>
<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()</div>
<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found</div>
<div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found</div>
<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found</div>
<div>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found</div>
<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div>
<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div>
<div> </div>
<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div>
<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div>
<div> </div>
<div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions</div>
<div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com</div>
<div>[2010/02/22 23:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org</div>
<div>[2012/04/20 02:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions</div>
<div>[2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div>
<div>[2012/04/20 02:35:42 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div>
<div>[2011/07/09 04:15:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</div>
<div>[2011/08/19 06:59:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</div>
<div>[2011/09/18 03:33:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}</div>
<div>[2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com</div>
<div>[2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com</div>
<div>[2011/02/27 16:12:01 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\tineye@ideeinc.com</div>
<div>[2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode</div>
<div>[2011/08/27 21:57:12 | 000,045,689 | ---- | M] () (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\webrank-toolbar@probcomp.com.xpi</div>
<div>[2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml</div>
<div>[2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml</div>
<div>[2012/11/22 08:04:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT</div>
<div>[2011/04/18 21:04:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF</div>
<div> </div>
<div>========== Chrome ==========</div>
<div> </div>
<div>CHR - default_search_provider: Google (Enabled)</div>
<div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</div>
<div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</div>
<div>CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer</div>
<div>CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll</div>
<div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll</div>
<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll</div>
<div>CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll</div>
<div>CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll</div>
<div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div>
<div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</div>
<div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</div>
<div>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</div>
<div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div>
<div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div>
<div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div>
<div>CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll</div>
<div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll</div>
<div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div>
<div>CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll</div>
<div>CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll</div>
<div>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div>
<div>CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll</div>
<div>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll</div>
<div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div>
<div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div>
<div>CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\</div>
<div>CHR - Extension: AdBlock = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\</div>
<div> </div>
<div>O1 HOSTS File: ([2012/11/30 19:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div>
<div>O1 - Hosts: 127.0.0.1 localhost</div>
<div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</div>
<div>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</div>
<div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div>
<div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div>
<div>O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.</div>
<div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>
<div>O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div>
<div>O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div>
<div>O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)</div>
<div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</div>
<div>O4 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div>
<div>O4 - Startup: C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>
<div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div>
<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div>
<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div>
<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>
<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>
<div>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)</div>
<div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</div>
<div>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</div>
<div>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</div>
<div>O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)</div>
<div>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</div>
<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)</div>
<div>O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)</div>
<div>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div>
<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div>
<div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</div>
<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>
<div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div>
<div>O24 - Desktop Components:0 () - </div>
<div>O24 - Desktop WallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>
<div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>
<div>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</div>
<div>O32 - HKLM CDRom: AutoRun - 1</div>
<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>
<div>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)</div>
<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>
<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>
<div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div>
<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>
<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>
<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>
<div> </div>
<div>========== Files/Folders - Created Within 30 Days ==========</div>
<div> </div>
<div>[2012/11/30 23:40:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div>
<div>[2012/11/30 16:26:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div>
<div>[2012/11/30 16:25:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div>
<div>[2012/11/29 14:05:03 | 005,009,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div>
<div>[2012/11/28 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\RK_Quarantine</div>
<div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro</div>
<div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Start Menu\Programs\HiJackThis</div>
<div>[2012/11/27 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PdaNet for Android</div>
<div>[2012/11/27 12:32:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div>
<div>[2012/11/27 12:32:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div>
<div>[2012/11/27 12:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div>
<div>[2012/11/27 12:31:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div>
<div>[2012/11/27 12:31:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div>
<div>[2012/11/25 14:08:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div>
<div>[2012/11/25 14:07:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div>
<div>[2012/11/24 23:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97</div>
<div>[2012/11/24 22:52:58 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div>
<div>[2012/11/22 08:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</div>
<div>[2012/11/22 08:03:27 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div>
<div>[2012/11/22 08:02:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div>
<div>[2012/11/22 08:02:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div>
<div>[2012/11/22 08:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks</div>
<div>[2012/11/22 08:02:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div>
<div>[2012/11/17 06:09:07 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe</div>
<div>[2012/11/17 06:09:07 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe</div>
<div>[2012/11/15 12:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Safer Networking</div>
<div>[2012/11/15 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking</div>
<div>[2012/11/15 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking</div>
<div>[2012/11/14 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\AVG2013</div>
<div>[2012/11/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG</div>
<div>[2012/11/14 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div>
<div>[2012/11/13 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Avg2013</div>
<div>[2012/11/13 04:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner</div>
<div>[2012/11/13 03:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder</div>
<div>[2012/11/11 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy</div>
<div>[2012/11/01 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Justin</div>
<div>[2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll</div>
<div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div>
<div> </div>
<div>========== Files - Modified Within 30 Days ==========</div>
<div> </div>
<div>[2012/11/30 23:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div>
<div>[2012/11/30 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div>
<div>[2012/11/30 21:59:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div>
<div>[2012/11/30 21:57:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div>
<div>[2012/11/30 21:57:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>
<div>[2012/11/30 21:57:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>
<div>[2012/11/30 21:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div>
<div>[2012/11/30 21:56:53 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys</div>
<div>[2012/11/30 21:53:57 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div>
<div>[2012/11/30 19:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div>
<div>[2012/11/30 19:05:22 | 000,005,525 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div>
<div>[2012/11/30 18:18:57 | 000,033,244 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div>
<div>[2012/11/30 18:04:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div>
<div>[2012/11/30 16:32:06 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Google Chrome.lnk</div>
<div>[2012/11/30 16:27:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div>
<div>[2012/11/30 16:25:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div>
<div>[2012/11/30 15:36:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>
<div>[2012/11/30 14:44:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>
<div>[2012/11/30 14:25:14 | 044,431,717 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div>
<div>[2012/11/29 23:11:06 | 000,101,455 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div>
<div>[2012/11/29 14:53:17 | 005,009,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div>
<div>[2012/11/29 02:11:50 | 030,479,732 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001.flv</div>
<div>[2012/11/28 21:52:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div>
<div>[2012/11/28 21:52:12 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div>
<div>[2012/11/28 21:51:19 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div>
<div>[2012/11/28 21:42:52 | 000,002,162 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div>
<div>[2012/11/28 17:55:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div>
<div>[2012/11/27 19:31:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div>
<div>[2012/11/27 16:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>
<div>[2012/11/27 12:30:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div>
<div>[2012/11/27 12:30:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div>
<div>[2012/11/27 12:30:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div>
<div>[2012/11/27 12:30:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div>
<div>[2012/11/27 12:30:32 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div>
<div>[2012/11/27 12:30:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</div>
<div>[2012/11/27 12:30:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</div>
<div>[2012/11/25 14:10:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div>
<div>[2012/11/25 14:08:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div>
<div>[2012/11/24 23:00:13 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div>
<div>[2012/11/22 21:30:06 | 000,083,710 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div>
<div>[2012/11/22 09:46:02 | 002,296,926 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div>
<div>[2012/11/22 09:43:21 | 000,668,484 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div>
<div>[2012/11/22 09:34:17 | 004,560,896 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div>
<div>[2012/11/22 08:05:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div>
<div>[2012/11/22 08:03:27 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div>
<div>[2012/11/22 08:02:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div>
<div>[2012/11/22 08:02:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div>
<div>[2012/11/22 08:02:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div>
<div>[2012/11/20 14:51:26 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div>
<div>[2012/11/17 04:38:07 | 000,095,719 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div>
<div>[2012/11/14 15:52:11 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div>
<div>[2012/11/13 19:22:31 | 002,423,582 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\AutoRuns.arn</div>
<div>[2012/11/11 18:44:27 | 000,000,354 | RHS- | M] () -- C:\boot.ini</div>
<div>[2012/11/11 02:41:31 | 000,529,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div>
<div>[2012/11/11 02:41:30 | 000,103,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div>
<div>[2012/11/06 00:16:31 | 249,116,964 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div>
<div>[2012/11/04 16:05:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div>
<div>[2012/11/03 14:47:12 | 000,132,737 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div>
<div>[2012/11/03 14:40:39 | 000,350,297 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div>
<div>[2012/11/01 15:40:08 | 000,030,954 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div>
<div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div>
<div> </div>
<div>========== Files Created - No Company Name ==========</div>
<div> </div>
<div>[2012/11/30 21:54:00 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div>
<div>[2012/11/30 19:05:42 | 000,005,525 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div>
<div>[2012/11/30 18:19:12 | 000,033,244 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div>
<div>[2012/11/30 14:39:08 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>
<div>[2012/11/30 14:09:30 | 044,431,717 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div>
<div>[2012/11/29 23:11:15 | 000,101,455 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div>
<div>[2012/11/29 01:57:06 | 030,479,732 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001.flv</div>
<div>[2012/11/28 21:52:21 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div>
<div>[2012/11/28 21:52:02 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div>
<div>[2012/11/28 21:51:00 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div>
<div>[2012/11/28 21:42:55 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div>
<div>[2012/11/28 20:17:16 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys</div>
<div>[2012/11/28 17:54:04 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div>
<div>[2012/11/27 19:31:38 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div>
<div>[2012/11/25 16:00:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div>
<div>[2012/11/22 21:29:56 | 000,083,710 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div>
<div>[2012/11/22 09:45:04 | 002,296,926 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div>
<div>[2012/11/22 09:42:46 | 000,668,484 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div>
<div>[2012/11/22 09:33:09 | 004,560,896 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div>
<div>[2012/11/22 08:05:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div>
<div>[2012/11/17 04:38:20 | 000,095,719 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div>
<div>[2012/11/14 15:52:11 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div>
<div>[2012/11/13 04:20:48 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div>
<div>[2012/11/05 22:09:22 | 249,116,964 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div>
<div>[2012/11/04 16:05:04 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div>
<div>[2012/11/04 16:04:49 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk</div>
<div>[2012/11/04 16:04:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk</div>
<div>[2012/11/04 16:04:46 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk</div>
<div>[2012/11/03 15:33:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk</div>
<div>[2012/11/03 14:47:03 | 000,132,737 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div>
<div>[2012/11/03 14:40:39 | 000,350,297 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div>
<div>[2012/11/01 15:40:06 | 000,030,954 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div>
<div>[2012/10/29 14:03:54 | 053,863,379 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload</div>
<div>[2012/10/29 14:03:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload.aamd</div>
<div>[2012/03/29 15:01:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\WebpageIcons.db</div>
<div>[2012/02/14 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div>
<div>[2011/12/07 00:04:27 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll</div>
<div>[2011/12/06 23:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat</div>
<div>[2011/11/02 07:58:48 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys</div>
<div>[2011/10/30 06:13:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe</div>
<div>[2011/07/21 16:23:16 | 000,081,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat</div>
<div>[2011/06/18 17:14:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll</div>
<div>[2011/06/18 17:14:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys</div>
<div>[2011/06/18 17:13:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\$_hpcst$.hpc</div>
<div>[2011/06/08 22:01:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\fusioncache.dat</div>
<div>[2011/05/25 02:45:29 | 000,000,393 | ---- | C] () -- C:\WINDOWS\AITOOLS.INI</div>
<div>[2011/04/29 22:46:25 | 000,000,456 | ---- | C] () -- C:\Program Files\0429201123462546.bat</div>
<div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68</div>
<div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68</div>
<div>[2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat</div>
<div>[2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin</div>
<div>[2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll</div>
<div>[2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll</div>
<div>[2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll</div>
<div>[2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll</div>
<div>[2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll</div>
<div>[2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll</div>
<div>[2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll</div>
<div>[2010/12/11 19:36:34 | 000,762,368 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll</div>
<div>[2010/12/09 15:23:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div>
<div>[2010/12/09 15:23:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div>
<div>[2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div>
<div>[2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div>
<div>[2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div>
<div>[2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start</div>
<div>[2010/09/18 12:00:24 | 002,638,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat</div>
<div>[2010/09/18 12:00:22 | 000,385,146 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat</div>
<div>[2010/01/31 06:11:24 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>
<div>[2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat</div>
<div> </div>
<div>========== ZeroAccess Check ==========</div>
<div> </div>
<div>[2003/12/02 15:15:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div>
<div> </div>
<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>
<div> </div>
<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div>
<div> </div>
<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>
<div>"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)</div>
<div>"ThreadingModel" = Apartment</div>
<div> </div>
<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div>
<div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</div>
<div>"ThreadingModel" = Free</div>
<div> </div>
<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div>
<div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</div>
<div>"ThreadingModel" = Both</div>
<div> </div>
<div>< End of report ></div>
-
<p>OTL Report:</p>
<p> </p>
<p> </p>
<div>OTL logfile created on: 11/30/2012 11:44:17 PM - Run 2</div>
<div>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Just\Desktop</div>
<div>Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div>
<div>Internet Explorer (Version = 8.0.6001.18702)</div>
<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>
<div> </div>
<div>1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.22% Memory free</div>
<div>1.89 Gb Paging File | 1.46 Gb Available in Paging File | 77.48% Paging File free</div>
<div>Paging file location(s): C:\pagefile.sys 672 1344 [binary data]</div>
<div> </div>
<div>%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files</div>
<div>Drive C: | 55.89 Gb Total Space | 8.48 Gb Free Space | 15.17% Space Free | Partition Type: NTFS</div>
<div> </div>
<div>Computer Name: TOSHIBA-USER | User Name: Just | Logged in as Administrator.</div>
<div>Boot Mode: Normal | Scan Mode: All users</div>
<div>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</div>
<div> </div>
<div>========== Processes (SafeList) ==========</div>
<div> </div>
<div>PRC - C:\Documents and Settings\Just\Desktop\OTL.exe (OldTimer Tools)</div>
<div>PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div>
<div>PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)</div>
<div>PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div>
<div>PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>
<div>PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div>
<div>PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div>
<div>PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>
<div>PRC - C:\Program Files\Toshiba\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div>
<div>PRC - C:\Program Files\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div>
<div>PRC - C:\WINDOWS\system32\acs.exe ()</div>
<div>PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div>
<div>PRC - C:\Program Files\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)</div>
<div>PRC - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div>
<div>PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div>
<div>PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div>
<div> </div>
<div> </div>
<div>========== Modules (No Company Name) ==========</div>
<div> </div>
<div>MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>
<div>MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()</div>
<div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()</div>
<div>MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</div>
<div>MOD - C:\WINDOWS\system32\acs.exe ()</div>
<div> </div>
<div> </div>
<div>========== Services (SafeList) ==========</div>
<div> </div>
<div>SRV - (relational) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div>
<div>SRV - (NMSAccess) -- C:\Program Files\Blaze Media Pro\NMSAccess32.exe File not found</div>
<div>SRV - (mnsframework) -- \.\globalroot\C:\WINDOWS\system32\svchost.exe File not found</div>
<div>SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found</div>
<div>SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)</div>
<div>SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)</div>
<div>SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)</div>
<div>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</div>
<div>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</div>
<div>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)</div>
<div>SRV - (UDisk Monitor) -- C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe ()</div>
<div>SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)</div>
<div>SRV - (VRAID Log Service) -- C:\Program Files\VIA\RAID\vialogsv.exe ()</div>
<div>SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)</div>
<div>SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)</div>
<div>SRV - (Swupdtmr) -- c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe ()</div>
<div>SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()</div>
<div>SRV - (CFSvcs) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)</div>
<div>SRV - (CeEPwrSvc) -- C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe (COMPAL ELECTRONIC INC.)</div>
<div>SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.)</div>
<div> </div>
<div> </div>
<div>========== Driver Services (SafeList) ==========</div>
<div> </div>
<div>DRV - (wanatw) -- System32\DRIVERS\wanatw4.sys File not found</div>
<div>DRV - (PCIDump) -- File not found</div>
<div>DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found</div>
<div>DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found</div>
<div>DRV - (MR97310_USB_DUAL_CAMERA) -- system32\DRIVERS\mr97310c.sys File not found</div>
<div>DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found</div>
<div>DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found</div>
<div>DRV - (catchme) -- C:\DOCUME~1\Just\LOCALS~1\Temp\catchme.sys File not found</div>
<div>DRV - (18059) -- globalroot\C:\WINDOWS\system32\drivers\18059.sys File not found</div>
<div>DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )</div>
<div>DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )</div>
<div>DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)</div>
<div>DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )</div>
<div>DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)</div>
<div>DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)</div>
<div>DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)</div>
<div>DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)</div>
<div>DRV - (SRS_AE_Service) -- C:\WINDOWS\system32\drivers\SRS_AE_i386.sys ()</div>
<div>DRV - (Generalusbserialser20675) -- C:\WINDOWS\system32\drivers\CT_U_USBSER.sys (Incorporated)</div>
<div>DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)</div>
<div>DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)</div>
<div>DRV - (qrkis) -- C:\WINDOWS\system32\drivers\qrkis.sys (Tether)</div>
<div>DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()</div>
<div>DRV - (NCHSSVAD) -- C:\WINDOWS\system32\drivers\nchssvad.sys (NCH Swift Sound)</div>
<div>DRV - (SRS_SSCFilter) -- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys ()</div>
<div>DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)</div>
<div>DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )</div>
<div>DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div>
<div>DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))</div>
<div>DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)</div>
<div>DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)</div>
<div>DRV - (RsFx0102) -- C:\WINDOWS\system32\drivers\RsFx0102.sys (Microsoft Corporation)</div>
<div>DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))</div>
<div>DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)</div>
<div>DRV - (sfsync02) -- C:\WINDOWS\system32\drivers\sfsync02.sys (Protection Technology)</div>
<div>DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)</div>
<div>DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation)</div>
<div>DRV - (EPOWER) -- C:\WINDOWS\system32\drivers\hkdrv.sys (Compal Electronic Inc.)</div>
<div>DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)</div>
<div>DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)</div>
<div>DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)</div>
<div>DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)</div>
<div>DRV - (ECioctl) -- C:\WINDOWS\system32\drivers\ECioctl.sys (TOSHIBA )</div>
<div>DRV - (SrvcSSIOMngr) -- C:\WINDOWS\system32\drivers\SSIOMngr.sys (COMPAL ELECTRONIC INC.)</div>
<div>DRV - (SrvcTPIOMngr) -- C:\WINDOWS\system32\drivers\TPIOMngr.sys (COMPAL ELECTRONIC INC.)</div>
<div>DRV - (SrvcEKIOMngr) -- C:\WINDOWS\system32\drivers\EKIOMngr.sys (COMPAL ELECTRONIC INC.)</div>
<div>DRV - (SrvcEPIOMngr) -- C:\WINDOWS\system32\drivers\EPIOMngr.sys (COMPAL ELECTRONIC INC.)</div>
<div>DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)</div>
<div>DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)</div>
<div>DRV - (MDC8021X) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)</div>
<div>DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)</div>
<div>DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)</div>
<div>DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)</div>
<div>DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsushita Electric Industrial Co.,Ltd.)</div>
<div>DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )</div>
<div>DRV - (TBiosDrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()</div>
<div>DRV - (caboagp) -- C:\WINDOWS\system32\drivers\atisgkaf.SYS (ATI Technologies Inc.)</div>
<div>DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)</div>
<div>DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)</div>
<div>DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)</div>
<div>DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\SMCIRDA.SYS (SMC)</div>
<div> </div>
<div> </div>
<div>========== Standard Registry (SafeList) ==========</div>
<div> </div>
<div> </div>
<div>========== Internet Explorer ==========</div>
<div> </div>
<div>IE - HKLM\..\SearchScopes,DefaultScope = </div>
<div>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}</div>
<div> </div>
<div> </div>
<div>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div>
<div>IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div>
<div>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = </div>
<div>IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search</div>
<div>IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/</div>
<div>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = </div>
<div>IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div> </div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes,DefaultScope = </div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb&u=201202189F814AE5A53F23152857BD60&q={searchTerms}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4192031A-6069-4FCE-96EB-85CAB8FF0237}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{4B42AEAD-4FCA-4A4A-8971-5F67DF6CD34D}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={25330A0F-1AFF-40EB-9CDD-7C39B26B1797}&mid=b11d2286b1c447d0a80dd1d9d053aeab-eb14df7d87ec26bb2309bd26fddc922cfb7869fd&lang=en&ds=dw011&pr=sa&d=2012-04-06 02:54:53&v=10.2.0.3&sap=dsp&q={searchTerms}</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</div>
<div>IE - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</div>
<div> </div>
<div>========== FireFox ==========</div>
<div> </div>
<div>FF - prefs.js..browser.search.defaultenginename: "bing"</div>
<div>FF - prefs.js..browser.search.defaultthis.engineName: "free-downloads.net Customized Web Search"</div>
<div>FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q={searchTerms}"</div>
<div>FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"</div>
<div>FF - prefs.js..browser.search.selectedEngine: "free-downloads.net Customized Web Search"</div>
<div>FF - prefs.js..browser.search.useDBForOrder: true</div>
<div>FF - prefs.js..browser.startup.homepage: "www.yahoo.com"</div>
<div>FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1</div>
<div>FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704</div>
<div>FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0</div>
<div>FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5</div>
<div>FF - prefs.js..extensions.enabledAddons: webrank-toolbar@probcomp.com:4.0</div>
<div>FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.6.0.10</div>
<div>FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div>
<div>FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6</div>
<div>FF - prefs.js..extensions.enabledItems: killjasmin@pierros14.com:2.3</div>
<div>FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323</div>
<div>FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0</div>
<div>FF - prefs.js..extensions.enabledItems: amin.eft_PhProxy@gmail.com:4.0.1C</div>
<div>FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1</div>
<div>FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24</div>
<div>FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3</div>
<div>FF - prefs.js..network.proxy.ftp: "84.25.123.69"</div>
<div>FF - prefs.js..network.proxy.ftp_port: 8080</div>
<div>FF - prefs.js..network.proxy.gopher: "84.25.123.69"</div>
<div>FF - prefs.js..network.proxy.gopher_port: 8080</div>
<div>FF - prefs.js..network.proxy.socks: "84.25.123.69"</div>
<div>FF - prefs.js..network.proxy.socks_port: 8080</div>
<div>FF - prefs.js..network.proxy.ssl: "84.25.123.69"</div>
<div>FF - prefs.js..network.proxy.ssl_port: 8080</div>
<div>FF - prefs.js..network.proxy.http: "127.0.0.1"</div>
<div>FF - prefs.js..network.proxy.http_port: 61333</div>
<div>FF - prefs.js..network.proxy.type: 1</div>
<div> </div>
<div> </div>
<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()</div>
<div>FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found</div>
<div>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</div>
<div>FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)</div>
<div>FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: File not found</div>
<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</div>
<div>FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found</div>
<div>FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found</div>
<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div>
<div>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Just\Local Settings\Application Data\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)</div>
<div> </div>
<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div>
<div>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/22 08:04:22 | 000,000,000 | ---D | M]</div>
<div> </div>
<div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions</div>
<div>[2010/05/31 15:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\home2@tomtom.com</div>
<div>[2010/02/22 23:09:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Extensions\mozswing@mozswing.org</div>
<div>[2012/04/20 02:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions</div>
<div>[2010/05/13 04:55:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}</div>
<div>[2012/04/20 02:35:42 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}</div>
<div>[2011/07/09 04:15:10 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}</div>
<div>[2011/08/19 06:59:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}</div>
<div>[2011/09/18 03:33:10 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}</div>
<div>[2012/11/13 00:54:46 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com</div>
<div>[2011/10/22 11:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\ffxtlbr@Facemoods.com</div>
<div>[2011/02/27 16:12:01 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\tineye@ideeinc.com</div>
<div>[2012/11/13 00:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\crossriderapp4493@crossrider.com\chrome\content\extensionCode</div>
<div>[2011/08/27 21:57:12 | 000,045,689 | ---- | M] () (No name found) -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\extensions\webrank-toolbar@probcomp.com.xpi</div>
<div>[2010/06/20 22:25:45 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\bing.xml</div>
<div>[2010/01/20 11:16:28 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\Just\Application Data\Mozilla\Firefox\Profiles\7b2u35gy.default\searchplugins\conduit.xml</div>
<div>[2012/11/22 08:04:22 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT</div>
<div>[2011/04/18 21:04:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF</div>
<div> </div>
<div>========== Chrome ==========</div>
<div> </div>
<div>CHR - default_search_provider: Google (Enabled)</div>
<div>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</div>
<div>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</div>
<div>CHR - plugin: Remoting Viewer (Disabled) = internal-remoting-viewer</div>
<div>CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll</div>
<div>CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.95\pdf.dll</div>
<div>CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll</div>
<div>CHR - plugin: Shockwave Flash (Disabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll</div>
<div>CHR - plugin: Screen Capture Plugin (Enabled) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\plugin/screen_capture.dll</div>
<div>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll</div>
<div>CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll</div>
<div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll</div>
<div>CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll</div>
<div>CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll</div>
<div>CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll</div>
<div>CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll</div>
<div>CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll</div>
<div>CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll</div>
<div>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll</div>
<div>CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll</div>
<div>CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll</div>
<div>CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll</div>
<div>CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</div>
<div>CHR - plugin: Shockwave for Director (Disabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll</div>
<div>CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll</div>
<div>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll</div>
<div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll</div>
<div>CHR - Extension: Screen Capture (by Google) = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.5_0\</div>
<div>CHR - Extension: AdBlock = C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.48_0\</div>
<div> </div>
<div>O1 HOSTS File: ([2012/11/30 19:52:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts</div>
<div>O1 - Hosts: 127.0.0.1 localhost</div>
<div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)</div>
<div>O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</div>
<div>O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</div>
<div>O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</div>
<div>O3 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.</div>
<div>O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)</div>
<div>O4 - HKLM..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)</div>
<div>O4 - HKLM..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (COMPAL ELECTRONIC INC.)</div>
<div>O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)</div>
<div>O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)</div>
<div>O4 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)</div>
<div>O4 - Startup: C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()</div>
<div>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>
<div>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0</div>
<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div>
<div>O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0</div>
<div>O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>
<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Control Panel present</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\Software\Policies\Microsoft\Internet Explorer\Recovery present</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863</div>
<div>O7 - HKU\S-1-5-21-342708476-2127193123-2648729015-1316\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</div>
<div>O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://activation.rr.com/install/downloads/tgctlcm.cab (Support.com Configuration Class)</div>
<div>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)</div>
<div>O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)</div>
<div>O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)</div>
<div>O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)</div>
<div>O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)</div>
<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.)</div>
<div>O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)</div>
<div>O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div>
<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)</div>
<div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)</div>
<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)</div>
<div>O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)</div>
<div>O24 - Desktop Components:0 () - </div>
<div>O24 - Desktop WallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>
<div>O24 - Desktop BackupWallPaper: C:\Documents and Settings\Just\Local Settings\Application Data\Microsoft\Wallpaper1.bmp</div>
<div>O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)</div>
<div>O32 - HKLM CDRom: AutoRun - 1</div>
<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>
<div>O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)</div>
<div>O35 - HKLM\..comfile [open] -- "%1" %*</div>
<div>O35 - HKLM\..exefile [open] -- "%1" %*</div>
<div>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</div>
<div>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</div>
<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</div>
<div>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</div>
<div> </div>
<div>========== Files/Folders - Created Within 30 Days ==========</div>
<div> </div>
<div>[2012/11/30 23:40:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div>
<div>[2012/11/30 16:26:17 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div>
<div>[2012/11/30 16:25:01 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div>
<div>[2012/11/29 14:05:03 | 005,009,014 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div>
<div>[2012/11/28 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\RK_Quarantine</div>
<div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro</div>
<div>[2012/11/28 17:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Start Menu\Programs\HiJackThis</div>
<div>[2012/11/27 19:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PdaNet for Android</div>
<div>[2012/11/27 12:32:35 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div>
<div>[2012/11/27 12:32:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div>
<div>[2012/11/27 12:31:55 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div>
<div>[2012/11/27 12:31:55 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div>
<div>[2012/11/27 12:31:54 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div>
<div>[2012/11/25 14:08:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div>
<div>[2012/11/25 14:07:02 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div>
<div>[2012/11/24 23:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek AC97</div>
<div>[2012/11/24 22:52:58 | 018,734,784 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div>
<div>[2012/11/22 08:04:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared</div>
<div>[2012/11/22 08:03:27 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div>
<div>[2012/11/22 08:02:39 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div>
<div>[2012/11/22 08:02:39 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div>
<div>[2012/11/22 08:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RealNetworks</div>
<div>[2012/11/22 08:02:34 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div>
<div>[2012/11/17 06:09:07 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe</div>
<div>[2012/11/17 06:09:07 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe</div>
<div>[2012/11/15 12:09:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\Safer Networking</div>
<div>[2012/11/15 12:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Safer Networking</div>
<div>[2012/11/15 12:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking</div>
<div>[2012/11/14 18:43:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Application Data\AVG2013</div>
<div>[2012/11/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG</div>
<div>[2012/11/14 15:44:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVG</div>
<div>[2012/11/13 06:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Local Settings\Application Data\Avg2013</div>
<div>[2012/11/13 04:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SlimCleaner</div>
<div>[2012/11/13 03:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\New Folder</div>
<div>[2012/11/11 05:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy</div>
<div>[2012/11/01 11:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Just\Desktop\Justin</div>
<div>[2008/03/18 05:07:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll</div>
<div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div>
<div> </div>
<div>========== Files - Modified Within 30 Days ==========</div>
<div> </div>
<div>[2012/11/30 23:40:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Just\Desktop\OTL.exe</div>
<div>[2012/11/30 23:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div>
<div>[2012/11/30 21:59:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl</div>
<div>[2012/11/30 21:57:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div>
<div>[2012/11/30 21:57:26 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>
<div>[2012/11/30 21:57:25 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>
<div>[2012/11/30 21:56:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat</div>
<div>[2012/11/30 21:56:53 | 1475,399,680 | -HS- | M] () -- C:\hiberfil.sys</div>
<div>[2012/11/30 21:53:57 | 000,003,083 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div>
<div>[2012/11/30 19:52:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts</div>
<div>[2012/11/30 19:05:22 | 000,005,525 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div>
<div>[2012/11/30 18:18:57 | 000,033,244 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div>
<div>[2012/11/30 18:04:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div>
<div>[2012/11/30 16:32:06 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Google Chrome.lnk</div>
<div>[2012/11/30 16:27:09 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR (1).exe</div>
<div>[2012/11/30 16:25:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Just\Desktop\tdsskiller.exe</div>
<div>[2012/11/30 15:36:23 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>
<div>[2012/11/30 14:44:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>
<div>[2012/11/30 14:25:14 | 044,431,717 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div>
<div>[2012/11/29 23:11:06 | 000,101,455 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div>
<div>[2012/11/29 14:53:17 | 005,009,014 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\ComboFix.exe</div>
<div>[2012/11/29 02:11:50 | 030,479,732 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\001.flv</div>
<div>[2012/11/28 21:52:32 | 000,752,128 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div>
<div>[2012/11/28 21:52:12 | 000,480,125 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div>
<div>[2012/11/28 21:51:19 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div>
<div>[2012/11/28 21:42:52 | 000,002,162 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div>
<div>[2012/11/28 17:55:46 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div>
<div>[2012/11/27 19:31:38 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div>
<div>[2012/11/27 16:30:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>
<div>[2012/11/27 12:30:48 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll</div>
<div>[2012/11/27 12:30:34 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe</div>
<div>[2012/11/27 12:30:34 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe</div>
<div>[2012/11/27 12:30:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe</div>
<div>[2012/11/27 12:30:32 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl</div>
<div>[2012/11/27 12:30:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll</div>
<div>[2012/11/27 12:30:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll</div>
<div>[2012/11/25 14:10:00 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Just\Desktop\aswMBR.exe</div>
<div>[2012/11/25 14:08:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Just\Desktop\dds.com</div>
<div>[2012/11/24 23:00:13 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Just\Desktop\WDM_A406.exe</div>
<div>[2012/11/22 21:30:06 | 000,083,710 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div>
<div>[2012/11/22 09:46:02 | 002,296,926 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div>
<div>[2012/11/22 09:43:21 | 000,668,484 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div>
<div>[2012/11/22 09:34:17 | 004,560,896 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div>
<div>[2012/11/22 08:05:10 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div>
<div>[2012/11/22 08:03:27 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll</div>
<div>[2012/11/22 08:02:39 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll</div>
<div>[2012/11/22 08:02:39 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll</div>
<div>[2012/11/22 08:02:34 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll</div>
<div>[2012/11/20 14:51:26 | 000,002,231 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div>
<div>[2012/11/17 04:38:07 | 000,095,719 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div>
<div>[2012/11/14 15:52:11 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div>
<div>[2012/11/13 19:22:31 | 002,423,582 | ---- | M] () -- C:\Documents and Settings\Just\My Documents\AutoRuns.arn</div>
<div>[2012/11/11 18:44:27 | 000,000,354 | RHS- | M] () -- C:\boot.ini</div>
<div>[2012/11/11 02:41:31 | 000,529,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat</div>
<div>[2012/11/11 02:41:30 | 000,103,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat</div>
<div>[2012/11/06 00:16:31 | 249,116,964 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div>
<div>[2012/11/04 16:05:03 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div>
<div>[2012/11/03 14:47:12 | 000,132,737 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div>
<div>[2012/11/03 14:40:39 | 000,350,297 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div>
<div>[2012/11/01 15:40:08 | 000,030,954 | ---- | M] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div>
<div>[1 C:\*.tmp files -> C:\*.tmp -> ]</div>
<div> </div>
<div>========== Files Created - No Company Name ==========</div>
<div> </div>
<div>[2012/11/30 21:54:00 | 000,003,083 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\resetdma.vbs</div>
<div>[2012/11/30 19:05:42 | 000,005,525 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SQMBWvJODM.jpg</div>
<div>[2012/11/30 18:19:12 | 000,033,244 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\costco.jpg</div>
<div>[2012/11/30 14:39:08 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>
<div>[2012/11/30 14:09:30 | 044,431,717 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001 (1).flv</div>
<div>[2012/11/29 23:11:15 | 000,101,455 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\0722120740.jpeg</div>
<div>[2012/11/29 01:57:06 | 030,479,732 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\001.flv</div>
<div>[2012/11/28 21:52:21 | 000,752,128 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\RogueKiller.exe</div>
<div>[2012/11/28 21:52:02 | 000,480,125 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\adwcleaner.exe</div>
<div>[2012/11/28 21:51:00 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\SecurityCheck.exe</div>
<div>[2012/11/28 21:42:55 | 000,002,162 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\1.jpg</div>
<div>[2012/11/28 20:17:16 | 1475,399,680 | -HS- | C] () -- C:\hiberfil.sys</div>
<div>[2012/11/28 17:54:04 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\HiJackThis.lnk</div>
<div>[2012/11/27 19:31:38 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\Just\Start Menu\Programs\Startup\PdaNet Desktop.lnk</div>
<div>[2012/11/25 16:00:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\MBR.dat</div>
<div>[2012/11/22 21:29:56 | 000,083,710 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\Jus.jpg</div>
<div>[2012/11/22 09:45:04 | 002,296,926 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer (1).wmv</div>
<div>[2012/11/22 09:42:46 | 000,668,484 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\trailer.wmv</div>
<div>[2012/11/22 09:33:09 | 004,560,896 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\savannah3.mpg</div>
<div>[2012/11/22 08:05:10 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk</div>
<div>[2012/11/17 04:38:20 | 000,095,719 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\A71kk8sCUAAlrZU.jpg</div>
<div>[2012/11/14 15:52:11 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk</div>
<div>[2012/11/13 04:20:48 | 000,002,231 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SlimCleaner.lnk</div>
<div>[2012/11/05 22:09:22 | 249,116,964 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\13029Hm.avi</div>
<div>[2012/11/04 16:05:04 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\JDownloader.lnk</div>
<div>[2012/11/04 16:04:49 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk</div>
<div>[2012/11/04 16:04:47 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk</div>
<div>[2012/11/04 16:04:46 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk</div>
<div>[2012/11/03 15:33:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk</div>
<div>[2012/11/03 14:47:03 | 000,132,737 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\html5-cheat-sheet.pdf</div>
<div>[2012/11/03 14:40:39 | 000,350,297 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\wa-html5-pdf.pdf</div>
<div>[2012/11/01 15:40:06 | 000,030,954 | ---- | C] () -- C:\Documents and Settings\Just\Desktop\PR Logo.png</div>
<div>[2012/10/29 14:03:54 | 053,863,379 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload</div>
<div>[2012/10/29 14:03:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\AdobeSetupUtility.zip.aamdownload.aamd</div>
<div>[2012/03/29 15:01:02 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\WebpageIcons.db</div>
<div>[2012/02/14 17:12:21 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll</div>
<div>[2011/12/07 00:04:27 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll</div>
<div>[2011/12/06 23:51:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat</div>
<div>[2011/11/02 07:58:48 | 000,404,256 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_AE_i386.sys</div>
<div>[2011/10/30 06:13:37 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe</div>
<div>[2011/07/21 16:23:16 | 000,081,872 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat</div>
<div>[2011/06/18 17:14:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll</div>
<div>[2011/06/18 17:14:34 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys</div>
<div>[2011/06/18 17:13:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\$_hpcst$.hpc</div>
<div>[2011/06/08 22:01:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\fusioncache.dat</div>
<div>[2011/05/25 02:45:29 | 000,000,393 | ---- | C] () -- C:\WINDOWS\AITOOLS.INI</div>
<div>[2011/04/29 22:46:25 | 000,000,456 | ---- | C] () -- C:\Program Files\0429201123462546.bat</div>
<div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\ci256wkm68</div>
<div>[2011/04/18 11:53:49 | 000,014,934 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ci256wkm68</div>
<div>[2011/04/02 12:24:30 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Lzugogevu.dat</div>
<div>[2011/04/02 12:24:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bzacujekafiyaci.bin</div>
<div>[2010/12/11 19:51:44 | 002,392,064 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll</div>
<div>[2010/12/11 19:51:44 | 000,215,040 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll</div>
<div>[2010/12/11 19:51:44 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll</div>
<div>[2010/12/11 19:51:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll</div>
<div>[2010/12/11 19:51:43 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll</div>
<div>[2010/12/11 19:51:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll</div>
<div>[2010/12/11 19:51:39 | 000,128,512 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll</div>
<div>[2010/12/11 19:36:34 | 000,762,368 | ---- | C] () -- C:\WINDOWS\System32\kcpp.dll</div>
<div>[2010/12/09 15:23:01 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe</div>
<div>[2010/12/09 15:23:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe</div>
<div>[2010/12/09 15:23:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe</div>
<div>[2010/12/09 15:23:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe</div>
<div>[2010/12/09 15:23:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe</div>
<div>[2010/11/18 19:37:53 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Just\Application Data\start</div>
<div>[2010/09/18 12:00:24 | 002,638,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-342708476-2127193123-2648729015-1316-0.dat</div>
<div>[2010/09/18 12:00:22 | 000,385,146 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat</div>
<div>[2010/01/31 06:11:24 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Just\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>
<div>[2009/05/19 17:26:10 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat</div>
<div> </div>
<div>========== ZeroAccess Check ==========</div>
<div> </div>
<div>[2003/12/02 15:15:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini</div>
<div> </div>
<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>
<div> </div>
<div>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</div>
<div> </div>
<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</div>
<div>"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)</div>
<div>"ThreadingModel" = Apartment</div>
<div> </div>
<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</div>
<div>"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)</div>
<div>"ThreadingModel" = Free</div>
<div> </div>
<div>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</div>
<div>"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)</div>
<div>"ThreadingModel" = Both</div>
<div> </div>
<div>< End of report ></div>
<div> </div>
-
Ok,
Followed your instructions. After reboot, the loading process is still painfully slow.
Once the everything got loaded, programs open faster. There has not been any video or audio problems!
-
Computer is still running slow. Audio and video is also still choppy.
-
<p> </p>
<div>ComboFix 12-11-29.02 - Just 11/30/2012 19:28:59.1.2 - x86</div>
<div>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.877 [GMT -6:00]</div>
<div>Running from: c:\documents and settings\Just\Desktop\ComboFix.exe</div>
<div>Command switches used :: /nombr</div>
<div>AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}</div>
<div>AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>c:\documents and settings\Administrator\WINDOWS</div>
<div>c:\documents and settings\All Users\Application Data\18472756</div>
<div>c:\documents and settings\All Users\Application Data\19521332</div>
<div>c:\documents and settings\All Users\Application Data\TEMP</div>
<div>c:\documents and settings\Default User\WINDOWS</div>
<div>c:\documents and settings\Just\Application Data\Adobe\plugs</div>
<div>c:\documents and settings\Just\Application Data\Adobe\shed</div>
<div>c:\documents and settings\Just\Application Data\Love</div>
<div>c:\documents and settings\Just\Application Data\Love\mari0\options.txt</div>
<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}</div>
<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome.manifest</div>
<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome\content\overlay.xul</div>
<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\install.rdf</div>
<div>c:\documents and settings\Just\WINDOWS</div>
<div>c:\program files\LP</div>
<div>c:\windows\AutoRun.ini</div>
<div>c:\windows\EventSystem.log</div>
<div>c:\windows\iun6002.exe</div>
<div>c:\windows\system32\AutoRun.inf</div>
<div>c:\windows\system32\Cache</div>
<div>c:\windows\system32\Cache\272512937d9e61a4.fb</div>
<div>c:\windows\system32\Cache\287204568329e189.fb</div>
<div>c:\windows\system32\Cache\28bc8f716fd76a47.fb</div>
<div>c:\windows\system32\Cache\2c53092c95605355.fb</div>
<div>c:\windows\system32\Cache\32c84fe32bb74d60.fb</div>
<div>c:\windows\system32\Cache\3917078cb68ec657.fb</div>
<div>c:\windows\system32\Cache\590ba23ce359fd0c.fb</div>
<div>c:\windows\system32\Cache\610289e025a3ee9a.fb</div>
<div>c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb</div>
<div>c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb</div>
<div>c:\windows\system32\Cache\6d03dad1035885d3.fb</div>
<div>c:\windows\system32\Cache\9da7a57257febd31.fb</div>
<div>c:\windows\system32\Cache\a8556537add6dfc5.fb</div>
<div>c:\windows\system32\Cache\ad10a52aff5e038d.fb</div>
<div>c:\windows\system32\Cache\c1fa887b03019701.fb</div>
<div>c:\windows\system32\Cache\c4d28dca2e7648be.fb</div>
<div>c:\windows\system32\Cache\d201ef9910cd39de.fb</div>
<div>c:\windows\system32\Cache\d2e94710a5708128.fb</div>
<div>c:\windows\system32\Cache\d79b9dfe81484ec4.fb</div>
<div>c:\windows\system32\Cache\f998975c9cc711ee.fb</div>
<div>c:\windows\system32\config\systemprofile\WINDOWS</div>
<div>c:\windows\system32\dds_trash_log.cmd</div>
<div>c:\windows\system32\URTTemp</div>
<div>c:\windows\system32\URTTemp\fusion.dll</div>
<div>c:\windows\system32\URTTemp\mscoree.dll</div>
<div>c:\windows\system32\URTTemp\mscoree.dll.local</div>
<div>c:\windows\system32\URTTemp\mscorsn.dll</div>
<div>c:\windows\system32\URTTemp\mscorwks.dll</div>
<div>c:\windows\system32\URTTemp\msvcr71.dll</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe</div>
<div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div>
<div>2012-11-27 18:32 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>143872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\javacpl.cpl</div>
<div>2012-11-27 18:31 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>93672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAccessBridge.dll</div>
<div>2012-11-25 05:04 . 2012-11-25 05:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Realtek AC97</div>
<div>2012-11-22 14:04 . 2012-11-22 14:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\xing shared</div>
<div>2012-11-17 12:09 . 2006-07-31 17:27<span class="Apple-tab-span" style="white-space:pre"> </span>217088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcrmv.exe</div>
<div>2012-11-17 12:09 . 2006-07-31 17:19<span class="Apple-tab-span" style="white-space:pre"> </span>315392<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcupd.exe</div>
<div>2012-11-15 18:09 . 2012-11-15 18:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Safer Networking</div>
<div>2012-11-15 18:08 . 2012-11-15 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Safer Networking</div>
<div>2012-11-15 00:43 . 2012-11-15 00:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\AVG2013</div>
<div>2012-11-14 21:44 . 2012-11-14 21:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div>
<div>2012-11-13 12:43 . 2012-11-15 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Local Settings\Application Data\Avg2013</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>2012-11-27 18:30 . 2012-07-15 02:16<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div>
<div>2012-11-27 18:30 . 2010-12-16 01:08<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>
<div>2012-11-22 14:02 . 2006-07-11 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcr71.dll</div>
<div>2012-10-22 19:02 . 2012-10-22 19:02<span class="Apple-tab-span" style="white-space:pre"> </span>179936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsdriverx.sys</div>
<div>2012-10-15 09:48 . 2012-10-15 09:48<span class="Apple-tab-span" style="white-space:pre"> </span>55776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidshx.sys</div>
<div>2012-10-05 09:32 . 2012-10-05 09:32<span class="Apple-tab-span" style="white-space:pre"> </span>93536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgmfx86.sys</div>
<div>2012-10-02 09:30 . 2012-10-02 09:30<span class="Apple-tab-span" style="white-space:pre"> </span>159712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgldx86.sys</div>
<div>2012-09-30 00:54 . 2012-03-31 20:49<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>164832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtdix.sys</div>
<div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>177376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avglogx.sys</div>
<div>2012-09-21 09:45 . 2012-09-21 09:45<span class="Apple-tab-span" style="white-space:pre"> </span>19936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsshimx.sys</div>
<div>2012-09-14 09:05 . 2012-09-14 09:05<span class="Apple-tab-span" style="white-space:pre"> </span>35552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgrkx86.sys</div>
<div>2011-04-30 04:46 . 2011-04-30 04:46<span class="Apple-tab-span" style="white-space:pre"> </span>456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\0429201123462546.bat</div>
<div>2008-03-18 11:06 . 2008-03-18 11:07<span class="Apple-tab-span" style="white-space:pre"> </span>774144<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\RngInterstitial.dll</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>*Note* empty entries & legit default entries are not shown </div>
<div>REGEDIT4</div>
<div>.</div>
<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]</div>
<div>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-31 192512]</div>
<div>"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 638976]</div>
<div>"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]</div>
<div>"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 135168]</div>
<div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]</div>
<div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]</div>
<div>"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]</div>
<div>"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-22 296096]</div>
<div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div>
<div>.</div>
<div>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]</div>
<div>.</div>
<div>c:\documents and settings\Just\Start Menu\Programs\Startup\</div>
<div>PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2012-11-22 484976]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>
<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div>
<div>@="Driver"</div>
<div>.</div>
<div>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]</div>
<div>"AdobeBridge"=</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]</div>
<div>"NPSStartup"=</div>
<div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</div>
<div>"DisableMonitoring"=dword:00000001</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</div>
<div>"DisableMonitoring"=dword:00000001</div>
<div>.</div>
<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</div>
<div>"DisableNotifications"= 1 (0x1)</div>
<div>.</div>
<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div>
<div>"%windir%\\system32\\sessmgr.exe"=</div>
<div>"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=</div>
<div>"c:\\Program Files\\uTorrent\\uTorrent.exe"=</div>
<div>"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=</div>
<div>"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=</div>
<div>"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=</div>
<div>"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=</div>
<div>"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=</div>
<div>.</div>
<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</div>
<div>"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4</div>
<div>"27910:TCP"= 27910:TCP:UFO AI</div>
<div>.</div>
<div>R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]</div>
<div>R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]</div>
<div>R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]</div>
<div>R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]</div>
<div>R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]</div>
<div>R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]</div>
<div>R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]</div>
<div>R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [5/6/2004 2:40 PM 4816]</div>
<div>R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]</div>
<div>R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/6/2012 9:00 PM 399432]</div>
<div>R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/19/2011 7:18 AM 148520]</div>
<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/31/2012 2:49 PM 22856]</div>
<div>R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [9/11/2012 6:28 PM 13440]</div>
<div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/6/2012 7:00 PM 5814392]</div>
<div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/31/2012 2:49 PM 676936]</div>
<div>S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\drivers\CT_U_USBSER.sys [8/18/2012 8:09 PM 106496]</div>
<div>S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/18/2012 4:04 AM 42592]</div>
<div>S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [8/24/2012 2:28 AM 45608]</div>
<div>S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [11/2/2011 7:58 AM 404256]</div>
<div>S4 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]</div>
<div>S4 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/18/2011 5:14 PM 36608]</div>
<div>S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]</div>
<div>S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]</div>
<div>S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]</div>
<div>S4 UDisk Monitor;UDisk Monitor;c:\program files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [8/18/2012 8:09 PM 512000]</div>
<div>S4 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [10/13/2009 5:01 PM 52888]</div>
<div>.</div>
<div>--- Other Services/Drivers In Memory ---</div>
<div>.</div>
<div>*NewlyCreated* - 19560129</div>
<div>*Deregistered* - 19560129</div>
<div>*Deregistered* - aswMBR</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>
<div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div>
<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>
<div>.</div>
<div>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs</div>
<div>KLOGNT</div>
<div>DM9102</div>
<div>w800mdfl</div>
<div>DevUpper</div>
<div>scramby</div>
<div>adobeactivefilemonitor4.0</div>
<div>nv4</div>
<div>acprfmgrsvc</div>
<div>IOSLINK</div>
<div>oracledbconsoleorcl</div>
<div>MA8032C</div>
<div>.</div>
<div>Contents of the 'Scheduled Tasks' folder</div>
<div>.</div>
<div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div>
<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div>
<div>.</div>
<div>2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div>
<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div>
<div>.</div>
<div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>
<div>- c:\documents and settings\Just\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 17:32]</div>
<div>.</div>
<div>2012-11-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>
<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>
<div>.</div>
<div>2012-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>
<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>
<div>.</div>
<div>2012-11-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>
<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>
<div>.</div>
<div>2012-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>
<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>
<div>.</div>
<div>2012-09-30 c:\windows\Tasks\ReclaimerResumeInstall_Just.job</div>
<div>- c:\documents and settings\Just\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-30 22:23]</div>
<div>.</div>
<div>.</div>
<div>------- Supplementary Scan -------</div>
<div>.</div>
<div>uStart Page = www.yahoo.com</div>
<div>uInternet Settings,ProxyOverride = *.local</div>
<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div>
<div>.</div>
<div>.</div>
<div>------- File Associations -------</div>
<div>.</div>
<div>regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1</div>
<div>.txt=</div>
<div>.</div>
<div>- - - - ORPHANS REMOVED - - - -</div>
<div>.</div>
<div>URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)</div>
<div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div>
<div>SafeBoot-80275046.sys</div>
<div>SafeBoot-87008857.sys</div>
<div>SafeBoot-94267917.sys</div>
<div>SafeBoot-klmdb.sys</div>
<div>SafeBoot-WinDefend</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>**************************************************************************</div>
<div>.</div>
<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>
<div>Rootkit scan 2012-11-30 19:53</div>
<div>Windows 5.1.2600 Service Pack 3 NTFS</div>
<div>.</div>
<div>scanning hidden processes ... </div>
<div>.</div>
<div>scanning hidden autostart entries ... </div>
<div>.</div>
<div>scanning hidden files ... </div>
<div>.</div>
<div>scan completed successfully</div>
<div>hidden files: 0</div>
<div>.</div>
<div>**************************************************************************</div>
<div>.</div>
<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>
<div>.</div>
<div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>
<div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div>
<div>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>
<div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div>
<div>.</div>
<div>--------------------- DLLs Loaded Under Running Processes ---------------------</div>
<div>.</div>
<div>- - - - - - - > 'winlogon.exe'(1068)</div>
<div>c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll</div>
<div>.</div>
<div>Completion time: 2012-11-30 19:59:06</div>
<div>ComboFix-quarantined-files.txt 2012-12-01 01:59</div>
<div>.</div>
<div>Pre-Run: 8,098,377,728 bytes free</div>
<div>Post-Run: 9,064,124,416 bytes free</div>
<div>.</div>
<div>- - End Of File - - B73DAE9CCAA09511CAC0233572641D04</div>
<div> </div>
-
<p>This time, ComboFix worked.</p>
<p>This is the report:</p>
<p> </p>
<p> </p>
<div>ComboFix 12-11-29.02 - Just 11/30/2012 19:28:59.1.2 - x86</div>
<div>Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1407.877 [GMT -6:00]</div>
<div>Running from: c:\documents and settings\Just\Desktop\ComboFix.exe</div>
<div>Command switches used :: /nombr</div>
<div>AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}</div>
<div>AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>c:\documents and settings\Administrator\WINDOWS</div>
<div>c:\documents and settings\All Users\Application Data\18472756</div>
<div>c:\documents and settings\All Users\Application Data\19521332</div>
<div>c:\documents and settings\All Users\Application Data\TEMP</div>
<div>c:\documents and settings\Default User\WINDOWS</div>
<div>c:\documents and settings\Just\Application Data\Adobe\plugs</div>
<div>c:\documents and settings\Just\Application Data\Adobe\shed</div>
<div>c:\documents and settings\Just\Application Data\Love</div>
<div>c:\documents and settings\Just\Application Data\Love\mari0\options.txt</div>
<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}</div>
<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome.manifest</div>
<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\chrome\content\overlay.xul</div>
<div>c:\documents and settings\Just\Local Settings\Application Data\{5F892207-CA99-401C-A51A-5520D89731B6}\install.rdf</div>
<div>c:\documents and settings\Just\WINDOWS</div>
<div>c:\program files\LP</div>
<div>c:\windows\AutoRun.ini</div>
<div>c:\windows\EventSystem.log</div>
<div>c:\windows\iun6002.exe</div>
<div>c:\windows\system32\AutoRun.inf</div>
<div>c:\windows\system32\Cache</div>
<div>c:\windows\system32\Cache\272512937d9e61a4.fb</div>
<div>c:\windows\system32\Cache\287204568329e189.fb</div>
<div>c:\windows\system32\Cache\28bc8f716fd76a47.fb</div>
<div>c:\windows\system32\Cache\2c53092c95605355.fb</div>
<div>c:\windows\system32\Cache\32c84fe32bb74d60.fb</div>
<div>c:\windows\system32\Cache\3917078cb68ec657.fb</div>
<div>c:\windows\system32\Cache\590ba23ce359fd0c.fb</div>
<div>c:\windows\system32\Cache\610289e025a3ee9a.fb</div>
<div>c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb</div>
<div>c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb</div>
<div>c:\windows\system32\Cache\6d03dad1035885d3.fb</div>
<div>c:\windows\system32\Cache\9da7a57257febd31.fb</div>
<div>c:\windows\system32\Cache\a8556537add6dfc5.fb</div>
<div>c:\windows\system32\Cache\ad10a52aff5e038d.fb</div>
<div>c:\windows\system32\Cache\c1fa887b03019701.fb</div>
<div>c:\windows\system32\Cache\c4d28dca2e7648be.fb</div>
<div>c:\windows\system32\Cache\d201ef9910cd39de.fb</div>
<div>c:\windows\system32\Cache\d2e94710a5708128.fb</div>
<div>c:\windows\system32\Cache\d79b9dfe81484ec4.fb</div>
<div>c:\windows\system32\Cache\f998975c9cc711ee.fb</div>
<div>c:\windows\system32\config\systemprofile\WINDOWS</div>
<div>c:\windows\system32\dds_trash_log.cmd</div>
<div>c:\windows\system32\URTTemp</div>
<div>c:\windows\system32\URTTemp\fusion.dll</div>
<div>c:\windows\system32\URTTemp\mscoree.dll</div>
<div>c:\windows\system32\URTTemp\mscoree.dll.local</div>
<div>c:\windows\system32\URTTemp\mscorsn.dll</div>
<div>c:\windows\system32\URTTemp\mscorwks.dll</div>
<div>c:\windows\system32\URTTemp\msvcr71.dll</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>388096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-r-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe</div>
<div>2012-11-28 23:54 . 2012-11-28 23:54<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Trend Micro</div>
<div>2012-11-27 18:32 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>143872<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\javacpl.cpl</div>
<div>2012-11-27 18:31 . 2012-11-27 18:30<span class="Apple-tab-span" style="white-space:pre"> </span>93672<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WindowsAccessBridge.dll</div>
<div>2012-11-25 05:04 . 2012-11-25 05:05<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Realtek AC97</div>
<div>2012-11-22 14:04 . 2012-11-22 14:04<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Common Files\xing shared</div>
<div>2012-11-17 12:09 . 2006-07-31 17:27<span class="Apple-tab-span" style="white-space:pre"> </span>217088<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcrmv.exe</div>
<div>2012-11-17 12:09 . 2006-07-31 17:19<span class="Apple-tab-span" style="white-space:pre"> </span>315392<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\alcupd.exe</div>
<div>2012-11-15 18:09 . 2012-11-15 18:09<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\Safer Networking</div>
<div>2012-11-15 18:08 . 2012-11-15 18:08<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Safer Networking</div>
<div>2012-11-15 00:43 . 2012-11-15 00:43<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Application Data\AVG2013</div>
<div>2012-11-14 21:44 . 2012-11-14 21:44<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\AVG</div>
<div>2012-11-13 12:43 . 2012-11-15 04:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\documents and settings\Just\Local Settings\Application Data\Avg2013</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>2012-11-27 18:30 . 2012-07-15 02:16<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\npDeployJava1.dll</div>
<div>2012-11-27 18:30 . 2010-12-16 01:08<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\deployJava1.dll</div>
<div>2012-11-22 14:02 . 2006-07-11 23:35<span class="Apple-tab-span" style="white-space:pre"> </span>348160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\msvcr71.dll</div>
<div>2012-10-22 19:02 . 2012-10-22 19:02<span class="Apple-tab-span" style="white-space:pre"> </span>179936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsdriverx.sys</div>
<div>2012-10-15 09:48 . 2012-10-15 09:48<span class="Apple-tab-span" style="white-space:pre"> </span>55776<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidshx.sys</div>
<div>2012-10-05 09:32 . 2012-10-05 09:32<span class="Apple-tab-span" style="white-space:pre"> </span>93536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgmfx86.sys</div>
<div>2012-10-02 09:30 . 2012-10-02 09:30<span class="Apple-tab-span" style="white-space:pre"> </span>159712<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgldx86.sys</div>
<div>2012-09-30 00:54 . 2012-03-31 20:49<span class="Apple-tab-span" style="white-space:pre"> </span>22856<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>164832<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgtdix.sys</div>
<div>2012-09-21 09:46 . 2012-09-21 09:46<span class="Apple-tab-span" style="white-space:pre"> </span>177376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avglogx.sys</div>
<div>2012-09-21 09:45 . 2012-09-21 09:45<span class="Apple-tab-span" style="white-space:pre"> </span>19936<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgidsshimx.sys</div>
<div>2012-09-14 09:05 . 2012-09-14 09:05<span class="Apple-tab-span" style="white-space:pre"> </span>35552<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\avgrkx86.sys</div>
<div>2011-04-30 04:46 . 2011-04-30 04:46<span class="Apple-tab-span" style="white-space:pre"> </span>456<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\0429201123462546.bat</div>
<div>2008-03-18 11:06 . 2008-03-18 11:07<span class="Apple-tab-span" style="white-space:pre"> </span>774144<span class="Apple-tab-span" style="white-space:pre"> </span>-c--a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\RngInterstitial.dll</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>*Note* empty entries & legit default entries are not shown </div>
<div>REGEDIT4</div>
<div>.</div>
<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-22 335872]</div>
<div>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-31 192512]</div>
<div>"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-05-06 638976]</div>
<div>"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]</div>
<div>"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-05-20 135168]</div>
<div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]</div>
<div>"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]</div>
<div>"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]</div>
<div>"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-22 296096]</div>
<div>"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div>
<div>.</div>
<div>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]</div>
<div>.</div>
<div>c:\documents and settings\Just\Start Menu\Programs\Startup\</div>
<div>PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2012-11-22 484976]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</div>
<div>BootExecute<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div>
<div>@="Driver"</div>
<div>.</div>
<div>[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]</div>
<div>"AdobeBridge"=</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]</div>
<div>"NPSStartup"=</div>
<div>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</div>
<div>"DisableMonitoring"=dword:00000001</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]</div>
<div>"DisableMonitoring"=dword:00000001</div>
<div>.</div>
<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]</div>
<div>"DisableNotifications"= 1 (0x1)</div>
<div>.</div>
<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]</div>
<div>"%windir%\\system32\\sessmgr.exe"=</div>
<div>"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=</div>
<div>"c:\\Program Files\\uTorrent\\uTorrent.exe"=</div>
<div>"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=</div>
<div>"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=</div>
<div>"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=</div>
<div>"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=</div>
<div>"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=</div>
<div>.</div>
<div>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]</div>
<div>"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4</div>
<div>"27910:TCP"= 27910:TCP:UFO AI</div>
<div>.</div>
<div>R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]</div>
<div>R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]</div>
<div>R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]</div>
<div>R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]</div>
<div>R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]</div>
<div>R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]</div>
<div>R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]</div>
<div>R1 ECioctl;ECioctl;c:\windows\system32\drivers\ECioctl.sys [5/6/2004 2:40 PM 4816]</div>
<div>R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]</div>
<div>R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/6/2012 9:00 PM 399432]</div>
<div>R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/19/2011 7:18 AM 148520]</div>
<div>R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/31/2012 2:49 PM 22856]</div>
<div>R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [9/11/2012 6:28 PM 13440]</div>
<div>S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/6/2012 7:00 PM 5814392]</div>
<div>S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/31/2012 2:49 PM 676936]</div>
<div>S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\drivers\CT_U_USBSER.sys [8/18/2012 8:09 PM 106496]</div>
<div>S3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/22/2011,1.2.5.0;c:\windows\system32\drivers\libusb0.sys [5/18/2012 4:04 AM 42592]</div>
<div>S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [8/24/2012 2:28 AM 45608]</div>
<div>S3 SRS_AE_Service;SRS Audio Essentials;c:\windows\system32\drivers\SRS_AE_i386.sys [11/2/2011 7:58 AM 404256]</div>
<div>S4 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys --> c:\windows\system32\DRIVERS\easytthr.sys [?]</div>
<div>S4 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/18/2011 5:14 PM 36608]</div>
<div>S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]</div>
<div>S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 1:49 AM 242712]</div>
<div>S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]</div>
<div>S4 UDisk Monitor;UDisk Monitor;c:\program files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe [8/18/2012 8:09 PM 512000]</div>
<div>S4 VRAID Log Service;VRAID Log Service;c:\program files\VIA\RAID\vialogsv.exe [10/13/2009 5:01 PM 52888]</div>
<div>.</div>
<div>--- Other Services/Drivers In Memory ---</div>
<div>.</div>
<div>*NewlyCreated* - 19560129</div>
<div>*Deregistered* - 19560129</div>
<div>*Deregistered* - aswMBR</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]</div>
<div>HPZ12<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Pml Driver HPZ12 Net Driver HPZ12</div>
<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>
<div>.</div>
<div>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs</div>
<div>KLOGNT</div>
<div>DM9102</div>
<div>w800mdfl</div>
<div>DevUpper</div>
<div>scramby</div>
<div>adobeactivefilemonitor4.0</div>
<div>nv4</div>
<div>acprfmgrsvc</div>
<div>IOSLINK</div>
<div>oracledbconsoleorcl</div>
<div>MA8032C</div>
<div>.</div>
<div>Contents of the 'Scheduled Tasks' folder</div>
<div>.</div>
<div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab7301604fabe.job</div>
<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div>
<div>.</div>
<div>2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cab73016a97d00.job</div>
<div>- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-09 16:59]</div>
<div>.</div>
<div>2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-342708476-2127193123-2648729015-1316Core1cdcf3abeef7c92.job</div>
<div>- c:\documents and settings\Just\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-28 17:32]</div>
<div>.</div>
<div>2012-11-30 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>
<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>
<div>.</div>
<div>2012-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>
<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>
<div>.</div>
<div>2012-11-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1316.job</div>
<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>
<div>.</div>
<div>2012-11-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-342708476-2127193123-2648729015-1319.job</div>
<div>- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]</div>
<div>.</div>
<div>2012-09-30 c:\windows\Tasks\ReclaimerResumeInstall_Just.job</div>
<div>- c:\documents and settings\Just\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-30 22:23]</div>
<div>.</div>
<div>.</div>
<div>------- Supplementary Scan -------</div>
<div>.</div>
<div>uStart Page = www.yahoo.com</div>
<div>uInternet Settings,ProxyOverride = *.local</div>
<div>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000</div>
<div>.</div>
<div>.</div>
<div>------- File Associations -------</div>
<div>.</div>
<div>regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1</div>
<div>.txt=</div>
<div>.</div>
<div>- - - - ORPHANS REMOVED - - - -</div>
<div>.</div>
<div>URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)</div>
<div>WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)</div>
<div>SafeBoot-80275046.sys</div>
<div>SafeBoot-87008857.sys</div>
<div>SafeBoot-94267917.sys</div>
<div>SafeBoot-klmdb.sys</div>
<div>SafeBoot-WinDefend</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>**************************************************************************</div>
<div>.</div>
<div>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net</div>
<div>Rootkit scan 2012-11-30 19:53</div>
<div>Windows 5.1.2600 Service Pack 3 NTFS</div>
<div>.</div>
<div>scanning hidden processes ... </div>
<div>.</div>
<div>scanning hidden autostart entries ... </div>
<div>.</div>
<div>scanning hidden files ... </div>
<div>.</div>
<div>scan completed successfully</div>
<div>hidden files: 0</div>
<div>.</div>
<div>**************************************************************************</div>
<div>.</div>
<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>
<div>.</div>
<div>[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]</div>
<div>@Denied: (2) (LocalSystem)</div>
<div>"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>
<div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div>
<div>"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,</div>
<div> d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cb,e9,5f,1e,c4,4b,1b,4f,b8,4d,8f,\</div>
<div>.</div>
<div>--------------------- DLLs Loaded Under Running Processes ---------------------</div>
<div>.</div>
<div>- - - - - - - > 'winlogon.exe'(1068)</div>
<div>c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll</div>
<div>.</div>
<div>Completion time: 2012-11-30 19:59:06</div>
<div>ComboFix-quarantined-files.txt 2012-12-01 01:59</div>
<div>.</div>
<div>Pre-Run: 8,098,377,728 bytes free</div>
<div>Post-Run: 9,064,124,416 bytes free</div>
<div>.</div>
<div>- - End Of File - - B73DAE9CCAA09511CAC0233572641D04</div>
<div> </div>
-
TDDS Report:
16:28:14.0890 4732 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:28:16.0500 4732 ============================================================
16:28:16.0500 4732 Current date / time: 2012/11/30 16:28:16.0500
16:28:16.0500 4732 SystemInfo:
16:28:16.0500 4732
16:28:16.0515 4732 OS Version: 5.1.2600 ServicePack: 3.0
16:28:16.0515 4732 Product type: Workstation
16:28:16.0515 4732 ComputerName: TOSHIBA-USER
16:28:16.0515 4732 UserName: Just
16:28:16.0515 4732 Windows directory: C:\WINDOWS
16:28:16.0515 4732 System windows directory: C:\WINDOWS
16:28:16.0515 4732 Processor architecture: Intel x86
16:28:16.0515 4732 Number of processors: 2
16:28:16.0515 4732 Page size: 0x1000
16:28:16.0515 4732 Boot type: Normal boot
16:28:16.0515 4732 ============================================================
16:28:42.0890 4732 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:28:43.0343 4732 ============================================================
16:28:43.0375 4732 \Device\Harddisk0\DR0:
16:28:43.0812 4732 MBR partitions:
16:28:43.0812 4732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC7C41
16:28:43.0812 4732 ============================================================
16:28:46.0343 4732 C: <-> \Device\Harddisk0\DR0\Partition1
16:28:46.0343 4732 ============================================================
16:28:46.0343 4732 Initialize success
16:28:46.0343 4732 ============================================================
16:28:57.0890 9232 ============================================================
16:28:57.0890 9232 Scan started
16:28:57.0890 9232 Mode: Manual;
16:28:57.0890 9232 ============================================================
16:29:50.0968 9232 ================ Scan system memory ========================
16:29:50.0968 9232 System memory - ok
16:29:50.0984 9232 ================ Scan services =============================
16:30:04.0703 9232 18059 - ok
16:30:04.0765 9232 Abiosdsk - ok
16:30:04.0828 9232 abp480n5 - ok
16:30:05.0562 9232 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:30:05.0796 9232 ACPI - ok
16:30:06.0125 9232 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:30:06.0171 9232 ACPIEC - ok
16:30:06.0375 9232 [ 414DFC28E08096CE36A1B6D2F9A15A37 ] ACS C:\WINDOWS\System32\ACS.exe
16:30:06.0453 9232 ACS - ok
16:30:06.0656 9232 [ 6D7F09CD92A9FEF3A8EFCE66231FDD79 ] adfs C:\WINDOWS\system32\drivers\adfs.sys
16:30:06.0906 9232 adfs - ok
16:30:06.0953 9232 adpu160m - ok
16:30:07.0296 9232 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:30:07.0515 9232 aec - ok
16:30:07.0796 9232 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:30:08.0828 9232 AFD - ok
16:30:11.0078 9232 [ 052343CD49C8DA20C48958CFE73C7D44 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:30:14.0171 9232 AgereSoftModem - ok
16:30:14.0203 9232 Aha154x - ok
16:30:14.0218 9232 aic78u2 - ok
16:30:14.0250 9232 aic78xx - ok
16:30:15.0375 9232 [ FBBCB95F677CBAA924140B6EA2D9A97B ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
16:30:16.0265 9232 ALCXSENS - ok
16:30:20.0750 9232 [ DD8520280304B6145A6BE31008748C7C ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
16:30:26.0234 9232 ALCXWDM - ok
16:30:26.0390 9232 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:30:26.0437 9232 Alerter - ok
16:30:26.0578 9232 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
16:30:26.0656 9232 ALG - ok
16:30:26.0687 9232 AliIde - ok
16:30:26.0703 9232 amsint - ok
16:30:26.0906 9232 [ 3ED81E8B4709D13E5A38DB2D8E792B28 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
16:30:27.0031 9232 ApfiltrService - ok
16:30:27.0140 9232 AppMgmt - ok
16:30:27.0703 9232 [ B38FBCD95B8E4C130CF78A1DF7F04523 ] AR5211 C:\WINDOWS\system32\DRIVERS\ar5211.sys
16:30:28.0265 9232 AR5211 - ok
16:30:28.0375 9232 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:30:28.0734 9232 Arp1394 - ok
16:30:28.0765 9232 asc - ok
16:30:28.0796 9232 asc3350p - ok
16:30:28.0828 9232 asc3550 - ok
16:30:29.0031 9232 [ 54AB078660E536DA72B21A27F56B035B ] Aspi32 C:\WINDOWS\system32\drivers\aspi32.sys
16:30:29.0078 9232 Aspi32 - ok
16:30:30.0406 9232 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:30:31.0343 9232 aspnet_state - ok
16:30:31.0531 9232 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:30:31.0562 9232 AsyncMac - ok
16:30:31.0718 9232 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:30:31.0718 9232 atapi - ok
16:30:31.0750 9232 Atdisk - ok
16:30:32.0281 9232 [ 174C7EE63011017CA12E31CED195581D ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
16:30:32.0875 9232 Ati HotKey Poller - ok
16:30:33.0703 9232 [ 4938AD74DE9088F70922FABF86912EEE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
16:30:34.0640 9232 ati2mtag - ok
16:30:34.0796 9232 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:30:34.0875 9232 Atmarpc - ok
16:30:35.0093 9232 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:30:35.0234 9232 AudioSrv - ok
16:30:35.0406 9232 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:30:35.0453 9232 audstub - ok
16:30:42.0765 9232 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
16:30:50.0843 9232 AVGIDSAgent - ok
16:30:51.0125 9232 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
16:30:51.0687 9232 AVGIDSDriver - ok
16:30:51.0890 9232 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
16:30:51.0968 9232 AVGIDSHX - ok
16:30:52.0125 9232 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
16:30:52.0156 9232 AVGIDSShim - ok
16:30:52.0500 9232 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:30:52.0796 9232 Avgldx86 - ok
16:30:53.0093 9232 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
16:30:53.0406 9232 Avglogx - ok
16:30:53.0718 9232 [ 6C7C00B8DD22B4343B47FED148387057 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:30:53.0828 9232 Avgmfx86 - ok
16:30:54.0000 9232 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:30:54.0046 9232 Avgrkx86 - ok
16:30:54.0375 9232 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:30:54.0593 9232 Avgtdix - ok
16:30:54.0906 9232 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
16:30:55.0218 9232 avgwd - ok
16:30:55.0437 9232 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:30:55.0515 9232 Beep - ok
16:30:56.0015 9232 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
16:30:56.0906 9232 BITS - ok
16:30:57.0125 9232 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
16:30:57.0265 9232 Browser - ok
16:30:57.0718 9232 [ 10D5FB74EE18EA49C30DAAA203C0E0EC ] caboagp C:\WINDOWS\system32\DRIVERS\atisgkaf.sys
16:30:57.0734 9232 caboagp - ok
16:30:59.0171 9232 catchme - ok
16:30:59.0406 9232 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:30:59.0578 9232 cbidf2k - ok
16:30:59.0937 9232 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:31:00.0000 9232 CCDECODE - ok
16:31:00.0031 9232 cd20xrnt - ok
16:31:00.0187 9232 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:31:00.0218 9232 Cdaudio - ok
16:31:00.0359 9232 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:31:00.0453 9232 Cdfs - ok
16:31:00.0484 9232 Cdr4_xp - ok
16:31:00.0609 9232 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:31:00.0718 9232 Cdrom - ok
16:31:01.0109 9232 [ EDFB15C5AF45B381277E6A275680C81D ] CeEPwrSvc C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
16:31:01.0203 9232 CeEPwrSvc - ok
16:31:01.0578 9232 [ 183691781D89AF30395DEB4CCE310FD6 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
16:31:01.0625 9232 CFSvcs - ok
16:31:01.0656 9232 Changer - ok
16:31:01.0875 9232 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:31:01.0921 9232 CiSvc - ok
16:31:02.0046 9232 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:31:02.0109 9232 ClipSrv - ok
16:31:02.0859 9232 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:31:05.0218 9232 clr_optimization_v2.0.50727_32 - ok
16:31:05.0609 9232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:31:07.0140 9232 clr_optimization_v4.0.30319_32 - ok
16:31:07.0250 9232 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:31:07.0296 9232 CmBatt - ok
16:31:07.0437 9232 CmdIde - ok
16:31:07.0625 9232 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:31:07.0687 9232 Compbatt - ok
16:31:07.0750 9232 COMSysApp - ok
16:31:07.0796 9232 Cpqarray - ok
16:31:08.0000 9232 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:31:08.0078 9232 CryptSvc - ok
16:31:08.0109 9232 dac2w2k - ok
16:31:08.0156 9232 dac960nt - ok
16:31:08.0781 9232 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:31:09.0312 9232 DcomLaunch - ok
16:31:09.0468 9232 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:31:09.0703 9232 Dhcp - ok
16:31:09.0828 9232 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:31:09.0890 9232 Disk - ok
16:31:09.0921 9232 dmadmin - ok
16:31:10.0968 9232 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:31:12.0015 9232 dmboot - ok
16:31:12.0265 9232 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:31:12.0468 9232 dmio - ok
16:31:12.0765 9232 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:31:12.0796 9232 dmload - ok
16:31:12.0953 9232 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
16:31:13.0000 9232 dmserver - ok
16:31:13.0093 9232 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:31:13.0203 9232 DMusic - ok
16:31:13.0375 9232 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:31:13.0437 9232 Dnscache - ok
16:31:13.0875 9232 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
16:31:14.0187 9232 Dot3svc - ok
16:31:14.0218 9232 dpti2o - ok
16:31:14.0328 9232 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:31:14.0390 9232 drmkaud - ok
16:31:14.0734 9232 [ 19F07389ADE563B46E99626FD675070D ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
16:31:14.0859 9232 drvmcdb - ok
16:31:14.0953 9232 [ 0FFE2F06E9103A4FBD5E6418CA044D1C ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
16:31:15.0015 9232 drvnddm - ok
16:31:15.0250 9232 [ 77C4901986FC7A83E853B300E80D234B ] DVD-RAM_Service C:\WINDOWS\System32\DVDRAMSV.exe
16:31:15.0453 9232 DVD-RAM_Service - ok
16:31:15.0640 9232 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
16:31:15.0718 9232 EapHost - ok
16:31:15.0734 9232 easytether - ok
16:31:15.0875 9232 [ 5DD48EC0D82B708857EEDD5A59BE5BC5 ] ECioctl C:\WINDOWS\system32\Drivers\ECioctl.sys
16:31:17.0375 9232 ECioctl - ok
16:31:17.0640 9232 [ A1CCDCB2E1EB8A6C3AF879463BA2BE89 ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
16:31:17.0843 9232 EMSCR - ok
16:31:17.0953 9232 [ 0B07768AE046F9ED6A75E5BC75660828 ] EPOWER C:\WINDOWS\system32\Drivers\hkdrv.sys
16:31:19.0765 9232 EPOWER - ok
16:31:19.0937 9232 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:31:20.0000 9232 ERSvc - ok
16:31:20.0187 9232 [ EC2A61FABD6F311D2A8596C280EFBA6F ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
16:31:20.0234 9232 ESDCR - ok
16:31:20.0796 9232 [ 328C7B07F4BE4826D33B826396305686 ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
16:31:21.0312 9232 ESMCR - ok
16:31:21.0531 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
16:31:21.0718 9232 Eventlog - ok
16:31:22.0093 9232 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\Es.dll
16:31:22.0484 9232 EventSystem - ok
16:31:22.0703 9232 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:31:22.0953 9232 Fastfat - ok
16:31:23.0312 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:31:23.0484 9232 FastUserSwitchingCompatibility - ok
16:31:24.0218 9232 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:31:24.0515 9232 Fax - ok
16:31:24.0687 9232 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:31:24.0734 9232 Fdc - ok
16:31:24.0890 9232 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:31:24.0921 9232 Fips - ok
16:31:26.0406 9232 [ 8669BE94F63944E4F899C3950B520241 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:31:27.0968 9232 FLEXnet Licensing Service - ok
16:31:28.0062 9232 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:31:28.0109 9232 Flpydisk - ok
16:31:28.0328 9232 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
16:31:28.0640 9232 FltMgr - ok
16:31:28.0843 9232 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
16:31:29.0000 9232 FsUsbExDisk - ok
16:31:29.0312 9232 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:31:29.0406 9232 Fs_Rec - ok
16:31:29.0703 9232 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:31:29.0796 9232 Ftdisk - ok
16:31:30.0015 9232 [ 5271DFDC3C390FE46D69220784CB0D2E ] Generalusbserialser20675 C:\WINDOWS\system32\DRIVERS\CT_U_USBSER.sys
16:31:30.0156 9232 Generalusbserialser20675 - ok
16:31:30.0437 9232 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:31:30.0531 9232 Gpc - ok
16:31:31.0343 9232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:31:31.0609 9232 gupdate - ok
16:31:31.0890 9232 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:31:31.0890 9232 gupdatem - ok
16:31:32.0187 9232 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:31:32.0250 9232 helpsvc - ok
16:31:32.0406 9232 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
16:31:32.0468 9232 HidServ - ok
16:31:32.0750 9232 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:31:32.0812 9232 HidUsb - ok
16:31:32.0968 9232 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
16:31:33.0062 9232 hkmsvc - ok
16:31:33.0093 9232 hpn - ok
16:31:34.0437 9232 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:31:34.0984 9232 hpqcxs08 - ok
16:31:35.0234 9232 [ 3EE4A63539EC04EE2D4BD293985087AB ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:31:35.0406 9232 hpqddsvc - ok
16:31:35.0671 9232 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:31:36.0140 9232 HPZid412 - ok
16:31:36.0265 9232 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:31:36.0312 9232 HPZipr12 - ok
16:31:36.0453 9232 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:31:36.0500 9232 HPZius12 - ok
16:31:36.0984 9232 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:31:37.0390 9232 HTTP - ok
16:31:37.0781 9232 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:31:37.0859 9232 HTTPFilter - ok
16:31:37.0890 9232 i2omgmt - ok
16:31:37.0906 9232 i2omp - ok
16:31:38.0015 9232 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:31:38.0078 9232 i8042prt - ok
16:31:38.0406 9232 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:31:42.0343 9232 IDriverT - ok
16:31:42.0421 9232 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:31:42.0484 9232 Imapi - ok
16:31:43.0453 9232 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:31:43.0765 9232 ImapiService - ok
16:31:43.0968 9232 ini910u - ok
16:31:44.0000 9232 IntelIde - ok
16:31:44.0640 9232 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:31:44.0828 9232 intelppm - ok
16:31:45.0250 9232 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
16:31:45.0328 9232 ip6fw - ok
16:31:45.0515 9232 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:31:45.0640 9232 IpFilterDriver - ok
16:31:46.0234 9232 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:31:46.0312 9232 IpInIp - ok
16:31:46.0593 9232 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:31:46.0968 9232 IpNat - ok
16:31:47.0265 9232 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:31:47.0390 9232 IPSec - ok
16:31:47.0531 9232 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
16:31:47.0734 9232 irda - ok
16:31:48.0031 9232 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:31:48.0140 9232 IRENUM - ok
16:31:48.0296 9232 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
16:31:48.0359 9232 Irmon - ok
16:31:48.0531 9232 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:31:48.0593 9232 isapnp - ok
16:31:50.0281 9232 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
16:31:50.0515 9232 JavaQuickStarterService - ok
16:31:50.0796 9232 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:31:50.0875 9232 Kbdclass - ok
16:31:51.0093 9232 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:31:51.0281 9232 kmixer - ok
16:31:51.0515 9232 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:31:51.0734 9232 KSecDD - ok
16:31:52.0187 9232 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:31:52.0328 9232 lanmanserver - ok
16:31:52.0609 9232 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:31:52.0953 9232 lanmanworkstation - ok
16:31:52.0984 9232 lbrtfdc - ok
16:31:53.0140 9232 [ B716D4D759663BC4174FD0A379DA8E50 ] libusb0 C:\WINDOWS\system32\DRIVERS\libusb0.sys
16:31:54.0453 9232 libusb0 - ok
16:31:55.0359 9232 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:31:55.0390 9232 LmHosts - ok
16:31:55.0484 9232 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
16:31:55.0531 9232 MBAMProtector - ok
16:31:56.0328 9232 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:31:56.0671 9232 MBAMScheduler - ok
16:31:57.0562 9232 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:31:58.0984 9232 MBAMService - ok
16:31:59.0750 9232 [ 67B6F4E0DB57DD2020A2415294BA4ED8 ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
16:32:04.0968 9232 McciCMService - ok
16:32:05.0015 9232 mcdbus - ok
16:32:05.0187 9232 [ D7010580BF4E45D5E793A1FE75758C69 ] MDC8021X C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
16:32:05.0218 9232 MDC8021X - ok
16:32:05.0531 9232 [ 766A1D242F4390DDF1243084898A20C9 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
16:32:05.0609 9232 meiudf - ok
16:32:06.0031 9232 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:32:06.0109 9232 Messenger - ok
16:32:06.0375 9232 [ 688B626FCA708EE9EB161CAD1F7363A9 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
16:32:06.0640 9232 mfeapfk - ok
16:32:07.0750 9232 [ 44184F32392FA2E94D08D056CE750D56 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
16:32:08.0593 9232 mfehidk - ok
16:32:09.0109 9232 [ 6991A9EA5E74E6035B8DAB17A7572CF3 ] mfevtp C:\WINDOWS\system32\mfevtps.exe
16:32:09.0656 9232 mfevtp - ok
16:32:09.0812 9232 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:32:09.0828 9232 mnmdd - ok
16:32:10.0093 9232 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
16:32:10.0203 9232 mnmsrvc - ok
16:32:10.0390 9232 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:32:10.0421 9232 Modem - ok
16:32:10.0609 9232 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:32:10.0640 9232 Mouclass - ok
16:32:10.0812 9232 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:32:11.0234 9232 mouhid - ok
16:32:11.0625 9232 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:32:11.0687 9232 MountMgr - ok
16:32:11.0703 9232 MR97310_USB_DUAL_CAMERA - ok
16:32:11.0734 9232 mraid35x - ok
16:32:12.0468 9232 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
16:32:15.0031 9232 MREMP50 - ok
16:32:15.0046 9232 MREMP50a64 - ok
16:32:15.0234 9232 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
16:32:15.0968 9232 MRESP50 - ok
16:32:16.0000 9232 MRESP50a64 - ok
16:32:16.0468 9232 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:32:16.0734 9232 MRxDAV - ok
16:32:17.0843 9232 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:32:18.0515 9232 MRxSmb - ok
16:32:18.0671 9232 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
16:32:18.0859 9232 MSDTC - ok
16:32:18.0968 9232 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:32:19.0156 9232 Msfs - ok
16:32:19.0187 9232 MSIServer - ok
16:32:19.0453 9232 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:32:19.0515 9232 MSKSSRV - ok
16:32:19.0734 9232 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:32:19.0765 9232 MSPCLOCK - ok
16:32:19.0875 9232 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:32:19.0906 9232 MSPQM - ok
16:32:20.0000 9232 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:32:20.0062 9232 mssmbios - ok
16:32:21.0078 9232 MSSQL$SQLEXPRESS - ok
16:32:21.0546 9232 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
16:32:21.0671 9232 MSSQLServerADHelper100 - ok
16:32:22.0125 9232 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
16:32:22.0156 9232 MSTEE - ok
16:32:22.0640 9232 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:32:22.0828 9232 Mup - ok
16:32:23.0046 9232 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:32:23.0171 9232 NABTSFEC - ok
16:32:23.0843 9232 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
16:32:24.0203 9232 napagent - ok
16:32:24.0640 9232 [ E78CE4B8E70CCC1A6E63008C3660867C ] NCHSSVAD C:\WINDOWS\system32\drivers\nchssvad.sys
16:32:26.0250 9232 NCHSSVAD - ok
16:32:26.0578 9232 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:32:26.0781 9232 NDIS - ok
16:32:26.0921 9232 [ B797EE2EF919C95561DEE78B72B33E5B ] ndiscm C:\WINDOWS\system32\DRIVERS\NetMotCM.sys
16:32:26.0968 9232 ndiscm - ok
16:32:27.0093 9232 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:32:27.0109 9232 NdisIP - ok
16:32:27.0296 9232 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:32:27.0546 9232 NdisTapi - ok
16:32:27.0656 9232 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:32:27.0687 9232 Ndisuio - ok
16:32:27.0828 9232 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:32:27.0921 9232 NdisWan - ok
16:32:28.0093 9232 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:32:28.0406 9232 NDProxy - ok
16:32:28.0515 9232 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
16:32:28.0546 9232 Net Driver HPZ12 - ok
16:32:28.0609 9232 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:32:28.0750 9232 NetBIOS - ok
16:32:28.0906 9232 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:32:29.0062 9232 NetBT - ok
16:32:29.0296 9232 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
16:32:29.0406 9232 NetDDE - ok
16:32:29.0593 9232 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:32:29.0593 9232 NetDDEdsdm - ok
16:32:29.0656 9232 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
16:32:29.0687 9232 Netdevio - ok
16:32:29.0796 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:32:29.0812 9232 Netlogon - ok
16:32:29.0984 9232 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
16:32:30.0140 9232 Netman - ok
16:32:30.0234 9232 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:32:30.0296 9232 NIC1394 - ok
16:32:30.0578 9232 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
16:32:30.0765 9232 Nla - ok
16:32:30.0796 9232 NMSAccess - ok
16:32:30.0859 9232 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:32:30.0890 9232 Npfs - ok
16:32:31.0703 9232 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:32:32.0578 9232 Ntfs - ok
16:32:32.0796 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
16:32:32.0812 9232 NtLmSsp - ok
16:32:33.0484 9232 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:32:34.0078 9232 NtmsSvc - ok
16:32:34.0187 9232 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
16:32:34.0312 9232 NuidFltr - ok
16:32:34.0421 9232 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:32:34.0437 9232 Null - ok
16:32:34.0546 9232 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:32:34.0593 9232 NwlnkFlt - ok
16:32:34.0781 9232 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:32:34.0843 9232 NwlnkFwd - ok
16:32:35.0500 9232 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:32:36.0109 9232 odserv - ok
16:32:36.0296 9232 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:32:36.0375 9232 ohci1394 - ok
16:32:36.0640 9232 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:32:36.0984 9232 ose - ok
16:32:37.0203 9232 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
16:32:37.0312 9232 Parport - ok
16:32:37.0375 9232 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:32:37.0421 9232 PartMgr - ok
16:32:37.0500 9232 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:32:37.0515 9232 ParVdm - ok
16:32:37.0625 9232 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
16:32:37.0687 9232 pccsmcfd - ok
16:32:37.0812 9232 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:32:37.0968 9232 PCI - ok
16:32:38.0000 9232 PCIDump - ok
16:32:38.0078 9232 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:32:38.0078 9232 PCIIde - ok
16:32:38.0359 9232 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:32:38.0515 9232 Pcmcia - ok
16:32:38.0546 9232 PDCOMP - ok
16:32:38.0578 9232 PDFRAME - ok
16:32:38.0640 9232 PDRELI - ok
16:32:38.0671 9232 PDRFRAME - ok
16:32:38.0703 9232 perc2 - ok
16:32:38.0734 9232 perc2hib - ok
16:32:39.0390 9232 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
16:32:39.0796 9232 PEVSystemStart - ok
16:32:39.0890 9232 [ ED2E7F396B4098608C95BC3806BDF6FC ] pfc C:\WINDOWS\system32\drivers\pfc.sys
16:32:40.0218 9232 pfc - ok
16:32:40.0406 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
16:32:40.0406 9232 PlugPlay - ok
16:32:40.0531 9232 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
16:32:40.0593 9232 Pml Driver HPZ12 - ok
16:32:40.0656 9232 [ 713E294439D982BB161317DE0136FAA0 ] pneteth C:\WINDOWS\system32\DRIVERS\pneteth.sys
16:32:41.0078 9232 pneteth - ok
16:32:41.0359 9232 [ DCDF0421A1C14F2923E298A30FD7636D ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
16:32:41.0390 9232 Point32 - ok
16:32:41.0437 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:32:41.0453 9232 PolicyAgent - ok
16:32:41.0562 9232 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:32:41.0625 9232 PptpMiniport - ok
16:32:41.0718 9232 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
16:32:41.0765 9232 Processor - ok
16:32:41.0843 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:32:41.0859 9232 ProtectedStorage - ok
16:32:42.0000 9232 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:32:42.0140 9232 PSched - ok
16:32:42.0250 9232 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:32:42.0296 9232 Ptilink - ok
16:32:42.0328 9232 ql1080 - ok
16:32:42.0390 9232 Ql10wnt - ok
16:32:42.0437 9232 ql12160 - ok
16:32:42.0484 9232 ql1240 - ok
16:32:42.0531 9232 ql1280 - ok
16:32:42.0750 9232 [ 3B68696914E467BBE827D2552B5B85EF ] qrkis C:\WINDOWS\system32\DRIVERS\qrkis.sys
16:32:44.0000 9232 qrkis - ok
16:32:44.0093 9232 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:32:44.0125 9232 RasAcd - ok
16:32:44.0296 9232 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:32:44.0375 9232 RasAuto - ok
16:32:44.0468 9232 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
16:32:44.0484 9232 Rasirda - ok
16:32:44.0546 9232 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:32:44.0625 9232 Rasl2tp - ok
16:32:44.0859 9232 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:32:45.0015 9232 RasMan - ok
16:32:45.0078 9232 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:32:45.0109 9232 RasPppoe - ok
16:32:45.0234 9232 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:32:45.0250 9232 Raspti - ok
16:32:45.0453 9232 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:32:45.0640 9232 Rdbss - ok
16:32:45.0781 9232 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:32:45.0828 9232 RDPCDD - ok
16:32:46.0234 9232 [ 5B3055DAA788BD688594D2F5981F2A83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:32:46.0578 9232 RDPWD - ok
16:32:46.0843 9232 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:32:47.0109 9232 RDSessMgr - ok
16:32:47.0234 9232 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:32:47.0281 9232 redbook - ok
16:32:47.0421 9232 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:32:47.0484 9232 RemoteAccess - ok
16:32:47.0593 9232 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
16:32:47.0656 9232 RpcLocator - ok
16:32:47.0968 9232 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
16:32:47.0984 9232 RpcSs - ok
16:32:48.0265 9232 [ FEDD2710B75BE3ECF078ADACE790C423 ] RsFx0102 C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
16:32:48.0437 9232 RsFx0102 - ok
16:32:48.0578 9232 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
16:32:48.0671 9232 RSVP - ok
16:32:48.0781 9232 [ 29F9879A1FD386F7251AE9FDADB2CBF1 ] RTL8023 C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
16:32:48.0843 9232 RTL8023 - ok
16:32:49.0031 9232 [ CF84B1F0E8B14D4120AAF9CF35CBB265 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
16:32:49.0140 9232 RTL8023xp - ok
16:32:49.0234 9232 [ D507C1400284176573224903819FFDA3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
16:32:49.0250 9232 rtl8139 - ok
16:32:49.0281 9232 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
16:32:49.0296 9232 SamSs - ok
16:32:49.0390 9232 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:32:49.0453 9232 SCardSvr - ok
16:32:49.0625 9232 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:32:49.0765 9232 Schedule - ok
16:32:49.0828 9232 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:32:49.0875 9232 Secdrv - ok
16:32:49.0921 9232 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
16:32:49.0937 9232 seclogon - ok
16:32:49.0984 9232 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
16:32:50.0015 9232 SENS - ok
16:32:50.0093 9232 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:32:50.0140 9232 Serial - ok
16:32:50.0656 9232 [ 3EC8DE67B1C78C31E54C0F030E6BD7D5 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
16:32:52.0062 9232 ServiceLayer - ok
16:32:52.0187 9232 [ 56250672235BBE54BA8A4963B1AC997C ] sfdrv01 C:\WINDOWS\system32\drivers\sfdrv01.sys
16:32:52.0218 9232 sfdrv01 - ok
16:32:52.0281 9232 [ 3AD2B15CCC03FEBFBAF5FF057822AA75 ] sfhlp02 C:\WINDOWS\system32\drivers\sfhlp02.sys
16:32:52.0281 9232 sfhlp02 - ok
16:32:52.0343 9232 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
16:32:52.0359 9232 Sfloppy - ok
16:32:52.0390 9232 [ 798D918D8F20380008277CE3CE5319D1 ] sfsync02 C:\WINDOWS\system32\drivers\sfsync02.sys
16:32:52.0406 9232 sfsync02 - ok
16:32:52.0671 9232 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:32:52.0921 9232 SharedAccess - ok
16:32:53.0046 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:32:53.0046 9232 ShellHWDetection - ok
16:32:53.0062 9232 Simbad - ok
16:32:53.0093 9232 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:32:53.0093 9232 SLIP - ok
16:32:53.0171 9232 [ 707647A1AA0EDB6CBEF61B0C75C28ED3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
16:32:53.0203 9232 SMCIRDA - ok
16:32:53.0234 9232 Sparrow - ok
16:32:53.0281 9232 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:32:53.0281 9232 splitter - ok
16:32:53.0390 9232 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:32:53.0421 9232 Spooler - ok
16:32:53.0703 9232 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
16:32:53.0984 9232 SQLAgent$SQLEXPRESS - ok
16:32:54.0062 9232 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:32:54.0109 9232 sr - ok
16:32:54.0250 9232 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
16:32:54.0375 9232 srservice - ok
16:32:54.0687 9232 [ 3EED76A0C1412F52860F7E7EAB5AECCA ] SRS_AE_Service C:\WINDOWS\system32\drivers\SRS_AE_i386.sys
16:32:55.0000 9232 SRS_AE_Service - ok
16:32:55.0234 9232 [ 25ECEA986742275ECB23A1CB6BC87A61 ] SRS_SSCFilter C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
16:32:55.0515 9232 SRS_SSCFilter - ok
16:32:55.0796 9232 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:32:56.0078 9232 Srv - ok
16:32:56.0250 9232 [ 2024A857CC3351662655EE32B60254A1 ] SrvcEKIOMngr C:\WINDOWS\system32\Drivers\EKIoMngr.sys
16:32:57.0421 9232 SrvcEKIOMngr - ok
16:32:57.0515 9232 [ DDAC6148D760D3854CAE2409D4046D07 ] SrvcEPIOMngr C:\WINDOWS\system32\Drivers\EPIoMngr.sys
16:32:57.0796 9232 SrvcEPIOMngr - ok
16:32:57.0906 9232 [ BB30A993E1CD2C74B9160B82F95AA3EA ] SrvcSSIOMngr C:\WINDOWS\system32\Drivers\SSIoMngr.sys
16:32:58.0296 9232 SrvcSSIOMngr - ok
16:32:58.0453 9232 [ 0C2FE008042012CD24FCDCEDC7EC8832 ] SrvcTPIOMngr C:\WINDOWS\system32\Drivers\TPIoMngr.sys
16:32:58.0656 9232 SrvcTPIOMngr - ok
16:32:58.0703 9232 [ 7C0C9BDCA2D351FF3B4F9B69F99AA995 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
16:32:58.0718 9232 sscdbhk5 - ok
16:32:58.0796 9232 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:32:58.0859 9232 SSDPSRV - ok
16:32:58.0921 9232 [ A2BE8FBFA987E95D70CFED0E2DACDA6D ] SSKBFD C:\WINDOWS\system32\Drivers\sskbfd.sys
16:32:59.0000 9232 SSKBFD - ok
16:32:59.0062 9232 [ 31726706D54894D5059F7471111A87BB ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
16:32:59.0078 9232 ssrtln - ok
16:32:59.0343 9232 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:32:59.0562 9232 stisvc - ok
16:32:59.0625 9232 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:32:59.0640 9232 streamip - ok
16:32:59.0703 9232 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:32:59.0703 9232 swenum - ok
16:32:59.0765 9232 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:32:59.0812 9232 swmidi - ok
16:32:59.0828 9232 SwPrv - ok
16:32:59.0984 9232 [ 74E8543A4647A53A26788D5ED3C2172F ] Swupdtmr c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
16:33:00.0187 9232 Swupdtmr - ok
16:33:00.0218 9232 symc810 - ok
16:33:00.0234 9232 symc8xx - ok
16:33:00.0250 9232 sym_hi - ok
16:33:00.0265 9232 sym_u3 - ok
16:33:00.0328 9232 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:33:00.0375 9232 sysaudio - ok
16:33:00.0468 9232 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:33:00.0531 9232 SysmonLog - ok
16:33:00.0609 9232 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\WINDOWS\system32\DRIVERS\tap0901.sys
16:33:00.0937 9232 tap0901 - ok
16:33:01.0250 9232 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:33:01.0421 9232 TapiSrv - ok
16:33:01.0484 9232 [ EECA2B57545E7B7BE949B5E70E31444F ] TBiosDrv C:\WINDOWS\System32\drivers\TBiosDrv.sys
16:33:01.0734 9232 TBiosDrv - ok
16:33:02.0140 9232 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:33:02.0390 9232 Tcpip - ok
16:33:02.0453 9232 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:33:02.0468 9232 TDPIPE - ok
16:33:02.0515 9232 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:33:02.0531 9232 TDTCP - ok
16:33:02.0593 9232 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:33:02.0625 9232 TermDD - ok
16:33:02.0843 9232 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
16:33:03.0046 9232 TermService - ok
16:33:03.0156 9232 [ E269D9FEDFC0F56A247CAD1A63796520 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
16:33:03.0171 9232 tfsnboio - ok
16:33:03.0234 9232 [ 3C1E664EFE8A77A39BD6C75D5A528F71 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
16:33:03.0265 9232 tfsncofs - ok
16:33:03.0296 9232 [ D31218FF783E87796FF6FC08947B7B1A ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
16:33:03.0296 9232 tfsndrct - ok
16:33:03.0312 9232 [ 2C6BB69577142532CA2D500EB9F13D33 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
16:33:03.0328 9232 tfsndres - ok
16:33:03.0406 9232 [ E426978F51AF4A6A35570ECED8D1E1F3 ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
16:33:03.0468 9232 tfsnifs - ok
16:33:03.0500 9232 [ 38C8E56FA7E82C977507C1FDCBF3A294 ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
16:33:03.0515 9232 tfsnopio - ok
16:33:03.0531 9232 [ AE9E9BF9BDE115D1B343A2E520450B4E ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
16:33:03.0546 9232 tfsnpool - ok
16:33:03.0640 9232 [ 1CD2D88DD844D77E7B3DA0CEF4108EA1 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
16:33:03.0703 9232 tfsnudf - ok
16:33:03.0812 9232 [ D992C38EC8E99729C02179932D16A700 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
16:33:03.0875 9232 tfsnudfa - ok
16:33:04.0015 9232 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
16:33:04.0015 9232 Themes - ok
16:33:04.0062 9232 TosIde - ok
16:33:04.0187 9232 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:33:04.0250 9232 TrkWks - ok
16:33:04.0328 9232 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:33:04.0375 9232 Udfs - ok
16:33:04.0765 9232 [ 54A4A93A984E5C30B5CAB9257A0A05BF ] UDisk Monitor C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
16:33:05.0953 9232 UDisk Monitor - ok
16:33:05.0968 9232 ultra - ok
16:33:06.0390 9232 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:33:06.0640 9232 Update - ok
16:33:06.0828 9232 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
16:33:06.0968 9232 upnphost - ok
16:33:07.0015 9232 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
16:33:07.0031 9232 UPS - ok
16:33:07.0125 9232 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:33:07.0156 9232 usbccgp - ok
16:33:07.0203 9232 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:33:07.0234 9232 usbehci - ok
16:33:07.0296 9232 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:33:07.0343 9232 usbhub - ok
16:33:07.0375 9232 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:33:07.0390 9232 usbohci - ok
16:33:07.0437 9232 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:33:07.0468 9232 usbprint - ok
16:33:07.0500 9232 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:33:07.0515 9232 usbscan - ok
16:33:07.0562 9232 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:33:07.0578 9232 USBSTOR - ok
16:33:07.0656 9232 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:33:07.0703 9232 usbuhci - ok
16:33:07.0734 9232 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:33:07.0750 9232 VgaSave - ok
16:33:07.0765 9232 ViaIde - ok
16:33:07.0890 9232 [ 00046AA2E396EDC2238556E740A8E5AF ] viamraid C:\WINDOWS\system32\DRIVERS\viamraid.sys
16:33:07.0984 9232 viamraid - ok
16:33:08.0062 9232 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:33:08.0109 9232 VolSnap - ok
16:33:08.0265 9232 [ 4775579D1AE9C881A6F2F7739858E7CD ] VRAID Log Service C:\Program Files\VIA\RAID\vialogsv.exe
16:33:08.0312 9232 VRAID Log Service - ok
16:33:08.0531 9232 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
16:33:08.0734 9232 VSS - ok
16:33:08.0890 9232 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
16:33:09.0015 9232 W32Time - ok
16:33:09.0093 9232 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:33:09.0125 9232 Wanarp - ok
16:33:09.0125 9232 wanatw - ok
16:33:09.0468 9232 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:33:09.0765 9232 Wdf01000 - ok
16:33:09.0765 9232 WDICA - ok
16:33:09.0859 9232 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:33:09.0921 9232 wdmaud - ok
16:33:10.0015 9232 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
16:33:10.0078 9232 WebClient - ok
16:33:10.0406 9232 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:33:10.0500 9232 winmgmt - ok
16:33:10.0593 9232 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
16:33:10.0625 9232 WinUSB - ok
16:33:10.0687 9232 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:33:10.0703 9232 WmdmPmSN - ok
16:33:10.0843 9232 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
16:33:10.0921 9232 WmiApSrv - ok
16:33:11.0640 9232 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:33:12.0328 9232 WMPNetworkSvc - ok
16:33:13.0093 9232 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:33:13.0593 9232 WPFFontCache_v0400 - ok
16:33:13.0656 9232 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:33:13.0671 9232 WS2IFSL - ok
16:33:13.0781 9232 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:33:13.0843 9232 wscsvc - ok
16:33:13.0921 9232 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:33:13.0937 9232 WSTCODEC - ok
16:33:14.0000 9232 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:33:14.0015 9232 wuauserv - ok
16:33:14.0312 9232 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:33:14.0500 9232 WudfPf - ok
16:33:14.0593 9232 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:33:14.0671 9232 WudfRd - ok
16:33:14.0750 9232 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
16:33:14.0796 9232 WudfSvc - ok
16:33:15.0203 9232 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:33:15.0531 9232 WZCSVC - ok
16:33:15.0671 9232 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:33:15.0750 9232 xmlprov - ok
16:33:16.0296 9232 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
16:33:16.0750 9232 YahooAUService - ok
16:33:16.0906 9232 ================ Scan global ===============================
16:33:17.0140 9232 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
16:33:17.0562 9232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:33:17.0984 9232 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
16:33:18.0093 9232 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
16:33:18.0109 9232 [Global] - ok
16:33:18.0125 9232 ================ Scan MBR ==================================
16:33:18.0187 9232 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
16:33:19.0437 9232 \Device\Harddisk0\DR0 - ok
16:33:19.0437 9232 ================ Scan VBR ==================================
16:33:19.0453 9232 [ 3BC193B1A972A5A954ED1F28A6544DCA ] \Device\Harddisk0\DR0\Partition1
16:33:19.0468 9232 \Device\Harddisk0\DR0\Partition1 - ok
16:33:19.0468 9232 ============================================================
16:33:19.0468 9232 Scan finished
16:33:19.0468 9232 ============================================================
16:33:19.0500 4224 Detected object count: 0
16:33:19.0500 4224 Actual detected object count: 0
aswMBR Report:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 16:34:37
-----------------------------
16:34:37.718 OS Version: Windows 5.1.2600 Service Pack 3
16:34:37.718 Number of processors: 2 586 0x304
16:34:37.718 ComputerName: TOSHIBA-USER UserName: Just
16:34:45.890 Initialize success
17:01:31.421 AVAST engine defs: 12113001
17:02:11.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:02:11.578 Disk 0 Vendor: IC25N060ATMR04-0 MO3OAD4A Size: 57231MB BusType: 3
17:02:11.796 Disk 0 MBR read successfully
17:02:11.812 Disk 0 MBR scan
17:02:12.281 Disk 0 Windows XP default MBR code
17:02:12.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57231 MB offset 63
17:02:12.687 Disk 0 scanning sectors +117210240
17:02:13.703 Disk 0 scanning C:\WINDOWS\system32\drivers
17:03:20.593 Service scanning
17:05:51.234 Modules scanning
17:06:24.000 Disk 0 trace - called modules:
17:06:24.078 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys
17:06:24.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a64fab8]
17:06:24.093 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000008f[0x8a5f19e8]
17:06:24.093 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5fa940]
17:06:24.093 \Driver\atapi[0x8a622f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf7717d60]
17:06:27.625 AVAST engine scan C:\WINDOWS
17:07:40.250 AVAST engine scan C:\WINDOWS\system32
17:32:12.437 AVAST engine scan C:\WINDOWS\system32\drivers
17:33:25.437 AVAST engine scan C:\Documents and Settings\Just
18:00:11.593 AVAST engine scan C:\Documents and Settings\All Users
18:03:16.125 Scan finished successfully
18:04:37.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Just\Desktop\MBR.dat"
18:04:37.234 The log file has been saved successfully to "C:\Documents and Settings\Just\Desktop\aswMBR1.txt"
-
I ran combo fix. It prompted me to update the program and so I did.
However, the program froze and so did my computer.
The computer is still running slowly with audio and video problems.
-
Report from Security Check:
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2013
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Windows Defender
Malwarebytes Anti-Malware version 1.65.1.1000
Wise Disk Cleaner 5.93
SlimCleaner
Java 7 Update 9
Adobe Flash Player 11.3.300.257
Adobe Reader 10.1.4 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
Report from adwcleaner:
# AdwCleaner v2.009 - Logfile created 11/28/2012 at 21:59:00
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Just - TOSHIBA-USER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Just\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\Just\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Just\Local Settings\Application Data\blekkotb
Folder Deleted : C:\Documents and Settings\Just\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Trymedia
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\Viewpoint
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v18.0.1025.162
File : C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [2320 octets] - [28/11/2012 21:59:00]
########## EOF - C:\AdwCleaner[s1].txt - [2380 octets] ##########
Report from RougeKiller:
RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Just [Admin rights]
Mode : Scan -- Date : 11/28/2012 22:20:34
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 17 ¤¤¤
[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\18059 (globalroot\systemroot\system32\drivers\18059.sys) -> FOUND
[services][HJNAME] HKLM\[...]\ControlSet001\Services\mnsframework (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND
[services][HJNAME] HKLM\[...]\ControlSet001\Services\relational (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND
[services][ROGUE ST] HKLM\[...]\ControlSet003\Services\18059 (globalroot\systemroot\system32\drivers\18059.sys) -> FOUND
[services][HJNAME] HKLM\[...]\ControlSet003\Services\mnsframework (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND
[services][HJNAME] HKLM\[...]\ControlSet003\Services\relational (\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs) -> FOUND
[PROXY FF] 7b2u35gy.default\ 127.0.0.1:61333 -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\Just\Application Data\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Documents and Settings\Just\Application Data\Adobe\shed --> FOUND
¤¤¤ Driver : [LOADED] ¤¤¤
IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] sfsync02.sys @ 0xF7717D60)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: IC25N060ATMR04-0 +++++
--- User ---
[MBR] 9d1bf7d970a1eee6be744f48508c878b
[bSP] d5d822a81171860c2954de9b8504e2d7 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 57231 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11282012_02d2220.txt >>
RKreport[1]_S_11282012_02d2220.txt
-
About two weeks ago my computer began running very slowly. Audio and Video is very choppy. The system as a whole has dramatically slowed down.
I have run MalwareBytes but there is no change in the computer.
I tried running DDS in normal start up and in safe mode however, the computer froze in both modes.
I was able to scan with HiJackThis. Below is the log.
I am grateful for any help.
Justin
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:56:20 PM, on 11/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PdaNet for Android\PdaNetPC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Real\RealPlayer\RecordingManager.exe
C:\Program Files\PdaNet for Android\smsagent.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-342708476-2127193123-2648729015-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Rupsd (mnsframework) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Si3114r5 (relational) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - (no file)
--
End of file - 10021 bytes
-
I uninstalled UTorrent
I ran combo fix. During the scan, I received two different pop ups. One stated that Rootkit "Zero Access" was found. The other simply said that a rootkit was detected.
Combo Fix ran for about ten minutes before freezing.
In the distant past I had been instructed to run combo fix. I had the same problem with the program freezing and freezing my computer.
-
Here are the items you requested.
Malwarebytes' Anti Malware log
Uninstall list
New HiJackThis Log
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.04.03.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: TOSHIBA-USER [administrator]
4/2/2012 11:44:54 PM
mbam-log-2012-04-02 (23-44-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254759
Time elapsed: 12 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
µTorrent
2Wire Wireless Client
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Connection Services Manager
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATT-PRT22
AviSynth 2.5
Bonjour
CD/DVD Drive Acoustic Silencer
Connect
DivX Setup
DVD-RAM Driver
FileZilla Client 3.4.0
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
HP Customer Participation Program 9.0
HP Image Zone 4.7
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Solution Center 9.0
HP Update
iTunes
Java 6 Update 29
Java 7
Java SE Development Kit 7
JDownloader 0.9
kuler
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft ASP.NET MVC 2
Microsoft Automated Troubleshooting Services Shim
Microsoft Choice Guard
Microsoft Help Viewer 1.0
Microsoft Help Viewer 1.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB954459)
Mysteryville
NetBeans IDE 7.0.1
Notebook Maximizer
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
QuickTime
RarZilla Free Unrar
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
RealUpgrade 1.1
Ringtone Maker 1.6
Roxio Burn Engine
Samsung New PC Studio
Samsung New PC Studio
SamsungConnectivityCableDriver
SBC Yahoo! DSL Home Networking Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923789)
Segoe UI
SimCity 2000® Special Edition
Sonic DLA
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Suite Shared Configuration CS4
Super Collapse 3
SUPERAntiSpyware
swMSM
TBS WMP Plug-in
TOSHIBA Access
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Fax Extension
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Management Utility
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
Touch and Launch
TouchPad On/Off Utility
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2641690)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
VIA Platform Device Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Defender
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Media Format 11 runtime
Windows Media Player 11
Wise Disk Cleaner 5.93
Yahoo! Install Manager
Yahoo! Software Update
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:20 AM, on 4/3/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dnb system restore] %TEMP%\sgvtbs.exe
O4 - HKCU\..\Run: [divxupdater] %TEMP%\rvfktc.exe
O4 - HKCU\..\Run: [Media Streamer] %TEMP%\tgbssm.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Rupsd (mnsframework) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Si3114r5 (relational) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 9650 bytes
-
Currently most of the programs under the start menu are missing. This is an older computer that has been infected in the past. I'm hoping to make this computer last a bit longer until I can get a new one. The program DDS.scr would not download. DDS.com did down load but froze the computer while running.
This is the "Hijackthis," log.
Any help is very much needed.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:32:46 PM, on 3/31/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtblfs.exe
C:\Documents and Settings\Just\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [CeEPOWER] "C:\Program Files\TOSHIBA\Power Management\CePMTray.exe"
O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [dnb system restore] %TEMP%\sgvtbs.exe
O4 - HKCU\..\Run: [divxupdater] %TEMP%\rvfktc.exe
O4 - HKCU\..\Run: [Media Streamer] %TEMP%\tgbssm.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - https://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Rupsd (mnsframework) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Si3114r5 (relational) - Unknown owner - \\.\globalrootC:\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11418 bytes
-
Yes, Malwarebytes is running in normal mode.
Computer Problems
in Resolved Malware Removal Logs
Posted
Gringo,
I am having one more problem this morning. Twice the computer has frozen and I get a popup saying Dr. Watson has encountered a problem post mortum.
The computer then freezes and I must reboot.