Unable to use any search engines.

[sackett]

Hello...

I am unable to access most search engines, instead, I'm being redirected. Those engines I do reach, I cannot use the hotlinks, but instead must input them into the address bar. Also, any site that requires a security test, (the random, funky letters) do not work...either the letters do no appear, or when inputted, are disregarded as incorrect.

I would welcome any help you could give me.

====================================================

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/23/2010 2:59:19 PM

System Uptime: 5/24/2012 11:15:22 AM (0 hours ago)

.

Motherboard: Dell Computer Corp. | | 0U8211

Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2792/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 56 GiB total, 28.048 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP619: 3/20/2012 5:37:52 PM - System Checkpoint

RP620: 3/21/2012 7:36:53 AM - Software Distribution Service 3.0

RP621: 3/21/2012 10:58:36 PM - Software Distribution Service 3.0

RP622: 3/22/2012 7:38:38 AM - Software Distribution Service 3.0

RP623: 3/22/2012 9:50:30 PM - Software Distribution Service 3.0

RP624: 3/24/2012 10:55:57 AM - System Checkpoint

RP625: 3/25/2012 12:33:56 PM - System Checkpoint

RP626: 3/26/2012 7:38:09 PM - System Checkpoint

RP627: 3/27/2012 7:47:52 PM - System Checkpoint

RP628: 3/28/2012 8:05:30 PM - System Checkpoint

RP629: 3/29/2012 8:57:16 PM - System Checkpoint

RP630: 3/30/2012 8:59:35 PM - System Checkpoint

RP631: 3/31/2012 8:59:57 PM - System Checkpoint

RP632: 4/1/2012 9:06:19 PM - System Checkpoint

RP633: 4/3/2012 7:26:00 PM - System Checkpoint

RP634: 4/4/2012 8:18:08 PM - System Checkpoint

RP635: 4/5/2012 8:28:53 PM - System Checkpoint

RP636: 4/6/2012 9:08:31 PM - System Checkpoint

RP637: 4/8/2012 7:55:31 AM - System Checkpoint

RP638: 4/12/2012 7:46:56 AM - Software Distribution Service 3.0

RP639: 4/13/2012 11:32:12 AM - System Checkpoint

RP640: 4/15/2012 8:00:09 AM - System Checkpoint

RP641: 4/16/2012 10:49:35 AM - System Checkpoint

RP642: 4/17/2012 2:46:59 PM - System Checkpoint

RP643: 4/18/2012 4:02:09 PM - System Checkpoint

RP644: 4/19/2012 4:24:38 PM - System Checkpoint

RP645: 4/20/2012 5:17:20 PM - System Checkpoint

RP646: 4/22/2012 3:30:43 AM - System Checkpoint

RP647: 4/23/2012 5:13:21 PM - System Checkpoint

RP648: 4/24/2012 8:58:09 PM - System Checkpoint

RP649: 4/26/2012 4:54:16 PM - System Checkpoint

RP650: 4/27/2012 9:06:54 PM - System Checkpoint

RP651: 4/28/2012 9:50:39 PM - System Checkpoint

RP652: 4/30/2012 6:41:26 AM - System Checkpoint

RP653: 5/1/2012 7:22:36 AM - System Checkpoint

RP654: 5/3/2012 7:51:34 AM - System Checkpoint

RP655: 5/5/2012 8:27:55 AM - System Checkpoint

RP656: 5/6/2012 3:30:51 PM - System Checkpoint

RP657: 5/7/2012 3:59:20 PM - System Checkpoint

RP658: 5/9/2012 7:44:07 AM - System Checkpoint

RP659: 5/10/2012 3:00:29 AM - Software Distribution Service 3.0

RP660: 5/11/2012 7:59:40 PM - System Checkpoint

RP661: 5/12/2012 8:32:37 PM - System Checkpoint

RP662: 5/13/2012 10:45:27 PM - System Checkpoint

RP663: 5/19/2012 3:25:15 PM - System Checkpoint

RP664: 5/20/2012 5:23:58 PM - System Checkpoint

RP665: 5/20/2012 11:55:59 PM - Installed AVG 2012

RP666: 5/21/2012 12:07:02 AM - Removed AVG 2012

RP667: 5/23/2012 3:24:51 PM - System Checkpoint

RP668: 5/24/2012 11:39:19 AM - Installed HiJackThis

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Airlink101 WLAN Monitor

Arclab Thumb Studio 2.1

AVG 2012

Batch PNG to JPG

CCleaner

Chris Moneymakers World Poker Championship (remove only)

Compatibility Pack for the 2007 Office system

Facebook Plug-In

FYZip 1.00

GoToAssist Corporate

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Photo and Imaging 2.0 - All-in-One

HP Photo and Imaging 2.0 - All-in-One Drivers

hp psc 1200 series

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Connections Drivers

Java Auto Updater

Java 6 Update 29

Just BASIC v1.0

K-Lite Codec Pack 5.6.1 (Full)

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 6.0 Parser

OGA Notifier 2.0.0048.0

OLYMPUS ib

Orbit Downloader

PhoTags Express

Photo Pos Pro

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Sothink FLV Player

SoundMAX

Uninstall Dual Mode Camera

Unique Filer

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

WebFldrs XP

Windows 7 Upgrade Advisor

Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows XP Service Pack 3

WinPump

Yontoo Layers 1.10.01

Zune Desktop Theme

.

==== Event Viewer Messages From Past Week ========

.

5/24/2012 11:17:24 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00212F2EBCFC has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

5/23/2012 7:08:46 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00212F2EBCFC. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

5/23/2012 6:57:29 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

5/23/2012 12:06:07 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

5/23/2012 12:05:45 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.

5/20/2012 11:56:01 AM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.

.

==== End Of File ===========================

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by Administrator at 11:45:15 on 2012-05-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.417 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Olympus\ib\olycamdetect.exe

C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Olympus ib] "c:\program files\olympus\ib\olycamdetect.exe" /Startup

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [MDS_Menu] "c:\program files\olympus\ib\muitransfer\muistartmenu.exe" "c:\program files\olympus\ib" updatewithcreateonce "software\olympus\ib\1.0"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\airlin~1.lnk - c:\program files\airlink101\airlink101 wlan monitor\RtWLan.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264422264467

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 69.66.0.20 69.66.1.20

TCP: Interfaces\{FA0C88B3-510C-4CE7-A797-3875C0B964DE} : DhcpNameServer = 69.66.0.20 69.66.1.20

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\vo9qzlyr.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20111113&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\administrator\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 235216]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-5-21 932736]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-2-23 587776]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 1025352]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-12 129976]

S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-8-17 21648]

.

=============== Created Last 30 ================

.

2012-05-24 16:39:36 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-05-24 16:39:30 -------- d-----w- c:\program files\Trend Micro

2012-05-21 05:02:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AVG Secure Search

2012-05-21 05:02:19 -------- d-----w- c:\program files\AVG Secure Search

2012-05-12 22:58:40 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-12 22:58:10 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe

2012-05-12 22:58:10 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe

2012-05-05 13:05:33 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2012-05-05 14:05:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 14:05:47 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 09:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-19 10:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 11:47:56.43 ===============

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:49:56 AM, on 5/24/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Olympus\ib\olycamdetect.exe

C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

O1 - Hosts: 94.63.147.16 www.google.com

O1 - Hosts: 94.63.147.17 www.bing.com

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll (file missing)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Olympus\ib" UpdateWithCreateOnce "Software\OLYMPUS\ib\1.0"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Olympus ib] "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup

O4 - Global Startup: AirLink101 Wireless Monitor.lnk = C:\Program Files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264422264467

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--

End of file - 8229 bytes

[D-FRED-BROWN]

Hello sackett and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").
  

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt
  

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

-------------

In your next reply, please include:

• TDSSKiller logfile
  
• C:\ComboFix.txt
  
• Security Check checkup.txt
  

How is your computer running now?

[sackett]

Hello D-Fred-Brown...I appreciate your help. Ran TDSSKiller...it came up with no infections. Here is the log...

15:21:12.0515 3768 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30

15:21:14.0515 3768 ============================================================

15:21:14.0515 3768 Current date / time: 2012/05/25 15:21:14.0515

15:21:14.0515 3768 SystemInfo:

15:21:14.0515 3768

15:21:14.0515 3768 OS Version: 5.1.2600 ServicePack: 3.0

15:21:14.0515 3768 Product type: Workstation

15:21:14.0515 3768 ComputerName: HOME-U34YZ0HV8I

15:21:14.0515 3768 UserName: Administrator

15:21:14.0515 3768 Windows directory: C:\WINDOWS

15:21:14.0515 3768 System windows directory: C:\WINDOWS

15:21:14.0515 3768 Processor architecture: Intel x86

15:21:14.0515 3768 Number of processors: 1

15:21:14.0515 3768 Page size: 0x1000

15:21:14.0515 3768 Boot type: Normal boot

15:21:14.0515 3768 ============================================================

15:21:17.0875 3768 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

15:21:17.0875 3768 ============================================================

15:21:17.0875 3768 \Device\Harddisk0\DR0:

15:21:17.0875 3768 MBR partitions:

15:21:17.0875 3768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80

15:21:17.0875 3768 ============================================================

15:21:18.0015 3768 C: <-> \Device\Harddisk0\DR0\Partition0

15:21:18.0015 3768 ============================================================

15:21:18.0015 3768 Initialize success

15:21:18.0015 3768 ============================================================

15:22:48.0765 2596 ============================================================

15:22:48.0765 2596 Scan started

15:22:48.0765 2596 Mode: Manual;

15:22:48.0765 2596 ============================================================

15:22:51.0734 2596 Abiosdsk - ok

15:22:51.0750 2596 abp480n5 - ok

15:22:51.0937 2596 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

15:22:52.0000 2596 ACPI - ok

15:22:52.0093 2596 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

15:22:52.0140 2596 ACPIEC - ok

15:22:52.0359 2596 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

15:22:52.0375 2596 AdobeFlashPlayerUpdateSvc - ok

15:22:52.0390 2596 adpu160m - ok

15:22:52.0453 2596 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

15:22:52.0453 2596 aeaudio - ok

15:22:52.0609 2596 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

15:22:52.0687 2596 aec - ok

15:22:52.0921 2596 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

15:22:53.0843 2596 AegisP - ok

15:22:53.0984 2596 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

15:22:54.0046 2596 AFD - ok

15:22:54.0093 2596 Aha154x - ok

15:22:54.0109 2596 aic78u2 - ok

15:22:54.0109 2596 aic78xx - ok

15:22:54.0234 2596 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

15:22:54.0875 2596 Alerter - ok

15:22:54.0953 2596 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

15:22:54.0984 2596 ALG - ok

15:22:55.0000 2596 AliIde - ok

15:22:55.0031 2596 amsint - ok

15:22:55.0140 2596 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll

15:22:55.0218 2596 AppMgmt - ok

15:22:55.0234 2596 asc - ok

15:22:55.0250 2596 asc3350p - ok

15:22:55.0265 2596 asc3550 - ok

15:22:55.0906 2596 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

15:22:55.0984 2596 aspnet_state - ok

15:22:56.0156 2596 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

15:22:56.0765 2596 AsyncMac - ok

15:22:56.0828 2596 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

15:22:56.0828 2596 atapi - ok

15:22:56.0843 2596 Atdisk - ok

15:22:56.0953 2596 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

15:22:56.0984 2596 Atmarpc - ok

15:22:57.0171 2596 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

15:22:58.0281 2596 AudioSrv - ok

15:22:58.0328 2596 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

15:22:58.0375 2596 audstub - ok

15:22:59.0921 2596 AVG Security Toolbar Service (3a457c2f798cad79cd30224e723e01fb) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

15:23:00.0515 2596 AVG Security Toolbar Service - ok

15:23:05.0296 2596 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

15:23:07.0531 2596 AVGIDSAgent - ok

15:23:08.0796 2596 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys

15:23:09.0546 2596 AVGIDSDriver - ok

15:23:09.0609 2596 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys

15:23:09.0671 2596 AVGIDSFilter - ok

15:23:09.0781 2596 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys

15:23:09.0781 2596 AVGIDSHX - ok

15:23:09.0843 2596 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys

15:23:09.0890 2596 AVGIDSShim - ok

15:23:10.0265 2596 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

15:23:11.0031 2596 Avgldx86 - ok

15:23:11.0218 2596 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

15:23:11.0250 2596 Avgmfx86 - ok

15:23:11.0359 2596 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

15:23:11.0375 2596 Avgrkx86 - ok

15:23:12.0171 2596 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

15:23:13.0578 2596 Avgtdix - ok

15:23:13.0921 2596 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

15:23:14.0015 2596 avgwd - ok

15:23:14.0078 2596 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

15:23:14.0843 2596 Beep - ok

15:23:15.0359 2596 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

15:23:16.0640 2596 BITS - ok

15:23:16.0718 2596 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

15:23:16.0750 2596 Browser - ok

15:23:16.0796 2596 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

15:23:16.0812 2596 cbidf2k - ok

15:23:16.0859 2596 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

15:23:16.0875 2596 CCDECODE - ok

15:23:16.0890 2596 cd20xrnt - ok

15:23:16.0953 2596 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

15:23:16.0953 2596 Cdaudio - ok

15:23:17.0093 2596 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

15:23:17.0093 2596 Cdfs - ok

15:23:17.0171 2596 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

15:23:17.0187 2596 Cdrom - ok

15:23:17.0203 2596 Changer - ok

15:23:17.0281 2596 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe

15:23:17.0296 2596 cisvc - ok

15:23:17.0328 2596 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

15:23:17.0343 2596 ClipSrv - ok

15:23:17.0531 2596 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:23:17.0562 2596 clr_optimization_v2.0.50727_32 - ok

15:23:17.0578 2596 CmdIde - ok

15:23:17.0593 2596 COMSysApp - ok

15:23:17.0609 2596 Cpqarray - ok

15:23:17.0671 2596 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

15:23:17.0687 2596 CryptSvc - ok

15:23:17.0703 2596 dac2w2k - ok

15:23:17.0718 2596 dac960nt - ok

15:23:17.0906 2596 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:23:18.0078 2596 DcomLaunch - ok

15:23:18.0203 2596 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

15:23:18.0265 2596 Dhcp - ok

15:23:18.0312 2596 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

15:23:18.0312 2596 Disk - ok

15:23:18.0359 2596 dmadmin - ok

15:23:18.0937 2596 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

15:23:19.0312 2596 dmboot - ok

15:23:19.0468 2596 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

15:23:19.0500 2596 dmio - ok

15:23:19.0578 2596 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

15:23:19.0578 2596 dmload - ok

15:23:19.0640 2596 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

15:23:19.0718 2596 dmserver - ok

15:23:19.0750 2596 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

15:23:19.0781 2596 DMusic - ok

15:23:19.0859 2596 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

15:23:19.0875 2596 Dnscache - ok

15:23:19.0984 2596 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

15:23:20.0031 2596 Dot3svc - ok

15:23:20.0046 2596 dpti2o - ok

15:23:20.0078 2596 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

15:23:20.0078 2596 drmkaud - ok

15:23:20.0234 2596 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys

15:23:20.0296 2596 E1000 - ok

15:23:20.0375 2596 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

15:23:20.0375 2596 EapHost - ok

15:23:20.0437 2596 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

15:23:20.0453 2596 ERSvc - ok

15:23:20.0546 2596 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:23:20.0578 2596 Eventlog - ok

15:23:20.0718 2596 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll

15:23:20.0796 2596 EventSystem - ok

15:23:20.0875 2596 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

15:23:20.0921 2596 Fastfat - ok

15:23:21.0171 2596 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:23:21.0250 2596 FastUserSwitchingCompatibility - ok

15:23:21.0296 2596 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

15:23:21.0296 2596 Fdc - ok

15:23:21.0390 2596 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

15:23:21.0406 2596 Fips - ok

15:23:21.0421 2596 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

15:23:21.0437 2596 Flpydisk - ok

15:23:21.0500 2596 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

15:23:21.0531 2596 FltMgr - ok

15:23:21.0656 2596 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

15:23:21.0671 2596 FontCache3.0.0.0 - ok

15:23:21.0718 2596 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

15:23:21.0734 2596 Fs_Rec - ok

15:23:22.0265 2596 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

15:23:22.0281 2596 Ftdisk - ok

15:23:22.0421 2596 GoToAssist (8f6ae606eb0cc884ee12c41948424422) C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe

15:23:22.0437 2596 GoToAssist - ok

15:23:22.0484 2596 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

15:23:22.0500 2596 Gpc - ok

15:23:22.0609 2596 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

15:23:22.0625 2596 helpsvc - ok

15:23:22.0687 2596 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll

15:23:22.0703 2596 HidServ - ok

15:23:22.0734 2596 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

15:23:22.0734 2596 hidusb - ok

15:23:22.0796 2596 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

15:23:22.0828 2596 hkmsvc - ok

15:23:22.0828 2596 hpn - ok

15:23:22.0843 2596 hpt3xx - ok

15:23:23.0031 2596 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

15:23:23.0109 2596 HTTP - ok

15:23:23.0156 2596 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

15:23:23.0187 2596 HTTPFilter - ok

15:23:23.0203 2596 i2omgmt - ok

15:23:23.0218 2596 i2omp - ok

15:23:23.0265 2596 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

15:23:23.0281 2596 i8042prt - ok

15:23:23.0765 2596 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

15:23:24.0234 2596 ialm - ok

15:23:24.0625 2596 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:23:24.0906 2596 idsvc - ok

15:23:25.0203 2596 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

15:23:25.0218 2596 Imapi - ok

15:23:25.0328 2596 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe

15:23:25.0375 2596 ImapiService - ok

15:23:25.0390 2596 ini910u - ok

15:23:25.0421 2596 IntelIde - ok

15:23:25.0453 2596 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

15:23:25.0468 2596 intelppm - ok

15:23:25.0531 2596 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

15:23:25.0546 2596 ip6fw - ok

15:23:25.0593 2596 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

15:23:25.0609 2596 IpFilterDriver - ok

15:23:25.0640 2596 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

15:23:25.0640 2596 IpInIp - ok

15:23:25.0734 2596 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

15:23:25.0781 2596 IpNat - ok

15:23:25.0828 2596 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

15:23:25.0843 2596 IPSec - ok

15:23:25.0890 2596 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

15:23:25.0890 2596 IRENUM - ok

15:23:25.0953 2596 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

15:23:25.0953 2596 isapnp - ok

15:23:26.0296 2596 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe

15:23:26.0343 2596 JavaQuickStarterService - ok

15:23:26.0421 2596 JL2005C (b12f5ff3a2221987ac3a81ce1fe76cc6) C:\WINDOWS\system32\Drivers\jl2005c.sys

15:23:26.0453 2596 JL2005C - ok

15:23:26.0484 2596 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

15:23:26.0500 2596 Kbdclass - ok

15:23:26.0531 2596 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

15:23:26.0531 2596 kbdhid - ok

15:23:26.0625 2596 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

15:23:26.0671 2596 kmixer - ok

15:23:26.0765 2596 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

15:23:26.0781 2596 KSecDD - ok

15:23:26.0859 2596 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

15:23:26.0906 2596 lanmanserver - ok

15:23:27.0125 2596 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

15:23:27.0187 2596 lanmanworkstation - ok

15:23:27.0187 2596 lbrtfdc - ok

15:23:27.0265 2596 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

15:23:27.0281 2596 LmHosts - ok

15:23:27.0328 2596 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

15:23:27.0328 2596 Messenger - ok

15:23:27.0406 2596 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

15:23:27.0406 2596 mnmdd - ok

15:23:27.0468 2596 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe

15:23:27.0484 2596 mnmsrvc - ok

15:23:27.0531 2596 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

15:23:27.0531 2596 Modem - ok

15:23:27.0578 2596 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

15:23:27.0593 2596 Mouclass - ok

15:23:27.0625 2596 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

15:23:27.0625 2596 mouhid - ok

15:23:27.0687 2596 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

15:23:27.0687 2596 MountMgr - ok

15:23:27.0781 2596 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

15:23:27.0828 2596 MozillaMaintenance - ok

15:23:27.0843 2596 mraid35x - ok

15:23:27.0937 2596 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

15:23:28.0031 2596 MRxDAV - ok

15:23:28.0281 2596 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

15:23:28.0421 2596 MRxSmb - ok

15:23:28.0453 2596 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe

15:23:28.0453 2596 MSDTC - ok

15:23:28.0515 2596 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

15:23:28.0515 2596 Msfs - ok

15:23:28.0515 2596 MSIServer - ok

15:23:28.0562 2596 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

15:23:28.0562 2596 MSKSSRV - ok

15:23:28.0593 2596 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

15:23:28.0593 2596 MSPCLOCK - ok

15:23:28.0625 2596 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

15:23:28.0625 2596 MSPQM - ok

15:23:28.0671 2596 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

15:23:28.0671 2596 mssmbios - ok

15:23:28.0718 2596 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

15:23:28.0718 2596 MSTEE - ok

15:23:28.0796 2596 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

15:23:28.0812 2596 Mup - ok

15:23:28.0875 2596 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

15:23:28.0906 2596 NABTSFEC - ok

15:23:29.0125 2596 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

15:23:29.0234 2596 napagent - ok

15:23:29.0312 2596 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

15:23:29.0359 2596 NDIS - ok

15:23:29.0390 2596 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

15:23:29.0390 2596 NdisIP - ok

15:23:29.0453 2596 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

15:23:29.0468 2596 NdisTapi - ok

15:23:29.0484 2596 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

15:23:29.0500 2596 Ndisuio - ok

15:23:29.0546 2596 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

15:23:29.0578 2596 NdisWan - ok

15:23:29.0625 2596 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

15:23:29.0640 2596 NDProxy - ok

15:23:29.0687 2596 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

15:23:29.0687 2596 NetBIOS - ok

15:23:29.0765 2596 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

15:23:29.0812 2596 NetBT - ok

15:23:29.0890 2596 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:23:29.0937 2596 NetDDE - ok

15:23:29.0937 2596 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

15:23:29.0953 2596 NetDDEdsdm - ok

15:23:29.0984 2596 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

15:23:30.0000 2596 Netlogon - ok

15:23:30.0187 2596 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

15:23:30.0250 2596 Netman - ok

15:23:30.0437 2596 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:23:30.0484 2596 NetTcpPortSharing - ok

15:23:30.0609 2596 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

15:23:30.0687 2596 Nla - ok

15:23:30.0734 2596 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

15:23:30.0734 2596 Npfs - ok

15:23:30.0937 2596 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

15:23:31.0171 2596 Ntfs - ok

15:23:31.0187 2596 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

15:23:31.0203 2596 NtLmSsp - ok

15:23:31.0390 2596 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

15:23:31.0531 2596 NtmsSvc - ok

15:23:31.0593 2596 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

15:23:31.0593 2596 Null - ok

15:23:31.0656 2596 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

15:23:31.0656 2596 NwlnkFlt - ok

15:23:31.0687 2596 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

15:23:31.0703 2596 NwlnkFwd - ok

15:23:31.0750 2596 OlyCamComm (f4cb9c1991314b1352ddbd8a968e4471) C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys

15:23:31.0750 2596 OlyCamComm - ok

15:23:31.0828 2596 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

15:23:31.0859 2596 Parport - ok

15:23:31.0875 2596 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

15:23:31.0875 2596 PartMgr - ok

15:23:31.0906 2596 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

15:23:31.0906 2596 ParVdm - ok

15:23:31.0953 2596 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

15:23:31.0953 2596 PCI - ok

15:23:32.0031 2596 PCIDump - ok

15:23:32.0109 2596 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

15:23:32.0109 2596 PCIIde - ok

15:23:32.0187 2596 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

15:23:32.0218 2596 Pcmcia - ok

15:23:32.0234 2596 PDCOMP - ok

15:23:32.0250 2596 PDFRAME - ok

15:23:32.0265 2596 PDRELI - ok

15:23:32.0281 2596 PDRFRAME - ok

15:23:32.0296 2596 perc2 - ok

15:23:32.0312 2596 perc2hib - ok

15:23:32.0421 2596 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

15:23:32.0421 2596 PlugPlay - ok

15:23:32.0437 2596 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe

15:23:32.0437 2596 PolicyAgent - ok

15:23:32.0484 2596 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

15:23:32.0500 2596 PptpMiniport - ok

15:23:32.0531 2596 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

15:23:32.0531 2596 Processor - ok

15:23:32.0546 2596 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:23:32.0546 2596 ProtectedStorage - ok

15:23:32.0593 2596 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

15:23:32.0609 2596 PSched - ok

15:23:32.0640 2596 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

15:23:32.0640 2596 Ptilink - ok

15:23:32.0718 2596 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys

15:23:32.0718 2596 PxHelp20 - ok

15:23:32.0734 2596 ql1080 - ok

15:23:32.0750 2596 Ql10wnt - ok

15:23:32.0765 2596 ql12160 - ok

15:23:32.0781 2596 ql1240 - ok

15:23:32.0796 2596 ql1280 - ok

15:23:32.0812 2596 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

15:23:32.0812 2596 RasAcd - ok

15:23:32.0859 2596 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

15:23:32.0890 2596 RasAuto - ok

15:23:32.0937 2596 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

15:23:33.0000 2596 Rasl2tp - ok

15:23:33.0203 2596 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

15:23:33.0265 2596 RasMan - ok

15:23:33.0296 2596 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

15:23:33.0312 2596 RasPppoe - ok

15:23:33.0328 2596 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

15:23:33.0343 2596 Raspti - ok

15:23:33.0421 2596 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

15:23:33.0468 2596 Rdbss - ok

15:23:33.0484 2596 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

15:23:33.0484 2596 RDPCDD - ok

15:23:33.0593 2596 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

15:23:33.0656 2596 rdpdr - ok

15:23:33.0765 2596 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

15:23:33.0812 2596 RDPWD - ok

15:23:33.0906 2596 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

15:23:33.0953 2596 RDSessMgr - ok

15:23:34.0109 2596 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

15:23:34.0171 2596 redbook - ok

15:23:34.0250 2596 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

15:23:34.0265 2596 RemoteAccess - ok

15:23:34.0343 2596 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll

15:23:34.0359 2596 RemoteRegistry - ok

15:23:34.0406 2596 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe

15:23:34.0437 2596 RpcLocator - ok

15:23:34.0843 2596 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

15:23:34.0859 2596 RpcSs - ok

15:23:34.0984 2596 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe

15:23:35.0031 2596 RSVP - ok

15:23:35.0609 2596 RTL8192su (2ec68b7c25e4c04273b142b828eb4b84) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys

15:23:35.0796 2596 RTL8192su - ok

15:23:35.0875 2596 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

15:23:35.0875 2596 SamSs - ok

15:23:35.0953 2596 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

15:23:36.0015 2596 SCardSvr - ok

15:23:36.0234 2596 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

15:23:36.0296 2596 Schedule - ok

15:23:36.0328 2596 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

15:23:36.0328 2596 Secdrv - ok

15:23:36.0390 2596 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

15:23:36.0406 2596 seclogon - ok

15:23:36.0453 2596 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

15:23:36.0453 2596 SENS - ok

15:23:36.0484 2596 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

15:23:36.0484 2596 serenum - ok

15:23:36.0531 2596 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

15:23:36.0562 2596 Serial - ok

15:23:36.0593 2596 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

15:23:36.0593 2596 Sfloppy - ok

15:23:36.0734 2596 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

15:23:36.0843 2596 SharedAccess - ok

15:23:36.0937 2596 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:23:36.0937 2596 ShellHWDetection - ok

15:23:36.0953 2596 Simbad - ok

15:23:37.0046 2596 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

15:23:37.0046 2596 SLIP - ok

15:23:37.0328 2596 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys

15:23:37.0515 2596 smwdm - ok

15:23:37.0515 2596 Sparrow - ok

15:23:37.0531 2596 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

15:23:37.0546 2596 splitter - ok

15:23:37.0609 2596 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

15:23:37.0625 2596 Spooler - ok

15:23:37.0671 2596 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

15:23:37.0671 2596 sr - ok

15:23:37.0750 2596 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll

15:23:37.0796 2596 srservice - ok

15:23:38.0046 2596 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

15:23:38.0140 2596 Srv - ok

15:23:38.0187 2596 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

15:23:38.0218 2596 SSDPSRV - ok

15:23:38.0390 2596 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

15:23:38.0500 2596 stisvc - ok

15:23:38.0671 2596 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

15:23:38.0687 2596 stllssvr - ok

15:23:38.0734 2596 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

15:23:38.0734 2596 streamip - ok

15:23:38.0781 2596 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

15:23:38.0781 2596 swenum - ok

15:23:38.0828 2596 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

15:23:38.0843 2596 swmidi - ok

15:23:38.0859 2596 SwPrv - ok

15:23:38.0875 2596 symc810 - ok

15:23:38.0890 2596 symc8xx - ok

15:23:38.0906 2596 sym_hi - ok

15:23:38.0921 2596 sym_u3 - ok

15:23:38.0953 2596 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

15:23:39.0031 2596 sysaudio - ok

15:23:39.0078 2596 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

15:23:39.0109 2596 SysmonLog - ok

15:23:39.0218 2596 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

15:23:39.0312 2596 TapiSrv - ok

15:23:39.0609 2596 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

15:23:39.0734 2596 Tcpip - ok

15:23:39.0781 2596 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

15:23:39.0781 2596 TDPIPE - ok

15:23:39.0828 2596 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

15:23:39.0828 2596 TDTCP - ok

15:23:39.0890 2596 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

15:23:39.0890 2596 TermDD - ok

15:23:40.0031 2596 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

15:23:40.0125 2596 TermService - ok

15:23:40.0218 2596 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

15:23:40.0218 2596 Themes - ok

15:23:40.0281 2596 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe

15:23:40.0312 2596 TlntSvr - ok

15:23:40.0328 2596 TosIde - ok

15:23:40.0390 2596 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

15:23:40.0421 2596 TrkWks - ok

15:23:40.0468 2596 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

15:23:40.0500 2596 Udfs - ok

15:23:40.0515 2596 ultra - ok

15:23:40.0734 2596 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

15:23:40.0859 2596 Update - ok

15:23:40.0953 2596 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

15:23:41.0046 2596 upnphost - ok

15:23:41.0093 2596 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

15:23:41.0109 2596 UPS - ok

15:23:41.0265 2596 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

15:23:41.0281 2596 usbccgp - ok

15:23:41.0343 2596 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

15:23:41.0359 2596 usbehci - ok

15:23:41.0421 2596 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

15:23:41.0453 2596 usbhub - ok

15:23:41.0515 2596 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

15:23:41.0531 2596 usbprint - ok

15:23:41.0578 2596 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

15:23:41.0578 2596 usbscan - ok

15:23:41.0625 2596 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

15:23:41.0640 2596 USBSTOR - ok

15:23:41.0671 2596 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

15:23:41.0687 2596 usbuhci - ok

15:23:41.0718 2596 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

15:23:41.0718 2596 VgaSave - ok

15:23:41.0734 2596 ViaIde - ok

15:23:41.0781 2596 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

15:23:41.0781 2596 VolSnap - ok

15:23:41.0906 2596 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

15:23:42.0031 2596 VSS - ok

15:23:42.0468 2596 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

15:23:42.0765 2596 vToolbarUpdater11.0.2 - ok

15:23:42.0843 2596 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll

15:23:42.0906 2596 W32Time - ok

15:23:43.0046 2596 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

15:23:43.0062 2596 Wanarp - ok

15:23:43.0078 2596 WDICA - ok

15:23:43.0140 2596 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

15:23:43.0171 2596 wdmaud - ok

15:23:43.0250 2596 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

15:23:43.0281 2596 WebClient - ok

15:23:43.0390 2596 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

15:23:43.0437 2596 winmgmt - ok

15:23:43.0515 2596 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

15:23:43.0531 2596 WmdmPmSN - ok

15:23:43.0781 2596 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll

15:23:43.0968 2596 Wmi - ok

15:23:44.0093 2596 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe

15:23:44.0125 2596 WmiApSrv - ok

15:23:44.0515 2596 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe

15:23:44.0796 2596 WMPNetworkSvc - ok

15:23:44.0875 2596 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll

15:23:44.0906 2596 wscsvc - ok

15:23:44.0921 2596 WSearch - ok

15:23:45.0078 2596 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

15:23:45.0078 2596 WSTCODEC - ok

15:23:45.0140 2596 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

15:23:45.0140 2596 wuauserv - ok

15:23:45.0203 2596 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

15:23:45.0234 2596 WudfPf - ok

15:23:45.0265 2596 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

15:23:45.0296 2596 WudfRd - ok

15:23:45.0359 2596 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll

15:23:45.0375 2596 WudfSvc - ok

15:23:45.0593 2596 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

15:23:45.0750 2596 WZCSVC - ok

15:23:45.0843 2596 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

15:23:45.0890 2596 xmlprov - ok

15:23:45.0968 2596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

15:23:46.0609 2596 \Device\Harddisk0\DR0 - ok

15:23:46.0609 2596 Boot (0x1200) (cca7ad0f684287d027c6702a94c71bc2) \Device\Harddisk0\DR0\Partition0

15:23:46.0625 2596 \Device\Harddisk0\DR0\Partition0 - ok

15:23:46.0625 2596 ============================================================

15:23:46.0625 2596 Scan finished

15:23:46.0625 2596 ============================================================

15:23:46.0640 3516 Detected object count: 0

15:23:46.0640 3516 Actual detected object count: 0

15:24:15.0015 2712 Deinitialize success

I will now continue with your advice.

[sackett]

Here is the log for ComboFix.

ComboFix 12-05-25.03 - Administrator 05/25/2012 16:06:14.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.393 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe

c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk

c:\windows\system32\Cache

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\9620a8a7f141f95b.fb

c:\windows\system32\Cache\9c9a204d896ce9c8.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))

.

.

2012-05-24 16:39 . 2012-05-24 16:39 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-24 16:39 . 2012-05-24 16:39 -------- d-----w- c:\program files\Trend Micro

2012-05-21 05:02 . 2012-05-21 05:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Secure Search

2012-05-21 05:02 . 2012-05-21 05:02 -------- d-----w- c:\program files\AVG Secure Search

2012-05-12 22:58 . 2012-05-12 22:58 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-12 22:58 . 2012-05-12 22:58 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-12 22:58 . 2012-05-12 22:58 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-05-05 13:05 . 2012-05-05 14:05 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 14:05 . 2012-04-05 23:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 14:05 . 2011-08-29 11:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-11 13:14 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2001-08-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 20:56 . 2011-05-17 12:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-19 10:17 . 2010-09-07 09:49 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2001-08-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2012-05-12 22:58 . 2011-05-02 15:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-05-21 05:02 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-21 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-05 93376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-21 1116544]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AirLink101 Wireless Monitor.lnk - c:\program files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe [2010-2-23 897024]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2010-03-16 15:04 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Airlink101\\Airlink101 WLAN Monitor\\RtWLan.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot

"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot

"53:UDP"= 53:UDP:Realtek AP UDP Prot

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-12 129976]

R3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\DRIVERS\OlyCamComm.sys [2009-09-10 21648]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-21 932736]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]

S3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-07-18 587776]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 89075029

*Deregistered* - 89075029

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

uInternet Connection Wizard,ShellNext = iexplore

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll

TCP: DhcpNameServer = 69.66.0.20 69.66.1.20

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vo9qzlyr.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B51e9973e-33c7-4764-917f-7c0c184fd0d0%7D&mid=76f277dbb88e68fd47e28fe2902f3c6a-bac5eb95ea811f9aa8d7d71707f0de8c6e87ba71&ds=AVG&v=11.0.0.9〈=en&pr=fr&d=2012-05-21%2000%3A02%3A35&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-25 16:21

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1123561945-308236825-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,54,d6,a0,c3,40,84,4b,8c,e9,36,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,30,94,5e,e1,0e,81,41,9b,38,78,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,4b,b9,25,24,0e,9d,4e,87,4e,8c,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(928)

c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll

.

Completion time: 2012-05-25 16:26:31

ComboFix-quarantined-files.txt 2012-05-25 21:26

.

Pre-Run: 29,982,654,464 bytes free

Post-Run: 30,568,542,208 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

.

- - End Of File - - 39A9132812AA71BD48B2A19BEDE66C7D

My homepage is IGoogle, and for the first time in a month it has uploaded. Is my problem fixed? What is my continued risk? Any other advice? I really appreciate your help.

[D-FRED-BROWN]

My homepage is IGoogle, and for the first time in a month it has uploaded. Is my problem fixed? What is my continued risk? Any other advice? I really appreciate your help.

That's good news! We've still got some cleaning left to do, however.

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

89075029

File::

C:\Windows\System32\drivers\89075029.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Also, can you please get me the Security Check report from earlier? It'd help me out to see what things we need to update, what antivirus you're running, etc.

[sackett]

ComboFix 12-05-25.03 - Administrator 05/26/2012 8:10.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.492 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

FILE ::

"c:\windows\System32\drivers\89075029.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_89075029

.

.

((((((((((((((((((((((((( Files Created from 2012-04-26 to 2012-05-26 )))))))))))))))))))))))))))))))

.

.

2012-05-24 16:39 . 2012-05-24 16:39 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-24 16:39 . 2012-05-24 16:39 -------- d-----w- c:\program files\Trend Micro

2012-05-21 05:02 . 2012-05-21 05:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Secure Search

2012-05-21 05:02 . 2012-05-21 05:02 -------- d-----w- c:\program files\AVG Secure Search

2012-05-12 22:58 . 2012-05-12 22:58 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-05-12 22:58 . 2012-05-12 22:58 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-05-12 22:58 . 2012-05-12 22:58 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

2012-05-05 13:05 . 2012-05-05 14:05 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 14:05 . 2012-04-05 23:43 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 14:05 . 2011-08-29 11:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-11 13:14 . 2001-08-23 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2001-08-23 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2001-08-17 13:48 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 20:56 . 2011-05-17 12:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-19 10:17 . 2010-09-07 09:49 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-03-01 11:01 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2001-08-23 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2001-08-23 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2001-08-23 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec

2012-05-12 22:58 . 2011-05-02 15:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-25_21.21.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-05-26 13:26 . 2012-05-26 13:26 16384 c:\windows\temp\Perflib_Perfdata_80.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-05-21 05:02 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-21 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-05 93376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 188416]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-21 1116544]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

AirLink101 Wireless Monitor.lnk - c:\program files\Airlink101\Airlink101 WLAN Monitor\RtWLan.exe [2010-2-23 897024]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2010-03-16 15:04 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Airlink101\\Airlink101 WLAN Monitor\\RtWLan.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot

"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot

"53:UDP"= 53:UDP:Realtek AP UDP Prot

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 301248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [5/21/2012 12:02 AM 932736]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]

R3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2/23/2010 4:31 PM 587776]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 6:43 PM 257696]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [4/15/2011 7:39 PM 1025352]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/12/2012 5:58 PM 129976]

S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [8/17/2011 9:59 PM 21648]

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:05]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig?hl=en&source=iglk

uInternet Connection Wizard,ShellNext = iexplore

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll

TCP: DhcpNameServer = 69.66.0.20 69.66.1.20

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vo9qzlyr.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B51e9973e-33c7-4764-917f-7c0c184fd0d0%7D&mid=76f277dbb88e68fd47e28fe2902f3c6a-bac5eb95ea811f9aa8d7d71707f0de8c6e87ba71&ds=AVG&v=11.0.0.9〈=en&pr=fr&d=2012-05-21%2000%3A02%3A35&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-26 08:30

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1123561945-308236825-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,54,d6,a0,c3,40,84,4b,8c,e9,36,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,30,94,5e,e1,0e,81,41,9b,38,78,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,4b,b9,25,24,0e,9d,4e,87,4e,8c,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(932)

c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll

.

- - - - - - - > 'explorer.exe'(3868)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

.

**************************************************************************

.

Completion time: 2012-05-26 08:39:23 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-26 13:39

ComboFix2.txt 2012-05-25 21:26

.

Pre-Run: 30,559,014,912 bytes free

Post-Run: 30,517,346,304 bytes free

.

- - End Of File - - C234390D6E783B39BE403A21CC197F51

I'm sorry, D-Fred, but I'm not sure I gave you a Security report before...what do you need? I run AVG as my antivirus, and run Malwarebytes about once a week, keeping everything updated. Let me know how to get you what you need. Thanks!

[D-FRED-BROWN]

I'm sorry, D-Fred, but I'm not sure I gave you a Security report before...what do you need? I run AVG as my antivirus, and run Malwarebytes about once a week, keeping everything updated. Let me know how to get you what you need. Thanks!

What I meant by that, is that I'd like you to run Security Check (I'll just re-post the instructions here):

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

---------------

Your logs are looking good, but let's run an online scan to verify that there's no traces left that we may have missed :

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

1. Tick the box next to YES, I accept the Terms of Use.
   
2. Click Start
   
3. When asked, allow the ActiveX control to install
   
4. Click Start
   
5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
   
6. Click Scan
   Wait for the scan to finish
   
7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
   
8. Copy and paste that log as a reply to this topic
   

Please post that log in your next reply, and let me know how things go .

[sackett]

Results of screen317's Security Check version 0.99.38

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes Anti-Malware version 1.61.0.1400

CCleaner

Java 6 Update 29

Java version out of date!

Adobe Flash Player 11.2.202.235

Adobe Reader X (10.1.2)

Mozilla Firefox (12.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

Right now, my internet connection is rather slow(I live WAY out in the country) so I will post the ESET log as soon as its finished.

[sackett]

In using ESET, I did not get the option of "Scan unwanted applications", but instead I got "Scan Archives". The log I will post WILL include the Scan Archives option as checked.

[sackett]

Correction to previous post.....I found "Scan Potential Unwanted Applications" in Advanced Settings. The log I will post will NOT include Archive Scan, nor Enable Anti-Stealth Technology, which in default was checked.

[D-FRED-BROWN]

No worries. Post what you can.

[sackett]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=be3a55fa91a5714595e7ddf1bb3cda12

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2012-05-27 02:11:49

# local_time=2012-05-26 09:11:49 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777175 100 0 20109511 20109511 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=76564

# found=5

# cleaned=0

# scan_time=5706

C:\BASIC\cnet_jbwin100_exe.exe a variant of Win32/InstallCore.D application 4B08952EB1BE3AB5508C859D8E9A1575 I

C:\Documents and Settings\Administrator\Application Data\WinPump\extensions-eu.exe a variant of Win32/Adware.GoodMedia.A application 401A6499D1E6CC8D7109DA67528B07F3 I

C:\Documents and Settings\Administrator\Application Data\WinPump\extensions-us.exe a variant of Win32/Adware.GoodMedia.A application 23E3A69731C7B2EC7298A7AF9AFD3008 I

C:\Documents and Settings\Administrator\My Documents\Downloads\fyzip-setup.exe Win32/DownloadAdmin.A.Gen application 803A8DFB90353CDEFF8629312F5760D4 I

C:\Documents and Settings\Administrator\My Documents\dwnldr\SoftonicDownloader33006.exe a variant of Win32/SoftonicDownloader.A application 97B39A3A9DB040B709CF37742B170E28 I

Eset said I still have 6 threats. Damn.

[D-FRED-BROWN]

Looking good! ESET just flagged a few minor pieces of adware/potentially unwanted software. I think you're clean at this point, but we can run some additional scans if you'd like ,

-------

Before we move on, let's update some of your programs.

Program updates are a crucial step in preventing malware, as outdated applications are often used by the cybercriminals to gain a foothold on your system.

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them:

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

Let me know how the program updates go, as failed updates may be a sign of additional malware.

[sackett]

Ok...done and done. Now what??

[sackett]

OK...why is there a hash mark thru my last comment??

[D-FRED-BROWN]

I think you may have clicked the Strikethrough button while posting it (It's an S with a line through it). It happens

Glad to hear the updates went well!

Unless there are any further issues, I will now provide you with some suggestions for security software.

First, let's remove ComboFix:

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

• Outpost Firewall Free
  
• Online Armor Firewall
  

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

[sackett]

Thank you very much, D-Fred.

[D-FRED-BROWN]

Glad to hear things are well! If you have any other questions or concerns, don't hesitate to ask.

Otherwise, I will have this thread closed. You can still reach me by private message here on the site if you need anything.

Kind regards,

-DFB

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!